From b4c009b6d64cc17974e5917c10f92dbe987d826e Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 12 Mar 2018 13:35:46 +0100
Subject: add specific AuthBlock validation logging

---
 .../moa/id/config/auth/OAAuthParameter.java            | 10 ++++++++++
 .../moa/id/logging/SpecificTraceLogger.java            | 18 ++++++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/logging/SpecificTraceLogger.java

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 99b4154e0..59bd3893d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -50,11 +50,14 @@ import java.io.IOException;
 import java.io.Serializable;
 import java.security.PrivateKey;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Map.Entry;
 import java.util.Set;
 
 import org.apache.commons.lang.SerializationUtils;
@@ -925,4 +928,11 @@ public boolean isUseAuthBlockTestTestStore() {
 		return false;	
 }
 
+public String toString() {
+	if (oaConfiguration != null)
+		return Arrays.asList(oaConfiguration).toString();
+	
+	return "Object not initialized";
+}
+
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/logging/SpecificTraceLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/logging/SpecificTraceLogger.java
new file mode 100644
index 000000000..c12021f2c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/logging/SpecificTraceLogger.java
@@ -0,0 +1,18 @@
+package at.gv.egovernment.moa.id.logging;
+
+
+import at.gv.egovernment.moa.logging.Logger;
+
+public class SpecificTraceLogger{
+	
+	/**
+	 * Enables Logging on Trace level for single specific parts
+	 * @param message
+	 */
+	public static void trace(Object message) {
+		if (Logger.isTraceEnabled()) {
+			Logger.traceWithOutEscaption(message);
+			
+		}		
+	}	
+}
-- 
cgit v1.2.3


From c61850c5607d066a3c322794c1220f26b31103a0 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 16 May 2018 09:29:09 +0200
Subject: add initial version of Security-Layer 2.0 Authentication module

---
 id/server/auth-edu/pom.xml                         |  14 +-
 .../moa/id/auth/builder/DataURLBuilder.java        |   4 +-
 .../moa/id/auth/servlet/AbstractController.java    |   9 +-
 .../AbstractProcessEngineSignalController.java     |   2 +-
 .../moa/id/moduls/AuthenticationManager.java       |  23 +
 .../at/gv/egovernment/moa/id/util/SSLUtils.java    |  37 ++
 .../resources/properties/id_messages_de.properties |   9 +
 .../protocol_response_statuscodes_de.properties    |   6 +
 .../moa/id/commons/utils/X509Utils.java            |  62 +++
 .../moa-id-module-sl20_authentication/pom.xml      |  68 +++
 .../moa/id/auth/modules/sl20_auth/Constants.java   |  44 ++
 .../sl20_auth/SL20AuthenticationModulImpl.java     |  95 ++++
 .../SL20AuthenticationSpringResourceProvider.java  |  28 +
 .../auth/modules/sl20_auth/SL20SignalServlet.java  |  58 ++
 .../modules/sl20_auth/data/VerificationResult.java |  39 ++
 .../sl20_auth/exceptions/SL20Exception.java        |  19 +
 .../exceptions/SL20SecurityException.java          |  20 +
 .../exceptions/SLCommandoBuildException.java       |  17 +
 .../exceptions/SLCommandoParserException.java      |  17 +
 .../id/auth/modules/sl20_auth/sl20/IJOSETools.java |  37 ++
 .../modules/sl20_auth/sl20/JsonSecurityUtils.java  | 221 ++++++++
 .../auth/modules/sl20_auth/sl20/SL20Constants.java | 180 ++++++
 .../sl20_auth/sl20/SL20HttpBindingUtils.java       |  42 ++
 .../sl20_auth/sl20/SL20JSONBuilderUtils.java       | 606 +++++++++++++++++++++
 .../sl20_auth/sl20/SL20JSONExtractorUtils.java     | 259 +++++++++
 .../sl20_auth/tasks/CreateQualeIDRequestTask.java  | 176 ++++++
 .../sl20_auth/tasks/ReceiveQualeIDTask.java        | 228 ++++++++
 ...iz.components.spring.api.SpringResourceProvider |   1 +
 .../src/main/resources/moaid_sl20_auth.beans.xml   |  33 ++
 .../main/resources/sl20.Authentication.process.xml |  20 +
 id/server/modules/pom.xml                          |  12 +-
 pom.xml                                            |   6 +
 32 files changed, 2379 insertions(+), 13 deletions(-)
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/X509Utils.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/pom.xml
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationSpringResourceProvider.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/data/VerificationResult.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20Exception.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20SecurityException.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoBuildException.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoParserException.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/IJOSETools.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml
index 34c74d926..455278edd 100644
--- a/id/server/auth-edu/pom.xml
+++ b/id/server/auth-edu/pom.xml
@@ -206,10 +206,16 @@
 		<dependency>
 			<groupId>MOA.id.server.modules</groupId>
 			<artifactId>moa-id-module-bkaMobilaAuthSAML2Test</artifactId>
-			</dependency>				
-				
-				
-<!-- 		<dependency>
+		</dependency>				
+		
+		<dependency>
+			<groupId>MOA.id.server.modules</groupId>				
+		 	<artifactId>moa-id-module-sl20_authentication</artifactId>
+		 </dependency>		
+
+
+<!-- 	
+		<dependency>
 			<groupId>org.apache.santuario</groupId>
 			<artifactId>xmlsec</artifactId>
 		</dependency>		 -->
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
index c78361eda..583bb2ab4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
@@ -84,7 +84,9 @@ public class DataURLBuilder {
 		
 		dataURL = authBaseURL + authServletName;
 
-    dataURL = addParameter(dataURL, MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, sessionID);
+		if (sessionID != null)
+			dataURL = addParameter(dataURL, MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, sessionID);
+		
   	return dataURL;
   }
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
index f61b9a4da..50cafb4f6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -134,7 +134,12 @@ public abstract class AbstractController extends MOAIDAuthConstants {
 					
 		try {			
 			//switch to protocol-finalize method to generate a protocol-specific error message
-							
+
+			//log error directly in debug mode
+			if (Logger.isDebugEnabled())
+				Logger.warn(loggedException.getMessage(), loggedException);
+				
+			
 			//put exception into transaction store for redirect
 			String key = Random.nextLongRandom();
 			if (pendingReq != null) {
@@ -147,7 +152,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
 						new ExceptionContainer(null, loggedException),-1);
 				
 			}
-				
+			
 			//build up redirect URL
 			String redirectURL = null;
 			redirectURL = ServletUtils.getBaseUrl(req);	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
index 32f103ca7..18641c090 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
@@ -55,7 +55,7 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont
 			// wake up next task
 			processEngine.signal(pendingReq);
 			
-		} catch (Exception ex) {
+		} catch (Exception ex) {		
 			handleError(null, ex, req, resp, pendingReq);
 			
 		} finally {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 7f183c5eb..a24683545 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -92,6 +92,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
 public class AuthenticationManager extends MOAIDAuthConstants {
 
 	private static List<String> reqParameterWhiteListeForModules = new ArrayList<String>();
+	private static List<String> reqHeaderWhiteListeForModules = new ArrayList<String>();
 	
 	public static final String MOA_SESSION = "MoaAuthenticationSession";
 	public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
@@ -321,6 +322,16 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 		
 	}
 	
+	/**
+	 * Add a request header to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext} 
+	 * 
+	 * @param httpReqParam http header name, but never null
+	 */
+	public void addHeaderNameToWhiteList(String httpReqParam) {
+		if (MiscUtil.isNotEmpty(httpReqParam))
+			reqHeaderWhiteListeForModules.add(httpReqParam.toLowerCase());
+		
+	}
 	
 	/**
 	 * Checks if a authenticated MOASession already exists and if {protocolRequest} is authenticated
@@ -422,6 +433,18 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 			}			
 		}
 		
+		//add additional http request parameter to context
+		if (!reqHeaderWhiteListeForModules.isEmpty()) {
+			Enumeration<String> reqHeaderNames = httpReq.getHeaderNames();
+			while(reqHeaderNames.hasMoreElements()) { 
+				String paramName = reqHeaderNames.nextElement();
+				if (MiscUtil.isNotEmpty(paramName) && reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) ) {
+					executionContext.put(paramName, 
+							StringEscapeUtils.escapeHtml(httpReq.getHeader(paramName)));				
+				}
+			}			
+		}
+		
 		//start process engine
 		startProcessEngine(pendingReq, executionContext);
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index cd700c74a..611dff3b1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -89,6 +89,43 @@ public class SSLUtils {
     
   }
   
+  public static SSLSocketFactory getSSLSocketFactory(
+		    ConfigurationProvider conf, String url )
+		    throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
+		    
+			    // else create new SSLSocketFactory
+			    String trustStoreURL = conf.getTrustedCACertificates();
+			    
+			    if (trustStoreURL == null)
+			      throw new ConfigurationException(
+			        "config.08", new Object[] {"TrustedCACertificates"});
+			    
+			    String acceptedServerCertURL = "";
+		 	    
+		   	   //INFO: MOA-ID 2.x always use defaultChainingMode 
+			    
+			    try {	    
+			    	SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
+			    					url,
+			    					null,
+			    					trustStoreURL, 
+			    					acceptedServerCertURL, 
+			    					AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(), 
+			    					AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(),
+			    					AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder(),
+			    					null, 
+			    					null, 
+			    					"pkcs12");
+			    		    	
+			    	return ssf;
+			    	
+			    } catch (SSLConfigurationException e) {
+			    	throw new ConfigurationException(e.getErrorID(), e.getParameters(), e.getE());
+			    	
+			    }
+		  }
+  
+  
   /**
    * Creates an <code>SSLSocketFactory</code> which utilizes an
    * <code>IAIKX509TrustManager</code> for the given trust store,
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 4205f2175..9cc4b0b5e 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -336,3 +336,12 @@ slo.02=Es wurde keine aktive SSO Session gefunden oder Sie sind bei keiner Onlin
 process.01=Fehler beim Ausf\u00FChren des Prozesses.
 process.02=Fehler beim Erstellen eines geeigneten Prozesses f\u00FCr die SessionID {0}.
 process.03=Fehler beim Weiterf\u00FChren es Prozesses. Msg:{0}
+
+sl20.00=Allgemeiner Fehler w\u00e4hrend SL2.0 Authentifizierung. Msg: {0}
+sl20.01=Fehler beim Generieren des SL2.0 Kommandos. Msg: {0}
+sl20.02=Fehler beim Parsen des SL2.0 Kommandos. Msg: {0}
+sl20.03=Fehlende Konfiguration im SL2.0 Modul. Msg: {0}
+sl20.04=Http request enth\u00e4lt keinen SL2.0 Transportcontainer.
+sl20.05=Fehler beim Validieren eines JWS oder JWE Tokens. Reason: {0}.
+sl20.06=Http transport-binding error. Reason: {0} 
+
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index 0a37fdc91..6de581cae 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -253,6 +253,12 @@ oauth20.06=1000
 oauth20.09=9005
 oauth20.10=9102
 
+sl20.00=14999
+sl20.01=14000
+sl20.02=14001
+sl20.03=14800
+sl20.04=14001
+
 ##Map MIS/BKU statuscodes to MOA-ID-Auth statuscodes
 mis.301=1005
 bku.6001=1005
\ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/X509Utils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/X509Utils.java
new file mode 100644
index 000000000..026b1a5fb
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/X509Utils.java
@@ -0,0 +1,62 @@
+package at.gv.egovernment.moa.id.commons.utils;
+
+import java.security.cert.X509Certificate;
+import java.util.List;
+
+import javax.security.auth.x500.X500Principal;
+
+public class X509Utils {
+
+	  /**
+	   * Sorts the Certificate Chain by IssuerDN and SubjectDN. The [0]-Element should be the Hostname,
+	   * the last Element should be the Root Certificate.
+	   * 
+	   * @param certs
+	   *          The first element must be the correct one.
+	   * @return sorted Certificate Chain
+	   */
+	  public static List<X509Certificate> sortCertificates(
+		      List<X509Certificate> certs)
+		  {
+		    int length = certs.size();
+		    if (certs.size() <= 1)
+		    {
+		      return certs;
+		    }
+
+		    for (X509Certificate cert : certs)
+		    {
+		      if (cert == null)
+		      {
+		        throw new NullPointerException();
+		      }
+		    }
+
+		    for (int i = 0; i < length; i++)
+		    {
+		      boolean found = false;
+		      X500Principal issuer = certs.get(i).getIssuerX500Principal();
+		      for (int j = i + 1; j < length; j++)
+		      {
+		        X500Principal subject = certs.get(j).getSubjectX500Principal();
+		        if (issuer.equals(subject))
+		        {
+		          // sorting necessary?
+		          if (i + 1 != j)
+		          {
+		            X509Certificate tmp = certs.get(i + 1);
+		            certs.set(i + 1, certs.get(j));
+		            certs.set(j, tmp);
+		          }
+		          found = true;
+		        }
+		      }
+		      if (!found)
+		      {
+		        break;
+		      }
+		    }
+
+		    return certs;
+		}
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml
new file mode 100644
index 000000000..d08e0f0ec
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>MOA.id.server.modules</groupId>
+    <artifactId>moa-id-modules</artifactId>
+    <version>${moa-id-version}</version>
+  </parent>
+  <artifactId>moa-id-module-sl20_authentication</artifactId>
+  <name>moa-id-module-sl20_authentication</name>
+  <url>http://maven.apache.org</url>
+  
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    <repositoryPath>${basedir}/../../../../repository</repositoryPath>    
+  </properties>
+  
+  <profiles>
+        <profile>
+            <id>default</id>
+            <activation>
+                <activeByDefault>true</activeByDefault>
+            </activation>
+            <repositories>
+                <repository>
+                    <id>local</id>
+                    <name>local</name>
+                    <url>file:${basedir}/../../../../repository</url>
+                </repository>
+                <repository>
+                    <id>egiz-commons</id>
+                    <url>https://demo.egiz.gv.at/int-repo/</url>
+                    <releases>
+                        <enabled>true</enabled>
+                    </releases>
+                </repository>
+            </repositories>
+        </profile>
+  </profiles>
+  
+  
+  <dependencies>
+  	<dependency>
+  		<groupId>MOA.id.server</groupId>
+  		<artifactId>moa-id-lib</artifactId>
+  	</dependency> 
+	
+	<dependency>
+    	<groupId>com.google.code.gson</groupId>
+    	<artifactId>gson</artifactId>
+    	<version>2.8.2</version>
+	</dependency>
+	<dependency>
+    	<groupId>org.bitbucket.b_c</groupId>
+    	<artifactId>jose4j</artifactId>
+    	<version>0.6.3</version>
+  	</dependency>
+  
+  
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+  
+</project>
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java
new file mode 100644
index 000000000..7a58648cc
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java
@@ -0,0 +1,44 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth;
+
+public class Constants {
+
+	public static final String HTTP_ENDPOINT_DATAURL = "/sl20/dataUrl";
+	
+	public static final String CONFIG_PROP_PREFIX = "modules.sl20";
+	public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID = CONFIG_PROP_PREFIX + ".vda.urls.qualeID.endpoint";
+	public static final String CONFIG_PROP_VDA_AUTHBLOCK_ID = CONFIG_PROP_PREFIX + ".vda.authblock.id";
+	
+	public static final String CONFIG_PROP_SECURITY_KEYSTORE_PATH = CONFIG_PROP_PREFIX + ".security.keystore.path";
+	public static final String CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD = CONFIG_PROP_PREFIX + ".security.keystore.password";
+	public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS = CONFIG_PROP_PREFIX + ".security.sign.alias";
+	public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD = CONFIG_PROP_PREFIX + ".security.sign.password";
+	public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS = CONFIG_PROP_PREFIX + ".security.encryption.alias";;
+	public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD = CONFIG_PROP_PREFIX + ".security.encryption.password";
+	
+	
+	public static final String PENDING_REQ_STORAGE_PREFIX = "SL20_AUTH_";
+	
+	/**
+	 * Only dummy data for development!!!!!! 	  
+	 */
+	public static final String DUMMY_SIGNING_CERT = 
+			"MIIC9zCCAd8CBFretWcwDQYJKoZIhvcNAQEOBQAwQDELMAkGA1UEBhMCQVQxDTAL\n" + 
+			"BgNVBAoMBEVHSVoxIjAgBgNVBAMMGW93biBkdW1teSBtZXRhZGF0YSBzaWduZXIw\n" + 
+			"HhcNMTgwNDI0MDQ0MTExWhcNMjEwMTE3MDQ0MTExWjBAMQswCQYDVQQGEwJBVDEN\n" + 
+			"MAsGA1UECgwERUdJWjEiMCAGA1UEAwwZb3duIGR1bW15IG1ldGFkYXRhIHNpZ25l\n" + 
+			"cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJvN3l1pjzlnmoW5trHH\n" + 
+			"Rb1s60QtGNp2v1nfMg1R6h7SzygtmO869v5bqrVBBVGmujslr7W8cZ2DLmJoQx1N\n" + 
+			"WwhccjXTHpNPw0B70qHGch2uRNkqkizSOlwth0Ll2DJtzxTolbajYdg+xppXScUq\n" + 
+			"WNlNZndauPSnB2CESgNkaUou4x4YVSDInugAtLvdLx8rf2YcuidI6UIXxeSZr3VO\n" + 
+			"Z12YtddzcJ+lwh7OX8B0UvLsdYjKjefjEudyuNBmVwLv4K2LsFhSqgE1CAzk3oCb\n" + 
+			"V2A84klaWVPiXoBiOucyouvX781WVp1aCBp0QA8gpJH7/2wRsdPQ90tjMzM7dcgY\n" + 
+			"LDkCAwEAATANBgkqhkiG9w0BAQ4FAAOCAQEAQuYRQcCNLDYU1ItliYz9f28+KDyU\n" + 
+			"8WjF3NDZrlJbGSKQ4n7wkBfxdK3zprmpHadWDB+aZaPt/+voE2FduzPiLUDlpazN\n" + 
+			"60JJ5/YHZ3q9MZvdoNg6rjkpioWatoj/smUkT6oUWL/gp8tH12fOd2oJygBqXMve\n" + 
+			"3y3qVCghnjRaMYuXcScTZcjH9yebkTLygirtw34oGVb7t+HwbtcN65fUIBly6Rcl\n" + 
+			"8NV3pwOKhXFKDAqXUpvhebL4+tWOqPdqfIfGaE6rELfTf3icGY3CQCzDz5Gp0Ptc\n" + 
+			"TfQqm64xnhtAruXNJXWg2ptg+GuQgWnJUgQ8wLNMxw9XdeEwlQo5dL6xmg==";
+	
+	public static final String DUMMY_SIGNING_CERT_FINGERPRINT = "IwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJvN3l1pjzlnmoW";
+
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
new file mode 100644
index 000000000..a4044ce21
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth;
+
+import javax.annotation.PostConstruct;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egovernment.moa.id.auth.modules.AuthModule;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SL20AuthenticationModulImpl implements AuthModule {
+
+	private int priority = 3;
+
+	@Autowired(required=true) protected AuthConfiguration authConfig;
+	@Autowired(required=true) private AuthenticationManager authManager;
+	
+	@Override
+	public int getPriority() {
+		return priority;
+	}
+
+	/**
+	 * Sets the priority of this module. Default value is {@code 0}.
+	 * @param priority The priority.
+	 */
+	public void setPriority(int priority) {
+		this.priority = priority;
+	}
+
+	@PostConstruct
+	protected void initalSL20Authentication() {
+		//parameter to whiteList
+		authManager.addHeaderNameToWhiteList(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE);
+		
+	}
+	
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
+	 */
+	@Override
+	public String selectProcess(ExecutionContext context) {
+		if (StringUtils.isNotBlank((String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase())) ||
+				StringUtils.isNotBlank((String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE))) { 
+			Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE +  "' header found");
+			return "SL20Authentication";
+			
+		} else {
+			Logger.trace("No '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE +  "' header found");
+			return null;
+			
+		}
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
+	 */
+	@Override
+	public String[] getProcessDefinitions() {
+		return new String[] { "classpath:sl20.Authentication.process.xml" };
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationSpringResourceProvider.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationSpringResourceProvider.java
new file mode 100644
index 000000000..2658a363d
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationSpringResourceProvider.java
@@ -0,0 +1,28 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth;
+
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+
+import at.gv.egiz.components.spring.api.SpringResourceProvider;
+
+public class SL20AuthenticationSpringResourceProvider implements SpringResourceProvider {
+
+	@Override
+	public String getName() {
+		return "MOA-ID Security-Layer 2.0 Authentication SpringResourceProvider";
+	}
+
+	@Override
+	public String[] getPackagesToScan() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Resource[] getResourcesToLoad() {
+		ClassPathResource sl20AuthConfig = new ClassPathResource("/moaid_sl20_auth.beans.xml", SL20AuthenticationSpringResourceProvider.class);					
+		
+		return new Resource[] {sl20AuthConfig};
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
new file mode 100644
index 000000000..87d306822
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Controller
+public class SL20SignalServlet extends AbstractProcessEngineSignalController {
+
+	public SL20SignalServlet() {
+		super();
+		Logger.debug("Registering servlet " + getClass().getName() + 
+				" with mappings '"+ Constants.HTTP_ENDPOINT_DATAURL + "'.");
+		
+	}
+	
+	@RequestMapping(value = { Constants.HTTP_ENDPOINT_DATAURL 							  
+							}, 
+					method = {RequestMethod.POST, RequestMethod.GET})
+	public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+		signalProcessManagement(req, resp);
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/data/VerificationResult.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/data/VerificationResult.java
new file mode 100644
index 000000000..2a24096f9
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/data/VerificationResult.java
@@ -0,0 +1,39 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.data;
+
+import java.security.cert.X509Certificate;
+import java.util.List;
+
+import com.google.gson.JsonObject;
+
+public class VerificationResult {
+
+	private Boolean validSigned = null;
+	private List<X509Certificate> certs = null;
+	private JsonObject payload = null;
+	
+	public VerificationResult(JsonObject payload) {
+		this.payload = payload;
+		
+	}
+	
+	public VerificationResult(JsonObject string, List<X509Certificate> certs, boolean wasValidSigned) {
+		this.payload = string;
+		this.certs = certs;
+		this.validSigned = wasValidSigned;
+		
+	}
+	
+	public Boolean isValidSigned() {
+		return validSigned;
+	}
+	public List<X509Certificate> getCertChain() {
+		return certs;
+	}
+	public JsonObject getPayload() {
+		return payload;
+	}
+	
+	
+	
+	
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20Exception.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20Exception.java
new file mode 100644
index 000000000..898bd7097
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20Exception.java
@@ -0,0 +1,19 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions;
+
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+
+public class SL20Exception extends MOAIDException {
+
+	private static final long serialVersionUID = 1L;
+
+	public SL20Exception(String messageId, Object[] parameters) {
+		super(messageId, parameters);
+
+	}
+	
+	public SL20Exception(String messageId, Object[] parameters, Throwable wrapped) {
+		super(messageId, parameters, wrapped);
+
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20SecurityException.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20SecurityException.java
new file mode 100644
index 000000000..3bea12cb1
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20SecurityException.java
@@ -0,0 +1,20 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions;
+
+public class SL20SecurityException extends SL20Exception {
+
+	private static final long serialVersionUID = 3281385988027147449L;
+
+	public SL20SecurityException(Object[] parameters) {
+		super("sl20.05", parameters);
+	}
+	
+	public SL20SecurityException(String parameter) {
+		super("sl20.05", new Object[] {parameter});
+	}
+	
+	public SL20SecurityException(Object[] parameters, Throwable wrapped) {
+		super("sl20.05", parameters, wrapped);
+
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoBuildException.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoBuildException.java
new file mode 100644
index 000000000..35cf728f6
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoBuildException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions;
+
+public class SLCommandoBuildException extends SL20Exception {
+
+	private static final long serialVersionUID = 1L;
+
+	
+	public SLCommandoBuildException(String msg) {
+		super("sl20.01", new Object[]{msg});
+		
+	}
+	
+	public SLCommandoBuildException(String msg, Throwable e) {
+		super("sl20.01", new Object[]{msg}, e);
+		
+	}
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoParserException.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoParserException.java
new file mode 100644
index 000000000..f36e8ad82
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoParserException.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions;
+
+public class SLCommandoParserException extends SL20Exception {
+
+	private static final long serialVersionUID = 1L;
+
+	
+	public SLCommandoParserException(String msg) {
+		super("sl20.02", new Object[]{msg});
+		
+	}
+	
+	public SLCommandoParserException(String msg, Throwable e) {
+		super("sl20.02", new Object[]{msg}, e);
+		
+	}
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/IJOSETools.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/IJOSETools.java
new file mode 100644
index 000000000..bcbda3faf
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/IJOSETools.java
@@ -0,0 +1,37 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20;
+
+import java.security.cert.X509Certificate;
+
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoBuildException;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException;
+
+public interface IJOSETools {
+
+	/**
+	 * Create a JWS signature
+	 * 
+	 * @param payLoad Payload to sign
+	 * @throws SLCommandoBuildException 
+	 */
+	public String createSignature(String payLoad) throws SLCommandoBuildException;
+
+	/**
+	 * Validates a JWS signature
+	 * 
+	 * @param serializedContent
+	 * @return
+	 * @throws SLCommandoParserException
+	 * @throws SL20Exception 
+	 */
+	public VerificationResult validateSignature(String serializedContent) throws SL20Exception;
+	
+	/**
+	 * Get the encryption certificate for SL2.0 End-to-End encryption
+	 * 
+	 * @return
+	 */
+	public X509Certificate getEncryptionCertificate();
+	 
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
new file mode 100644
index 000000000..7dd5c39ab
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
@@ -0,0 +1,221 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20;
+
+import java.security.Key;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.util.List;
+
+import javax.annotation.PostConstruct;
+
+import org.jose4j.jwa.AlgorithmConstraints;
+import org.jose4j.jwa.AlgorithmConstraints.ConstraintType;
+import org.jose4j.jws.AlgorithmIdentifiers;
+import org.jose4j.jws.JsonWebSignature;
+import org.jose4j.lang.JoseException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import com.google.gson.JsonElement;
+import com.google.gson.JsonParser;
+
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20SecurityException;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoBuildException;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.utils.X509Utils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.KeyStoreUtils;
+
+@Service
+public class JsonSecurityUtils implements IJOSETools{
+
+	@Autowired(required=true) AuthConfiguration authConfig;
+	private Key signPrivKey = null;
+	private X509Certificate[] signCertChain = null;
+	
+	private Key encPrivKey = null;
+	private X509Certificate[] encCertChain = null;
+	
+	@PostConstruct
+	protected void initalize() {
+		Logger.info("Initialize SL2.0 authentication security constrains ... ");
+		try {
+			KeyStore keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), 
+					getKeyStorePassword());
+			
+			//load signing key
+			signPrivKey = keyStore.getKey(getSigningKeyAlias(), getSigningKeyPassword().toCharArray());
+			Certificate[] certChainSigning = keyStore.getCertificateChain(getSigningKeyAlias());
+			signCertChain = new X509Certificate[certChainSigning.length];
+			for (int i=0; i<certChainSigning.length; i++) {
+				if (certChainSigning[i] instanceof X509Certificate) {
+					signCertChain[i] = (X509Certificate)certChainSigning[i];
+				} else
+					Logger.warn("NO X509 certificate for signing: " + certChainSigning[i].getType());
+				
+			}
+			
+			//load encryption key
+			try {
+				encPrivKey = keyStore.getKey(getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray());
+				if (encPrivKey != null) {
+					Certificate[] certChainEncryption = keyStore.getCertificateChain(getSigningKeyAlias());
+					encCertChain = new X509Certificate[certChainEncryption.length];
+					for (int i=0; i<certChainEncryption.length; i++) {
+						if (certChainEncryption[i] instanceof X509Certificate) {
+							encCertChain[i] = (X509Certificate)certChainEncryption[i];
+						} else
+							Logger.warn("NO X509 certificate for encryption: " + certChainEncryption[i].getType());
+					}									
+				} else
+					Logger.info("No encryption key for SL2.0 found. End-to-End encryption is not used.");
+				
+			} catch (Exception e) {
+				Logger.warn("No encryption key for SL2.0 found. End-to-End encryption is not used. Reason: " + e.getMessage(), e);
+		
+			}
+			
+			//some short validation
+			if (signPrivKey == null || !(signPrivKey instanceof PrivateKey)) {
+				Logger.info("Can NOT open privateKey for SL2.0 signing. KeyStore=" + getKeyStoreFilePath());
+				throw new SL20Exception("sl20.03", new Object[]{"Can NOT open private key for signing"});
+				
+			}
+			
+			if (signCertChain == null || signCertChain.length == 0) {
+				Logger.info("NO certificate for SL2.0 signing. KeyStore=" + getKeyStoreFilePath());
+				throw new SL20Exception("sl20.03", new Object[]{"NO certificate for SL2.0 signing"});
+				
+			}
+			
+			Logger.info("SL2.0 authentication security constrains initialized.");
+			
+		} catch ( Exception e) {
+			Logger.error("SL2.0 security constrains initialization FAILED.", e);
+			
+		}
+		
+	}
+	
+	
+	@Override
+	public String createSignature(String payLoad) throws SLCommandoBuildException {
+		try {
+			JsonWebSignature jws = new JsonWebSignature();
+			
+			//set payload
+			jws.setPayload(payLoad);
+		
+			//set basic header		
+			jws.setContentTypeHeaderValue(SL20Constants.SL20_CONTENTTYPE_SIGNED_COMMAND);
+		
+			//set signing information
+			jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
+			jws.setKey(signPrivKey);
+			jws.setCertificateChainHeaderValue(signCertChain);
+		
+			return jws.getCompactSerialization();
+			
+		} catch (JoseException e) {
+			Logger.warn("Can NOT sign SL2.0 command.", e);
+			throw new SLCommandoBuildException("Can NOT sign SL2.0 command.", e);
+			
+		}
+		
+	}
+	
+	@Override
+	public VerificationResult validateSignature(String serializedContent) throws SL20Exception {
+		try {
+			JsonWebSignature jws = new JsonWebSignature();
+			//set payload
+			jws.setCompactSerialization(serializedContent);
+				
+			//set security constrains
+			jws.setAlgorithmConstraints(new AlgorithmConstraints(ConstraintType.WHITELIST,   
+					SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING.toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING.size()])));
+			
+			//load signinc certs
+			List<X509Certificate> x5cCerts = jws.getCertificateChainHeaderValue();
+			List<X509Certificate> sortedX5cCerts  = null;
+			if (x5cCerts == null || x5cCerts.size() < 1) {
+				Logger.info("Signed SL2.0 response contains NO signature certificate");
+				throw new SLCommandoParserException("Signed SL2.0 response contains NO signature certificate");
+				
+			} 
+			Logger.trace("Sorting received X509 certificates ... ");
+			sortedX5cCerts = X509Utils.sortCertificates(x5cCerts);
+							
+			//set verification key
+			jws.setKey(sortedX5cCerts.get(0).getPublicKey());
+			
+			//validate signature
+			boolean valid = jws.verifySignature();
+			if (!valid) {
+				Logger.info("JWS signature invalide. Stopping authentication process ...");
+				Logger.debug("Received JWS msg: " + serializedContent);
+				throw new SL20SecurityException("JWS signature invalide.");
+				
+			}
+			
+			//load payLoad
+			JsonElement sl20Req = new JsonParser().parse(jws.getPayload());
+			
+			return new VerificationResult(sl20Req.getAsJsonObject(), sortedX5cCerts, valid) ;
+			
+		} catch (JoseException e) {
+			Logger.warn("SL2.0 commando signature validation FAILED", e);
+			throw new SL20SecurityException(new Object[]{e.getMessage()}, e);
+			
+		}
+					
+	}
+	
+	
+	@Override
+	public X509Certificate getEncryptionCertificate() {
+		//TODO: maybe update after SL2.0 update on encryption certificate parts
+		if (encCertChain !=null && encCertChain.length > 0)
+			return encCertChain[0];
+		else
+			return null;
+	}
+	
+	private String getKeyStoreFilePath() {
+		return FileUtils.makeAbsoluteURL(
+					authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH), 
+					authConfig.getRootConfigFileDir());
+	}
+	
+	private String getKeyStorePassword() {
+		return authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD).trim();
+
+	}
+	
+	private String getSigningKeyAlias() {
+		return authConfig.getBasicMOAIDConfiguration(
+				Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS).trim();
+	}
+	
+	private String getSigningKeyPassword() {
+		return authConfig.getBasicMOAIDConfiguration(
+				Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD).trim();
+	}
+
+	private String getEncryptionKeyAlias() {
+		return authConfig.getBasicMOAIDConfiguration(
+				Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS).trim();
+	}
+	
+	private String getEncryptionKeyPassword() {
+		return authConfig.getBasicMOAIDConfiguration(
+				Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD).trim();
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java
new file mode 100644
index 000000000..e84dacc23
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java
@@ -0,0 +1,180 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20;
+
+import java.util.Arrays;
+import java.util.List;
+
+import org.jose4j.jws.AlgorithmIdentifiers;
+
+public class SL20Constants {
+	public static final String CURRENT_SL20_VERSION = "10";
+	
+	//http binding parameters
+	public static final String PARAM_SL20_REQ_COMMAND_PARAM = "slcommand";
+	public static final String PARAM_SL20_REQ_ICP_RETURN_URL_PARAM = "slIPCReturnUrl";
+	public static final String PARAM_SL20_REQ_TRANSACTIONID = "slTransactionID";
+	
+	public static final String HTTP_HEADER_SL20_CLIENT_TYPE = "SL2ClientType";
+	public static final String HTTP_HEADER_VALUE_NATIVE = "nativeApp";
+	
+	
+	//*******************************************************************************************
+	//JSON signing and encryption headers
+	public static final String JSON_ALGORITHM = "alg";
+	public static final String JSON_CONTENTTYPE = "cty";
+	public static final String JSON_X509_CERTIFICATE = "x5c";
+	public static final String JSON_X509_FINGERPRINT = "x5t#S256";
+	public static final String JSON_ENCRYPTION_PAYLOAD = "enc";
+	
+	public static final String JSON_ALGORITHM_SIGNING_RS256 = AlgorithmIdentifiers.RSA_USING_SHA256;
+	public static final String JSON_ALGORITHM_SIGNING_RS512 = AlgorithmIdentifiers.RSA_USING_SHA512;
+	public static final String JSON_ALGORITHM_SIGNING_ES256 = AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256;
+	public static final String JSON_ALGORITHM_SIGNING_ES512 = AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512;
+	public static final String JSON_ALGORITHM_SIGNING_PS256 = AlgorithmIdentifiers.RSA_PSS_USING_SHA256;
+	public static final String JSON_ALGORITHM_SIGNING_PS512 = AlgorithmIdentifiers.RSA_PSS_USING_SHA512;
+
+	public static final List<String> SL20_ALGORITHM_WHITELIST_SIGNING = Arrays.asList(
+			JSON_ALGORITHM_SIGNING_RS256,
+			JSON_ALGORITHM_SIGNING_RS512,
+			JSON_ALGORITHM_SIGNING_ES256,
+			JSON_ALGORITHM_SIGNING_ES512,
+			JSON_ALGORITHM_SIGNING_PS256,
+			JSON_ALGORITHM_SIGNING_PS512
+			);
+	
+	public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP = "RSA-OAEP";
+	public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP256 = "RSA-OAEP-256";
+	
+	public static final String JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256 = "A128CBC-HS256";
+	public static final String JSON_ALGORITHM_ENC_PAYLOAD_A256CBCHS512 = "A256CBC-HS512";
+	public static final String JSON_ALGORITHM_ENC_PAYLOAD_A128GCM = "A128GCM";
+	public static final String JSON_ALGORITHM_ENC_PAYLOAD_A256GCM = "A256GCM";
+	
+	
+	
+	//*********************************************************************************************
+	//Object identifier for generic transport container
+	public static final String SL20_CONTENTTYPE_SIGNED_COMMAND ="application/sl2.0;command";
+	public static final String SL20_CONTENTTYPE_ENCRYPTED_RESULT ="application/sl2.0;result";
+	
+	public static final String SL20_VERSION = "v";
+	public static final String SL20_REQID = "reqID";
+	public static final String SL20_RESPID = "respID";
+	public static final String SL20_INRESPTO = "inResponseTo";
+	public static final String SL20_TRANSACTIONID = "transactionID";
+	public static final String SL20_PAYLOAD = "payload";
+	public static final String SL20_SIGNEDPAYLOAD = "signedPayload";
+	
+	//Generic Object identifier for commands
+	public static final String SL20_COMMAND_CONTAINER_NAME = "name";
+	public static final String SL20_COMMAND_CONTAINER_PARAMS = "params";
+	public static final String SL20_COMMAND_CONTAINER_RESULT = "result";
+	public static final String SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT = "encryptedResult";
+		
+	//COMMAND Object identifier
+	public static final String SL20_COMMAND_IDENTIFIER_REDIRECT = "redirect";
+	public static final String SL20_COMMAND_IDENTIFIER_CALL = "call";
+	public static final String SL20_COMMAND_IDENTIFIER_ERROR = "error";
+	public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDEID = "qualifiedeID";
+	public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDSIG = "qualifiedSig";
+	
+	public static final String SL20_COMMAND_IDENTIFIER_BINDING_CREATE_KEY = "createBindingKey";
+	public static final String SL20_COMMAND_IDENTIFIER_BINDING_STORE_CERT = "storeBindingCert";
+	
+	public static final String SL20_COMMAND_IDENTIFIER_AUTH_IDANDPASSWORD = "idAndPassword";
+	public static final String SL20_COMMAND_IDENTIFIER_AUTH_JWSTOKENFACTOR = "jwsTokenAuth";
+	public static final String SL20_COMMAND_IDENTIFIER_AUTH_QRCODEFACTOR = "qrCodeFactor";
+	
+	//*****COMMAND parameter identifier******
+	//general Identifier
+	public static final String SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_VALUE = "value";
+	public static final String SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_KEY = "key";	
+	public static final String SL20_COMMAND_PARAM_GENERAL_DATAURL = "dataUrl";
+	public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE = "x5cEnc";
+	
+	//Redirect command
+	public static final String SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL = "url";
+	public static final String SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND = "command";
+	public static final String SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND = "signedCommand";
+	public static final String SL20_COMMAND_PARAM_GENERAL_REDIRECT_IPCREDIRECT = "IPCRedirect";		
+	
+	//Call command
+	public static final String SL20_COMMAND_PARAM_GENERAL_CALL_URL = SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL;
+	public static final String SL20_COMMAND_PARAM_GENERAL_CALL_METHOD = "method";
+	public static final String SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET = "get";
+	public static final String SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_POST = "post";
+	public static final String SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID = "includeTransactionID";	
+	public static final String SL20_COMMAND_PARAM_GENERAL_CALL_REQPARAMETER = "reqParams";
+
+	//error command
+	public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE = "errorCode";
+	public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE = "errorMessage";
+	
+	//qualified eID command
+	public static final String SL20_COMMAND_PARAM_EID_AUTHBLOCKID = "authBlockTemplateID";
+	public static final String SL20_COMMAND_PARAM_EID_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; 
+	public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES = "attributes";
+	public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE = "MANDATE-REFERENCE-VALUE";
+	public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID = "SP-FRIENDLYNAME";
+	public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME = "SP-UNIQUEID";
+	public static final String SL20_COMMAND_PARAM_EID_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE;
+	public static final String SL20_COMMAND_PARAM_EID_RESULT_IDL = "EID-IDENTITY-LINK";
+	public static final String SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK = "EID-AUTH-BLOCK";
+	public static final String SL20_COMMAND_PARAM_EID_RESULT_CCSURL = "EID-CCS-URL";
+	public static final String SL20_COMMAND_PARAM_EID_RESULT_LOA = "EID-CITIZEN-QAA-LEVEL";
+	
+	//qualified Signature comamnd
+	public static final String SL20_COMMAND_PARAM_QUALSIG_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL;
+	public static final String SL20_COMMAND_PARAM_QUALSIG_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE;
+	
+	//create binding key command
+	public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID = "kontoID";
+	public static final String SL20_COMMAND_PARAM_BINDING_CREATE_SN = "SN";
+	public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYLENGTH = "keyLength";
+	public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG = "keyAlg";
+	public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES = "policies";
+	public static final String SL20_COMMAND_PARAM_BINDING_CREATE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL;
+	public static final String SL20_COMMAND_PARAM_BINDING_CREATE_X5CVDATRUST = "x5cVdaTrust";
+	public static final String SL20_COMMAND_PARAM_BINDING_CREATE_REQUESTUSERPASSWORD = "reqUserPassword";	
+	public static final String SL20_COMMAND_PARAM_BINDING_CREATE_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE;
+	
+	public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG_RSA = "RSA";
+	public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG_SECPR256R1 = "secp256r1";
+	
+	public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_LIFETIME = "lifeTime";
+	public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_USESECUREELEMENT = "useSecureElement";
+	public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_KEYTIMEOUT = "keyTimeout";
+	public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_NEEDUSERAUTH = "needUserAuth";
+	
+	public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_APPID = "appID";
+	public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_CSR = "csr";
+	public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE = "attCert";
+	public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_USERPASSWORD = "encodedPass";
+		
+	
+	//store binding certificate command
+	public static final String SL20_COMMAND_PARAM_BINDING_STORE_CERTIFICATE = "x5c";
+	public static final String SL20_COMMAND_PARAM_BINDING_STORE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL;
+	public static final String SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS = "success";
+	public static final String SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS_VALUE = "OK";
+	
+	// Username and password authentication
+	public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG = "keyAlg";
+	public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG_VALUE_PLAIN = "plain";
+	public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG_VALUE_PBKDF2 = "PBKDF2";
+	public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL;
+	public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE;	
+	public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_KONTOID = SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID;
+	public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_USERPASSWORD = SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_USERPASSWORD;
+	
+	//JWS Token authentication
+	public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE = "nonce";
+	public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYDATA = "displayData";
+	public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYURL = "displayUrl";
+	public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL;	
+	public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_RESULT_NONCE = SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE;
+	
+	//QR-Code authentication
+	public static final String SL20_COMMAND_PARAM_AUTH_QRCODE_QRCODE = "qrCode";
+	public static final String SL20_COMMAND_PARAM_AUTH_QRCODE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL;
+	
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java
new file mode 100644
index 000000000..cfffed881
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java
@@ -0,0 +1,42 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.io.UnsupportedEncodingException;
+import java.net.URISyntaxException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.entity.ContentType;
+
+import com.google.gson.JsonObject;
+
+import at.gv.egovernment.moaspss.logging.Logger;
+
+public class SL20HttpBindingUtils {
+
+	public static void writeIntoResponse(HttpServletRequest request, HttpServletResponse response, JsonObject sl20Forward, String redirectURL) throws IOException, URISyntaxException {
+		//forward SL2.0 command
+		if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && 
+				request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) {
+			Logger.debug("Client request containts 'native client' header ... ");												
+			StringWriter writer = new StringWriter();
+			writer.write(sl20Forward.toString());						
+			final byte[] content = writer.toString().getBytes("UTF-8");
+			response.setStatus(HttpServletResponse.SC_OK);
+			response.setContentLength(content.length);
+			response.setContentType(ContentType.APPLICATION_JSON.toString());						
+			response.getOutputStream().write(content);
+											
+		} else {
+			Logger.debug("Client request containts is no native client ... ");
+			URIBuilder clientRedirectURI = new URIBuilder(redirectURL);
+			clientRedirectURI.addParameter(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, sl20Forward.toString());
+			response.sendRedirect(clientRedirectURI.build().toString());
+			
+		}
+		
+	}
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java
new file mode 100644
index 000000000..52d7e1e67
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java
@@ -0,0 +1,606 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20;
+
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import com.google.gson.JsonArray;
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoBuildException;
+
+public class SL20JSONBuilderUtils {
+
+	/**
+	 * Create command request
+	 * @param name
+	 * @param params
+	 * @throws SLCommandoBuildException
+	 * @return
+	 */
+	public static JsonObject createCommand(String name, JsonElement params) throws SLCommandoBuildException {
+		JsonObject command = new JsonObject();		
+		addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true);
+		addSingleJSONElement(command, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, params, true);				
+		return command;
+		
+	}
+	
+	/**
+	 * Create signed command request
+	 * 
+	 * @param name
+	 * @param params
+	 * @param signer
+	 * @return
+	 * @throws SLCommandoBuildException
+	 */
+	public static String createSignedCommand(String name, JsonElement params, IJOSETools signer) throws SLCommandoBuildException {
+		JsonObject command = new JsonObject();		
+		addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true);
+		addSingleJSONElement(command, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, params, true);		
+		return signer.createSignature(command.toString());
+				
+	}
+
+
+	/**
+	 * Create encrypted command result
+	 * 
+	 * @param result
+	 * @param encrypter
+	 * @return
+	 * @throws SLCommandoBuildException
+	 */
+	public static String createEncryptedCommandoResult(JsonObject result, JsonSecurityUtils encrypter) throws SLCommandoBuildException {
+		//TODO: add real implementation
+		//create header and footer
+		String dummyHeader = createJsonEncryptionHeader(encrypter).toString();
+		String payLoad = result.toString();
+		String dummyFooter = createJsonSignedFooter(encrypter);
+		
+		return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes()) + "."
+			+ Base64.getUrlEncoder().encodeToString(payLoad.getBytes()) + "."
+			+ Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes());
+	
+	}
+	
+	
+	/**
+	 * Create command result
+	 * 
+	 * @param name
+	 * @param result
+	 * @param encryptedResult
+	 * @throws SLCommandoBuildException
+	 * @return
+	 */
+	public static JsonObject createCommandResponse(String name, JsonElement result, String encryptedResult) throws SLCommandoBuildException {
+		JsonObject command = new JsonObject();
+		addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true);		
+		addOnlyOnceOfTwo(command, 
+				SL20Constants.SL20_COMMAND_CONTAINER_RESULT, SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT, 
+				result, encryptedResult);			
+		return command;
+		
+	}
+	
+	/**
+	 * Create command result
+	 * 
+	 * @param name
+	 * @param result
+	 * @param encryptedResult
+	 * @throws SLCommandoBuildException
+	 * @return
+	 */
+	public static String createSignedCommandResponse(String name, JsonElement result, String encryptedResult, JsonSecurityUtils signer) throws SLCommandoBuildException {
+		JsonObject command = new JsonObject();
+		addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true);		
+		addOnlyOnceOfTwo(command, 
+				SL20Constants.SL20_COMMAND_CONTAINER_RESULT, SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT, 
+				result, encryptedResult);	
+		String encodedCommand = command.toString(); 
+		
+		//TODO: add real implementation
+		//create header and footer
+		String dummyHeader = createJsonSignedHeader(signer).toString();
+		String dummyFooter = createJsonSignedFooter(signer);
+		
+		return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes()) + "."
+				+ Base64.getUrlEncoder().encodeToString(encodedCommand.getBytes()) + "."
+				+ Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes());
+				
+	}
+	
+	/**
+	 * Create parameters for Redirect command
+	 *  
+	 * @param url
+	 * @param command
+	 * @param signedCommand
+	 * @param ipcRedirect
+	 * @return
+	 * @throws SLCommandoBuildException
+	 */
+	public static JsonObject createRedirectCommandParameters(String url, JsonElement command, JsonElement signedCommand, Boolean ipcRedirect) throws SLCommandoBuildException{
+		JsonObject redirectReqParams = new JsonObject();
+		addOnlyOnceOfTwo(redirectReqParams, 
+				SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, 
+				command, signedCommand);		
+		addSingleStringElement(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL, url, false);
+		addSingleBooleanElement(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_IPCREDIRECT, ipcRedirect, false);
+		return redirectReqParams;
+		
+	}
+	
+	/**
+	 * Create parameters for Call command
+	 * 
+	 * @param url
+	 * @param method
+	 * @param includeTransactionId
+	 * @param reqParameters
+	 * @return
+	 * @throws SLCommandoBuildException
+	 */
+	public static JsonObject createCallCommandParameters(String url, String method, Boolean includeTransactionId, Map<String, String> reqParameters) throws SLCommandoBuildException {
+		JsonObject callReqParams = new JsonObject();
+		addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_URL, url, true);
+		addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD, method, true);
+		addSingleBooleanElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID, includeTransactionId, false);
+		addArrayOfStringElements(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_REQPARAMETER, reqParameters);		
+		return callReqParams;
+		
+	}
+	
+	/**
+	 * Create result for Error command
+	 * 
+	 * @param errorCode
+	 * @param errorMsg
+	 * @return
+	 * @throws SLCommandoBuildException
+	 */
+	public static JsonObject createErrorCommandResult(String errorCode, String errorMsg) throws SLCommandoBuildException {
+		JsonObject result = new JsonObject();
+		addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, errorCode, true);
+		addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, errorMsg, true);
+		return result;
+		
+	}
+	
+	
+	/**
+	 * Create parameters for qualifiedeID command
+	 * 
+	 * @param authBlockId
+	 * @param dataUrl
+	 * @param additionalReqParameters
+	 * @param x5cEnc
+	 * @return
+	 * @throws CertificateEncodingException
+	 * @throws SLCommandoBuildException
+	 */
+	public static JsonObject createQualifiedeIDCommandParameters(String authBlockId,  String dataUrl, 
+			Map<String, String> additionalReqParameters, X509Certificate x5cEnc) throws CertificateEncodingException, SLCommandoBuildException {
+		JsonObject params = new JsonObject();
+		addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_AUTHBLOCKID, authBlockId, true);
+		addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_DATAURL, dataUrl, true);
+		addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES, additionalReqParameters);
+		addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_X5CENC, x5cEnc, false);		
+		return params;
+
+	}
+	
+	/**
+	 * Create result for qualifiedeID command
+	 * 
+	 * @param idl
+	 * @param authBlock
+	 * @param ccsURL
+	 * @param LoA
+	 * @return
+	 * @throws SLCommandoBuildException
+	 */
+	public static JsonObject createQualifiedeIDCommandResult(byte[] idl, byte[] authBlock, String ccsURL, String LoA) throws SLCommandoBuildException {
+		JsonObject result = new JsonObject();
+		addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, idl, true);
+		addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, authBlock, true);
+		addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, ccsURL, true);
+		addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, LoA, true);
+		return result;
+		
+	}
+	
+	
+	/**
+	 * Create Binding-Key command parameters
+	 * 
+	 * @param kontoId
+	 * @param subjectName
+	 * @param keySize
+	 * @param keyAlg
+	 * @param policies
+	 * @param dataUrl
+	 * @param x5cVdaTrust
+	 * @param reqUserPassword
+	 * @param x5cEnc
+	 * @return
+	 * @throws SLCommandoBuildException
+	 * @throws CertificateEncodingException
+	 */
+	public static JsonObject createBindingKeyCommandParams(String kontoId, String subjectName, int keySize, String keyAlg, 
+			Map<String, String> policies, String dataUrl, X509Certificate x5cVdaTrust, Boolean reqUserPassword, X509Certificate x5cEnc) throws SLCommandoBuildException, CertificateEncodingException {
+		JsonObject params = new JsonObject();
+		addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID, kontoId, true);
+		addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_SN, subjectName, true);
+		addSingleNumberElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYLENGTH, keySize, true);
+		addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG, keyAlg, true);		
+		addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES, policies);		
+		addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_DATAURL, dataUrl, true);
+		addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_X5CVDATRUST, x5cVdaTrust, false);
+		addSingleBooleanElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_REQUESTUSERPASSWORD, reqUserPassword, false);
+		addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_X5CENC, x5cEnc, false);
+		return params;
+		
+	}
+	
+	/**
+	 * Create Binding-Key command result
+	 * 
+	 * @param appId
+	 * @param csr
+	 * @param attCert
+	 * @param password
+	 * @return
+	 * @throws SLCommandoBuildException
+	 * @throws CertificateEncodingException
+	 */
+	public static JsonObject createBindingKeyCommandResult(String appId, byte[] csr, X509Certificate attCert, byte[] password) throws SLCommandoBuildException, CertificateEncodingException {
+		JsonObject result = new JsonObject();
+		addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_APPID, appId, true);
+		addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_CSR, csr, true);
+		addSingleCertificateElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE, attCert, false);
+		addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_USERPASSWORD, password, false);		
+		return result;
+		
+	}
+	
+	/**
+	 * Create Store Binding-Certificate command parameters
+	 * 
+	 * @param cert
+	 * @param dataUrl
+	 * @return
+	 * @throws CertificateEncodingException
+	 * @throws SLCommandoBuildException
+	 */
+	public static JsonObject createStoreBindingCertCommandParams(X509Certificate cert, String dataUrl) throws CertificateEncodingException, SLCommandoBuildException {
+		JsonObject params = new JsonObject();
+		addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_CERTIFICATE, cert, true);
+		addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_DATAURL, dataUrl, true);		
+		return params;
+		
+	}
+	
+	/**
+	 * Create Store Binding-Certificate command result
+	 * 
+	 * @return
+	 * @throws SLCommandoBuildException
+	 */
+	public static JsonObject createStoreBindingCertCommandSuccessResult() throws SLCommandoBuildException {
+		JsonObject result = new JsonObject();
+		addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS, 
+				SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS_VALUE, true);
+		return result;
+		
+	}
+	
+	
+	/**
+	 * Create idAndPassword command parameters
+	 * 
+	 * @param keyAlg
+	 * @param dataUrl
+	 * @param x5cEnc
+	 * @return
+	 * @throws SLCommandoBuildException
+	 * @throws CertificateEncodingException
+	 */
+	public static JsonObject createIdAndPasswordCommandParameters(String keyAlg, String dataUrl, X509Certificate x5cEnc) throws SLCommandoBuildException, CertificateEncodingException {
+		JsonObject params = new JsonObject();		
+		addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG, keyAlg, true);
+		addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_DATAURL, dataUrl, true);
+		addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_X5CENC, x5cEnc, false);
+		return params;
+		
+	}
+	
+	/**
+	 * Create idAndPassword command result
+	 * 
+	 * @param kontoId
+	 * @param password
+	 * @return
+	 * @throws SLCommandoBuildException
+	 */
+	public static JsonObject createIdAndPasswordCommandResult(String kontoId, byte[] password) throws SLCommandoBuildException {
+		JsonObject result = new JsonObject();
+		addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_KONTOID, kontoId, true);
+		addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_USERPASSWORD, password, true);		
+		return result;
+		
+	}
+	
+	/**
+	 * Create JWS Token Authentication command
+	 * 
+	 * @param nonce
+	 * @param dataUrl
+	 * @param displayData
+	 * @param displayUrl
+	 * @return
+	 * @throws SLCommandoBuildException
+	 */
+	public static JsonObject createJwsTokenAuthCommandParams(String nonce, String dataUrl, List<String> displayData, List<String> displayUrl) throws SLCommandoBuildException {
+		JsonObject params = new JsonObject();
+		addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE, nonce, true);
+		addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL, dataUrl, true);
+		addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYDATA, displayData);
+		addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYURL, displayUrl);		
+		return params;
+		
+	}
+	
+	/**
+	 * Create JWS Token Authentication command result
+	 * 
+	 * @param nonce
+	 * @return
+	 * @throws SLCommandoBuildException
+	 */
+	public static JsonObject createJwsTokenAuthCommandResult(String nonce) throws SLCommandoBuildException {
+		JsonObject result = new JsonObject();
+		addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_RESULT_NONCE, nonce, true);		
+		return result;
+		
+	}
+	
+	
+	/**
+	 * Create Generic Request Container
+	 * 
+	 * @param reqId
+	 * @param transactionId
+	 * @param payLoad
+	 * @param signedPayload
+	 * @return
+	 * @throws SLCommandoBuildException
+	 */
+	public static JsonObject createGenericRequest(String reqId, String transactionId, JsonElement payLoad, String signedPayload) throws SLCommandoBuildException {
+		JsonObject req = new JsonObject();
+		addSingleStringElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true);
+		addSingleStringElement(req, SL20Constants.SL20_REQID, reqId, true);
+		addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false);		
+		addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, 
+				payLoad, signedPayload);		
+		return req;
+		
+	}
+	
+	/**
+	 * Create Generic Response Container
+	 * 
+	 * @param respId
+	 * @param inResponseTo
+	 * @param transactionId
+	 * @param payLoad
+	 * @param signedPayload
+	 * @return
+	 * @throws SLCommandoBuildException
+	 */
+	public static final JsonObject createGenericResponse(String respId, String inResponseTo, String transactionId, 
+			JsonElement payLoad, String signedPayload) throws SLCommandoBuildException {
+		
+		JsonObject req = new JsonObject();
+		addSingleStringElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true);
+		addSingleStringElement(req, SL20Constants.SL20_RESPID, respId, true);
+		addSingleStringElement(req, SL20Constants.SL20_INRESPTO, inResponseTo, true);
+		addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false);		
+		addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, 
+				payLoad, signedPayload);		
+		return req;
+		
+	}
+	
+	/**
+	 * Add one element of two possible elements <br>
+	 * This method adds either the first element or the second element to parent JSON, but never both.  
+	 * 
+	 * @param parent Parent JSON element
+	 * @param firstKeyId first element Id
+	 * @param secondKeyId second element Id
+	 * @param first first element
+	 * @param second second element
+	 * @throws SLCommandoBuildException
+	 */
+	public static void addOnlyOnceOfTwo(JsonObject parent, String firstKeyId, String secondKeyId, JsonElement first, String second) throws SLCommandoBuildException {
+		if (first == null && (second == null  || second.isEmpty()))
+			throw new SLCommandoBuildException(firstKeyId + " and " + secondKeyId + " is NULL");
+		
+		else if (first != null && second != null)
+			throw new SLCommandoBuildException(firstKeyId + " and " + secondKeyId + " can not SET TWICE");
+		
+		else if (first != null)
+			parent.add(firstKeyId, first);
+		
+		else if (second != null && !second.isEmpty())
+			parent.addProperty(secondKeyId, second);
+		
+		else
+			throw new SLCommandoBuildException("Internal build error");
+	}
+	
+	
+	
+	//TODO!!!!
+	private static JsonObject createJsonSignedHeader(JsonSecurityUtils signer) throws SLCommandoBuildException {
+		JsonObject header = new JsonObject();
+		addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, SL20Constants.JSON_ALGORITHM_SIGNING_RS256, true);
+		addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE, SL20Constants.SL20_CONTENTTYPE_SIGNED_COMMAND, true);		
+		addArrayOfStrings(header, SL20Constants.JSON_X509_CERTIFICATE, Arrays.asList(Constants.DUMMY_SIGNING_CERT));
+		
+		return header;
+	}
+	
+	//TODO!!!!
+	private static JsonObject createJsonEncryptionHeader(JsonSecurityUtils signer) throws SLCommandoBuildException {
+		JsonObject header = new JsonObject();
+		addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, SL20Constants.JSON_ALGORITHM_ENC_KEY_RSAOAEP, true);
+		addSingleStringElement(header, SL20Constants.JSON_ENCRYPTION_PAYLOAD, SL20Constants.JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256, true);
+		addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE, SL20Constants.SL20_CONTENTTYPE_ENCRYPTED_RESULT, true);		
+		addSingleStringElement(header, SL20Constants.JSON_X509_FINGERPRINT, Constants.DUMMY_SIGNING_CERT_FINGERPRINT, true);
+		
+		return header;
+	}
+	
+	//TODO!!!!
+	private static String createJsonSignedFooter(JsonSecurityUtils signer) {		
+		return "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7\n" + 
+				"  AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4\n" + 
+				"  BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K\n" + 
+				"  0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv\n" + 
+				"  hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB\n" + 
+				"  p0igcN_IoypGlUPQGe77Rw";
+	}
+
+	
+	
+	private static void addArrayOfStrings(JsonObject parent, String keyId, List<String> values) throws SLCommandoBuildException {
+		validateParentAndKey(parent, keyId);		
+		if (values != null) {
+			JsonArray callReqParamsArray = new JsonArray();
+			parent.add(keyId, callReqParamsArray  );
+			for(String el : values)
+				callReqParamsArray.add(el);
+			
+		}
+	}
+	
+	
+	private static void addArrayOfStringElements(JsonObject parent, String keyId, Map<String, String> keyValuePairs) throws SLCommandoBuildException {
+		validateParentAndKey(parent, keyId);		
+		if (keyValuePairs != null) {			
+			JsonArray callReqParamsArray = new JsonArray();
+			parent.add(keyId, callReqParamsArray  );
+			
+			for(Entry<String, String> el : keyValuePairs.entrySet()) {
+				JsonObject callReqParams = new JsonObject();
+				//callReqParams.addProperty(SL20Constants.SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_KEY, el.getKey());
+				//callReqParams.addProperty(SL20Constants.SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_VALUE, el.getValue());
+				callReqParams.addProperty(el.getKey(), el.getValue());
+				callReqParamsArray.add(callReqParams);
+				
+			}
+		}
+	}
+	
+	private static void addSingleCertificateElement(JsonObject parent, String keyId, X509Certificate cert, boolean isRequired) throws CertificateEncodingException, SLCommandoBuildException {
+		if (cert != null)
+			addSingleByteElement(parent, keyId, cert.getEncoded(), isRequired);
+		
+		else if (isRequired)
+			throw new SLCommandoBuildException(keyId + " is marked as REQUIRED");
+		
+	}
+	
+	
+	
+	private static void addSingleByteElement(JsonObject parent, String keyId, byte[] value, boolean isRequired) throws SLCommandoBuildException {
+		validateParentAndKey(parent, keyId);
+		
+		if (isRequired && value == null)
+			throw new SLCommandoBuildException(keyId + " has NULL value");
+		
+		else if (value != null)
+			parent.addProperty(keyId, Base64.getEncoder().encodeToString(value));
+		
+	}
+	
+	private static void addSingleBooleanElement(JsonObject parent, String keyId, Boolean value, boolean isRequired) throws SLCommandoBuildException {
+		validateParentAndKey(parent, keyId);
+		
+		if (isRequired && value == null)
+			throw new SLCommandoBuildException(keyId + " has a NULL value");
+			
+		else if (value != null)
+			parent.addProperty(keyId, value);
+		
+	}
+	
+	private static void addSingleNumberElement(JsonObject parent, String keyId, Integer value, boolean isRequired) throws SLCommandoBuildException {
+		validateParentAndKey(parent, keyId);
+		
+		if (isRequired && value == null)
+			throw new SLCommandoBuildException(keyId + " has a NULL value");
+		
+		else if (value != null)
+			parent.addProperty(keyId, value);;
+		
+	}
+	
+	private static void addSingleStringElement(JsonObject parent, String keyId, String value, boolean isRequired) throws SLCommandoBuildException {
+		validateParentAndKey(parent, keyId);
+		
+		if (isRequired && (value == null || value.isEmpty()))
+			throw new SLCommandoBuildException(keyId + " has an empty value");
+		
+		else if (value != null && !value.isEmpty())
+			parent.addProperty(keyId, value);
+		
+	}
+	
+	private static void addSingleJSONElement(JsonObject parent, String keyId, JsonElement element, boolean isRequired) throws SLCommandoBuildException {
+		validateParentAndKey(parent, keyId);
+		
+		if (isRequired && element == null)
+			throw new SLCommandoBuildException("No commando name included");
+		
+		else if (element != null)
+			parent.add(keyId, element);
+		
+	}
+		
+	private static void addOnlyOnceOfTwo(JsonObject parent, String firstKeyId, String secondKeyId, JsonElement first, JsonElement second) throws SLCommandoBuildException {
+		if (first == null && second == null)
+			throw new SLCommandoBuildException(firstKeyId + " and " + secondKeyId + " is NULL");
+		
+		else if (first != null && second != null)
+			throw new SLCommandoBuildException(firstKeyId + " and " + secondKeyId + " can not SET TWICE");
+		
+		else if (first != null)
+			parent.add(firstKeyId, first);
+		
+		else if (second != null)
+			parent.add(secondKeyId, second);
+		
+		else
+			throw new SLCommandoBuildException("Internal build error");
+	}
+	
+	private static void validateParentAndKey(JsonObject parent, String keyId) throws SLCommandoBuildException {
+		if (parent == null)
+			throw new SLCommandoBuildException("NO parent JSON element");
+		
+		if (keyId == null || keyId.isEmpty())
+			throw new SLCommandoBuildException("NO JSON element identifier");
+	}
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
new file mode 100644
index 000000000..e1444c95f
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
@@ -0,0 +1,259 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20;
+
+import java.io.InputStreamReader;
+import java.net.URLDecoder;
+import java.util.Base64;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import org.apache.http.Header;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.utils.URIBuilder;
+import org.apache.log4j.Logger;
+
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException;
+
+public class SL20JSONExtractorUtils {
+	private static final Logger log = Logger.getLogger(SL20JSONExtractorUtils.class);
+	
+	/**
+	 * Extract String value from JSON 
+	 * 
+	 * @param input
+	 * @param keyID
+	 * @param isRequired
+	 * @return
+	 * @throws SLCommandoParserException
+	 */
+	public static String getStringValue(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException {
+		try {
+			JsonElement internal = getAndCheck(input, keyID, isRequired);
+		
+			if (internal != null)
+				return internal.getAsString();
+			else
+				return null;
+			
+		} catch (SLCommandoParserException e) {
+			throw e;
+			
+		} catch (Exception e) {
+			throw new SLCommandoParserException("Can not extract String value with keyId: " + keyID, e);
+			
+		}		
+	}
+	
+	/**
+	 * Extract Boolean value from JSON 
+	 * 
+	 * @param input
+	 * @param keyID
+	 * @param isRequired
+	 * @return
+	 * @throws SLCommandoParserException
+	 */
+	public static boolean getBooleanValue(JsonObject input, String keyID, boolean isRequired, boolean defaultValue) throws SLCommandoParserException {
+		try {
+			JsonElement internal = getAndCheck(input, keyID, isRequired);
+				
+			if (internal != null)
+				return internal.getAsBoolean();
+			else
+				return defaultValue;
+			
+		} catch (SLCommandoParserException e) {
+			throw e;
+			
+		} catch (Exception e) {
+			throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e);
+			
+		}		
+	}
+	
+	/**
+	 * Extract JSONObject value from JSON 
+	 * 
+	 * @param input
+	 * @param keyID
+	 * @param isRequired
+	 * @return
+	 * @throws SLCommandoParserException
+	 */
+	public static JsonObject getJSONObjectValue(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException {
+		try {
+			JsonElement internal = getAndCheck(input, keyID, isRequired);
+				
+			if (internal != null)
+				return internal.getAsJsonObject();
+			else
+				return null;
+			
+		} catch (SLCommandoParserException e) {
+			throw e;
+			
+		} catch (Exception e) {
+			throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e);
+			
+		}		
+	}
+	
+	/**
+	 * Extract Map of Key/Value pairs from a JSON Array 
+	 * 
+	 * @param input
+	 * @param keyID
+	 * @param isRequired
+	 * @return
+	 * @throws SLCommandoParserException
+	 */
+	public static Map<String, String> getMapOfStringElements(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException {
+		JsonElement internal = getAndCheck(input, keyID, isRequired);
+		
+		Map<String, String> result = new HashMap<String, String>();
+				
+		if (internal != null) {
+			if (!internal.isJsonArray())
+				throw new SLCommandoParserException("JSON Element IS NOT a JSON array");
+
+			Iterator<JsonElement> arrayIterator = internal.getAsJsonArray().iterator();
+			while(arrayIterator.hasNext()) {
+				//JsonObject next = arrayIterator.next().getAsJsonObject();
+				//result.put(
+				//		next.get(SL20Constants.SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_KEY).getAsString(), 
+				//		next.get(SL20Constants.SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_VALUE).getAsString());
+				JsonElement next = arrayIterator.next();				
+				Iterator<Entry<String, JsonElement>> entry = next.getAsJsonObject().entrySet().iterator();
+				while (entry.hasNext()) {
+					Entry<String, JsonElement> el = entry.next();
+					if (result.containsKey(el.getKey()))
+						log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... ");
+						
+					result.put(el.getKey(), el.getValue().getAsString());
+					
+				}				
+			}						
+		}
+		
+		return result;
+	}
+	
+	
+	public static JsonElement extractSL20Result(JsonObject command, JsonSecurityUtils encrypter, boolean mustBeEncrypted) throws SLCommandoParserException {
+		JsonElement result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT);
+		JsonElement encryptedResult = command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT);
+		
+		if (result == null && encryptedResult == null)
+			throw new SLCommandoParserException("NO result OR encryptedResult FOUND.");		
+		
+		else if (result == null && encryptedResult == null) 
+			throw new SLCommandoParserException("result AND encryptedResultFOUND. Can not used twice");
+		
+		else if (encryptedResult == null && mustBeEncrypted)
+			throw new SLCommandoParserException("result MUST be signed.");
+		
+		else if (result != null)
+			return result;
+		
+		else if (encryptedResult != null) {
+			//TODO: Add correct signature validation			 
+			String[] signedPayload = encryptedResult.toString().split("\\.");
+			JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode(signedPayload[1])));
+			return payLoad;
+			
+		} else
+			throw new SLCommandoParserException("Internal build error");
+		
+		
+	}
+		
+	/**
+	 * Extract payLoad from generic transport container
+	 * 
+	 * @param container
+	 * @param joseTools
+	 * @return
+	 * @throws SLCommandoParserException
+	 */
+	public static VerificationResult extractSL20PayLoad(JsonObject container, IJOSETools joseTools, boolean mustBeSigned) throws SL20Exception {
+		
+		JsonElement sl20Payload = container.get(SL20Constants.SL20_PAYLOAD);
+		JsonElement sl20SignedPayload = container.get(SL20Constants.SL20_SIGNEDPAYLOAD);
+		
+		if (mustBeSigned && joseTools == null)
+			throw new SLCommandoParserException("'joseTools' MUST be set if 'mustBeSigned' is 'true'");
+					
+		if (sl20Payload == null && sl20SignedPayload == null)
+			throw new SLCommandoParserException("NO payLoad OR signedPayload FOUND.");		
+		
+		else if (sl20Payload == null && sl20SignedPayload == null) 
+			throw new SLCommandoParserException("payLoad AND signedPayload FOUND. Can not used twice");
+		
+		else if (sl20SignedPayload == null && mustBeSigned)
+			throw new SLCommandoParserException("payLoad MUST be signed.");
+		
+		else if (sl20Payload != null)
+			return new VerificationResult(sl20Payload.getAsJsonObject());
+		
+		else if (sl20SignedPayload != null && sl20SignedPayload.isJsonPrimitive())
+			return joseTools.validateSignature(sl20SignedPayload.getAsString());
+			
+		else
+			throw new SLCommandoParserException("Internal build error");
+			
+		
+	}
+	
+	
+	/**
+	 * Extract generic transport container from httpResponse
+	 * 
+	 * @param httpResp
+	 * @return
+	 * @throws SLCommandoParserException
+	 */
+	public static JsonObject getSL20ContainerFromResponse(HttpResponse httpResp) throws SLCommandoParserException {
+		try {
+			JsonObject sl20Resp = null;
+			if (httpResp.getStatusLine().getStatusCode() == 307) {
+				Header[] locationHeader = httpResp.getHeaders("Location");
+				if (locationHeader == null)
+					throw new SLCommandoParserException("Find Redirect statuscode but not Location header");
+			
+				String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue();
+				sl20Resp = new JsonParser().parse(URLDecoder.decode(sl20RespString)).getAsJsonObject();
+			
+			} else if (httpResp.getStatusLine().getStatusCode() == 200) {
+				if (!httpResp.getEntity().getContentType().getValue().equals("application/json;charset=UTF-8"))
+					throw new SLCommandoParserException("SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue());
+					
+				sl20Resp = new JsonParser().parse(new InputStreamReader(httpResp.getEntity().getContent())).getAsJsonObject();
+		
+			} else
+				throw new SLCommandoParserException("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode());
+				
+			return sl20Resp;
+			
+		} catch (Exception e) {
+			throw new SLCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e);
+			
+		}		
+	}
+	
+	private static JsonElement getAndCheck(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException {
+		JsonElement internal = input.get(keyID);
+		
+		if (internal == null && isRequired) 
+			throw new SLCommandoParserException("REQUIRED Element with keyId: " + keyID + " does not exist");
+		
+		return internal;
+		
+	}
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
new file mode 100644
index 000000000..1e15e893e
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
@@ -0,0 +1,176 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks;
+
+import java.io.StringWriter;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.http.HttpResponse;
+import org.apache.http.NameValuePair;
+import org.apache.http.client.entity.UrlEncodedFormEntity;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.entity.ContentType;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.message.BasicNameValuePair;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import com.google.gson.JsonObject;
+
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.IJOSETools;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20HttpBindingUtils;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moaspss.logging.Logger;
+
+@Component("CreateQualeIDRequestTask")
+public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
+
+	@Autowired(required=true) private IJOSETools joseTools;
+	
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+			
+			Logger.debug("Starting SL2.0 authentication process .... ");
+
+			try {
+				//get service-provider configuration
+				IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
+				
+				//get basic configuration parameters
+				String vdaQualeIDUrl = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID);				
+				if (MiscUtil.isEmpty(vdaQualeIDUrl)) {
+					Logger.error("NO VDA URL for qualified eID (" + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID + ")");
+					throw new SL20Exception("sl20.03", new Object[]{"NO VDA URL for qualified eID"});
+					
+				}
+				
+				String authBlockId = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_AUTHBLOCK_ID);
+				if (MiscUtil.isEmpty(authBlockId)) {
+					Logger.error("NO AuthBlock Template identifier for qualified eID (" + Constants.CONFIG_PROP_VDA_AUTHBLOCK_ID + ")");
+					throw new SL20Exception("sl20.03", new Object[]{"NO AuthBlock Template identifier for qualified eID"});
+					
+				}
+				
+				//build DataURL for qualified eID response
+				String dataURL = new DataURLBuilder().buildDataURL(
+						pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_DATAURL, pendingReq.getRequestID());
+//				String dataURL = new DataURLBuilder().buildDataURL(
+//						"http://labda.iaik.tugraz.at:8080/moa-id-auth/", Constants.HTTP_ENDPOINT_DATAURL, pendingReq.getRequestID());
+				
+				//build qualifiedeID command
+				Map<String, String> qualifiedeIDParams = new HashMap<String, String>();
+				qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID, oaConfig.getPublicURLPrefix());
+				qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME, oaConfig.getFriendlyName());			
+				//qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE, UUID.randomUUID().toString());
+
+				JsonObject qualeIDCommandParams = SL20JSONBuilderUtils.createQualifiedeIDCommandParameters(
+						authBlockId, 
+						dataURL, 
+						qualifiedeIDParams, 
+						joseTools.getEncryptionCertificate());
+								
+				String qualeIDReqId = UUID.randomUUID().toString();
+				String signedQualeIDCommand = SL20JSONBuilderUtils.createSignedCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID, qualeIDCommandParams, joseTools);
+				JsonObject sl20Req = SL20JSONBuilderUtils.createGenericRequest(qualeIDReqId, null, null, signedQualeIDCommand);
+								
+				//open http client
+				SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(
+						authConfig,
+						vdaQualeIDUrl);
+				CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient(
+						sslFactory,
+						authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true));
+				
+				//build post request
+				HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build());								
+				httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE);
+				List<NameValuePair> parameters = new ArrayList<NameValuePair>();;
+				parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, sl20Req.toString()));
+				httpReq.setEntity(new UrlEncodedFormEntity(parameters ));				
+				
+				//request VDA
+				HttpResponse httpResp = httpClient.execute(httpReq);
+								
+				//parse response
+				Logger.info("Receive response from VDA ... ");
+				JsonObject sl20Resp = SL20JSONExtractorUtils.getSL20ContainerFromResponse(httpResp);
+				VerificationResult respPayloadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20Resp, null, false);
+				
+				if (respPayloadContainer.isValidSigned() == null) {
+					Logger.debug("Receive unsigned payLoad from VDA");
+					
+				}
+				
+				JsonObject respPayload = respPayloadContainer.getPayload();
+				if (respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString()
+						.equals(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT)) {
+					Logger.debug("Find 'redirect' command in VDA response ... ");									
+					JsonObject params = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, true);					
+					String redirectURL = SL20JSONExtractorUtils.getStringValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL, true);									
+					JsonObject command = SL20JSONExtractorUtils.getJSONObjectValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND, false);
+					String signedCommand = SL20JSONExtractorUtils.getStringValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, false);					
+
+					//create forward SL2.0 command
+					JsonObject sl20Forward = sl20Resp.deepCopy().getAsJsonObject();
+					SL20JSONBuilderUtils.addOnlyOnceOfTwo(sl20Forward, 
+							SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, 
+							command, signedCommand);
+										
+					//store pending request
+					pendingReq.setGenericDataToSession(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, 
+							qualeIDReqId);
+					requestStoreage.storePendingRequest(pendingReq);
+
+					//forward SL2.0 command
+					SL20HttpBindingUtils.writeIntoResponse(request, response, sl20Forward, redirectURL);
+													
+				} else {
+					//TODO: update to add error handling
+					Logger.warn("Received an unrecognized command: " + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString());
+				
+				}
+				
+				
+			} catch (MOAIDException  e) {
+				throw new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e);
+				
+			} catch (Exception e) {
+				Logger.warn("SL2.0 Authentication FAILED with a generic error.", e);
+				throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+				
+			} finally {				
+				TransactionIDUtils.removeTransactionId();
+				TransactionIDUtils.removeSessionId();
+				
+			}
+			
+			
+
+		
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
new file mode 100644
index 000000000..6d2163ff1
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -0,0 +1,228 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks;
+
+import java.io.ByteArrayInputStream;
+import java.io.StringWriter;
+import java.security.cert.X509Certificate;
+import java.util.Calendar;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.http.entity.ContentType;
+import org.jose4j.keys.X509Util;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+import com.google.gson.JsonSyntaxException;
+
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20SecurityException;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.IJOSETools;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moaspss.logging.Logger;
+import iaik.esi.sva.util.X509Utils;
+import iaik.utils.Util;
+
+@Component("ReceiveQualeIDTask")
+public class ReceiveQualeIDTask extends AbstractAuthServletTask {
+
+	@Autowired(required=true) private IJOSETools joseTools;
+	
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+		
+		Logger.debug("Receiving SL2.0 response process .... ");
+		try {
+			//get SL2.0 command or result from HTTP request
+			Map<String, String> reqParams = getParameters(request);
+			String sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM); 			
+			if (MiscUtil.isEmpty(sl20Result)) {
+				Logger.info("NO SL2.0 commando or result FOUND.");
+				throw new SL20Exception("sl20.04", null);
+				
+			}
+			
+			
+			//parse SL2.0 command/result into JSON
+			JsonObject sl20ReqObj = null;
+			try {
+				JsonParser jsonParser = new JsonParser();
+				JsonElement sl20Req = jsonParser.parse(sl20Result);
+				sl20ReqObj = sl20Req.getAsJsonObject();
+				
+			} catch (JsonSyntaxException e) {
+				Logger.warn("SL2.0 command or result is NOT valid JSON.", e);
+				Logger.debug("SL2.0 msg: " + sl20Result);
+				throw new SL20Exception("sl20.02", new Object[]{"SL2.0 command or result is NOT valid JSON."}, e);
+				
+			}
+			
+			//validate reqId with inResponseTo 
+			String sl20ReqId = pendingReq.getGenericData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class);
+			String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true);
+			if (sl20ReqId == null || !sl20ReqId.equals(inRespTo)) {
+				Logger.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo);
+				throw new SL20SecurityException("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo);
+			}
+			
+			
+			//validate signature
+			//TODO:
+			VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20ReqObj, joseTools, true);
+			if (payLoadContainer.isValidSigned() == null || 
+					!payLoadContainer.isValidSigned()) {
+				Logger.info("SL20 result from VDA was not valid signed");
+				throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."});
+				
+			}
+			
+			//TODO validate certificate
+			List<X509Certificate> sigCertChain = payLoadContainer.getCertChain();
+			
+			//extract payloaf
+			JsonObject payLoad = payLoadContainer.getPayload();
+			
+			//check response type
+			if (SL20JSONExtractorUtils.getStringValue(
+					payLoad, SL20Constants.SL20_COMMAND_CONTAINER_NAME, true)
+						.equals(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID)) {
+				Logger.debug("Find " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result .... ");
+				
+				
+				//TODO: add decryption
+				JsonElement qualeIDResult = SL20JSONExtractorUtils.extractSL20Result(payLoad, null, false);
+				
+				
+				//extract attributes from result
+				String idlB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), 
+										SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, true);
+				String authBlockB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), 
+						SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, true);
+				String ccsURL = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), 
+						SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, true);
+				String LoA = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), 
+						SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, true);
+				
+				
+				//TODO: validate results
+				
+				
+				//add into session
+				defaultTaskInitialization(request, executionContext);
+				moasession.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink());
+				moasession.setBkuURL(ccsURL);
+				//TODO: from AuthBlock
+				moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()));
+				moasession.setQAALevel(LoA);
+				
+				//mark as authenticated
+				moasession.setAuthenticated(true);
+				pendingReq.setAuthenticated(true);
+								
+				//store pending request
+				requestStoreage.storePendingRequest(pendingReq);
+								
+				//create response 
+				Map<String, String> reqParameters = new HashMap<String, String>();
+				reqParameters.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID());
+				JsonObject callReqParams = SL20JSONBuilderUtils.createCallCommandParameters(
+						new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT, null), 
+						SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, 
+						false, 
+						reqParameters);
+				JsonObject callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams);
+				
+				//build first redirect command for app
+				JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters("", callCommand, null, true);
+				JsonObject redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams);
+								
+				//build second redirect command for IDP
+				JsonObject redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters(
+						new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT, null), 
+						redirectOneCommand, null, true);
+				JsonObject redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams);
+				
+				//build generic SL2.0 response container								
+				String transactionId = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, false);
+				JsonObject respContainer = SL20JSONBuilderUtils.createGenericRequest(
+						UUID.randomUUID().toString(), 
+						transactionId, 
+						redirectTwoCommand, 
+						null); 
+				
+				if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && 
+						request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) {					
+					Logger.debug("Client request containts 'native client' header ... ");												
+					StringWriter writer = new StringWriter();
+					writer.write(respContainer.toString());						
+					final byte[] content = writer.toString().getBytes("UTF-8");
+					response.setStatus(HttpServletResponse.SC_OK);
+					response.setContentLength(content.length);
+					response.setContentType(ContentType.APPLICATION_JSON.toString());						
+					response.getOutputStream().write(content);
+					
+					
+				} else {
+					Logger.info("SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'");
+					throw new SL20Exception("sl20.06", 
+							new Object[] {"SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"});
+					
+				}
+												
+			} else {
+				Logger.info("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result");
+				throw new SLCommandoParserException("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result");
+			}
+			
+			
+		} catch (MOAIDException  e) {
+			Logger.warn("ERROR:", e);
+			throw new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e);
+			
+		} catch (Exception e) {
+			Logger.warn("ERROR:", e);
+			Logger.warn("SL2.0 Authentication FAILED with a generic error.", e);
+			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			
+		} finally {				
+			TransactionIDUtils.removeTransactionId();
+			TransactionIDUtils.removeSessionId();
+			
+		}
+	}
+
+	
+	private JsonObject createRedirectCommand() {
+		
+		
+		return null;
+		
+		
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
new file mode 100644
index 000000000..48a3d2450
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
@@ -0,0 +1 @@
+at.gv.egovernment.moa.id.auth.modules.sl20_auth.SL20AuthenticationSpringResourceProvider
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml
new file mode 100644
index 000000000..37551b3f5
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xmlns:tx="http://www.springframework.org/schema/tx"
+	xmlns:aop="http://www.springframework.org/schema/aop"
+	xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+	<context:annotation-config />
+
+	<bean id="sl20AuthModule" class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.SL20AuthenticationModulImpl">
+		<property name="priority" value="3" />
+	</bean>
+ 
+	<bean id="SL20SignalServlet"
+				class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.SL20SignalServlet"/>
+
+	<bean id="firstJOSETests"
+				class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.JsonSecurityUtils"/>							
+							
+<!-- Authentication Process Tasks --> 
+	<bean id="CreateQualeIDRequestTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks.CreateQualeIDRequestTask"
+				scope="prototype"/>
+	
+	<bean id="ReceiveQualeIDResponseTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks.ReceiveQualeIDTask"
+				scope="prototype"/>
+																						
+</beans>
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml
new file mode 100644
index 000000000..bcd74f84c
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="SL20Authentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
+
+	<pd:Task id="createQualifiedeIDRequest" class="CreateQualeIDRequestTask" />
+	<pd:Task id="receiveQualifiedeID" class="ReceiveQualeIDResponseTask"  async="true"/>
+	
+	<!-- <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> -->
+
+	<pd:StartEvent id="start" />
+	<pd:Transition from="start" to="createQualifiedeIDRequest" />	
+	<pd:Transition from="createQualifiedeIDRequest" to="receiveQualifiedeID" />
+	<pd:Transition from="receiveQualifiedeID" to="end" />
+
+	<!-- It's only required if we can not use the finalize redirect on SL20 redirect command -->
+	<!-- <pd:Transition from="receiveQualifiedeID" to="finalizeAuthentication" />		
+	<pd:Transition from="finalizeAuthentication"    to="end" />	 -->
+	
+	<pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml
index f0779b26c..a9aed2d24 100644
--- a/id/server/modules/pom.xml
+++ b/id/server/modules/pom.xml
@@ -1,5 +1,5 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 
 	<parent>
@@ -28,13 +28,15 @@
 		<module>moa-id-module-openID</module>
 		
 		<module>moa-id-module-eIDAS</module>
-		<module>moa-id-module-eIDAS-v2</module>		
+		<!-- <module>moa-id-module-eIDAS-v2</module> -->		
 		<module>moa-id-modules-federated_authentication</module>
 		<module>moa-id-module-elga_mandate_service</module>
 		
 		<module>moa-id-module-ssoTransfer</module>
 		<module>moa-id-module-bkaMobilaAuthSAML2Test</module>
-	</modules>
+   		
+   		<module>moa-id-module-sl20_authentication</module>
+  </modules>
 	
 	<dependencies>
  		<dependency>
@@ -62,4 +64,4 @@
 		</dependency>
 	</dependencies>
 	
-</project>
+</project>
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 8eadbff39..e4aa52d33 100644
--- a/pom.xml
+++ b/pom.xml
@@ -537,6 +537,12 @@
 				<version>${moa-id-version}</version>
 			</dependency>	
 			   			                         
+             <dependency>
+				<groupId>MOA.id.server.modules</groupId>
+				<artifactId>moa-id-module-sl20_authentication</artifactId>
+				<version>${moa-id-version}</version>
+			</dependency>				   			                         
+			   			                         
              <dependency>
                 <groupId>MOA.id.server</groupId>
                 <artifactId>moa-id-commons</artifactId>
-- 
cgit v1.2.3


From 1cf340e047d2d701d9bfe442f291231ec477d2f4 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 17 May 2018 17:13:03 +0200
Subject: fix some more bugs in SAML2 ATTRIBUTEQUERRY implementation for
 federated authentication

---
 .../moa/id/auth/builder/AuthenticationDataBuilder.java   |  6 +++---
 .../moa/id/protocols/pvp2x/AttributQueryAction.java      |  6 +++++-
 .../moa/id/protocols/pvp2x/PVP2XProtocol.java            |  2 +-
 .../id/protocols/pvp2x/builder/AttributQueryBuilder.java |  8 ++------
 .../moa/id/protocols/pvp2x/config/PVPConfiguration.java  |  4 ----
 .../pvp2x/utils/AssertionAttributeExtractor.java         | 16 +++++++++++-----
 6 files changed, 22 insertions(+), 20 deletions(-)

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index cc716f9f8..b93de5119 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -189,7 +189,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 	 * @throws MOAIDException
 	 */
 	public AssertionAttributeExtractor getAuthDataFromAttributeQuery(List<Attribute> reqQueryAttr,
-			String userNameID, IOAAuthParameters idpConfig ) throws MOAIDException{
+			String userNameID, IOAAuthParameters idpConfig, String spEntityID) throws MOAIDException{
 		String idpEnityID = idpConfig.getPublicURLPrefix();
 		
 		try {		
@@ -203,7 +203,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 			}
 				
 			//build attributQuery request
-			AttributeQuery query = attributQueryBuilder.buildAttributQueryRequest(userNameID, endpoint, reqQueryAttr);
+			AttributeQuery query = attributQueryBuilder.buildAttributQueryRequest(spEntityID, userNameID, endpoint, reqQueryAttr);
 			
 			//build SOAP request				
 			List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
@@ -362,7 +362,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 			else {
 				String qaaLevel = session.getGenericDataFromSession(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, String.class);
 				if (MiscUtil.isNotEmpty(qaaLevel)) {
-					Logger.debug("Find PVP-Attr: " + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME
+					Logger.debug("Find PVP-Attr '" + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + "':" + qaaLevel
 							+ " --> Parse QAA-Level from that attribute.");
 						
 					if (qaaLevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index 72691a034..4ef9fa05e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -235,8 +235,12 @@ public class AttributQueryAction implements IAction {
 				}	
 				
 				//validation complete --> start AttributeQuery Request
+				/*TODO:
+				 * 'pendingReq.getAuthURL() + "/sp/federated/metadata"' is implemented in federated_authentication module 
+				 *  but used in moa-id-lib. This should be refactored!!!  
+				 */
 				AssertionAttributeExtractor extractor = authDataBuilder.getAuthDataFromAttributeQuery(reqAttributes, 
-						nextIDPInformation.getUserNameID(), idp);
+						nextIDPInformation.getUserNameID(), idp, pendingReq.getAuthURL() + "/sp/federated/metadata");
 								
 				//mark attribute request as used
 				if (nextIDPInformation.isStoreSSOInformation()) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 4369a469a..4b9b21093 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -634,7 +634,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController  {
 		
 		//validate destination
 		String destinaten = attrQuery.getDestination();
-		if (!PVPConfiguration.getInstance().getIDPAttributeQueryService(HTTPUtils.extractAuthURLFromRequest(request)).equals(destinaten)) {
+		if (!PVPConfiguration.getInstance().getIDPSSOSOAPService(HTTPUtils.extractAuthURLFromRequest(request)).equals(destinaten)) {
 			Logger.warn("AttributeQuery destination does not match IDP AttributeQueryService URL");
 			throw new AttributQueryException("AttributeQuery destination does not match IDP AttributeQueryService URL", null);
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
index 4aa4f7419..f4cd7422c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
@@ -101,7 +101,7 @@ public class AttributQueryBuilder {
 	}
 	
 	
-	public AttributeQuery buildAttributQueryRequest(String nameID, 
+	public AttributeQuery buildAttributQueryRequest(String spEntityID, String nameID, 
 			String endpoint, List<Attribute> requestedAttributes) throws AttributQueryException {
 		
 		
@@ -125,7 +125,7 @@ public class AttributQueryBuilder {
 			query.setIssueInstant(now);
 			
 			Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
-			nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath().get(0));
+			nissuer.setValue(spEntityID);
 			nissuer.setFormat(NameID.ENTITY);
 			query.setIssuer(nissuer);
 			
@@ -156,10 +156,6 @@ public class AttributQueryBuilder {
 			
 			return query;
 			
-		} catch (ConfigurationException e) {
-			Logger.error("Build AttributQuery Request FAILED.", e);
-			throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e);
-			
 		} catch (CredentialsNotAvailableException e) {
 			Logger.error("Build AttributQuery Request FAILED.", e);
 			throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index 480656e30..47c4b0736 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -138,10 +138,6 @@ public class PVPConfiguration {
 	public String getIDPSSOSOAPService(String publicURLPrefix) throws ConfigurationException {
 		return publicURLPrefix + PVP2_IDP_SOAP;
 	}
-	
-	public String getIDPAttributeQueryService(String publicURLPrefix) throws ConfigurationException {
-		return publicURLPrefix + PVP2_IDP_ATTRIBUTEQUERY;
-	}
 		
 	public String getIDPSSOMetadataService(String publicURLPrefix) throws ConfigurationException {
 		return publicURLPrefix + PVP2_METADATA;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index 106be8a09..9d585bc86 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -52,12 +52,17 @@ public class AssertionAttributeExtractor {
 	private Map<String, List<String>> attributs = new HashMap<String, List<String>>();
 	//private PersonalAttributeList storkAttributes = new PersonalAttributeList();
 		
-	private final List<String> minimalAttributeNameList = Arrays.asList(
+	private final List<String> minimalMDSAttributeNamesList = Arrays.asList(
 			PVPConstants.PRINCIPAL_NAME_NAME, 
 			PVPConstants.GIVEN_NAME_NAME,
-			PVPConstants.ENC_BPK_LIST_NAME,
+			PVPConstants.BIRTHDATE_NAME,
 			PVPConstants.BPK_NAME);
-		
+
+	private final List<String> minimalIDLAttributeNamesList = Arrays.asList(
+			PVPConstants.EID_IDENTITY_LINK_NAME,			
+			PVPConstants.EID_SOURCE_PIN_NAME,
+			PVPConstants.EID_SOURCE_PIN_TYPE_NAME);
+	
 	/**
 	 * Parse the SAML2 Response element and extracts included information
 	 * <br><br>
@@ -132,7 +137,8 @@ public class AssertionAttributeExtractor {
 	 * @return
 	 */
 	public boolean containsAllRequiredAttributes() {
-		return containsAllRequiredAttributes(minimalAttributeNameList);
+		return containsAllRequiredAttributes(minimalMDSAttributeNamesList) 
+				|| containsAllRequiredAttributes(minimalIDLAttributeNamesList);
 		
 	}
 	
@@ -161,7 +167,7 @@ public class AssertionAttributeExtractor {
 			return flag;
 		
 		else {			
-			Logger.debug("Assertion contains no bPK or encryptedbPK.");
+			Logger.debug("Assertion contains no all minimum attributes from: " + attributeNameList.toString());
 			return false;
 			
 		}		
-- 
cgit v1.2.3


From ebd93e9389e630450e5b052a18a6a6fc8d05f611 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 28 May 2018 16:40:30 +0200
Subject: refactore code to use EAAF core components

---
 .../usermanagement/FileBasedUserConfiguration.java |   2 +-
 .../id/configuration/data/GeneralMOAIDConfig.java  |   2 +-
 .../data/oa/OAAuthenticationData.java              |   2 +-
 .../configuration/data/oa/OARevisionsLogData.java  |   2 +-
 .../configuration/struts/action/BasicOAAction.java |   4 +-
 .../struts/action/EditGeneralConfigAction.java     |   4 +-
 .../configuration/struts/action/EditOAAction.java  |   2 +-
 .../struts/action/ImportExportAction.java          |   2 +-
 .../configuration/struts/action/IndexAction.java   |   2 +-
 .../struts/action/InterfederationIDPAction.java    |   2 +-
 .../struts/action/UserManagementAction.java        |   2 +-
 .../id/config/webgui/MOAIDConfigurationModul.java  |   2 +-
 .../validation/MOAIDConfigurationValidator.java    |   2 +-
 .../task/impl/GeneralMOAIDConfigurationTask.java   |   2 +-
 .../task/impl/GeneralOpenIDConfigurationTask.java  |   2 +-
 .../task/impl/GeneralPVP2XConfigurationTask.java   |   2 +-
 .../task/impl/GeneralRevisionLogTask.java          |   2 +-
 .../task/impl/GeneralSTORKConfigurationTask.java   |   2 +-
 .../ServicesAuthenticationInformationTask.java     |   2 +-
 .../task/impl/ServicesAuthenticationSTORKTask.java |   2 +-
 .../task/impl/ServicesProtocolSTORKTask.java       |   2 +-
 .../task/impl/ServicesReversionLogTask.java        |   2 +-
 id/server/idserverlib/pom.xml                      |   6 +-
 .../id/advancedlogging/DummyStatisticLogger.java   |  58 --
 .../moa/id/advancedlogging/IStatisticLogger.java   |  39 -
 .../moa/id/advancedlogging/MOAReversionLogger.java |  53 +-
 .../moa/id/advancedlogging/StatisticLogger.java    |  21 +-
 .../moa/id/advancedlogging/TransactionIDUtils.java | 101 ---
 .../moa/id/auth/AuthenticationSessionCleaner.java  |  10 +-
 .../moa/id/auth/MOAIDAuthInitializer.java          |   4 +-
 .../id/auth/builder/AuthenticationDataBuilder.java |   6 +-
 .../builder/CreateXMLSignatureRequestBuilder.java  |   5 +-
 .../moa/id/auth/builder/DataURLBuilder.java        | 111 ---
 .../builder/DynamicOAAuthParameterBuilder.java     |  20 +-
 .../exception/InvalidProtocolRequestException.java |  49 --
 .../auth/exception/ProtocolNotActiveException.java |  46 -
 .../id/auth/modules/AbstractAuthServletTask.java   | 229 -----
 .../moa/id/auth/modules/AuthModule.java            |  42 -
 .../id/auth/modules/BKUSelectionModuleImpl.java    |   1 +
 .../modules/SingleSignOnConsentsModuleImpl.java    |   1 +
 .../id/auth/modules/TaskExecutionException.java    |  75 --
 .../internal/tasks/EvaluateBKUSelectionTask.java   |   4 +-
 .../tasks/EvaluateSSOConsentsTaskImpl.java         |   6 +-
 .../internal/tasks/FinalizeAuthenticationTask.java |   4 +-
 .../tasks/GenerateBKUSelectionFrameTask.java       |  12 +-
 .../GenerateSSOConsentEvaluatorFrameTask.java      |  13 +-
 .../tasks/RestartAuthProzessManagement.java        |   8 +-
 .../modules/registration/ModuleRegistration.java   | 149 ----
 .../StartAuthentificationParameterParser.java      |  21 +-
 .../moa/id/auth/servlet/AbstractController.java    | 356 --------
 .../AbstractProcessEngineSignalController.java     |   5 +-
 .../id/auth/servlet/GUILayoutBuilderServlet.java   |   9 +-
 .../id/auth/servlet/IDPSingleLogOutServlet.java    |  14 +-
 .../moa/id/auth/servlet/LogOutServlet.java         |  16 +-
 .../moa/id/auth/servlet/RedirectServlet.java       |  14 +-
 .../UniqueSessionIdentifierInterceptor.java        |   4 +-
 .../interceptor/VHostUrlRewriteServletFilter.java  |   2 +-
 .../WebFrontEndSecurityInterceptor.java            |   4 +-
 .../moa/id/client/utils/SZRGWClientUtils.java      |   7 +-
 .../moa/id/config/ConfigurationProviderImpl.java   |  86 +-
 .../moa/id/config/auth/OAAuthParameter.java        | 938 --------------------
 .../id/config/auth/OAAuthParameterDecorator.java   | 958 +++++++++++++++++++++
 .../PropertyBasedAuthConfigurationProvider.java    | 300 +++----
 .../config/auth/data/DynamicOAAuthParameters.java  |  28 +-
 .../moa/id/data/AuthenticationData.java            |   3 +-
 .../moa/id/data/ExceptionContainer.java            |  86 --
 .../at/gv/egovernment/moa/id/data/IAuthData.java   | 107 ---
 .../moa/id/data/SLOInformationImpl.java            |   1 +
 .../at/gv/egovernment/moa/id/moduls/IAction.java   |  39 -
 .../gv/egovernment/moa/id/moduls/IModulInfo.java   |  42 -
 .../egovernment/moa/id/moduls/IRequestStorage.java |  43 -
 .../id/moduls/NoPassivAuthenticationException.java |  38 -
 .../gv/egovernment/moa/id/moduls/RequestImpl.java  | 454 ----------
 .../egovernment/moa/id/moduls/RequestStorage.java  | 135 ---
 .../gv/egovernment/moa/id/moduls/SSOManager.java   |   5 +-
 .../moa/id/opemsaml/MOAIDHTTPPostEncoder.java      |   2 +-
 .../moa/id/process/ExecutionContextImpl.java       |  79 --
 .../process/ExpressionEvaluationContextImpl.java   |  44 -
 .../moa/id/process/ProcessDefinitionParser.java    | 224 -----
 .../process/ProcessDefinitionParserException.java  |  35 -
 .../egovernment/moa/id/process/ProcessEngine.java  | 110 ---
 .../moa/id/process/ProcessEngineImpl.java          | 420 ---------
 .../moa/id/process/ProcessExecutionException.java  |  36 -
 .../moa/id/process/ProcessInstance.java            | 164 ----
 .../moa/id/process/ProcessInstanceState.java       |  30 -
 .../moa/id/process/api/ExecutionContext.java       |  63 --
 .../process/api/ExpressionEvaluationContext.java   |  23 -
 .../moa/id/process/api/ExpressionEvaluator.java    |  25 -
 .../at/gv/egovernment/moa/id/process/api/Task.java |  26 -
 .../moa/id/process/dao/ProcessInstanceStore.java   |  91 --
 .../id/process/dao/ProcessInstanceStoreDAO.java    |  43 -
 .../process/dao/ProcessInstanceStoreDAOImpl.java   |  93 --
 .../egovernment/moa/id/process/model/EndEvent.java |  42 -
 .../moa/id/process/model/ProcessDefinition.java    | 158 ----
 .../moa/id/process/model/ProcessNode.java          |  69 --
 .../moa/id/process/model/StartEvent.java           |  45 -
 .../egovernment/moa/id/process/model/TaskInfo.java |  94 --
 .../moa/id/process/model/Transition.java           | 136 ---
 .../process/spring/SpringExpressionEvaluator.java  |  61 --
 .../springweb/AbstractAuthSourceServlet.java       | 116 ---
 .../moa/id/process/springweb/MoaIdTask.java        |  99 ---
 .../springweb/SpringWebExpressionEvaluator.java    | 143 ---
 .../moa/id/process/support/SecureRandomHolder.java |  35 -
 .../AbstractAuthProtocolModulController.java       | 309 -------
 .../protocols/ProtocolFinalizationController.java  | 195 -----
 .../builder/attributes/BPKAttributeBuilder.java    |  14 +-
 .../attributes/BirthdateAttributeBuilder.java      |  58 --
 .../protocols/builder/attributes/EIDAuthBlock.java |  14 +-
 .../id/protocols/builder/attributes/EIDCcsURL.java |  15 +-
 .../EIDCitizenQAALevelAttributeBuilder.java        |  18 +-
 .../builder/attributes/EIDIdentityLinkBuilder.java |  67 --
 .../EIDIssuingNationAttributeBuilder.java          |  52 --
 .../builder/attributes/EIDSTORKTOKEN.java          |  14 +-
 .../attributes/EIDSectorForIDAttributeBuilder.java |  15 +-
 .../builder/attributes/EIDSignerCertificate.java   |  14 +-
 .../protocols/builder/attributes/EIDSourcePIN.java |  56 --
 .../builder/attributes/EIDSourcePINType.java       |  51 --
 .../EIDeIDASQAALevelAttributeBuilder.java          |  48 --
 .../attributes/EncryptedBPKAttributeBuilder.java   |  17 +-
 .../attributes/GivenNameAttributeBuilder.java      |  45 -
 .../protocols/builder/attributes/HolderOfKey.java  |  14 +-
 .../builder/attributes/IAttributeBuilder.java      |  36 -
 .../builder/attributes/IAttributeGenerator.java    |  40 -
 .../builder/attributes/IPVPAttributeBuilder.java   |  29 -
 .../MandateFullMandateAttributeBuilder.java        |  12 +-
 ...MandateLegalPersonFullNameAttributeBuilder.java |  12 +-
 ...andateLegalPersonSourcePinAttributeBuilder.java |  12 +-
 ...teLegalPersonSourcePinTypeAttributeBuilder.java |  12 +-
 .../MandateNaturalPersonBPKAttributeBuilder.java   |  17 +-
 ...dateNaturalPersonBirthDateAttributeBuilder.java |  16 +-
 ...ateNaturalPersonFamilyNameAttributeBuilder.java |  12 +-
 ...dateNaturalPersonGivenNameAttributeBuilder.java |  12 +-
 ...dateNaturalPersonSourcePinAttributeBuilder.java |  14 +-
 ...NaturalPersonSourcePinTypeAttributeBuilder.java |  12 +-
 .../MandateProfRepDescAttributeBuilder.java        |  12 +-
 .../MandateProfRepOIDAttributeBuilder.java         |  12 +-
 .../MandateReferenceValueAttributeBuilder.java     |  13 +-
 .../attributes/MandateTypeAttributeBuilder.java    |  12 +-
 .../attributes/MandateTypeOIDAttributeBuilder.java |  12 +-
 .../attributes/PVPVersionAttributeBuilder.java     |  45 -
 .../attributes/PrincipalNameAttributeBuilder.java  |  45 -
 .../id/protocols/pvp2x/AttributQueryAction.java    |  10 +-
 .../id/protocols/pvp2x/AuthenticationAction.java   |   8 +-
 .../moa/id/protocols/pvp2x/MetadataAction.java     |  12 +-
 .../moa/id/protocols/pvp2x/PVP2XProtocol.java      |  16 +-
 .../id/protocols/pvp2x/PVPAssertionStorage.java    |   2 +-
 .../moa/id/protocols/pvp2x/PVPConstants.java       | 246 +-----
 .../id/protocols/pvp2x/PVPTargetConfiguration.java |   2 +-
 .../moa/id/protocols/pvp2x/SingleLogOutAction.java |  20 +-
 .../moa/id/protocols/pvp2x/binding/IEncoder.java   |   2 +-
 .../id/protocols/pvp2x/binding/PostBinding.java    |   4 +-
 .../protocols/pvp2x/binding/RedirectBinding.java   |   2 +-
 .../id/protocols/pvp2x/binding/SoapBinding.java    |   2 +-
 .../pvp2x/builder/AttributQueryBuilder.java        |   2 +-
 .../pvp2x/builder/PVPAttributeBuilder.java         |   6 +-
 .../pvp2x/builder/PVPAuthnRequestBuilder.java      |   2 +-
 .../pvp2x/builder/SingleLogOutBuilder.java         |   4 +-
 .../builder/assertion/PVP2AssertionBuilder.java    |   6 +-
 .../attributes/exceptions/AttributeException.java  |  33 -
 .../exceptions/AttributePolicyException.java       |  40 -
 .../InvalidDateFormatAttributeException.java       |  35 -
 .../NoMandateDataAttributeException.java           |   4 +-
 .../exceptions/UnavailableAttributeException.java  |  40 -
 .../protocols/pvp2x/config/PVPConfiguration.java   |   2 +-
 .../exceptions/AuthnRequestValidatorException.java |  62 --
 .../NameIDFormatNotSupportedException.java         |   2 +
 .../pvp2x/metadata/MOAMetadataProvider.java        |   2 +-
 .../moa/id/protocols/pvp2x/utils/SAML2Utils.java   |   2 +-
 .../pvp2x/validation/AuthnRequestValidator.java    |   2 +-
 .../pvp2x/verification/EntityVerifier.java         |   2 +-
 .../pvp2x/verification/SAMLVerificationEngine.java |   2 +-
 .../storage/DBAuthenticationSessionStoreage.java   |   8 +-
 .../moa/id/storage/DBTransactionStorage.java       |  21 +-
 .../id/storage/IAuthenticationSessionStoreage.java |   4 +-
 .../moa/id/storage/ITransactionStorage.java        | 135 ---
 .../moa/id/storage/RedisTransactionStorage.java    |   1 +
 .../moa/id/util/AbstractEncrytionUtil.java         |   1 +
 .../moa/id/util/ErrorResponseUtils.java            | 105 ---
 .../at/gv/egovernment/moa/id/util/HTTPUtils.java   | 196 -----
 .../moa/id/util/MOAIDMessageProvider.java          | 144 ++++
 .../java/at/gv/egovernment/moa/id/util/Random.java | 187 ----
 .../gv/egovernment/moa/id/util/ServletUtils.java   |  69 --
 ....protocols.builder.attributes.IAttributeBuilder |   9 -
 .../moa/id/module/test/TestRequestImpl.java        |   4 +-
 .../spring/test/DummyTransactionStorage.java       |   2 +-
 .../spring/test/task/CreateSAML1AssertionTask.java |   4 +-
 .../spring/test/task/GetIdentityLinkTask.java      |   4 +-
 .../id/process/spring/test/task/SelectBKUTask.java |   2 +-
 .../spring/test/task/SignAuthBlockTask.java        |   4 +-
 .../spring/test/task/ValidateIdentityLinkTask.java |   2 +-
 .../test/task/ValidateSignedAuthBlockTask.java     |   4 +-
 .../moa/id/process/test/HalloWeltTask.java         |   2 +-
 .../moa/id/process/test/HelloWorldTask.java        |   2 +-
 .../id/storage/test/DBTransactionStorageTest.java  |   2 +-
 id/server/moa-id-commons/pom.xml                   |   9 +
 .../moa/id/commons/MOAIDAuthConstants.java         |   9 +-
 .../egovernment/moa/id/commons/MOAIDConstants.java |  13 +-
 .../moa/id/commons/api/AuthConfiguration.java      |  40 +-
 .../moa/id/commons/api/ConfigurationProvider.java  |  10 +-
 .../moa/id/commons/api/IOAAuthParameters.java      |  28 +-
 .../egovernment/moa/id/commons/api/IRequest.java   | 221 -----
 .../id/commons/api/exceptions/MOAIDException.java  |   5 +-
 .../config/ConfigurationMigrationUtils.java        |   2 +-
 .../config/MOAIDConfigurationConstants.java        |   4 +-
 .../config/persistence/MOAIDConfigurationImpl.java |   2 +-
 .../moa/id/commons/db/NewConfigurationDBRead.java  |   2 +-
 .../moa/id/commons/db/ex/MOADatabaseException.java |  10 +-
 .../moa/id/commons/utils/KeyValueUtils.java        | 341 --------
 .../moa/id/commons/utils/MOAIDMessageProvider.java | 104 ---
 .../AbstractGUIFormBuilderConfiguration.java       |   1 +
 ...roviderSpecificGUIFormBuilderConfiguration.java |   4 +-
 .../DefaultGUIFormBuilderConfiguration.java        |  23 +-
 .../auth/frontend/builder/GUIFormBuilderImpl.java  |   4 +-
 .../frontend/builder/IGUIBuilderConfiguration.java |  74 --
 .../id/auth/frontend/builder/IGUIFormBuilder.java  |  68 --
 ...PSpecificGUIBuilderConfigurationWithDBLoad.java |   2 +-
 ...cGUIBuilderConfigurationWithFileSystemLoad.java |   2 +-
 .../auth/frontend/exception/GUIBuildException.java |  46 -
 .../moa/id/auth/frontend/utils/FormBuildUtils.java |   2 +-
 .../moa/id/auth/MOAIDAuthSpringInitializer.java    |   2 +-
 .../moa/id/auth/AuthenticationServer.java          |   6 +-
 .../AuthenticationBlockAssertionBuilder.java       |   6 +-
 .../auth/builder/GetIdentityLinkFormBuilder.java   |   2 +-
 .../internal/DefaultCitizenCardAuthModuleImpl.java |   2 +-
 .../internal/tasks/CertificateReadRequestTask.java |   6 +-
 .../internal/tasks/CreateIdentityLinkFormTask.java |   6 +-
 .../modules/internal/tasks/GetForeignIDTask.java   |   4 +-
 .../internal/tasks/GetMISSessionIDTask.java        |   4 +-
 .../tasks/InitializeBKUAuthenticationTask.java     |   6 +-
 .../tasks/PrepareAuthBlockSignatureTask.java       |   4 +-
 .../internal/tasks/PrepareGetMISMandateTask.java   |   8 +-
 .../tasks/VerifyAuthenticationBlockTask.java       |   4 +-
 .../internal/tasks/VerifyCertificateTask.java      |   6 +-
 .../internal/tasks/VerifyIdentityLinkTask.java     |   4 +-
 .../CreateXMLSignatureResponseValidator.java       |   4 +-
 .../VerifyXMLSignatureResponseValidator.java       |   4 +-
 .../moa/id/util/CitizenCardServletUtils.java       |   5 +-
 .../bkamobileauthtests/BKAMobileAuthModule.java    |   6 +-
 .../tasks/FirstBKAMobileAuthTask.java              |   6 +-
 .../tasks/SecondBKAMobileAuthTask.java             |   6 +-
 .../eidas_v2/eIDASAuthenticationModulImpl.java     |   2 +-
 .../eidas_v2/tasks/CreateIdentityLinkTask.java     |   4 +-
 .../eidas_v2/tasks/GenerateAuthnRequestTask.java   |   8 +-
 .../eidas_v2/tasks/ReceiveAuthnResponseTask.java   |   4 +-
 .../eidas/eIDASAuthenticationModulImpl.java        |   2 +-
 .../eidas/tasks/CreateIdentityLinkTask.java        |   4 +-
 .../eidas/tasks/GenerateAuthnRequestTask.java      |   8 +-
 .../eidas/tasks/ReceiveAuthnResponseTask.java      |   4 +-
 .../eidas/utils/MOAWhiteListConfigurator.java      |   2 +-
 .../modules/eidas/utils/eIDASAttributeBuilder.java |   4 +-
 .../moa/id/protocols/eidas/EIDASData.java          |   2 +-
 .../moa/id/protocols/eidas/EIDASProtocol.java      |  10 +-
 .../id/protocols/eidas/EidasMetaDataRequest.java   |   8 +-
 .../attributes/builder/eIDASAttrFamilyName.java    |   4 +-
 .../attributes/builder/eIDASAttrGivenName.java     |   4 +-
 .../builder/eIDASAttrLegalPersonIdentifier.java    |   4 +-
 .../eIDASAttrNaturalPersonalIdentifier.java        |   6 +-
 ...DASAttrRepresentativeLegalPersonIdentifier.java |   4 +-
 ...ttrRepresentativeNaturalPersonalIdentifier.java |   6 +-
 .../eidas/eIDASAuthenticationRequest.java          |  12 +-
 .../eidas/validator/eIDASResponseValidator.java    |   2 +-
 .../controller/ELGAMandateMetadataController.java  |   4 +-
 .../tasks/EvaluateMandateServiceTask.java          |   4 +-
 .../tasks/ReceiveElgaMandateResponseTask.java      |   6 +-
 .../tasks/RedirectToMandateSelectionTask.java      |   6 +-
 .../elgamandates/tasks/RequestELGAMandateTask.java |   6 +-
 .../tasks/SelectMandateServiceTask.java            |  10 +-
 .../elgamandates/utils/ELGAMandateUtils.java       |   4 +-
 .../attributes/OAuth20AttributeBuilder.java        |   4 +-
 .../attributes/OpenIdAudiencesAttribute.java       |   4 +-
 .../OpenIdAuthenticationTimeAttribute.java         |   4 +-
 .../attributes/OpenIdExpirationTimeAttribute.java  |   4 +-
 .../attributes/OpenIdIssueInstantAttribute.java    |   4 +-
 .../oauth20/attributes/OpenIdIssuerAttribute.java  |   4 +-
 .../oauth20/attributes/OpenIdNonceAttribute.java   |   4 +-
 .../OpenIdSubjectIdentifierAttribute.java          |   4 +-
 .../attributes/ProfileDateOfBirthAttribute.java    |   4 +-
 .../attributes/ProfileFamilyNameAttribute.java     |   4 +-
 .../attributes/ProfileGivenNameAttribute.java      |   4 +-
 .../oauth20/protocol/OAuth20AuthAction.java        |  18 +-
 .../oauth20/protocol/OAuth20AuthRequest.java       |   2 +-
 .../oauth20/protocol/OAuth20BaseRequest.java       |   4 +-
 .../oauth20/protocol/OAuth20Protocol.java          |  10 +-
 .../oauth20/protocol/OAuth20TokenAction.java       |  14 +-
 .../oauth20/protocol/OAuth20TokenRequest.java      |   2 +-
 .../sl20_auth/SL20AuthenticationModulImpl.java     |   4 +-
 .../sl20_auth/tasks/CreateQualeIDRequestTask.java  |  10 +-
 .../sl20_auth/tasks/ReceiveQualeIDTask.java        |  10 +-
 .../ssotransfer/SSOTransferAuthModuleImpl.java     |   2 +-
 .../data/SSOTransferAuthenticationData.java        |   2 +-
 .../data/SSOTransferOnlineApplication.java         |   2 +-
 .../ssotransfer/servlet/SSOTransferServlet.java    |   8 +-
 .../servlet/SSOTransferSignalServlet.java          |   4 +-
 .../task/InitializeRestoreSSOSessionTask.java      |  10 +-
 .../ssotransfer/task/RestoreSSOSessionTask.java    |   8 +-
 .../auth/modules/ssotransfer/utils/GUIUtils.java   |   4 +-
 .../ssotransfer/utils/SSOContainerUtils.java       |   8 +-
 .../FederatedAuthenticationModuleImpl.java         |   2 +-
 .../FederatedAuthMetadataController.java           |   4 +-
 .../tasks/CreateAuthnRequestTask.java              |   8 +-
 .../tasks/ReceiveAuthnResponseTask.java            |  10 +-
 .../moa/id/monitoring/DatabaseTestModule.java      |   4 +-
 .../egovernment/moa/id/monitoring/TestManager.java |   4 +-
 pom.xml                                            |  15 +-
 304 files changed, 2042 insertions(+), 9673 deletions(-)
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/DummyStatisticLogger.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/IStatisticLogger.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ExecutionContextImpl.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ExpressionEvaluationContextImpl.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParser.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParserException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessExecutionException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessInstance.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessInstanceState.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExecutionContext.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExpressionEvaluationContext.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExpressionEvaluator.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStore.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAO.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/EndEvent.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/ProcessDefinition.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/ProcessNode.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/StartEvent.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/TaskInfo.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/Transition.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/spring/SpringExpressionEvaluator.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/AbstractAuthSourceServlet.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/SpringWebExpressionEvaluator.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/support/SecureRandomHolder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BirthdateAttributeBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIssuingNationAttributeBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePIN.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePINType.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDeIDASQAALevelAttributeBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/GivenNameAttributeBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IAttributeBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IAttributeGenerator.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IPVPAttributeBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PVPVersionAttributeBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PrincipalNameAttributeBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributeException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributePolicyException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/InvalidDateFormatAttributeException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/UnavailableAttributeException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestValidatorException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java
 delete mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIBuilderConfiguration.java
 delete mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java
 delete mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/exception/GUIBuildException.java

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/usermanagement/FileBasedUserConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/usermanagement/FileBasedUserConfiguration.java
index 986dc0db5..6f9ce0e7d 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/usermanagement/FileBasedUserConfiguration.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/usermanagement/FileBasedUserConfiguration.java
@@ -17,9 +17,9 @@ import org.slf4j.LoggerFactory;
 import at.gv.egiz.components.configuration.api.Configuration;
 import at.gv.egiz.components.configuration.api.ConfigurationException;
 import at.gv.egiz.components.configuration.file.PropertiesBasedConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
index 82eb5592a..dc6e840d7 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
@@ -28,6 +28,7 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.ChainingModeType;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.ChainingModes;
@@ -54,7 +55,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoT
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TrustAnchor;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyAuthBlock;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.configuration.Constants;
 import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
 import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
index ad99f5d22..e907128d9 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
@@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.apache.log4j.Logger;
 
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.BKUURLS;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfiguration;
@@ -41,7 +42,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TemplateType;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TemplatesType;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TestCredentials;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoType;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
 import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
 import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java
index bb98d2e64..18bebf9d8 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java
@@ -27,8 +27,8 @@ import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper;
 import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
index 3d86ada31..32368bab9 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
@@ -44,6 +44,8 @@ import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
 
 import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.frontend.builder.AbstractServiceProviderSpecificGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
@@ -54,7 +56,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfigurat
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.STORK;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
 import at.gv.egovernment.moa.id.configuration.Constants;
@@ -66,7 +67,6 @@ import at.gv.egovernment.moa.id.configuration.exception.BasicActionException;
 import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
 import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
-import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.util.MiscUtil;
 import iaik.utils.URLDecoder;
 
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
index cf5911b3a..c3e8c459e 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
@@ -33,6 +33,8 @@ import org.apache.commons.lang3.StringUtils;
 import org.apache.log4j.Logger;
 
 import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS;
@@ -62,7 +64,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TimeOuts;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoType;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyAuthBlock;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
 import at.gv.egovernment.moa.id.configuration.Constants;
 import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig;
@@ -72,7 +73,6 @@ import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
 import at.gv.egovernment.moa.id.configuration.helper.StringHelper;
 import at.gv.egovernment.moa.id.configuration.validation.moaconfig.MOAConfigValidator;
 import at.gv.egovernment.moa.id.configuration.validation.moaconfig.StorkConfigValidator;
-import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
index 85b8a8ea0..cfb74ebd2 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
@@ -29,6 +29,7 @@ import java.util.Map;
 
 import org.apache.log4j.Logger;
 
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
@@ -52,7 +53,6 @@ import at.gv.egovernment.moa.id.configuration.exception.BasicActionException;
 import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
 import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
-import at.gv.egovernment.moa.id.util.Random;
 
 public class EditOAAction extends BasicOAAction {
 
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
index a9889da9c..d72505c0f 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
@@ -42,6 +42,7 @@ import org.apache.log4j.Logger;
 import org.springframework.beans.BeansException;
 
 import at.gv.egiz.components.configuration.api.Configuration;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.commons.config.ConfigurationUtil;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfiguration;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -50,7 +51,6 @@ import at.gv.egovernment.moa.id.configuration.Constants;
 import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
 import at.gv.egovernment.moa.id.configuration.exception.BasicActionException;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
-import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class ImportExportAction extends BasicAction {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
index bf75a3068..f1d1c94af 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
@@ -60,6 +60,7 @@ import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
 import org.opensaml.xml.security.x509.X509Credential;
 import org.opensaml.xml.signature.Signature;
 
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -76,7 +77,6 @@ import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
 import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class IndexAction extends BasicAction {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
index 384f0662f..7fae5d40c 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
@@ -32,6 +32,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProvid
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.IdentificationNumber;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOAIDConfiguration;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
@@ -49,7 +50,6 @@ import at.gv.egovernment.moa.id.configuration.exception.BasicActionException;
 import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException;
 import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
-import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
index 8be134442..26afb0205 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
@@ -34,6 +34,7 @@ import org.apache.log4j.Logger;
 import org.apache.struts2.interceptor.ServletRequestAware;
 import org.apache.struts2.interceptor.ServletResponseAware;
 
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
@@ -47,7 +48,6 @@ import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
 import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
 import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator;
-import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 import com.opensymphony.xwork2.ActionSupport;
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDConfigurationModul.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDConfigurationModul.java
index 59f36f475..6ea845b27 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDConfigurationModul.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDConfigurationModul.java
@@ -44,10 +44,10 @@ import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageExceptio
 import at.gv.egiz.components.configuration.meta.api.MetadataConfiguration;
 import at.gv.egiz.components.configuration.meta.api.SchemaEntry;
 import at.gv.egiz.components.configuration.meta.api.impl.BaseMetadataConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration;
 import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfigurationImpl;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationValidationException;
 import at.gv.egovernment.moa.id.config.webgui.validation.MOAIDConfigurationValidator;
 
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/MOAIDConfigurationValidator.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/MOAIDConfigurationValidator.java
index 2bb33a9d7..93f490a28 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/MOAIDConfigurationValidator.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/MOAIDConfigurationValidator.java
@@ -35,9 +35,9 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationModulValidationException;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationValidationException;
 import at.gv.egovernment.moa.id.config.webgui.validation.modul.IModuleValidator;
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
index c9ad63121..3155faf3a 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
@@ -35,8 +35,8 @@ import org.slf4j.LoggerFactory;
 
 import at.gv.egiz.components.configuration.api.Configuration;
 import at.gv.egiz.components.configuration.api.ConfigurationException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
 import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java
index 35fed19a3..56c63efb4 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralOpenIDConfigurationTask.java
@@ -29,8 +29,8 @@ import java.util.Map;
 import java.util.regex.Pattern;
 
 import at.gv.egiz.components.configuration.api.Configuration;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
 import at.gv.egovernment.moa.id.config.webgui.validation.task.AbstractTaskValidator;
 
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java
index cdd2a7ce2..698654c9f 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralPVP2XConfigurationTask.java
@@ -33,8 +33,8 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import at.gv.egiz.components.configuration.api.Configuration;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
 import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralRevisionLogTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralRevisionLogTask.java
index 35f1e5228..a99907f13 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralRevisionLogTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralRevisionLogTask.java
@@ -36,8 +36,8 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import at.gv.egiz.components.configuration.api.Configuration;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
 import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
index 309e0745b..4567afcba 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
@@ -37,9 +37,9 @@ import org.slf4j.LoggerFactory;
 
 import at.gv.egiz.components.configuration.api.Configuration;
 import at.gv.egiz.components.configuration.api.ConfigurationException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
 import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
index 25855dcb6..e6d56b392 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
@@ -33,8 +33,8 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import at.gv.egiz.components.configuration.api.Configuration;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
 import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java
index 7f5e93ff9..7e269fe17 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationSTORKTask.java
@@ -37,9 +37,9 @@ import org.slf4j.LoggerFactory;
 
 import at.gv.egiz.components.configuration.api.Configuration;
 import at.gv.egiz.components.configuration.api.ConfigurationException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
 import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
 import at.gv.egovernment.moa.id.config.webgui.helper.LanguageHelper;
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java
index eb881d465..63fd70b78 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesProtocolSTORKTask.java
@@ -37,8 +37,8 @@ import org.slf4j.LoggerFactory;
 
 import at.gv.egiz.components.configuration.api.Configuration;
 import at.gv.egiz.components.configuration.api.ConfigurationException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
 import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesReversionLogTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesReversionLogTask.java
index da441de4b..34ce4f25a 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesReversionLogTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesReversionLogTask.java
@@ -36,8 +36,8 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import at.gv.egiz.components.configuration.api.Configuration;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationTaskValidationException;
 import at.gv.egovernment.moa.id.config.webgui.exception.ValidationObjectIdentifier;
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 89d18e5c4..5d7071a19 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -1,12 +1,12 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
 	<parent>
 		<groupId>MOA.id</groupId>
 		<artifactId>moa-id</artifactId>
 		<version>3.x</version>
 	</parent>
 
-	<modelVersion>4.0.0</modelVersion>
 	<groupId>MOA.id.server</groupId>
 	<artifactId>moa-id-lib</artifactId>
 	<version>${moa-id-version}</version>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/DummyStatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/DummyStatisticLogger.java
deleted file mode 100644
index 8fff6b20b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/DummyStatisticLogger.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.advancedlogging;
-
-
-import org.springframework.stereotype.Service;
-
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.logging.Logger;
-
-@Service("StatisticLogger")
-public class DummyStatisticLogger implements IStatisticLogger{
-
-	@Override
-	public void logSuccessOperation(IRequest protocolRequest,
-			IAuthData authData, boolean isSSOSession) {
-		Logger.trace("Dummy-logSuccessOperation");		
-	}
-
-	@Override
-	public void logErrorOperation(Throwable throwable) {
-		Logger.trace("Dummy-logErrorOperation");		
-	}
-
-	@Override
-	public void logErrorOperation(Throwable throwable, IRequest errorRequest) {
-		Logger.trace("Dummy-logErrorOperation");			
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger#testConnection()
-	 */
-	@Override
-	public void testConnection() throws Exception {
-		Logger.trace("Dummy-logErrorOperation");
-		
-	}}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/IStatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/IStatisticLogger.java
deleted file mode 100644
index e0f21c012..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/IStatisticLogger.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.advancedlogging;
-
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.data.IAuthData;
-
-
-public interface IStatisticLogger {
-		
-	public void logSuccessOperation(IRequest protocolRequest, IAuthData authData, boolean isSSOSession);
-	
-	public void logErrorOperation(Throwable throwable);
-	
-	public void logErrorOperation(Throwable throwable, IRequest errorRequest);
-	
-	public void testConnection() throws Exception;
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index b26c9c1a9..0090bf3d3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -31,11 +31,14 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -45,7 +48,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
  *
  */
 @Service("MOAReversionLogger")
-public class MOAReversionLogger {
+public class MOAReversionLogger implements IRevisionLogger {
 	
 	@Autowired protected AuthConfiguration authConfig;
 	
@@ -107,13 +110,21 @@ public class MOAReversionLogger {
 
 	);
 			
-	public void logEvent(IOAAuthParameters oaConfig, 
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, int, java.lang.String)
+	 */
+	@Override
+	public void logEvent(ISPConfiguration oaConfig, 
 			int eventCode, String message) {
 		if (selectOASpecificEventCodes(oaConfig).contains(eventCode))
 			MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message));		
 	}
 	
-	public void logEvent(IOAAuthParameters oaConfig, IRequest pendingRequest, 
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egiz.eaaf.core.api.IRequest, int)
+	 */
+	@Override
+	public void logEvent(ISPConfiguration oaConfig, IRequest pendingRequest, 
 			int eventCode) {		
 			if (selectOASpecificEventCodes(oaConfig).contains(eventCode))
 			MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, 
@@ -122,6 +133,10 @@ public class MOAReversionLogger {
 									
 	}
 	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egiz.eaaf.core.api.IRequest, int, java.lang.String)
+	 */
+	@Override
 	public void logEvent(IOAAuthParameters oaConfig, IRequest pendingRequest, 
 			int eventCode, String message) {		
 		if (selectOASpecificEventCodes(oaConfig).contains(eventCode))
@@ -133,37 +148,37 @@ public class MOAReversionLogger {
 									
 	}
 
-	/**
-	 * @param sessionCreated
-	 * @param uniqueSessionIdentifier
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(int, java.lang.String)
 	 */
+	@Override
 	public void logEvent(int eventCode, String message) {
 		MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message));
 		
 	}
 	
-	/**
-	 * @param sessionCreated
-	 * @param uniqueSessionIdentifier
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(java.lang.String, java.lang.String, int, java.lang.String)
 	 */
+	@Override
 	public void logEvent(String sessionID, String transactionID, int eventCode, String message) {
 		MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, message, sessionID, transactionID));
 		
 	}
 
-	/**
-	 * @param sessionCreated
-	 * @param uniqueSessionIdentifier
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(java.lang.String, java.lang.String, int)
 	 */
+	@Override
 	public void logEvent(String sessionID, String transactionID, int eventCode) {
 		MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, sessionID, transactionID));
 		
 	}
 	
-	/**
-	 * @param errorRequest
-	 * @param transactionError
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(at.gv.egiz.eaaf.core.api.IRequest, int)
 	 */
+	@Override
 	public void logEvent(IRequest pendingRequest, int eventCode) {
 		MOAIDEventLog.logEvent(MOAIDEventLog.createNewEvent(new Date().getTime(), eventCode, 
 				pendingRequest.getUniqueSessionIdentifier(), 
@@ -171,8 +186,12 @@ public class MOAReversionLogger {
 		
 	}
 	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(at.gv.egiz.eaaf.core.api.IRequest, int, java.lang.String)
+	 */
+	@Override
 	public void logEvent(IRequest pendingRequest, int eventCode, String message) {
-		logEvent(pendingRequest.getOnlineApplicationConfiguration(), 
+		logEvent(pendingRequest.getServiceProviderConfiguration(OAAuthParameterDecorator.class), 
 				pendingRequest, eventCode, message);
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
index 72aef5fed..b0c232ba2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
@@ -43,22 +43,23 @@ import org.springframework.transaction.annotation.Transactional;
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator;
 import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egovernment.moa.id.auth.exception.BKUException;
 import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
 import at.gv.egovernment.moa.id.auth.exception.ServiceException;
 import at.gv.egovernment.moa.id.client.SZRGWClientException;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -105,7 +106,7 @@ public class StatisticLogger implements IStatisticLogger{
 		if ( authConfig.isAdvancedLoggingActive() && protocolRequest != null && authData != null) {
 			
 			IOAAuthParameters dbOA = null;
-			dbOA = protocolRequest.getOnlineApplicationConfiguration();
+			dbOA = protocolRequest.getServiceProviderConfiguration(OAAuthParameterDecorator.class);
 
 			if (dbOA == null) {
 				Logger.warn("Advanced logging failed: OA can not be found in database.");
@@ -258,13 +259,13 @@ public class StatisticLogger implements IStatisticLogger{
 			dblog.setTimestamp(new Date());
 			
 			
-			dblog.setOaurlprefix(getMessageWithMaxLength(errorRequest.getOAURL(), MAXOAIDENTIFIER_LENGTH));
+			dblog.setOaurlprefix(getMessageWithMaxLength(errorRequest.getSPEntityId(), MAXOAIDENTIFIER_LENGTH));
 			dblog.setProtocoltype(errorRequest.requestedModule());
 			dblog.setProtocolsubtype(errorRequest.requestedAction());
 			
 			generateErrorLogFormThrowable(throwable, dblog);
 			
-			IOAAuthParameters dbOA = errorRequest.getOnlineApplicationConfiguration();
+			IOAAuthParameters dbOA = errorRequest.getServiceProviderConfiguration(OAAuthParameterDecorator.class);
 			if (dbOA != null) {
 				dblog.setOaurlprefix(getMessageWithMaxLength(dbOA.getPublicURLPrefix(), MAXOAIDENTIFIER_LENGTH));
 				dblog.setOafriendlyName(dbOA.getFriendlyName());
@@ -384,13 +385,13 @@ public class StatisticLogger implements IStatisticLogger{
 	private String findBKUType(String bkuURL, IOAAuthParameters dbOA) {
 		
 		if (dbOA != null) {
-			if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameter.HANDYBKU)))
+			if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.HANDYBKU)))
 				return IOAAuthParameters.HANDYBKU;
 					
-			if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameter.LOCALBKU)))
+			if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.LOCALBKU)))
 				return IOAAuthParameters.LOCALBKU;
 					
-			if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameter.THIRDBKU)))
+			if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.THIRDBKU)))
 				return IOAAuthParameters.THIRDBKU;	
 		}
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java
deleted file mode 100644
index 0b066f3b9..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.advancedlogging;
-
-
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-
-/**
- * @author tlenz
- *
- */
-public class TransactionIDUtils {
-
-	/**
-	 * Set all MDC variables from pending request to this threat context<br>
-	 * These includes SessionID, TransactionID, and unique service-provider identifier
-	 * 
-	 * @param pendingRequest
-	 */
-	public static void setAllLoggingVariables(IRequest pendingRequest) {
-		setTransactionId(pendingRequest.getUniqueTransactionIdentifier());
-		setSessionId(pendingRequest.getUniqueSessionIdentifier());
-		setServiceProviderId(pendingRequest.getOnlineApplicationConfiguration().getPublicURLPrefix());
-		
-	}
-	
-	/**
-	 * Remove all MDC variables from this threat context
-	 * 
-	 */
-	public static void removeAllLoggingVariables() {
-		removeSessionId();
-		removeTransactionId();
-		removeServiceProviderId();
-		
-	}
-	
-	
-	public static void setServiceProviderId(String oaUniqueId) {
-		org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_SERVICEPROVIDER_ID, oaUniqueId);		
-		org.slf4j.MDC.put(MOAIDAuthConstants.MDC_SERVICEPROVIDER_ID, oaUniqueId);
-		
-	}
-	
-	public static void removeServiceProviderId() {
-		org.apache.log4j.MDC.remove(MOAIDAuthConstants.MDC_SERVICEPROVIDER_ID);
-		org.slf4j.MDC.remove(MOAIDAuthConstants.MDC_SERVICEPROVIDER_ID);
-		
-	}
-	
-	public static void setTransactionId(String pendingRequestID) {	  
-		org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID, 
-				"TID-" + pendingRequestID);		
-		org.slf4j.MDC.put(MOAIDAuthConstants.MDC_TRANSACTION_ID, 
-				"TID-" + pendingRequestID);
-				    
-	}
-		
-	public static void removeTransactionId() {
-		org.apache.log4j.MDC.remove(MOAIDAuthConstants.MDC_TRANSACTION_ID);
-		org.slf4j.MDC.remove(MOAIDAuthConstants.MDC_TRANSACTION_ID);
-		
-	}
-		
-	public static void setSessionId(String uniqueSessionId) {	  
-		org.apache.log4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID, 
-				"SID-" + uniqueSessionId);		
-		org.slf4j.MDC.put(MOAIDAuthConstants.MDC_SESSION_ID, 
-				"SID-" + uniqueSessionId);
-				    
-	}
-		
-	public static void removeSessionId() {
-		org.apache.log4j.MDC.remove(MOAIDAuthConstants.MDC_SESSION_ID);
-		org.slf4j.MDC.remove(MOAIDAuthConstants.MDC_SESSION_ID);
-		
-	}
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
index 34d0d4be1..5f2dd6582 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
@@ -12,14 +12,14 @@ import org.springframework.scheduling.annotation.EnableScheduling;
 import org.springframework.scheduling.annotation.Scheduled;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
+import at.gv.egiz.eaaf.core.api.data.ExceptionContainer;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
+import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.data.ExceptionContainer;
-import at.gv.egovernment.moa.id.process.ProcessExecutionException;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.storage.ITransactionStorage;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 3d45e2468..eaec781e3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -32,11 +32,11 @@ import javax.activation.MailcapCommandMap;
 
 import org.springframework.web.context.support.GenericWebApplicationContext;
 
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.spss.MOAException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index b93de5119..e72780cab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -47,6 +47,9 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
@@ -55,8 +58,6 @@ import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
@@ -68,7 +69,6 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageExcepti
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.data.AuthenticationData;
 import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
-import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index 4c4af4239..a43e6a7fb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -50,11 +50,12 @@ import java.text.MessageFormat;
 import java.util.Calendar;
 import java.util.List;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DateTimeUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -185,7 +186,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
 	}
 	
 	public static String buildForeignIDTextToBeSigned(String subject, IRequest pendingReq) throws ConfigurationException {		
-		IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();		
+		IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class);		
 		String target = null;
 		String sectorName = null;
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
deleted file mode 100644
index 583bb2ab4..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
+++ /dev/null
@@ -1,111 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.builder;
-
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-
-/**
- * Builds a DataURL parameter meant for the security layer implementation
- * to respond to.
- * 
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class DataURLBuilder {
-	
-  /**
-   * Constructor for DataURLBuilder.
-   */
-  public DataURLBuilder() {
-    super();
-  }
-
-  /**
-   * Constructs a data URL for <code>VerifyIdentityLink</code> or <code>VerifyAuthenticationBlock</code>, 
-   * including the <code>MOASessionID</code> as a parameter.
-   * 
-   * @param authBaseURL base URL (context path) of the MOA ID Authentication component,
-   * 				 including a trailing <code>'/'</code>
-   * @param authServletName request part of the data URL
-   * @param sessionID sessionID to be included in the dataURL
-   * @return String
-   */
-  public String buildDataURL(String authBaseURL, String authServletName, String sessionID) {
-		String dataURL;		
-		if (!authBaseURL.endsWith("/"))
-			authBaseURL += "/";
-		
-		if (authServletName.startsWith("/"))
-			authServletName = authServletName.substring(1);
-		
-		dataURL = authBaseURL + authServletName;
-
-		if (sessionID != null)
-			dataURL = addParameter(dataURL, MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, sessionID);
-		
-  	return dataURL;
-  }
-
-  /**
-   * Method addParameter.
-   * @param urlString represents the url 
-   * @param paramname is the parameter to be added
-   * @param value is the value of that parameter
-   * @return String
-   */
-  private String addParameter(String urlString, String paramname, String value) {
-    String url = urlString;
-    if (paramname != null) {
-      if (url.indexOf("?") < 0)
-        url += "?";
-      else
-        url += "&";
-      url += paramname + "=" + value;
-    }
-    return url;
-  }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
index fc5489673..e9e217137 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
@@ -27,12 +27,13 @@ import java.util.List;
 
 import org.opensaml.saml2.core.Attribute;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeConstants;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 
@@ -50,7 +51,7 @@ public class DynamicOAAuthParameterBuilder {
 				
 		for (Attribute attr : reqAttributes) {				
 			//get Target or BusinessService from request 
-			if (attr.getName().equals(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
+			if (attr.getName().equals(PVPAttributeConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
 				String attrValue = attr.getAttributeValues().get(0).getDOM().getTextContent();
 				if (attrValue.startsWith(Constants.URN_PREFIX_CDID)) {
 					//dynamicOA.setBusinessService(false);
@@ -88,9 +89,16 @@ public class DynamicOAAuthParameterBuilder {
 		
 		DynamicOAAuthParameters dynOAParams = new DynamicOAAuthParameters();
 		dynOAParams.setApplicationID(oaParam.getPublicURLPrefix());
-	
-		dynOAParams.setHasBaseIdProcessingRestriction(oaParam.hasBaseIdInternalProcessingRestriction());
-		dynOAParams.setHasBaseIdTransfergRestriction(oaParam.hasBaseIdTransferRestriction());
+		try {
+			dynOAParams.setHasBaseIdProcessingRestriction(oaParam.hasBaseIdInternalProcessingRestriction());
+			dynOAParams.setHasBaseIdTransfergRestriction(oaParam.hasBaseIdTransferRestriction());
+			
+		} catch (EAAFConfigurationException e) {
+			Logger.warn("Can not resolve baseID restrications! Set to privacy friendly configuration", e);
+			dynOAParams.setHasBaseIdProcessingRestriction(true);
+			dynOAParams.setHasBaseIdTransfergRestriction(true);
+			
+		}
 		
 		Object storkRequst = null;
 		try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java
deleted file mode 100644
index c6b8a4b6e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.exception;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-/**
- * @author tlenz
- *
- */
-public class InvalidProtocolRequestException extends MOAIDException {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -7866198705324084601L;
-
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public InvalidProtocolRequestException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-	}
-
-	public InvalidProtocolRequestException(String messageId, Object[] parameters, Throwable e) {
-		super(messageId, parameters, e);
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java
deleted file mode 100644
index 2d09384a3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.exception;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-/**
- * @author tlenz
- *
- */
-public class ProtocolNotActiveException extends MOAIDException {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 1832697083163940710L;
-
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public ProtocolNotActiveException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
deleted file mode 100644
index ec6dbc951..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
+++ /dev/null
@@ -1,229 +0,0 @@
-package at.gv.egovernment.moa.id.auth.modules;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.fileupload.FileItem;
-import org.apache.commons.fileupload.FileItemFactory;
-import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.fileupload.disk.DiskFileItemFactory;
-import org.apache.commons.fileupload.servlet.ServletFileUpload;
-import org.apache.commons.lang3.ArrayUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.moduls.IRequestStorage;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.springweb.MoaIdTask;
-import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Task based counterpart to {@link AuthServlet}, providing the same utility methods (error handling, parameter parsing
- * etc.).</p> The code has been taken from {@link AuthServlet}.
- */
-public abstract class AbstractAuthServletTask extends MoaIdTask {
-
-	@Autowired protected IRequestStorage requestStoreage;
-	//@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
-	@Autowired protected MOAReversionLogger revisionsLogger;
-	@Autowired protected AuthConfiguration authConfig;
-	
-	protected static final String ERROR_CODE_PARAM = "errorid";
-
-	protected IRequest pendingReq = null;
-	protected IAuthenticationSession moasession = null;
-	
-	public abstract void execute(ExecutionContext executionContext, HttpServletRequest request,
-			HttpServletResponse response) throws TaskExecutionException;
-	
-	
-	protected final IRequest internalExecute(IRequest pendingReq, ExecutionContext executionContext, HttpServletRequest request,
-			HttpServletResponse response) throws TaskExecutionException {
-		//set pending-request object
-		this.pendingReq = pendingReq;
-		
-		//execute task specific action
-		execute(executionContext, request, response);
-		
-		//return pending-request object
-		return this.pendingReq;
-	}
-	
-	
-	/**
-	 * Default initialization loads the MOASession object from database
-	 * 
-	 * @param req
-	 * @param executionContext
-	 * @throws MOAIDException
-	 * @throws MOADatabaseException
-	 */
-	protected void defaultTaskInitialization(HttpServletRequest req, ExecutionContext executionContext) throws MOAIDException, MOADatabaseException {								
-		Logger.trace("Get MOASessionData object from pendingReq:" + pendingReq.getRequestID());
-		moasession = pendingReq.getMOASession();
-		
-	}
-
-	/**
-	 * Redirect the authentication process to protocol specific finalization endpoint.  
-	 * 
-	 * @param pendingReq Actually processed protocol specific authentication request
-	 * @param httpResp
-	 */
-	protected void performRedirectToProtocolFinialization(IRequest pendingReq, HttpServletResponse httpResp) {
-		performRedirectToItself(pendingReq, httpResp, AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT);
-				
-	}
-	
-	/**
-	 * Redirect the authentication process to MOA-ID-Auth itself  
-	 * 
-	 * @param pendingReq Actually processed protocol specific authentication request
-	 * @param httpResp
-	 * @param moaIDEndPoint Servlet EndPoint that should receive the redirect
-	 */
-	protected void performRedirectToItself(IRequest pendingReq, HttpServletResponse httpResp, String moaIDEndPoint) {
-		String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), 
-				moaIDEndPoint, pendingReq.getRequestID());
-						
-		httpResp.setContentType("text/html");
-		httpResp.setStatus(302);
-		httpResp.addHeader("Location", redirectURL);		
-		Logger.debug("REDIRECT TO: " + redirectURL);
-		
-	}
-	
-	
-	/**
-	 * Parses the request input stream for parameters, assuming parameters are
-	 * encoded UTF-8 (no standard exists how browsers should encode them).
-	 * 
-	 * @param req
-	 *            servlet request
-	 * 
-	 * @return mapping parameter name -> value
-	 * 
-	 * @throws IOException
-	 *             if parsing request parameters fails.
-	 * 
-	 * @throws FileUploadException
-	 *             if parsing request parameters fails.
-	 */
-	protected Map<String, String> getParameters(HttpServletRequest req) throws IOException,
-			FileUploadException {
-
-		Map<String, String> parameters = new HashMap<String, String>();
-
-		if (ServletFileUpload.isMultipartContent(req)) {
-			// request is encoded as mulitpart/form-data
-			FileItemFactory factory = new DiskFileItemFactory();
-			ServletFileUpload upload = null;
-			upload = new ServletFileUpload(factory);
-			List items = null;
-			items = upload.parseRequest(req);
-			for (int i = 0; i < items.size(); i++) {
-				FileItem item = (FileItem) items.get(i);
-				if (item.isFormField()) {
-					// Process only form fields - no file upload items
-					String logString = item.getString("UTF-8");
-
-					// TODO use RegExp
-					String startS = "<pr:Identification><pr:Value>";
-					String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>";
-					String logWithMaskedBaseid = logString;
-					int start = logString.indexOf(startS);
-					if (start > -1) {
-						int end = logString.indexOf(endS);
-						if (end > -1) {
-							logWithMaskedBaseid = logString.substring(0, start);
-							logWithMaskedBaseid += startS;
-							logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx";
-							logWithMaskedBaseid += logString.substring(end,
-									logString.length());
-						}
-					}
-					parameters
-							.put(item.getFieldName(), item.getString("UTF-8"));
-					Logger.debug("Processed multipart/form-data request parameter: \nName: "
-							+ item.getFieldName()
-							+ "\nValue: "
-							+ logWithMaskedBaseid);
-				}
-			}
-		}
-
-		else {	
-			Iterator<Entry<String, String[]>> requestParamIt = req.getParameterMap().entrySet().iterator();
-			while (requestParamIt.hasNext()) {
-				Entry<String, String[]> entry = requestParamIt.next();
-				String key = entry.getKey();
-				String[] values = entry.getValue();
-				// take the last value from the value array since the legacy code above also does it this way
-				parameters.put(key, ArrayUtils.isEmpty(values) ? null : values[values.length-1]); 
-			}
-			
-		}
-
-		return parameters;
-	}
-
-	/**
-	 * Reads bytes up to a delimiter, consuming the delimiter.
-	 * 
-	 * @param in
-	 *            input stream
-	 * @param delimiter
-	 *            delimiter character
-	 * @return String constructed from the read bytes
-	 * @throws IOException
-	 */
-	protected String readBytesUpTo(InputStream in, char delimiter)
-			throws IOException {
-		ByteArrayOutputStream bout = new ByteArrayOutputStream();
-		boolean done = false;
-		int b;
-		while (!done && (b = in.read()) >= 0) {
-			if (b == delimiter)
-				done = true;
-			else
-				bout.write(b);
-		}
-		return bout.toString();
-	}
-
-	/**
-	 * Adds a parameter to a URL.
-	 * 
-	 * @param url
-	 *            the URL
-	 * @param paramname
-	 *            parameter name
-	 * @param paramvalue
-	 *            parameter value
-	 * @return the URL with parameter added
-	 */
-	protected static String addURLParameter(String url, String paramname,
-			String paramvalue) {
-		String param = paramname + "=" + paramvalue;
-		if (url.indexOf("?") < 0)
-			return url + "?" + param;
-		else
-			return url + "&" + param;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java
deleted file mode 100644
index 8983403d8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java
+++ /dev/null
@@ -1,42 +0,0 @@
-package at.gv.egovernment.moa.id.auth.modules;
-
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.model.ProcessDefinition;
-
-/**
- * Provides metadata of a certain module. Uses for module discovery and process selection.
- */
-public interface AuthModule {
-
-	/**
-	 * Returns the priority of the module. The priority defines the order of the respective module within the chain of
-	 * discovered modules. Higher priorized modules are asked before lower priorized modules for a process that they can
-	 * handle.
-	 * <p/>
-	 * Internal default modules are priorized neutral ({@code 0}. Use a higher priority ({@code 1...Integer.MAX_VALUE})
-	 * in order to have your module(s) priorized or a lower priority ({@code Integer.MIN_VALUE...-1}) in order to put
-	 * your modules behind default modules.
-	 * 
-	 * @return the priority of the module.
-	 */
-	int getPriority();
-
-	/**
-	 * Selects a process (description), referenced by its unique id, which is able to perform authentication with the
-	 * given {@link ExecutionContext}. Returns {@code null} if no appropriate process (description) was available within
-	 * this module.
-	 * 
-	 * @param context
-	 *            an ExecutionContext for a process.
-	 * @return the process-ID of a process which is able to work with the given ExecutionContext, or {@code null}.
-	 */
-	String selectProcess(ExecutionContext context);
-
-	/**
-	 * Returns the an Array of {@link ProcessDefinition}s of the processes included in this module.
-	 * 
-	 * @return an array of resource uris of the processes included in this module.
-	 */
-	String[] getProcessDefinitions();
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
index 90795a416..841613cba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
@@ -22,6 +22,7 @@
  */
 package at.gv.egovernment.moa.id.auth.modules;
 
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java
index d64126de6..86acc5fdd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java
@@ -22,6 +22,7 @@
  */
 package at.gv.egovernment.moa.id.auth.modules;
 
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java
deleted file mode 100644
index 1128cbab3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules;
-
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.process.ProcessExecutionException;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-public class TaskExecutionException extends ProcessExecutionException {
-
-	private static final long serialVersionUID = 1L;
-	Throwable originalException = null;
-	String pendingRequestID = null;
-	
-	/**
-	 * @param message
-	 * @param cause
-	 */
-	public TaskExecutionException(IRequest pendingReq, String message, Throwable cause) {
-		super(message, cause);
-		this.originalException = cause;
-		
-		if (MiscUtil.isNotEmpty(pendingReq.getRequestID()))
-			this.pendingRequestID = pendingReq.getRequestID();
-		
-	}
-
-	/**
-	 * Get the original internal exception from task
-	 * 
-	 * @return the originalException
-	 */
-	public Throwable getOriginalException() {
-		return originalException;
-		
-	}
-
-	/**
-	 * Get the pending-request ID of that request, which was processed when the exception occurs 
-	 * 
-	 * @return the pendingRequestID
-	 */
-	public String getPendingRequestID() {
-		return pendingRequestID;
-	}
-	
-	
-	
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
index 42789d01d..09d42e49f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
@@ -30,8 +30,8 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.lang.StringEscapeUtils;
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
index 1c26ff5ec..242b565ab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
@@ -29,12 +29,12 @@ import org.apache.commons.lang.StringEscapeUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -106,7 +106,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
 								
 			} else {
 				//user deny single sign-on authentication
-				Logger.debug("User deny the Single Sign-On authentication for SP: " + pendingReq.getOAURL());
+				Logger.debug("User deny the Single Sign-On authentication for SP: " + pendingReq.getSPEntityId());
 				pendingReq.setAbortedByUser(true);
 			
 			}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
index 4eff0fcf5..91c1f999c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
@@ -27,8 +27,8 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
index 710008714..cbd8d2aa6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
@@ -28,16 +28,16 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
 import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad;
-import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
index 475009cf2..1efd9cc13 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
@@ -28,15 +28,16 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
 import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad;
-import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -76,7 +77,7 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas
 			guiBuilder.build(response, config, "SendAssertion-Evaluation");
 
 			//Log consents evaluator event to revisionslog
-			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
+			revisionsLogger.logEvent(pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class), 
 					pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START);
 		
 		} catch (GUIBuildException e) {	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
index c1d02a029..04d43d79b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
@@ -30,11 +30,11 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.ModuleRegistration;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
 import at.gv.egovernment.moa.id.process.ProcessEngine;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java
deleted file mode 100644
index 9c950366c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java
+++ /dev/null
@@ -1,149 +0,0 @@
-package at.gv.egovernment.moa.id.auth.modules.registration;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.ServiceLoader;
-
-import javax.annotation.PostConstruct;
-
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.core.io.Resource;
-
-import at.gv.egovernment.moa.id.auth.modules.AuthModule;
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException;
-import at.gv.egovernment.moa.id.process.ProcessEngine;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-
-/**
- * This class handles registering modules. The modules are detected either with
- * the ServiceLoader mechanism or via Spring. All detected modules are ranked
- * according to their priority.
- */
-public class ModuleRegistration {
-
-	private static ModuleRegistration instance = new ModuleRegistration();
-
-	private List<AuthModule> priorizedModules = new ArrayList<>();
-
-	@Autowired
-	private ApplicationContext ctx;
-
-	@Autowired
-	private ProcessEngine processEngine;
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-
-	public static ModuleRegistration getInstance() {
-		return instance;
-	}
-
-	private ModuleRegistration() {
-	}
-
-	@PostConstruct
-	private void init() {
-		// load modules via the ServiceLoader
-		initServiceLoaderModules();
-
-		// load modules via Spring
-		initSpringModules();
-
-		// order modules according to their priority
-		sortModules();
-	}
-	
-	/**
-	 * Discovers modules which use the ServiceLoader mechanism.
-	 */
-	private void initServiceLoaderModules() {
-		log.info("Looking for auth modules.");
-		ServiceLoader<AuthModule> loader = ServiceLoader.load(AuthModule.class);
-		Iterator<AuthModule> modules = loader.iterator();
-		while (modules.hasNext()) {
-			AuthModule module = modules.next();
-			log.info("Detected module {}", module.getClass().getName());
-			registerModuleProcessDefinitions(module);
-			priorizedModules.add(module);
-		}
-	}
-
-	/**
-	 * Discovers modules which use Spring.
-	 */
-	private void initSpringModules() {
-		log.debug("Discovering Spring modules.");
-		Map<String, AuthModule> modules = ctx.getBeansOfType(AuthModule.class);
-		for (AuthModule module : modules.values()) {
-			registerModuleProcessDefinitions(module);
-			priorizedModules.add(module);
-		}
-	}
-
-	/**
-	 * Registers the resource uris for the module.
-	 * 
-	 * @param module
-	 *            the module.
-	 */
-	private void registerModuleProcessDefinitions(AuthModule module) {
-		for (String uri : module.getProcessDefinitions()) {
-			Resource resource = ctx.getResource(uri);
-			if (resource.isReadable()) {
-				log.info("Registering process definition '{}'.", uri);
-				try (InputStream processDefinitionInputStream = resource.getInputStream()) {
-					processEngine.registerProcessDefinition(processDefinitionInputStream);
-				} catch (IOException e) {
-					log.error("Process definition '{}' could NOT be read.", uri, e);
-				} catch (ProcessDefinitionParserException e) {
-					log.error("Error while parsing process definition '{}'", uri, e);
-				}
-			} else {
-				log.error("Process definition '{}' cannot be read.", uri);
-			}
-		}
-	}
-
-	/**
-	 * Order the modules in descending order according to their priority.
-	 */
-	private void sortModules() {
-		Collections.sort(priorizedModules, new Comparator<AuthModule>() {
-			@Override
-			public int compare(AuthModule thisAuthModule, AuthModule otherAuthModule) {
-				int thisOrder = thisAuthModule.getPriority();
-				int otherOrder = otherAuthModule.getPriority();
-				return (thisOrder < otherOrder ? 1 : (thisOrder == otherOrder ? 0 : -1));
-			}
-		});
-	}
-
-	/**
-	 * Returns the process description id of the first process, in the highest ranked
-	 * module, which is able to work with the given execution context.
-	 * 
-	 * @param context
-	 *            the {@link ExecutionContext}.
-	 * @return the process id or {@code null}
-	 */
-	public String selectProcess(ExecutionContext context) {
-		for (AuthModule module : priorizedModules) {
-			String id = module.selectProcess(context);
-			if (StringUtils.isNotEmpty(id)) {
-				log.debug("Process with id '{}' selected, for context '{}'.", id, context);
-				return id;
-			}
-		}
-		log.info("No process is able to handle context '{}'.", context);
-		return null;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index b2db8d5a2..4e5ef7533 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -30,12 +30,13 @@ import org.apache.commons.lang.StringEscapeUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
@@ -59,7 +60,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 			String useMandate,
 			String ccc,
 			HttpServletRequest req, 
-			IRequest protocolReq) throws WrongParametersException, MOAIDException {
+			IRequest protocolReq) throws WrongParametersException, MOAIDException, EAAFException {
 		
 		String resultTargetFriendlyName = null;
 		String resultTarget = null;
@@ -96,10 +97,10 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 		
 				
 	    //load OnlineApplication configuration
-	    IOAAuthParameters oaParam = protocolReq.getOnlineApplicationConfiguration();			
+	    IOAAuthParameters oaParam = protocolReq.getServiceProviderConfiguration(IOAAuthParameters.class);			
 		if (oaParam == null)
 				throw new AuthenticationException("auth.00",
-						new Object[] { protocolReq.getOAURL() });
+						new Object[] { protocolReq.getSPEntityId() });
 			
 			
 		// get target and target friendly name from config
@@ -227,7 +228,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 	}
 	
 	public void parse(ExecutionContext ec, IAuthenticationSession moasession, HttpServletRequest req, IRequest pendingReq) 
-			throws WrongParametersException, MOAIDException {
+			throws WrongParametersException, MOAIDException, EAAFException {
 						
 		//get Parameters from request
 	    String oaURL = (String) ec.get(PARAM_OA);
@@ -236,15 +237,15 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 	    String useMandate = (String) ec.get(PARAM_USEMANDATE);
 	    String ccc = (String) ec.get(PARAM_CCC);
 
-	    if (pendingReq.getOnlineApplicationConfiguration() != null &&
-	    		pendingReq.getOnlineApplicationConfiguration().isOnlyMandateAllowed()) {
-	    	Logger.debug("Service " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() 
+	    if (pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class) != null &&
+	    		pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).isOnlyMandateAllowed()) {
+	    	Logger.debug("Service " + pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getPublicURLPrefix() 
 	    			+ " only allows authentication with mandates. --> Set useMandate to TRUE.");
-	    	useMandate = String.valueOf(pendingReq.getOnlineApplicationConfiguration().isOnlyMandateAllowed());
+	    	useMandate = String.valueOf(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).isOnlyMandateAllowed());
 	    	
 	    }
 	    		    
-	    oaURL = pendingReq.getOAURL();
+	    oaURL = pendingReq.getSPEntityId();
 	    
 	    //only needed for SAML1
 	    String target = pendingReq.getGenericData("saml1_target", String.class);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
deleted file mode 100644
index 50cafb4f6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
+++ /dev/null
@@ -1,356 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.io.StringWriter;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.ExceptionHandler;
-
-import com.google.common.net.MediaType;
-
-import at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger;
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
-import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
-import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.data.ExceptionContainer;
-import at.gv.egovernment.moa.id.moduls.IRequestStorage;
-import at.gv.egovernment.moa.id.process.ProcessExecutionException;
-import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
-import at.gv.egovernment.moa.id.storage.ITransactionStorage;
-import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.id.util.ServletUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-public abstract class AbstractController extends MOAIDAuthConstants {
-
-	public static final String ERROR_CODE_PARAM = "errorid";
-	
-	@Autowired protected IStatisticLogger statisticLogger;
-	@Autowired protected IRequestStorage requestStorage;
-	@Autowired protected ITransactionStorage transactionStorage;
-	@Autowired protected MOAReversionLogger revisionsLogger;
-	@Autowired protected AuthConfiguration authConfig;
-	@Autowired protected IGUIFormBuilder guiBuilder;
-	
-	@ExceptionHandler({MOAIDException.class})
-	public void MOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception e) throws IOException {				
-		Logger.error(e.getMessage() , e);
-		internalMOAIDExceptionHandler(req, resp, e, true);
-		
-	}
-	
-	@ExceptionHandler({Exception.class})
-	public void GenericExceptionHandler(HttpServletResponse resp, Exception exception) throws IOException {
-		Logger.error("Internel Server Error." , exception);
-		resp.setContentType(MediaType.HTML_UTF_8.toString());
-		resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error!" +
-				"(Errorcode=9199"
-				+" | Description="+ StringEscapeUtils.escapeHtml(exception.getMessage()) + ")");
-		return;
-		
-	}
-	
-	@ExceptionHandler({IOException.class})
-	public void IOExceptionHandler(HttpServletResponse resp, Throwable exception) {
-		Logger.error("Internel Server Error." , exception);
-		resp.setContentType(MediaType.HTML_UTF_8.toString());
-		resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
-		return;
-		
-	}
-	
-	protected void handleError(String errorMessage, Throwable exceptionThrown,
-			HttpServletRequest req, HttpServletResponse resp, IRequest pendingReq) throws IOException {
-
-		String pendingRequestID = null;
-		if (pendingReq != null)
-			pendingRequestID = pendingReq.getRequestID();
-		
-		Throwable loggedException = null;
-		Throwable extractedException = extractOriginalExceptionFromProcessException(exceptionThrown);
-		
-		//extract pendingRequestID and originalException if it was a TaskExecutionException
-		if (extractedException instanceof TaskExecutionException) {
-			//set original exception
-			loggedException = ((TaskExecutionException) extractedException).getOriginalException();
-			
-			//use TaskExecutionException directly, if no Original Exeception is included
-			if (loggedException == null)
-				loggedException = exceptionThrown;
-			
-			//set pending-request ID if it is set
-			String reqID = ((TaskExecutionException) extractedException).getPendingRequestID();
-			if (MiscUtil.isNotEmpty(reqID))
-				pendingRequestID = reqID; 
-						
-		} else
-			loggedException = exceptionThrown;
-					
-		try {			
-			//switch to protocol-finalize method to generate a protocol-specific error message
-
-			//log error directly in debug mode
-			if (Logger.isDebugEnabled())
-				Logger.warn(loggedException.getMessage(), loggedException);
-				
-			
-			//put exception into transaction store for redirect
-			String key = Random.nextLongRandom();
-			if (pendingReq != null) {
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR);
-				transactionStorage.put(key, 
-						new ExceptionContainer(pendingReq, loggedException),-1);
-			
-			} else {
-				transactionStorage.put(key, 
-						new ExceptionContainer(null, loggedException),-1);
-				
-			}
-			
-			//build up redirect URL
-			String redirectURL = null;
-			redirectURL = ServletUtils.getBaseUrl(req);	
-			redirectURL += "/"+AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT 
-					+ "?" + ERROR_CODE_PARAM + "=" + key;
-			
-			//only add pending-request Id if it exists 
-			if (MiscUtil.isNotEmpty(pendingRequestID))							
-				redirectURL += "&" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
-
-			resp.setContentType("text/html");
-			resp.setStatus(302);
-
-			resp.addHeader("Location", redirectURL);		
-			Logger.debug("REDIRECT TO: " + redirectURL);	
-
-			return;
-					
-		} catch (Exception e) {
-			Logger.warn("Default error-handling FAILED. Exception can not be stored to Database.", e);
-			Logger.info("Switch to generic generic backup error-handling ... ");
-			handleErrorNoRedirect(loggedException, req, resp, true);
-			
-		}
-
-	}
-		
-	/**
-	 * Handles all exceptions with no pending request.
-	 * Therefore, the error is written to the users browser
-	 * 
-	 * @param throwable
-	 * @param req
-	 * @param resp
-	 * @throws IOException 
-	 */
-	protected void handleErrorNoRedirect(Throwable throwable, HttpServletRequest req, 
-			HttpServletResponse resp, boolean writeExceptionToStatisticLog) throws IOException {
-		
-		//log Exception into statistic database
-		if (writeExceptionToStatisticLog)
-			statisticLogger.logErrorOperation(throwable);
-		
-		//write errror to console
-		logExceptionToTechnicalLog(throwable);
-		
-		//return error to Web browser
-		if (throwable instanceof MOAIDException || throwable instanceof ProcessExecutionException)
-			internalMOAIDExceptionHandler(req, resp, (Exception)throwable, false);
-		
-		else {
-			//write generic message for general exceptions
-			String msg = MOAIDMessageProvider.getInstance().getMessage("internal.00", null);			
-			writeHTMLErrorResponse(req, resp, msg, "9199", (Exception) throwable);
-			
-		}
-			
-	}
-	
-	/**
-	 * Write a Exception to the MOA-ID-Auth internal technical log
-	 * 
-	 * @param loggedException Exception to log
-	 */	
-	protected void logExceptionToTechnicalLog(Throwable loggedException) {
-		if (!( loggedException instanceof MOAIDException 
-				 || loggedException instanceof ProcessExecutionException )) {
-			Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException);
-	
-		} else {
-			if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) {
-				Logger.warn(loggedException.getMessage(), loggedException);
-	
-			} else {
-				Logger.warn(loggedException.getMessage());
-	
-			}			
-		}		
-	}
-		
-	private void writeBadRequestErrorResponse(HttpServletRequest req, HttpServletResponse resp, MOAIDException e) throws IOException {
-		ErrorResponseUtils utils = ErrorResponseUtils.getInstance();
-		String code = utils.mapInternalErrorToExternalError(
-				((InvalidProtocolRequestException)e).getMessageId());
-		String descr = StringEscapeUtils.escapeHtml(e.getMessage());
-		resp.setContentType(MediaType.HTML_UTF_8.toString());
-		resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" +
-				"(Errorcode=" + code +
-				" | Description=" + descr + ")");
-		
-	}
-	
-	private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, String msg, String errorCode, Exception error) throws IOException {
-
-		try {
-			DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
-					HTTPUtils.extractAuthURLFromRequest(req), 
-					DefaultGUIFormBuilderConfiguration.VIEW_ERRORMESSAGE, 
-					null);
-				
-			//add errorcode and errormessage
-			config.putCustomParameter("errorMsg", msg);
-			config.putCustomParameter("errorCode", errorCode);
-		
-			//add stacktrace if debug is enabled
-			if (Logger.isTraceEnabled()) {
-				config.putCustomParameter("stacktrace", getStacktraceFromException(error));
-			
-			}
-			
-			guiBuilder.build(httpResp, config, "Error-Message");
-			
-		} catch (GUIBuildException e) {
-			Logger.warn("Can not build error-message GUI.", e);
-			GenericExceptionHandler(httpResp, e);
-			
-		}
-		
-	}
-	
-	private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, Exception error) throws IOException {				
-		writeHTMLErrorResponse(req, httpResp, 
-				error.getMessage(), 
-				ErrorResponseUtils.getInstance().getResponseErrorCode(error), 
-				error);		
-	}
-	
-	
-	private String getStacktraceFromException(Exception ex) {
-		StringWriter errors = new StringWriter();
-	    ex.printStackTrace(new PrintWriter(errors));
-	    return errors.toString();
-	    
-	}
-		
-	/**
-	 * Extracts a TaskExecutionException of a ProcessExecutionExeception Stacktrace.
-	 * 
-	 * @param exception 
-	 * @return Return the latest TaskExecutionExecption if exists, otherwise the latest ProcessExecutionException
-	 */
-	private Throwable extractOriginalExceptionFromProcessException(Throwable exception) {
-		Throwable exholder = exception;
-		TaskExecutionException taskExc = null;
-		
-		while(exholder != null 
-				&& exholder instanceof ProcessExecutionException) {
-			ProcessExecutionException procExc = (ProcessExecutionException) exholder;
-			if (procExc.getCause() != null && 
-					procExc.getCause() instanceof TaskExecutionException) {
-				taskExc = (TaskExecutionException) procExc.getCause();
-				exholder = taskExc.getOriginalException();
-			
-			} else
-				break;
-			
-		}
-				
-		if (taskExc == null)
-			return exholder;
-		
-		else
-			return taskExc;
-	}
-	
-	private void internalMOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception e, boolean writeExceptionToStatisicLog) throws IOException {				
-		if (e instanceof ProtocolNotActiveException) {
-			resp.getWriter().write(e.getMessage());
-			resp.setContentType(MediaType.HTML_UTF_8.toString());
-			resp.sendError(HttpServletResponse.SC_FORBIDDEN, StringEscapeUtils.escapeHtml(e.getMessage()));
-		
-		} else if (e instanceof AuthnRequestValidatorException) {
-			AuthnRequestValidatorException ex = (AuthnRequestValidatorException)e;
-			//log Error Message
-			if (writeExceptionToStatisicLog)
-				statisticLogger.logErrorOperation(ex, ex.getErrorRequest());
-			
-			//write error message
-			writeBadRequestErrorResponse(req, resp, (MOAIDException) e);			
-		
-		} else if (e instanceof InvalidProtocolRequestException) {		
-			//send error response
-			writeBadRequestErrorResponse(req, resp, (MOAIDException) e);
-			
-		} else if (e instanceof ConfigurationException) {
-			//send HTML formated error message
-			writeHTMLErrorResponse(req, resp, (MOAIDException) e);
-		
-		} else if (e instanceof MOAIDException) {
-			//send HTML formated error message
-			writeHTMLErrorResponse(req, resp, e);
-					
-		} else if (e instanceof ProcessExecutionException) {
-			//send HTML formated error message
-			writeHTMLErrorResponse(req, resp, e);
-					
-		}
-		
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
index 18641c090..3b12418fa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
@@ -8,10 +8,11 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.lang.StringEscapeUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 
-import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
+import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
 import at.gv.egovernment.moa.id.auth.exception.MOAIllegalStateException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.ProcessEngine;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
index 49145a850..cfeca88b7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
@@ -33,15 +33,16 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequestStorage;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egovernment.moa.id.auth.frontend.builder.AbstractServiceProviderSpecificGUIFormBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
 import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.moduls.IRequestStorage;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index 0397bd501..9282db3b1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -36,24 +36,24 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.data.ISLOInformationContainer;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.URLEncoder;
@@ -154,7 +154,7 @@ public class IDPSingleLogOutServlet extends AbstractController {
 			if (MiscUtil.isNotEmpty(restartProcess)) {
 				Logger.info("Restart Single LogOut process after timeout ... ");
 					try {						
-						ISLOInformationContainer sloContainer = transactionStorage.get(restartProcess, SLOInformationContainer.class);
+						SLOInformationContainer sloContainer = transactionStorage.get(restartProcess, SLOInformationContainer.class);
 						if (sloContainer.hasFrontChannelOA())
 							sloContainer.putFailedOA("differntent OAs");
 							
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 8ef047300..beacf1552 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -56,13 +56,13 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -71,9 +71,11 @@ import at.gv.egovernment.moa.util.MiscUtil;
 public class LogOutServlet {
 	private static final String REDIRECT_URL = "redirect";
 	
-	@Autowired private SSOManager ssomanager;
-	@Autowired private AuthenticationManager authmanager;
-	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
+	@Autowired(required=true) private SSOManager ssomanager;
+	@Autowired(required=true) private AuthenticationManager authmanager;
+	@Autowired(required=true) private IAuthenticationSessionStoreage authenticatedSessionStorage;
+	@Autowired(required=true) private AuthConfiguration authConfig;
+	
 	
 	@RequestMapping(value = "/LogOut", method = {RequestMethod.POST, RequestMethod.GET})
 	public void performLogOut(HttpServletRequest req, HttpServletResponse resp) throws IOException {
@@ -92,7 +94,7 @@ public class LogOutServlet {
 				
 			} else {
 				//return an error if RedirectURL is not a active Online-Applikation
-				IOAAuthParameters oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(redirectUrl);			
+				IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(redirectUrl, IOAAuthParameters.class);			
 				if (oa == null) {		
 					Logger.info("RedirctURL does not match to OA configuration. Set default RedirectURL back to MOA-ID-Auth");
 					redirectUrl = HTTPUtils.extractAuthURLFromRequest(req);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index a00de1da0..c77542b4a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -33,14 +33,15 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.URLEncoder;
@@ -57,8 +58,9 @@ public class RedirectServlet {
 	private static final String URL = "URL";
 	private static final String TARGET = "TARGET";
 	
-	@Autowired SSOManager ssoManager;
-	@Autowired IGUIFormBuilder guiBuilder;
+	@Autowired(required=true) SSOManager ssoManager;
+	@Autowired(required=true) IGUIFormBuilder guiBuilder;
+	@Autowired(required=true) private AuthConfiguration authConfig;
 	
 	@RequestMapping(value = "/RedirectServlet", method = RequestMethod.GET)
 	public void performLogOut(HttpServletRequest req, HttpServletResponse resp) throws IOException {
@@ -78,10 +80,10 @@ public class RedirectServlet {
 			
 			//url = URLDecoder.decode(url, "UTF-8");
 			
-			oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(url);
+			oa = authConfig.getServiceProviderConfiguration(url, IOAAuthParameters.class);
 			String authURL = HTTPUtils.extractAuthURLFromRequest(req);
 			
-			if (oa == null || !AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().contains(authURL)) {		
+			if (oa == null || !authConfig.getPublicURLPrefix().contains(authURL)) {		
 				resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid");
 				return;
 				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
index 466364adb..752f54139 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
@@ -29,10 +29,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;
 
-import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java
index 93d74d7ef..4dac390e6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java
@@ -37,9 +37,9 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.springframework.context.ApplicationContext;
 
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
index c8c6c1fb5..979b8f4e4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
@@ -30,10 +30,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;
 
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java
index 4cca2e625..6f3c02411 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java
@@ -29,14 +29,15 @@ import java.util.UUID;
 import org.opensaml.xml.util.XMLHelper;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egovernment.moa.id.client.SZRGWClient;
 import at.gv.egovernment.moa.id.client.SZRGWClientException;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.util.xsd.mis.MandateIdentifiers;
@@ -128,7 +129,7 @@ public class SZRGWClientUtils {
 
 		try {
 			AuthConfiguration authConf = AuthConfigurationProviderFactory.getInstance();
-			ConnectionParameterInterface connectionParameters = authConf.getForeignIDConnectionParameter(pendingReq.getOnlineApplicationConfiguration());
+			ConnectionParameterInterface connectionParameters = authConf.getForeignIDConnectionParameter(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class));
 
 			String requestID = UUID.randomUUID().toString();			
 			SZRGWClient client = new SZRGWClient(connectionParameters);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
index 804b98a5f..9380d3b64 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
@@ -46,10 +46,13 @@
 
 package at.gv.egovernment.moa.id.config;
 
+import java.net.MalformedURLException;
 import java.util.ArrayList;
 import java.util.Map;
 import java.util.Properties;
 
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.impl.idp.conf.AbstractConfigurationImpl;
 import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.SpringProfileConstants;
@@ -65,14 +68,15 @@ import at.gv.util.config.EgovUtilPropertiesConfiguration;
  * @author Paul Ivancsics
  * @version $Id$
  */
-public abstract class ConfigurationProviderImpl implements ConfigurationProvider{
+public abstract class ConfigurationProviderImpl extends AbstractConfigurationImpl implements ConfigurationProvider{
 
   /**
    * Constructor
+ * @throws EAAFConfigurationException 
    */
-  public ConfigurationProviderImpl() {
-	  
-    super();
+  public ConfigurationProviderImpl(String configFilePath) throws EAAFConfigurationException {	  
+    super(configFilePath);    
+    	    
   }
 
   private EgovUtilPropertiesConfiguration eGovUtilsConfig = null;
@@ -113,26 +117,7 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider
 
   /** The default chaining mode. */
   protected String defaultChainingMode = "pkix";
-
-	/**
-	 * main configuration file directory name used to configure MOA-ID 
-	 */
-	protected String rootConfigFileDir;
-
 	
-	
-	protected Properties configProp = null;
-	
-	/**
-		 * Returns the main configuration file directory used to configure MOA-ID
-		 * 
-		 * @return the directory
-		 */
-	public String getRootConfigFileDir() {
-		return rootConfigFileDir;
-	}
-
- 
   public String getDefaultChainingMode() {
 	  return defaultChainingMode;
   }
@@ -143,15 +128,17 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider
    * @return
    */
   public Properties getDBConnectionConfiguration() {
-	  return this.configProp;
+	  return getFullConfigurationProperties();
+	  
   }
 
   /**
    * @param properties
  * @throws ConfigurationException 
  * @throws org.opensaml.xml.ConfigurationException 
+ * @throws MalformedURLException 
    */
-  public void initial(Properties props) throws ConfigurationException, org.opensaml.xml.ConfigurationException {	  
+  protected void initial(Properties props) throws ConfigurationException, org.opensaml.xml.ConfigurationException, MalformedURLException {	  
 	//Initial Hibernate Framework
 			Logger.trace("Initializing Hibernate framework.");
 		try {		
@@ -170,7 +157,7 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider
 			      }
 			      
 			      // read Config Hibernate properties
-			      configProp = new Properties();
+			      Properties configProp = new Properties();
 			      for (Object key : props.keySet()) {
 			      	String propPrefix = "configuration.";
 			      	if (key.toString().startsWith(propPrefix+"hibernate")) {
@@ -188,37 +175,7 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider
 				    	  statisticProps.put(propertyName, props.get(key.toString()));
 				     }
 				  }
-			     			
-//				// initialize hibernate
-//				synchronized (ConfigurationProviderImpl.class) {
-//					
-//					//Initial config Database
-//				//	ConfigurationDBUtils.initHibernate(configProp);
-//			   		
-//					//initial MOAID Session Database
-//					Configuration config = new Configuration();
-//					config.addAnnotatedClass(AssertionStore.class);
-//					config.addAnnotatedClass(AuthenticatedSessionStore.class);
-//					config.addAnnotatedClass(OASessionStore.class);
-//					config.addAnnotatedClass(OldSSOSessionIDStore.class);
-//					config.addAnnotatedClass(InterfederationSessionStore.class);
-//					//config.addAnnotatedClass(ProcessInstanceStore.class);
-//					config.addProperties(moaSessionProp);
-//					//MOASessionDBUtils.initHibernate(config, moaSessionProp);
-//					
-//					//initial advanced logging
-////					if (Boolean.valueOf(props.getProperty("configuration.advancedlogging.active", "false"))) {
-////						Logger.info("Advanced statistic log is activated, starting initialization process ...");
-////						Configuration statisticconfig = new Configuration();
-////						statisticconfig.addAnnotatedClass(StatisticLog.class);
-////						statisticconfig.addProperties(statisticProps);
-////						StatisticLogDBUtils.initHibernate(statisticconfig, statisticProps);
-////						Logger.info("Advanced statistic log is initialized.");
-////					}
-//					
-//				  }
-//				Logger.trace("Hibernate initialization finished.");
-				
+			     							
 			} catch (ExceptionInInitializerError e) {
 				throw new  ConfigurationException("config.17", null, e);
 				
@@ -247,7 +204,7 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider
 			if (!eGovUtilsConfigProp.isEmpty()) {
 				Logger.info("Start eGovUtils client implementation configuration ...");
 				eGovUtilsConfig = 
-						new EgovUtilPropertiesConfiguration(eGovUtilsConfigProp, rootConfigFileDir);
+						new EgovUtilPropertiesConfiguration(eGovUtilsConfigProp, getConfigurationRootDirectory().toURL().toString());
 			}
 			this.generateActiveProfiles(props);
 	
@@ -287,5 +244,18 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider
 		Logger.debug("Set active Spring-Profiles to: " + activeProfiles);
 		return activeProfiles.toArray(new String[0]);
 	}
+	
+	public String getRootConfigFileDir() throws ConfigurationException {
+		try {
+			return getConfigurationRootDirectory().toURL().toString();
+			
+		} catch (MalformedURLException e) {
+			Logger.error("Can not read Config-Root Directory.", e);
+			throw new ConfigurationException("config.03", null, e);
+			
+		}
+		
+				
+	}
   
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
deleted file mode 100644
index 59bd3893d..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ /dev/null
@@ -1,938 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.config.auth;
-
-import java.io.IOException;
-import java.io.Serializable;
-import java.security.PrivateKey;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Set;
-
-import org.apache.commons.lang.SerializationUtils;
-
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.MOAIDConstants;
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IStorkConfig;
-import at.gv.egovernment.moa.id.commons.api.data.BPKDecryptionParameters;
-import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
-import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
-import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
-import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
-import at.gv.egovernment.moa.id.commons.validation.TargetValidator;
-import at.gv.egovernment.moa.id.data.EncryptedData;
-import at.gv.egovernment.moa.id.util.ConfigurationEncrytionUtil;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-	
-
-/**
- * Configuration parameters belonging to an online application,
- * to use with the MOA ID Auth component.
- *
- * @author Thomas Lenz
- */
-public class OAAuthParameter implements IOAAuthParameters, Serializable{	
-	
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -6522544229837934376L;
-
-	final public static String DEFAULT_KEYBOXIDENTIFIER = "SecureSignatureKeypair";
-	
-	private Map<String, String> oaConfiguration;
-	private List<String> targetAreasWithNoInteralBaseIdRestriction = new ArrayList<String>();
-	private List<String> targetAreasWithNoBaseIdTransmissionRestriction = new ArrayList<String>();		
-		
-  public OAAuthParameter(final Map<String, String> oa, AuthConfiguration authConfig) {	  
-	  this.oaConfiguration = oa;
-	  
-	  //set oa specific restrictions
-	  targetAreasWithNoInteralBaseIdRestriction = KeyValueUtils.getListOfCSVValues(
-			  authConfig.getBasicMOAIDConfiguration(
-					  CONFIG_KEY_RESTRICTIONS_BASEID_INTERNAL, 
-					  MOAIDAuthConstants.PREFIX_CDID));
-	  
-	  targetAreasWithNoBaseIdTransmissionRestriction = KeyValueUtils.getListOfCSVValues(
-			  authConfig.getBasicMOAIDConfiguration(
-					  CONFIG_KEY_RESTRICTIONS_BASEID_TRANSMISSION, 
-					  MOAIDAuthConstants.PREFIX_CDID));
-	  
-	  if (Logger.isTraceEnabled()) {
-		  Logger.trace("Internal policy for OA: " + getPublicURLPrefix());
-		  for (String el : targetAreasWithNoInteralBaseIdRestriction)
-			  Logger.trace(" Allow baseID processing for prefix " + el);		  
-		  for (String el : targetAreasWithNoBaseIdTransmissionRestriction)
-			  Logger.trace(" Allow baseID transfer for prefix " + el);
-		  		  
-	  }
-  }
-
-  
-  public Map<String, String> getFullConfiguration() {
-	  return Collections.unmodifiableMap(this.oaConfiguration);
-  }
-  
-  public String getConfigurationValue(String key) {
-	  return this.oaConfiguration.get(key);
-  }
-  
-  @Override
-  public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException {
-	  String targetAreaIdentifier = getAreaSpecificTargetIdentifier();
-	  for (String el : targetAreasWithNoInteralBaseIdRestriction) {
-		  if (targetAreaIdentifier.startsWith(el))
-			  return false;
-		  
-	  }	  
-	  return true;
-	  
-  }
-
-  @Override
-  public boolean hasBaseIdTransferRestriction() throws ConfigurationException {
-	  String targetAreaIdentifier = getAreaSpecificTargetIdentifier();
-	  for (String el : targetAreasWithNoBaseIdTransmissionRestriction) {
-		  if (targetAreaIdentifier.startsWith(el))
-			  return false;
-		  
-	  }	  
-	  return true;
-	  
-  }
-    
-  @Override
-  public String getAreaSpecificTargetIdentifier() throws ConfigurationException {	  
-	  if (getBusinessService())
-		  return getIdentityLinkDomainIdentifier();
-	  else
-		  return MOAIDAuthConstants.PREFIX_CDID + getTarget();
-	  		  
-  }
-  
-  @Override
-  public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException{
-	  if (getBusinessService())
-		  return getIdentityLinkDomainIdentifierType();
-	  else
-		  return getTargetFriendlyName();
-	  
-  }
-  
-  
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifier()
- */
-//@Override
-private String getIdentityLinkDomainIdentifier() {
-	String type = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE);
-	String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE);
-	if (MiscUtil.isNotEmpty(type) && MiscUtil.isNotEmpty(value)) {
-		if (MOAIDConstants.IDENIFICATIONTYPE_STORK.equals(type)) {
-			return MOAIDConstants.PREFIX_STORK + "AT" + "+" + value;
-		
-		} else if (MOAIDConstants.IDENIFICATIONTYPE_EIDAS.equals(type)) {
-			return MOAIDConstants.PREFIX_EIDAS + value;
-						
-		} else {
-			return MOAIDConstants.PREFIX_WPBK + type + "+" + value;
-			
-		}		
-	}
-	
-	return null;
-}
-
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifierType()
- */
-//@Override
-private String getIdentityLinkDomainIdentifierType() {
-	String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE);
-	if (MiscUtil.isNotEmpty(value))
-		return MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(value);
-	
-	else
-		return null;	
-}
-
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTarget()
- */
-//@Override
-private String getTarget() {
-	if (Boolean.parseBoolean(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_OWN)))
-		return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_TARGET);
-		
-	else {
-		if (Boolean.parseBoolean(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_SUB))) {
-			return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET)
-					+ "-"
-					+ oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET_SUB);
-			
-		} else {
-			return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET);
-		}		
-	}
-}
-
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTargetFriendlyName()
- */
-//@Override
-private String getTargetFriendlyName() {
-	if (Boolean.parseBoolean(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_OWN)))
-		return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME);
-		
-	else
-		return TargetValidator.getTargetFriendlyName(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET));
-
-}
-
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getKeyBoxIdentifier()
- */
-@Override
-public String getKeyBoxIdentifier() {
-	String keyBoxId = oaConfiguration.get(
-			MOAIDConfigurationConstants.SERVICE_AUTH_BKU_KEYBOXIDENTIFIER);
-	if (MiscUtil.isNotEmpty(keyBoxId))
-		return keyBoxId;
-	else
-		return DEFAULT_KEYBOXIDENTIFIER;
-	
-}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSAML1Parameter()
-	 */
-	@Override
-	public SAML1ConfigurationParameters getSAML1Parameter() {		
-		SAML1ConfigurationParameters returnValue = new SAML1ConfigurationParameters();
-		if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_ENABLED))
-			returnValue.setActive(
-					Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_ENABLED)));
-		
-		if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_AUTHBLOCK))
-			returnValue.setProvideAuthBlock(
-					Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_AUTHBLOCK)));
-		
-		if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_IDL))
-			returnValue.setProvideIdl(
-					Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_IDL)));
-		
-		if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_BASEID))
-			returnValue.setProvideBaseId(
-					Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_BASEID)));
-		
-		if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_CERTIFICATE))
-			returnValue.setProvideCertificate(
-					Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_CERTIFICATE)));
-		
-		if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_MANDATE))
-			returnValue.setProvideMandate(
-					Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_MANDATE)));
-		
-		if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_RETURNERROR))
-			returnValue.setProvideAllErrors(
-					Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_RETURNERROR)));
-		
-		return returnValue;
-	}
-		
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTemplateURL()
-	 */
-	@Override
-	public List<String> getTemplateURL() {
-		List<String> list = new ArrayList<String>();
-		
-		if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE))
-			list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE));
-		
-		if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE))
-			list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE));
-		
-		if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE))
-			list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE));
-		
-		return list;
-	}
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getAditionalAuthBlockText()
-	 */
-	@Override
-	public String getAditionalAuthBlockText() {
-		return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCKTEXT);
-		
-	}
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL(java.lang.String)
-	 */
-	@Override
-	public String getBKUURL(String bkutype) {
-		if (bkutype.equals(THIRDBKU)) {
-			return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD);
-			
-		} else if (bkutype.equals(HANDYBKU)) {
-			return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY);
-			
-		} else if (bkutype.equals(LOCALBKU)) {
-			return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL);
-			
-		} else if (bkutype.equals(ONLINEBKU)) {
-			return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD);
-			
-		}
-		
-		
-			
-		Logger.warn("BKU Type does not match: " 
-				+ THIRDBKU + " or " + HANDYBKU + " or " + LOCALBKU);
-		return null;
-	}
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL()
-	 */
-	@Override
-	public List<String> getBKUURL() {		
-		List<String> list = new ArrayList<String>();
-	
-		if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD))
-			list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD));
-		
-		if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY))
-			list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY));
-		
-		if (oaConfiguration.containsKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL))
-			list.add(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL));
-
-		return list;
-	}
-	
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSO()
-	 */
-	@Override
-	public boolean useSSO() {
-		try {
-			return Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_SSO_ENABLED));
-			
-		} catch (Exception e) {
-			Logger.warn("Use SSO configuration parameter is not parseable.", e);
-			return false;
-		}
-		
-	}
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSOQuestion()
-	 */
-	@Override
-	public boolean useSSOQuestion() {
-		try {
-			return Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_SSO_USERREQUEST));
-			
-		} catch (Exception e) {
-			Logger.warn("SSO user question configuration parameter is not parseable.", e);
-			return true;
-		}		
-	}
-	
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getMandateProfiles()
- */
-@Override
-public List<String> getMandateProfiles() {
-	String profileConfig = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_PROFILES);
-	 
-	if (MiscUtil.isNotEmpty(profileConfig)) {
-		List<String> list = new ArrayList<String>();
-		String profilesArray[] = profileConfig.split(",");  	 		 
-	    for(int i = 0; i < profilesArray.length; i++) {
-	    	list.add(profilesArray[i].trim());
-	    	
-	    }
-	    return list;
-	    
-	}
-	
-	return null;
-}
-
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowMandateCheckBox()
- */
-@Override
-public boolean isShowMandateCheckBox() {
-	try {
-		return Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_USE));
-				
-	} catch (Exception e) {
-		Logger.warn("Enable mandates configuration parameter is not parseable.", e);
-		return true;
-	}
-}
-
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOnlyMandateAllowed()
- */
-@Override
-public boolean isOnlyMandateAllowed() {
-	try {
-		return Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_ONLY));
-		
-	} catch (Exception e) {
-		Logger.warn("Use ONLY mandates configuration parameter is not parseable.", e);
-		return false;
-	}
-}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowStorkLogin()
-	 */
-	@Override
-	public boolean isShowStorkLogin() {
-		try {
-			return Boolean.valueOf(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED));
-			
-		} catch (Exception e) {
-			Logger.warn("Enable STORK login configuration parameter is not parseable.", e);
-			return false;
-		}
-	}
-
-
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
- */
-@Override
-public String getQaaLevel() {
-		String eidasLoALevel = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL);	
-		if (MiscUtil.isEmpty(eidasLoALevel))
-			return MOAIDConstants.eIDAS_LOA_HIGH;		
-		else
-			return eidasLoALevel;
-		
-}
-
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getRequestedAttributes()
- */
-@Override
-public Collection<StorkAttribute> getRequestedSTORKAttributes() {
-	Map<String, Integer> attrMap = new HashMap<String, Integer>();
-	Map<String, StorkAttribute> resultMap = new HashMap<String, StorkAttribute>();
-	
-	Set<String> configKeys = oaConfiguration.keySet();	
-	for (String el : configKeys) {
-		if (el.startsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST)) {
-			String index = KeyValueUtils.getFirstChildAfterPrefix(el, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST);
-			if (!attrMap.containsKey(index)) {
-				String isRequested = oaConfiguration.get(
-						MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST
-						+ "." + index + "."
-						+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_REQUESTED);
-				
-				if (MiscUtil.isNotEmpty(isRequested) && Boolean.parseBoolean(isRequested)) {
-					StorkAttribute attr = new StorkAttribute(
-							oaConfiguration.get(
-									MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST
-										+ "." + index + "."
-										+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_NAME),
-									Boolean.valueOf(oaConfiguration.get(
-											MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST
-											+ "." + index + "."
-											+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY)));
-					attrMap.put(index, 0);
-					resultMap.put(attr.getName(), attr);
-				}
-			}			
-		}		
-	}
-			
-	//add mandatory attributes from general config
-	try {
-		for (StorkAttribute el : AuthConfigurationProviderFactory.getInstance().getStorkConfig().getStorkAttributes()) {
-			if (el.getMandatory())
-				resultMap.put(el.getName(), el);
-			
-		}
-				
-	} catch (Exception e) {
-		Logger.warn("Mandatory STORK attributes can not added.", e);
-		
-	}
-	
-	return resultMap.values();
-}
-
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRequireConsentForStorkAttributes()
- */
-@Override
-public boolean isRequireConsentForStorkAttributes() {
-	try{
-		if (isSTORKPVPGateway())
-			return false;
-
-		if (MiscUtil.isEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_REQUIRECONSENT))) {
-			Logger.info("isRequireConsentForStorkAttributes() is empty, returning default value 'true'");
-			return true;
-			
-		}
-		
-		return Boolean.parseBoolean(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_REQUIRECONSENT));
-	}catch(Exception e)
-	{
-		Logger.warn("isRequireConsentForStorkAttributes() failed, returning default value 'true'", e);
-		return true;
-	}
-}
-
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getStorkAPs()
- */
-@Override
-public Collection<StorkAttributeProviderPlugin> getStorkAPs() {
-	Map<String, StorkAttributeProviderPlugin> pluginMap = new HashMap<String, StorkAttributeProviderPlugin>();	
-	Set<String> configKeys = oaConfiguration.keySet();	
-	for (String el : configKeys) {
-		if (el.startsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST)) {
-			String index = KeyValueUtils.getFirstChildAfterPrefix(el, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST);
-			if (!pluginMap.containsKey(index)) {
-				StorkAttributeProviderPlugin attr = new StorkAttributeProviderPlugin(
-						oaConfiguration.get(
-								MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST
-									+ "." + index + "."
-									+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME),
-						oaConfiguration.get(
-								MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST
-									+ "." + index + "."
-									+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_URL),
-						oaConfiguration.get(
-								MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST
-									+ "." + index + "."
-									+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_ATTRIBUTES));
-				pluginMap.put(index, attr);
-			}			
-		}		
-	}
-		
-	return pluginMap.values();
-}
-
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUSelectionTemplate()
- */
-@Override
-public byte[] getBKUSelectionTemplate() {
-	try {
-		String bkuSelectionTemplateBase64 = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA);	
-		if (MiscUtil.isNotEmpty(bkuSelectionTemplateBase64)) {
-			return  Base64Utils.decode(bkuSelectionTemplateBase64, false);
-			
-		}
-		
-	} catch (Exception e) {
-		Logger.warn("OA specific BKU selection template is not decodeable", e);
-		
-	}
-	
-	return null;	
-}
-
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSendAssertionTemplate()
- */
-@Override
-public byte[] getSendAssertionTemplate() {
-	try {
-		String bkuSelectionTemplateBase64 = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA);	
-		if (MiscUtil.isNotEmpty(bkuSelectionTemplateBase64)) {
-			return  Base64Utils.decode(bkuSelectionTemplateBase64, false);
-			
-		}
-		
-	} catch (Exception e) {
-		Logger.warn("OA specific BKU selection template is not decodeable", e);
-		
-	}
-	
-	return null;	
-}
-
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPepsList()
- */
-@Override
-public Collection<CPEPS> getPepsList() {
-	Map<String, CPEPS> cPEPSMap = new HashMap<String, CPEPS>();
-	try {
-		IStorkConfig availableSTORKConfig = AuthConfigurationProviderFactory.getInstance().getStorkConfig();	
-		if (availableSTORKConfig != null) {	
-			Set<String> configKeys = oaConfiguration.keySet();	
-			
-			for (String el : configKeys) {
-				if (el.startsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST)) {
-					String index = KeyValueUtils.getFirstChildAfterPrefix(el, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST);
-					if (!cPEPSMap.containsKey(index)) {					
-						if (Boolean.parseBoolean(oaConfiguration.get(
-								MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST
-								+ "." + index + "."
-								+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_ENABLED))) {
-							CPEPS availableCPEPS = availableSTORKConfig.getCPEPSWithFullName(
-									oaConfiguration.get(
-											MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST
-											+ "." + index + "."
-											+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_COUNTRYCODE));
-					
-							if (availableCPEPS != null)
-								cPEPSMap.put(index, availableCPEPS);
-						}
-					}			
-				}		
-			}		
-		}
-		
-	} catch (ConfigurationException e) {
-		Logger.error("MOA-ID configuration is not accessable.", e);
-		
-	}
-	
-	return cPEPSMap.values();
-}
-
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIDPAttributQueryServiceURL()
- */
-@Override
-public String getIDPAttributQueryServiceURL() {
-	return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_ATTRIBUTQUERY_URL);
-
-}
-
-@Override
-public boolean isInboundSSOInterfederationAllowed() {
-	String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_INBOUND);
-	if (MiscUtil.isNotEmpty(value))
-		return Boolean.parseBoolean(value);	
-	else
-		return false;	
-}
-
-@Override
-public boolean isOutboundSSOInterfederationAllowed() {
-	String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_OUTBOUND);
-	if (MiscUtil.isNotEmpty(value))
-		return Boolean.parseBoolean(value);	
-	else
-		return false;	
-}
-
-@Override
-public boolean isPassivRequestUsedForInterfederation() {
-	String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_PASSIVEREQUEST);
-	if (MiscUtil.isNotEmpty(value))
-		return Boolean.parseBoolean(value);	
-	else
-		return false;		
-}
-
-@Override
-public boolean isPerformLocalAuthenticationOnInterfederationError() {
-	String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_LOCALAUTHONERROR);
-	if (MiscUtil.isNotEmpty(value))
-		return Boolean.parseBoolean(value);	
-	else
-		return false;	
-}
-
-@Override
-public boolean isInterfederationSSOStorageAllowed() {
-	String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_STORE);
-	if (MiscUtil.isNotEmpty(value))
-		return Boolean.parseBoolean(value);	
-	else
-		return false;		
-}
-
-public boolean isIDPPublicService() throws ConfigurationException {
-	return !hasBaseIdTransferRestriction();
-	
-}
-
-
-public String getSTORKPVPForwardEntity() {
-	return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_FORWARD_IDPIDENTIFIER);
-	
-}
-
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isTestCredentialEnabled()
- */
-@Override
-public boolean isTestCredentialEnabled() {
-	String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_ENABLED);
-	if (MiscUtil.isNotEmpty(value))
-		return Boolean.parseBoolean(value);	
-	else
-		return false;	
-}
-
-
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTestCredentialOIDs()
- */
-@Override
-public List<String> getTestCredentialOIDs() {
-	String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_OIDs);
-	if (MiscUtil.isNotEmpty(value)) {
-		List<String> list = new ArrayList<String>();
-		String profilesArray[] = value.split(",");  	 		 
-	    for(int i = 0; i < profilesArray.length; i++) {
-	    	list.add(profilesArray[i].trim());
-	    	
-	    }
-	    return list;
-	
-	} else
-		return null;	
-}
-
-
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBPKDecBpkDecryptionParameters()
- */
-@Override
-public PrivateKey getBPKDecBpkDecryptionKey() {
-
-	try {		
-		EncryptedData encdata = new EncryptedData(
-				Base64Utils.decode(
-					oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_FOREIGNBPK_DECRYPT_BLOB), false), 
-				Base64Utils.decode(
-						oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_FOREIGNBPK_DECRYPT_IV), false));
-		
-		byte[] serializedData = ConfigurationEncrytionUtil.getInstance().decrypt(encdata);
-		BPKDecryptionParameters data = 
-				(BPKDecryptionParameters) SerializationUtils.deserialize(serializedData);
-		
-		return data.getPrivateKey();
-				
-	} catch (BuildException e) {
-		Logger.error("Can not decrypt key information for bPK decryption", e);
-		
-	} catch (NullPointerException e) {
-		Logger.error("No keyInformation found for bPK decryption");
-		
-	} catch (IOException e) {
-		Logger.error("Can not decode key information for bPK decryption.", e);
-	}
-	
-	return null;
-	
-}
-
-
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPublicURLPrefix()
- */
-@Override
-public String getPublicURLPrefix() {
-	return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
-}
-
-
-private boolean getBusinessService() {
-	String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE);
-	if (MiscUtil.isNotEmpty(value))
-		return Boolean.parseBoolean(value);	
-	else
-		return true;	
-}
-
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInderfederationIDP()
- */
-@Override
-public boolean isInderfederationIDP() {
-	String value = oaConfiguration.get(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES);
-	return MOAIDConfigurationConstants.PREFIX_IIDP.equals(value);
-	
-}
-
-
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isSTORKPVPGateway()
- */
-@Override
-public boolean isSTORKPVPGateway() {
-	String value = oaConfiguration.get(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES);
-	return MOAIDConfigurationConstants.PREFIX_GATEWAY.equals(value);
-}
-
-
-
-
-
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFriendlyName()
- */
-@Override
-public String getFriendlyName() {
-	return oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME);
-}
-
-
-///* (non-Javadoc)
-// * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getOaType()
-// */
-//@Override
-//public String getOaType() {
-//	if (getBusinessService())
-//		return "businessService";
-//	else
-//		return "publicService";
-//}
-
-
-/**
- * 
- * @return true/false if bPK or wbPK should not be visible in AuthBlock 
- */
-public boolean isRemovePBKFromAuthBlock() {
-	String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCK_REMOVEBPK);
-	if (MiscUtil.isNotEmpty(value))
-		return Boolean.parseBoolean(value);	
-	else
-		return false;	
-}
-
-
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getReversionsLoggingEventCodes()
- */
-@Override
-public List<Integer> getReversionsLoggingEventCodes() {
-	String isEnabled = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_ENABLED);
-	if (MiscUtil.isNotEmpty(isEnabled) && Boolean.parseBoolean(isEnabled)) {
-		String eventCodes = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES);
-		if (MiscUtil.isNotEmpty(eventCodes)) {
-			String[] codes = eventCodes.split(",");
-			List<Integer> result = new ArrayList<Integer>();
-			for (String el : codes) {
-				try {
-					result.add(Integer.valueOf(el.trim()));
-					
-				} catch (NumberFormatException e) {
-					Logger.warn("EventCode can not parsed to Integer.", e);
-					
-				}
-			}
-			if (!result.isEmpty())
-				return result;
-			
-		}		
-	}
-	return null;
-}
-
-
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseIDLTestTrustStore()
- */
-@Override
-public boolean isUseIDLTestTrustStore() {
-	String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_USETESTIDLTRUSTSTORE);
-	if (MiscUtil.isNotEmpty(value))
-		return Boolean.parseBoolean(value);	
-	else
-		return false;	
-}
-
-
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseAuthBlockTestTestStore()
- */
-@Override
-public boolean isUseAuthBlockTestTestStore() {
-	String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_USETESTAUTHBLOCKTRUSTSTORE);
-	if (MiscUtil.isNotEmpty(value))
-		return Boolean.parseBoolean(value);	
-	else
-		return false;	
-}
-
-public String toString() {
-	if (oaConfiguration != null)
-		return Arrays.asList(oaConfiguration).toString();
-	
-	return "Object not initialized";
-}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
new file mode 100644
index 000000000..f0477c1fb
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
@@ -0,0 +1,958 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.config.auth;
+
+import java.io.IOException;
+import java.io.Serializable;
+import java.security.PrivateKey;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.commons.lang.SerializationUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IStorkConfig;
+import at.gv.egovernment.moa.id.commons.api.data.BPKDecryptionParameters;
+import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
+import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.commons.validation.TargetValidator;
+import at.gv.egovernment.moa.id.data.EncryptedData;
+import at.gv.egovernment.moa.id.util.ConfigurationEncrytionUtil;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+	
+
+/**
+ * Configuration parameters belonging to an online application,
+ * to use with the MOA ID Auth component.
+ *
+ * @author Thomas Lenz
+ */
+public class OAAuthParameterDecorator implements IOAAuthParameters, Serializable{	
+	
+	private static final long serialVersionUID = -6522544229837934376L;
+	final public static String DEFAULT_KEYBOXIDENTIFIER = "SecureSignatureKeypair";
+	
+	
+	private ISPConfiguration spConfiguration;
+	
+		
+	public OAAuthParameterDecorator(ISPConfiguration spConfiguration) {
+		this.spConfiguration = spConfiguration;
+	}
+
+      
+  @Override
+  public boolean hasBaseIdInternalProcessingRestriction() throws EAAFConfigurationException {
+	  String targetAreaIdentifier = getAreaSpecificTargetIdentifier();
+	  for (String el : spConfiguration.getTargetsWithNoBaseIdInternalProcessingRestriction()) {
+		  if (targetAreaIdentifier.startsWith(el))
+			  return false;
+		  
+	  }	  
+	  return true;
+	  
+  }
+
+  @Override
+  public boolean hasBaseIdTransferRestriction() throws EAAFConfigurationException {
+	  String targetAreaIdentifier = getAreaSpecificTargetIdentifier();
+	  for (String el : spConfiguration.getTargetsWithNoBaseIdTransferRestriction()) {
+		  if (targetAreaIdentifier.startsWith(el))
+			  return false;
+		  
+	  }	  
+	  return true;
+	  
+  }
+    
+  @Override
+  public String getAreaSpecificTargetIdentifier() {	  
+	  if (getBusinessService())
+		  return getIdentityLinkDomainIdentifier();
+	  else
+		  return MOAIDAuthConstants.PREFIX_CDID + getTarget();
+	  		  
+  }
+  
+  @Override
+  public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException{
+	  if (getBusinessService())
+		  return getIdentityLinkDomainIdentifierType();
+	  else
+		  return getTargetFriendlyName();
+	  
+  }
+  
+  
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifier()
+ */
+//@Override
+private String getIdentityLinkDomainIdentifier() {
+	String type = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE);
+	String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE);
+	if (MiscUtil.isNotEmpty(type) && MiscUtil.isNotEmpty(value)) {
+		if (MOAIDConstants.IDENIFICATIONTYPE_STORK.equals(type)) {
+			return MOAIDConstants.PREFIX_STORK + "AT" + "+" + value;
+		
+		} else if (MOAIDConstants.IDENIFICATIONTYPE_EIDAS.equals(type)) {
+			return MOAIDConstants.PREFIX_EIDAS + value;
+						
+		} else {
+			return MOAIDConstants.PREFIX_WPBK + type + "+" + value;
+			
+		}		
+	}
+	
+	return null;
+}
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifierType()
+ */
+//@Override
+private String getIdentityLinkDomainIdentifierType() {
+	String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE);
+	if (MiscUtil.isNotEmpty(value))
+		return MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(value);
+	
+	else
+		return null;	
+}
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTarget()
+ */
+//@Override
+private String getTarget() {
+	if (Boolean.parseBoolean(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_OWN)))
+		return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_TARGET);
+		
+	else {
+		if (Boolean.parseBoolean(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_SUB))) {
+			return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET)
+					+ "-"
+					+ spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET_SUB);
+			
+		} else {
+			return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET);
+		}		
+	}
+}
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTargetFriendlyName()
+ */
+//@Override
+private String getTargetFriendlyName() {
+	if (Boolean.parseBoolean(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_USE_OWN)))
+		return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_OWN_NAME);
+		
+	else
+		return TargetValidator.getTargetFriendlyName(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_PUBLIC_TARGET));
+
+}
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getKeyBoxIdentifier()
+ */
+@Override
+public String getKeyBoxIdentifier() {
+	String keyBoxId = spConfiguration.getConfigurationValue(
+			MOAIDConfigurationConstants.SERVICE_AUTH_BKU_KEYBOXIDENTIFIER);
+	if (MiscUtil.isNotEmpty(keyBoxId))
+		return keyBoxId;
+	else
+		return DEFAULT_KEYBOXIDENTIFIER;
+	
+}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSAML1Parameter()
+	 */
+	@Override
+	public SAML1ConfigurationParameters getSAML1Parameter() {		
+		SAML1ConfigurationParameters returnValue = new SAML1ConfigurationParameters();
+		if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_ENABLED))
+			returnValue.setActive(
+					Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_ENABLED)));
+		
+		if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_AUTHBLOCK))
+			returnValue.setProvideAuthBlock(
+					Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_AUTHBLOCK)));
+		
+		if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_IDL))
+			returnValue.setProvideIdl(
+					Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_IDL)));
+		
+		if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_BASEID))
+			returnValue.setProvideBaseId(
+					Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_BASEID)));
+		
+		if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_CERTIFICATE))
+			returnValue.setProvideCertificate(
+					Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_CERTIFICATE)));
+		
+		if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_MANDATE))
+			returnValue.setProvideMandate(
+					Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_MANDATE)));
+		
+		if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_RETURNERROR))
+			returnValue.setProvideAllErrors(
+					Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_SAML1_RETURNERROR)));
+		
+		return returnValue;
+	}
+		
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTemplateURL()
+	 */
+	@Override
+	public List<String> getTemplateURL() {
+		List<String> list = new ArrayList<String>();
+		
+		if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE))
+			list.add(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE));
+		
+		if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE))
+			list.add(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE));
+		
+		if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE))
+			list.add(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE));
+		
+		return list;
+	}
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getAditionalAuthBlockText()
+	 */
+	@Override
+	public String getAditionalAuthBlockText() {
+		return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCKTEXT);
+		
+	}
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL(java.lang.String)
+	 */
+	@Override
+	public String getBKUURL(String bkutype) {
+		if (bkutype.equals(THIRDBKU)) {
+			return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD);
+			
+		} else if (bkutype.equals(HANDYBKU)) {
+			return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY);
+			
+		} else if (bkutype.equals(LOCALBKU)) {
+			return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL);
+			
+		} else if (bkutype.equals(ONLINEBKU)) {
+			return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD);
+			
+		}
+		
+		
+			
+		Logger.warn("BKU Type does not match: " 
+				+ THIRDBKU + " or " + HANDYBKU + " or " + LOCALBKU);
+		return null;
+	}
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL()
+	 */
+	@Override
+	public List<String> getBKUURL() {		
+		List<String> list = new ArrayList<String>();
+	
+		if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD))
+			list.add(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_THIRD));
+		
+		if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY))
+			list.add(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_HANDY));
+		
+		if (spConfiguration.containsConfigurationKey(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL))
+			list.add(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_LOCAL));
+
+		return list;
+	}
+	
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSO()
+	 */
+	@Override
+	public boolean useSSO() {
+		try {
+			return Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SSO_ENABLED));
+			
+		} catch (Exception e) {
+			Logger.warn("Use SSO configuration parameter is not parseable.", e);
+			return false;
+		}
+		
+	}
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSOQuestion()
+	 */
+	@Override
+	public boolean useSSOQuestion() {
+		try {
+			return Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SSO_USERREQUEST));
+			
+		} catch (Exception e) {
+			Logger.warn("SSO user question configuration parameter is not parseable.", e);
+			return true;
+		}		
+	}
+	
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getMandateProfiles()
+ */
+@Override
+public List<String> getMandateProfiles() {
+	String profileConfig = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_PROFILES);
+	 
+	if (MiscUtil.isNotEmpty(profileConfig)) {
+		List<String> list = new ArrayList<String>();
+		String profilesArray[] = profileConfig.split(",");  	 		 
+	    for(int i = 0; i < profilesArray.length; i++) {
+	    	list.add(profilesArray[i].trim());
+	    	
+	    }
+	    return list;
+	    
+	}
+	
+	return null;
+}
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowMandateCheckBox()
+ */
+@Override
+public boolean isShowMandateCheckBox() {
+	try {
+		return Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_USE));
+				
+	} catch (Exception e) {
+		Logger.warn("Enable mandates configuration parameter is not parseable.", e);
+		return true;
+	}
+}
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOnlyMandateAllowed()
+ */
+@Override
+public boolean isOnlyMandateAllowed() {
+	try {
+		return Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_MANDATES_OVS_ONLY));
+		
+	} catch (Exception e) {
+		Logger.warn("Use ONLY mandates configuration parameter is not parseable.", e);
+		return false;
+	}
+}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowStorkLogin()
+	 */
+	@Override
+	public boolean isShowStorkLogin() {
+		try {
+			return Boolean.valueOf(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED));
+			
+		} catch (Exception e) {
+			Logger.warn("Enable STORK login configuration parameter is not parseable.", e);
+			return false;
+		}
+	}
+
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
+ */
+@Override
+public String getQaaLevel() {
+		String eidasLoALevel = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL);	
+		if (MiscUtil.isEmpty(eidasLoALevel))
+			return MOAIDConstants.eIDAS_LOA_HIGH;		
+		else
+			return eidasLoALevel;
+		
+}
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getRequestedAttributes()
+ */
+@Override
+public Collection<StorkAttribute> getRequestedSTORKAttributes() {
+	Map<String, Integer> attrMap = new HashMap<String, Integer>();
+	Map<String, StorkAttribute> resultMap = new HashMap<String, StorkAttribute>();
+	
+	Set<String> configKeys = spConfiguration.getFullConfiguration().keySet();	
+	for (String el : configKeys) {
+		if (el.startsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST)) {
+			String index = KeyValueUtils.getFirstChildAfterPrefix(el, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST);
+			if (!attrMap.containsKey(index)) {
+				String isRequested = spConfiguration.getConfigurationValue(
+						MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST
+						+ "." + index + "."
+						+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_REQUESTED);
+				
+				if (MiscUtil.isNotEmpty(isRequested) && Boolean.parseBoolean(isRequested)) {
+					StorkAttribute attr = new StorkAttribute(
+							spConfiguration.getConfigurationValue(
+									MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST
+										+ "." + index + "."
+										+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_NAME),
+									Boolean.valueOf(spConfiguration.getConfigurationValue(
+											MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST
+											+ "." + index + "."
+											+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTES_LIST_MANDATORY)));
+					attrMap.put(index, 0);
+					resultMap.put(attr.getName(), attr);
+				}
+			}			
+		}		
+	}
+			
+	//add mandatory attributes from general config
+	try {
+		for (StorkAttribute el : AuthConfigurationProviderFactory.getInstance().getStorkConfig().getStorkAttributes()) {
+			if (el.getMandatory())
+				resultMap.put(el.getName(), el);
+			
+		}
+				
+	} catch (Exception e) {
+		Logger.warn("Mandatory STORK attributes can not added.", e);
+		
+	}
+	
+	return resultMap.values();
+}
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRequireConsentForStorkAttributes()
+ */
+@Override
+public boolean isRequireConsentForStorkAttributes() {
+	try{
+		if (isSTORKPVPGateway())
+			return false;
+
+		if (MiscUtil.isEmpty(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_REQUIRECONSENT))) {
+			Logger.info("isRequireConsentForStorkAttributes() is empty, returning default value 'true'");
+			return true;
+			
+		}
+		
+		return Boolean.parseBoolean(spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_REQUIRECONSENT));
+	}catch(Exception e)
+	{
+		Logger.warn("isRequireConsentForStorkAttributes() failed, returning default value 'true'", e);
+		return true;
+	}
+}
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getStorkAPs()
+ */
+@Override
+public Collection<StorkAttributeProviderPlugin> getStorkAPs() {
+	Map<String, StorkAttributeProviderPlugin> pluginMap = new HashMap<String, StorkAttributeProviderPlugin>();	
+	Set<String> configKeys = spConfiguration.getFullConfiguration().keySet();	
+	for (String el : configKeys) {
+		if (el.startsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST)) {
+			String index = KeyValueUtils.getFirstChildAfterPrefix(el, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST);
+			if (!pluginMap.containsKey(index)) {
+				StorkAttributeProviderPlugin attr = new StorkAttributeProviderPlugin(
+						spConfiguration.getConfigurationValue(
+								MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST
+									+ "." + index + "."
+									+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_NAME),
+						spConfiguration.getConfigurationValue(
+								MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST
+									+ "." + index + "."
+									+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_URL),
+						spConfiguration.getConfigurationValue(
+								MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST
+									+ "." + index + "."
+									+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ATTRIBUTPROVIDER_LIST_ATTRIBUTES));
+				pluginMap.put(index, attr);
+			}			
+		}		
+	}
+		
+	return pluginMap.values();
+}
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUSelectionTemplate()
+ */
+@Override
+public byte[] getBKUSelectionTemplate() {
+	try {
+		String bkuSelectionTemplateBase64 = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA);	
+		if (MiscUtil.isNotEmpty(bkuSelectionTemplateBase64)) {
+			return  Base64Utils.decode(bkuSelectionTemplateBase64, false);
+			
+		}
+		
+	} catch (Exception e) {
+		Logger.warn("OA specific BKU selection template is not decodeable", e);
+		
+	}
+	
+	return null;	
+}
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSendAssertionTemplate()
+ */
+@Override
+public byte[] getSendAssertionTemplate() {
+	try {
+		String bkuSelectionTemplateBase64 = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SENDASSERTION_DATA);	
+		if (MiscUtil.isNotEmpty(bkuSelectionTemplateBase64)) {
+			return  Base64Utils.decode(bkuSelectionTemplateBase64, false);
+			
+		}
+		
+	} catch (Exception e) {
+		Logger.warn("OA specific BKU selection template is not decodeable", e);
+		
+	}
+	
+	return null;	
+}
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPepsList()
+ */
+@Override
+public Collection<CPEPS> getPepsList() {
+	Map<String, CPEPS> cPEPSMap = new HashMap<String, CPEPS>();
+	try {
+		IStorkConfig availableSTORKConfig = AuthConfigurationProviderFactory.getInstance().getStorkConfig();	
+		if (availableSTORKConfig != null) {	
+			Set<String> configKeys = spConfiguration.getFullConfiguration().keySet();	
+			
+			for (String el : configKeys) {
+				if (el.startsWith(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST)) {
+					String index = KeyValueUtils.getFirstChildAfterPrefix(el, MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST);
+					if (!cPEPSMap.containsKey(index)) {					
+						if (Boolean.parseBoolean(spConfiguration.getConfigurationValue(
+								MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST
+								+ "." + index + "."
+								+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_ENABLED))) {
+							CPEPS availableCPEPS = availableSTORKConfig.getCPEPSWithFullName(
+									spConfiguration.getConfigurationValue(
+											MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST
+											+ "." + index + "."
+											+ MOAIDConfigurationConstants.SERVICE_AUTH_STORK_COUNTRIES_LIST_COUNTRYCODE));
+					
+							if (availableCPEPS != null)
+								cPEPSMap.put(index, availableCPEPS);
+						}
+					}			
+				}		
+			}		
+		}
+		
+	} catch (ConfigurationException e) {
+		Logger.error("MOA-ID configuration is not accessable.", e);
+		
+	}
+	
+	return cPEPSMap.values();
+}
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIDPAttributQueryServiceURL()
+ */
+@Override
+public String getIDPAttributQueryServiceURL() {
+	return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_ATTRIBUTQUERY_URL);
+
+}
+
+@Override
+public boolean isInboundSSOInterfederationAllowed() {
+	String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_INBOUND);
+	if (MiscUtil.isNotEmpty(value))
+		return Boolean.parseBoolean(value);	
+	else
+		return false;	
+}
+
+@Override
+public boolean isOutboundSSOInterfederationAllowed() {
+	String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_OUTBOUND);
+	if (MiscUtil.isNotEmpty(value))
+		return Boolean.parseBoolean(value);	
+	else
+		return false;	
+}
+
+@Override
+public boolean isPassivRequestUsedForInterfederation() {
+	String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_PASSIVEREQUEST);
+	if (MiscUtil.isNotEmpty(value))
+		return Boolean.parseBoolean(value);	
+	else
+		return false;		
+}
+
+@Override
+public boolean isPerformLocalAuthenticationOnInterfederationError() {
+	String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_LOCALAUTHONERROR);
+	if (MiscUtil.isNotEmpty(value))
+		return Boolean.parseBoolean(value);	
+	else
+		return false;	
+}
+
+@Override
+public boolean isInterfederationSSOStorageAllowed() {
+	String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_SSO_STORE);
+	if (MiscUtil.isNotEmpty(value))
+		return Boolean.parseBoolean(value);	
+	else
+		return false;		
+}
+
+public boolean isIDPPublicService() throws ConfigurationException {
+	try {
+		return !hasBaseIdTransferRestriction();
+		
+	} catch (EAAFConfigurationException e) {
+		throw new ConfigurationException("internal.00", new Object[] {}, e);
+		
+	}
+	
+}
+
+
+public String getSTORKPVPForwardEntity() {
+	return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_INTERFEDERATION_FORWARD_IDPIDENTIFIER);
+	
+}
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isTestCredentialEnabled()
+ */
+@Override
+public boolean isTestCredentialEnabled() {
+	String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_ENABLED);
+	if (MiscUtil.isNotEmpty(value))
+		return Boolean.parseBoolean(value);	
+	else
+		return false;	
+}
+
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTestCredentialOIDs()
+ */
+@Override
+public List<String> getTestCredentialOIDs() {
+	String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_OIDs);
+	if (MiscUtil.isNotEmpty(value)) {
+		List<String> list = new ArrayList<String>();
+		String profilesArray[] = value.split(",");  	 		 
+	    for(int i = 0; i < profilesArray.length; i++) {
+	    	list.add(profilesArray[i].trim());
+	    	
+	    }
+	    return list;
+	
+	} else
+		return null;	
+}
+
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBPKDecBpkDecryptionParameters()
+ */
+@Override
+public PrivateKey getBPKDecBpkDecryptionKey() {
+
+	try {		
+		EncryptedData encdata = new EncryptedData(
+				Base64Utils.decode(
+					spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_FOREIGNBPK_DECRYPT_BLOB), false), 
+				Base64Utils.decode(
+						spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_FOREIGNBPK_DECRYPT_IV), false));
+		
+		byte[] serializedData = ConfigurationEncrytionUtil.getInstance().decrypt(encdata);
+		BPKDecryptionParameters data = 
+				(BPKDecryptionParameters) SerializationUtils.deserialize(serializedData);
+		
+		return data.getPrivateKey();
+				
+	} catch (BuildException e) {
+		Logger.error("Can not decrypt key information for bPK decryption", e);
+		
+	} catch (NullPointerException e) {
+		Logger.error("No keyInformation found for bPK decryption");
+		
+	} catch (IOException e) {
+		Logger.error("Can not decode key information for bPK decryption.", e);
+	}
+	
+	return null;
+	
+}
+
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPublicURLPrefix()
+ */
+@Override
+public String getPublicURLPrefix() {
+	return spConfiguration.getUniqueIdentifier();
+	
+}
+
+
+private boolean getBusinessService() {
+	String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_BUSINESSSERVICE);
+	if (MiscUtil.isNotEmpty(value))
+		return Boolean.parseBoolean(value);	
+	else
+		return true;	
+}
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInderfederationIDP()
+ */
+@Override
+public boolean isInderfederationIDP() {
+	String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES);
+	return MOAIDConfigurationConstants.PREFIX_IIDP.equals(value);
+	
+}
+
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isSTORKPVPGateway()
+ */
+@Override
+public boolean isSTORKPVPGateway() {
+	String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES);
+	return MOAIDConfigurationConstants.PREFIX_GATEWAY.equals(value);
+}
+
+
+
+
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFriendlyName()
+ */
+@Override
+public String getFriendlyName() {
+	return spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_FRIENDLYNAME);
+}
+
+
+///* (non-Javadoc)
+// * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getOaType()
+// */
+//@Override
+//public String getOaType() {
+//	if (getBusinessService())
+//		return "businessService";
+//	else
+//		return "publicService";
+//}
+
+
+/**
+ * 
+ * @return true/false if bPK or wbPK should not be visible in AuthBlock 
+ */
+public boolean isRemovePBKFromAuthBlock() {
+	String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_AUTHBLOCK_REMOVEBPK);
+	if (MiscUtil.isNotEmpty(value))
+		return Boolean.parseBoolean(value);	
+	else
+		return false;	
+}
+
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getReversionsLoggingEventCodes()
+ */
+@Override
+public List<Integer> getReversionsLoggingEventCodes() {
+	String isEnabled = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_ENABLED);
+	if (MiscUtil.isNotEmpty(isEnabled) && Boolean.parseBoolean(isEnabled)) {
+		String eventCodes = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_REVERSION_LOGS_EVENTCODES);
+		if (MiscUtil.isNotEmpty(eventCodes)) {
+			String[] codes = eventCodes.split(",");
+			List<Integer> result = new ArrayList<Integer>();
+			for (String el : codes) {
+				try {
+					result.add(Integer.valueOf(el.trim()));
+					
+				} catch (NumberFormatException e) {
+					Logger.warn("EventCode can not parsed to Integer.", e);
+					
+				}
+			}
+			if (!result.isEmpty())
+				return result;
+			
+		}		
+	}
+	return null;
+}
+
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseIDLTestTrustStore()
+ */
+@Override
+public boolean isUseIDLTestTrustStore() {
+	String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_USETESTIDLTRUSTSTORE);
+	if (MiscUtil.isNotEmpty(value))
+		return Boolean.parseBoolean(value);	
+	else
+		return false;	
+}
+
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseAuthBlockTestTestStore()
+ */
+@Override
+public boolean isUseAuthBlockTestTestStore() {
+	String value = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TESTCREDENTIALS_USETESTAUTHBLOCKTRUSTSTORE);
+	if (MiscUtil.isNotEmpty(value))
+		return Boolean.parseBoolean(value);	
+	else
+		return false;	
+}
+
+public String toString() {
+	if (spConfiguration.getFullConfiguration() != null)
+		return Arrays.asList(spConfiguration.getFullConfiguration()).toString();
+	
+	return "Object not initialized";
+}
+
+
+@Override
+public boolean containsConfigurationKey(String arg0) {
+	return spConfiguration.containsConfigurationKey(arg0);
+	
+}
+
+
+@Override
+public String getConfigurationValue(String arg0) {
+	return spConfiguration.getConfigurationValue(arg0);
+}
+
+
+@Override
+public Map<String, String> getFullConfiguration() {
+	return spConfiguration.getFullConfiguration();
+}
+
+
+@Override
+/**
+ * THIS METHODE IS NOT SUPPORTED IN THIS IMPLEMENTATION 
+ */
+public List<String> getTargetsWithNoBaseIdInternalProcessingRestriction() {
+	return null;
+}
+
+
+@Override
+/**
+ * THIS METHODE IS NOT SUPPORTED IN THIS IMPLEMENTATION 
+ */
+public List<String> getTargetsWithNoBaseIdTransferRestriction() {
+	return null;
+}
+
+
+@Override
+/**
+ * THIS METHODE IS NOT SUPPORTED IN THIS IMPLEMENTATION 
+ */
+public String getUniqueIdentifier() {
+	return null;
+}
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index d3e340a90..1abbeb789 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -1,12 +1,6 @@
 package at.gv.egovernment.moa.id.config.auth;
 
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
 import java.net.MalformedURLException;
-import java.net.URI;
-import java.net.URISyntaxException;
 import java.net.URL;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -20,6 +14,10 @@ import java.util.Properties;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.transaction.annotation.Transactional;
 
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.impl.idp.conf.SPConfigurationImpl;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
@@ -35,7 +33,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.MOASP;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.SecurityLayer;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl;
 import at.gv.egovernment.moa.id.config.ConfigurationUtils;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
@@ -55,111 +52,77 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 
 	private static final boolean TRUST_MANAGER_REVOCATION_CHECKING_DEFAULT = true;
 
-	private MOAIDConfiguration configuration;
-	private final Properties properties = new Properties();
-	
+	private MOAIDConfiguration configuration; 
 	private boolean requireJDBCBackupImplementation = false;
 	
-	public PropertyBasedAuthConfigurationProvider(String configFileName) throws ConfigurationException {	    
-	    if (configFileName == null) {
-	    	configFileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
-	    	
-	    	if (MiscUtil.isEmpty(configFileName))	    	
-	    		throw new ConfigurationException("config.01", null);
-	    }
-	    
-	    Logger.info("Loading MOA-ID-AUTH configuration " + configFileName);
-	    
-	    try {
-	    	URI fileURI = new URI(configFileName);	    	
-	    	//instance = new PropertyBasedAuthConfigurationProvider(fileURI);
-	    	initialize(fileURI);
-	    	
-	    } catch (URISyntaxException e){
-	    	Logger.error("MOA-ID-Auth configuration file does not starts with file:/ as prefix.", e);
-	    	throw new ConfigurationException("config24", new Object[]{MOAIDAuthConstants.FILE_URI_PREFIX, configFileName});
+	public PropertyBasedAuthConfigurationProvider(String configFileName) throws ConfigurationException, EAAFConfigurationException {	  
+		super(configFileName);		
+//		try {			
+			Logger.info("Loading MOA-ID-AUTH configuration " +  getConfigurationFilePath().toString());
+	    	initialize();
 	    	
-	    }
+//	    } catch (URISyntaxException e){
+//	    	Logger.error("MOA-ID-Auth configuration file does not starts with file:/ as prefix.", e);
+//	    	throw new ConfigurationException("config24", new Object[]{MOAIDAuthConstants.FILE_URI_PREFIX, configFileName});
+//	    	
+//	    }
 		
 	}
 
-//	/**
-//	 * The constructor with path to a properties file as argument.
-//	 *
-//	 * @param fileName the path to the properties file
-//	 * @throws ConfigurationException if an error occurs during loading the properties file.
-//	 */
-//	public PropertyBasedAuthConfigurationProvider(URI fileName) throws ConfigurationException {
-//		initialize(fileName);
-//		
-//	}
+	
+	//TODO: add EAAFCore configuration prefix if required
+	@Override
+	public String getApplicationSpecificKeyPrefix() {
+		return null;
+		
+	}
 
-	private void initialize(URI fileName) throws ConfigurationException {
-		File propertiesFile = new File(fileName);
-		rootConfigFileDir = propertiesFile.getParent();
-		try {
-		  rootConfigFileDir = new File(rootConfigFileDir).toURI().toURL().toString();
-		  
-		} catch (MalformedURLException t) {
-			throw new ConfigurationException("config.03", null, t);
-			
-		}
+	@Override
+	protected String getBackupConfigPath() {
+		return System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
 		
-		FileInputStream in = null;
-		try {
-			in = new FileInputStream(propertiesFile);
-			properties.load(in);			
-			super.initial(properties);
-			
-//			JPAPropertiesWithJavaConfig.setLocalProperties(configProp);		
-//			System.getProperties().setProperty("location", "file:" + fileName);
-//			context = new ClassPathXmlApplicationContext(
-//					new String[] {  "moaid.configuration.beans.xml",
-//									"configuration.beans.xml"
-//									});
-//			AutowireCapableBeanFactory acbFactory = context.getAutowireCapableBeanFactory();
-//			acbFactory.autowireBean(this);
-			
-			//Some databases do not allow the selection of a lob in SQL where expression  
-			String dbDriver = properties.getProperty("configuration.hibernate.connection.driver_class");					
-			if (MiscUtil.isNotEmpty(dbDriver)) {
-				for (String el:MOAIDConstants.JDBC_DRIVER_NEEDS_WORKAROUND) {
-					if (dbDriver.startsWith(el)) {
-						requireJDBCBackupImplementation = true;
-						Logger.info("JDBC driver '" + dbDriver 
-						+ "' is blacklisted --> Switch to alternative DB access methode implementation.");
-						
-					}					
-				}						
-			}
-			
-									
-		} catch (FileNotFoundException e) {
-			throw new ConfigurationException("config.03", null, e);
+	}
+	
+
+	/**
+	 * Provides configuration information regarding the online application behind the given URL, relevant to the MOA-ID Auth component.
+	 * 
+	 * @param oaURL URL requested for an online application
+	 * @return an <code>OAAuthParameter</code>, or <code>null</code> if none is applicable
+	 */
+	@Override
+	@Transactional
+	public ISPConfiguration getServiceProviderConfiguration(String spIdentifier) throws EAAFConfigurationException {
+		Map<String, String> oa = getActiveOnlineApplication(spIdentifier);
+		if (oa == null) {			
+			return null;
+		}
+
+		return new OAAuthParameterDecorator(new SPConfigurationImpl(oa, this));
 		
-		} catch (IOException e) {
-			throw new ConfigurationException("config.03", null, e);
-			
-		} catch (org.opensaml.xml.ConfigurationException e) {
-			Logger.error("OpenSAML initilalization FAILED. ", e);
-			throw new ConfigurationException("config.23", null, e);
-			
-		} catch (Exception e) {
-			Logger.error("General error during start-up process.", e);
-			throw new ConfigurationException("init.02", null, e);
-			
-			
-		} finally {
-			if (in != null)
-				try {
-					in.close();
-					
-				} catch (IOException e) {
-					Logger.warn("Close MOA-ID-Auth configuration file FAILED.", e);
+	}
+
+	/**
+	 * Provides configuration information regarding the online application behind the given URL, relevant to the MOA-ID Auth component.
+	 * 
+	 * @param oaURL URL requested for an online application
+	 * @return an <code>OAAuthParameter</code>, or <code>null</code> if none is applicable
+	 */
+	@SuppressWarnings("unchecked")
+	@Override
+	@Transactional
+	public <T> T getServiceProviderConfiguration(String spIdentifier, final Class<T> decorator) throws EAAFConfigurationException {
+		ISPConfiguration spConfig = getServiceProviderConfiguration(spIdentifier);
+		if (spConfig != null && decorator != null) {
+			if (decorator.isInstance(spConfig))
+				return (T)spConfig;
+			else
+				Logger.error("SPConfig: " + spConfig.getClass().getName() + " is NOT instance of: " + decorator.getName());
 					
-				}			
 		}
 		
+		return null;
+		
 	}
 	
 	/**
@@ -171,14 +134,6 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 		this.configuration = configuration;
 	}
 
-	/**
-	 * Get the properties.
-	 * @return the properties
-	 */
-	private Properties getProperties() {
-		return properties;
-	}
-
 	/**
 	 * Method that avoids iterating over a {@link Collection} of type {@code T} which is actual {@code null}.
 	 * @param item the collection
@@ -225,23 +180,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 			
 		}
 	}
-	
-	public String getBasicMOAIDConfiguration(final String key) {
-		return properties.getProperty(key);
-		
-	}
-	
-	public String getBasicMOAIDConfiguration(final String key, final String defaultValue) {
-		return properties.getProperty(key, defaultValue);
-		
-	}
-		
-	public Map<String, String> getBasicMOAIDConfigurationWithPrefix(final String prefix) {
-		return KeyValueUtils.getSubSetWithPrefix(KeyValueUtils.concertPropertiesToMap(properties), prefix);
 		
-	}
-	
-	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.config.auth.AuthConfiguration#getPropertyWithKey(java.lang.String)
 	 */
@@ -399,22 +338,6 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 		return legacy;
 	}
 
-	/**
-	 * Provides configuration information regarding the online application behind the given URL, relevant to the MOA-ID Auth component.
-	 * 
-	 * @param oaURL URL requested for an online application
-	 * @return an <code>OAAuthParameter</code>, or <code>null</code> if none is applicable
-	 */
-	@Transactional
-	public OAAuthParameter getOnlineApplicationParameter(String oaURL) {
-		Map<String, String> oa = getActiveOnlineApplication(oaURL);
-		if (oa == null) {			
-			return null;
-		}
-
-		return new OAAuthParameter(oa, this);
-	}
-
 	/**
 	 * Returns a string with a url-reference to the VerifyAuthBlock trust profile id within the moa-sp part of the authentication component.
 	 * 
@@ -505,7 +428,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 					MOAIDConfigurationConstants.GENERAL_AUTH_MOASP_URL);
 			if (moaspURL != null) {
 				result = 
-						new ConnectionParameterMOASP(moaspURL, this.getProperties(), this.getRootConfigFileDir());
+						new ConnectionParameterMOASP(moaspURL, getFullConfigurationProperties(), getRootConfigFileDir());
 				
 			}
 			
@@ -541,7 +464,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 			}
 			
 			if (MiscUtil.isNotEmpty(serviceURL))
-				return new ConnectionParameterMandate(serviceURL, this.getProperties(), this.getRootConfigFileDir());
+				return new ConnectionParameterMandate(serviceURL, getFullConfigurationProperties(), getRootConfigFileDir());
 			
 			else
 				throw new ConfigurationException("service.09", new Object[]{"NO SZR-GW Service URL"});
@@ -577,7 +500,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 			}
 			
 			if (MiscUtil.isNotEmpty(serviceURL))
-				return new ConnectionParameterMandate(serviceURL, this.getProperties(), this.getRootConfigFileDir());
+				return new ConnectionParameterMandate(serviceURL, getFullConfigurationProperties(), getRootConfigFileDir());
 			
 			else
 				throw new ConfigurationException("service.06", new Object[]{"NO MIS Service URL"});
@@ -849,8 +772,9 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 	 * @return the MOASessionEncryptionKey or {@code null}
 	 */
 	public String getMOASessionEncryptionKey() {
-		String prop = properties.getProperty("configuration.moasession.key");
+		String prop = getFullConfigurationProperties().getProperty("configuration.moasession.key");
 		return MiscUtil.isNotEmpty(prop) ? prop : null;
+		
 	}
 
 	/**
@@ -859,7 +783,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 	 * @return the MOAConfigurationEncryptionKey or {@code null}
 	 */
 	public String getMOAConfigurationEncryptionKey() {
-		String prop = properties.getProperty("configuration.moaconfig.key");
+		String prop = getFullConfigurationProperties().getProperty("configuration.moaconfig.key");
 		return MiscUtil.isNotEmpty(prop) ? prop : null;
 	}
 
@@ -867,7 +791,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 	 * @return {@code true} if IdentityLinkResigning is set, {@code false} otherwise.
 	 */
 	public boolean isIdentityLinkResigning() {
-		String prop = properties.getProperty("configuration.resignidentitylink.active", "false");
+		String prop = getFullConfigurationProperties().getProperty("configuration.resignidentitylink.active", "false");
 		return Boolean.valueOf(prop);
 	}
 
@@ -877,7 +801,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 	 * @return the IdentityLinkResigningKey or {@code null}
 	 */
 	public String getIdentityLinkResigningKey() {
-		String prop = properties.getProperty("configuration.resignidentitylink.keygroup");
+		String prop = getFullConfigurationProperties().getProperty("configuration.resignidentitylink.keygroup");
 		return MiscUtil.isNotEmpty(prop) ? prop : null;
 	}
 
@@ -885,7 +809,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 	 * @return {@code true} if MonitoringActive is set, {@code false} otherwise.
 	 */
 	public boolean isMonitoringActive() {
-		String prop = properties.getProperty("configuration.monitoring.active", "false");
+		String prop = getFullConfigurationProperties().getProperty("configuration.monitoring.active", "false");
 		return Boolean.valueOf(prop);
 	}
 
@@ -895,7 +819,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 	 * @return the MonitoringTestIdentityLinkURL or {@code null}
 	 */
 	public String getMonitoringTestIdentityLinkURL() {
-		String prop = properties.getProperty("configuration.monitoring.test.identitylink.url");
+		String prop = getFullConfigurationProperties().getProperty("configuration.monitoring.test.identitylink.url");
 		return MiscUtil.isNotEmpty(prop) ? prop : null;
 	}
 
@@ -905,7 +829,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 	 * @return the MonitoringMessageSuccess or {@code null}
 	 */
 	public String getMonitoringMessageSuccess() {
-		String prop = properties.getProperty("configuration.monitoring.message.success");
+		String prop = getFullConfigurationProperties().getProperty("configuration.monitoring.message.success");
 		return MiscUtil.isNotEmpty(prop) ? prop : null;
 	}
 
@@ -913,7 +837,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 	 * @return {@code true} if AdvancedLoggingActive is set, {@code false} otherwise.
 	 */
 	public boolean isAdvancedLoggingActive() {
-		String prop = properties.getProperty("configuration.advancedlogging.active", "false");
+		String prop = getFullConfigurationProperties().getProperty("configuration.advancedlogging.active", "false");
 		return Boolean.valueOf(prop);
 	}
 
@@ -965,7 +889,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 	 * @return {@code true} if PVP2AssertionEncryptionActive is set, {@code false} otherwise.
 	 */
 	public boolean isPVP2AssertionEncryptionActive() {
-		String prop = this.getProperties().getProperty("protocols.pvp2.assertion.encryption.active", "true");
+		String prop = getFullConfigurationProperties().getProperty("protocols.pvp2.assertion.encryption.active", "true");
 		return Boolean.valueOf(prop);
 	}
 
@@ -973,7 +897,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 	 * @return {@code true} if CertifiacteQCActive is set, {@code false} otherwise.
 	 */
 	public boolean isCertifiacteQCActive() {
-		String prop = this.getProperties().getProperty("configuration.validation.certificate.QC.ignore", "false");
+		String prop = getFullConfigurationProperties().getProperty("configuration.validation.certificate.QC.ignore", "false");
 		return !Boolean.valueOf(prop);
 	}
 
@@ -993,7 +917,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 				Logger.warn("Error in MOA-ID Configuration. No STORK configuration found.");
 				
 			} else {
-				result = new STORKConfig(this.getProperties(), this.getRootConfigFileDir());
+				result = new STORKConfig(getFullConfigurationProperties(), this.getRootConfigFileDir());
 				
 			}	
 		} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
@@ -1055,10 +979,10 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 	private Properties getGeneralProperiesConfig(final String propPrefix) {
 
 		Properties configProp = new Properties();
-		for (Object key : this.getProperties().keySet()) {
+		for (Object key : getFullConfigurationProperties().keySet()) {
 			if (key.toString().startsWith(propPrefix)) {
 				String propertyName = key.toString().substring(propPrefix.length());
-				configProp.put(propertyName, this.getProperties().get(key.toString()));
+				configProp.put(propertyName, getFullConfigurationProperties().get(key.toString()));
 			}
 		}
 		return configProp;
@@ -1087,7 +1011,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 	@Transactional
 	public String getTrustedCACertificates() {
 		try {
-			String path = rootConfigFileDir + configuration.getStringValue(
+			String path = getRootConfigFileDir() + configuration.getStringValue(
 					MOAIDConfigurationConstants.GENERAL_AUTH_TRUSTSTORE_URL);
 			if (MiscUtil.isNotEmpty(path))
 				return path;
@@ -1098,7 +1022,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 				
 			}
 			
-		} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
+		} catch (at.gv.egiz.components.configuration.api.ConfigurationException | ConfigurationException e) {
 			Logger.warn("Error in MOA-ID Configuration. No TrustStoreDirectory defined.", e);
 			return null;
 		}		
@@ -1116,13 +1040,9 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 		Logger.trace("Get active OnlineApplication with ID " + id + " from database.");
 		Map<String, String> oaConfig = null;
 		try {
-			
-			//TODO:
 			//Some databases do not allow the selection of a lob in SQL where expression  
-			String dbDriver = properties.getProperty("configuration.hibernate.connection.driver_class");
 			if (requireJDBCBackupImplementation)
-				oaConfig = configuration.getOnlineApplicationBackupVersion(id);
-			
+				oaConfig = configuration.getOnlineApplicationBackupVersion(id);			
 			else
 				oaConfig = configuration.getOnlineApplication(id);
 									
@@ -1149,13 +1069,13 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 
 	  //Load document service url from moa properties
 	  public String getDocumentServiceUrl() {
-		  String prop = properties.getProperty("stork.documentservice.url", "false");
+		  String prop = getFullConfigurationProperties().getProperty("stork.documentservice.url", "false");
 		  return prop;  
 	  }
 	  
 
 	  public boolean isPVPSchemaValidationActive() {
-		  String prop = properties.getProperty("protocols.pvp2.schemavalidation", "true");
+		  String prop = getFullConfigurationProperties().getProperty("protocols.pvp2.schemavalidation", "true");
 		  return Boolean.valueOf(prop);	  
 	  }
 	  
@@ -1165,7 +1085,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 	   * @return true, if fake IdLs are available for stork
 	   */
 	  public boolean isStorkFakeIdLActive() {
-		  String prop = properties.getProperty("stork.fakeIdL.active", "false");
+		  String prop = getFullConfigurationProperties().getProperty("stork.fakeIdL.active", "false");
 		  return Boolean.valueOf(prop);
 	  }
 
@@ -1175,7 +1095,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 	   * @return the countries
 	   */
 	  public List<String> getStorkFakeIdLCountries() {
-		  String prop = properties.getProperty("stork.fakeIdL.countries", "");
+		  String prop = getFullConfigurationProperties().getProperty("stork.fakeIdL.countries", "");
 		  return Arrays.asList(prop.replaceAll(" ", "").split(","));
 	  }
 
@@ -1185,7 +1105,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 	   * @return the resigning key
 	   */
 	  public String getStorkFakeIdLResigningKey() {
-		  String prop = properties.getProperty("stork.fakeIdL.keygroup");
+		  String prop = getFullConfigurationProperties().getProperty("stork.fakeIdL.keygroup");
 		  if (MiscUtil.isNotEmpty(prop))
 			  return prop;
 		  else
@@ -1198,7 +1118,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 	 */
 	@Override
 	public List<String> getStorkNoSignatureCountries() {
-		  String prop = properties.getProperty("stork.fakeIdL.noSignatureCountries", "");
+		  String prop = getFullConfigurationProperties().getProperty("stork.fakeIdL.noSignatureCountries", "");
 		  return Arrays.asList(prop.replaceAll(" ", "").split(","));
 	}
 
@@ -1208,7 +1128,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 	@Override
 	@Deprecated
 	public boolean isHTTPAuthAllowed() {
-		  String prop = properties.getProperty("configuration.localhttpallowed.active", "false");
+		  String prop = getFullConfigurationProperties().getProperty("configuration.localhttpallowed.active", "false");
 		  return Boolean.valueOf(prop);
 	}
 
@@ -1220,7 +1140,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 		final String[] DEFAULTORDER = new String[] {RevocationSourceTypes.OCSP, RevocationSourceTypes.CRL};
 		List<String> result = new ArrayList<String>();
 		
-		String prop = properties.getProperty("configuration.ssl.validation.revocation.method.order");
+		String prop = getFullConfigurationProperties().getProperty("configuration.ssl.validation.revocation.method.order");
 		if (MiscUtil.isNotEmpty(prop)) {
 			String[] configOrder = prop.split(",");
 			for (String el : configOrder) {
@@ -1301,19 +1221,35 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 		}
 		
 		return false;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.commons.api.AuthConfiguration#getBasicMOAIDConfigurationBoolean(java.lang.String, boolean)
-	 */
-	@Override
-	public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) {
-		String value = properties.getProperty(key);
 		
-		if (MiscUtil.isNotEmpty(value))
-			return Boolean.valueOf(value.trim());
+	}
+	
+	private void initialize() throws ConfigurationException {		 
+		try {
+			initial(getFullConfigurationProperties());
+			String dbDriver = getFullConfigurationProperties().getProperty("configuration.hibernate.connection.driver_class");					
+			if (MiscUtil.isNotEmpty(dbDriver)) {
+				for (String el:MOAIDConstants.JDBC_DRIVER_NEEDS_WORKAROUND) {
+					if (dbDriver.startsWith(el)) {
+						requireJDBCBackupImplementation = true;
+						Logger.info("JDBC driver '" + dbDriver 
+						+ "' is blacklisted --> Switch to alternative DB access methode implementation.");
+						
+					}					
+				}						
+			}
+			
+									
+		} catch (org.opensaml.xml.ConfigurationException e) {
+			Logger.error("OpenSAML initilalization FAILED. ", e);
+			throw new ConfigurationException("config.23", null, e);
+			
+		} catch (Exception e) {
+			Logger.error("General error during start-up process.", e);
+			throw new ConfigurationException("init.02", null, e);
 						
-		return defaultValue;
+		} 
+		
 	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index f3db82315..f401db8bf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -59,7 +59,7 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 	 * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#hasBaseIdInternalProcessingRestriction()
 	 */
 	@Override
-	public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException {
+	public boolean hasBaseIdInternalProcessingRestriction() {
 		return this.hasBaseIdProcessingRestriction;
 	}
 
@@ -67,7 +67,7 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 	 * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#hasBaseIdTransferRestriction()
 	 */
 	@Override
-	public boolean hasBaseIdTransferRestriction() throws ConfigurationException {
+	public boolean hasBaseIdTransferRestriction() {
 		return this.hasBaseIdTransfergRestriction;
 	}
 	
@@ -531,5 +531,29 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 		return false;
 	}
 
+	@Override
+	public boolean containsConfigurationKey(String arg0) {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public List<String> getTargetsWithNoBaseIdInternalProcessingRestriction() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getTargetsWithNoBaseIdTransferRestriction() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getUniqueIdentifier() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index 7f56f519b..14d78c88e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -1,4 +1,4 @@
-/*
+/**
  * Copyright 2014 Federal Chancellery Austria
  * MOA-ID has been developed in a cooperation between BRZ, the Federal
  * Chancellery Austria - ICT staff unit, and Graz University of Technology.
@@ -34,6 +34,7 @@ import java.util.Map;
 import org.apache.commons.collections4.map.HashedMap;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java
deleted file mode 100644
index 4820b6fdc..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.data;
-
-import java.io.Serializable;
-
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-
-/**
- * @author tlenz
- *
- */
-public class ExceptionContainer implements Serializable {
-
-	private static final long serialVersionUID = 5355860753609684995L;
-	private Throwable exceptionThrown = null;
-	private String uniqueSessionID = null;
-	private String uniqueTransactionID = null;
-	private String uniqueServiceProviderId = null;
-	
-	/**
-	 * 
-	 */
-	public ExceptionContainer(IRequest pendingReq, Throwable exception) {
-		if (pendingReq != null) {
-			this.uniqueSessionID = pendingReq.getUniqueSessionIdentifier();
-			this.uniqueTransactionID = pendingReq.getUniqueTransactionIdentifier();
-		
-			if (pendingReq.getOnlineApplicationConfiguration() != null)
-				this.uniqueServiceProviderId = pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix();
-			
-		}
-		
-		this.exceptionThrown = exception;		
-	}
-	
-	/**
-	 * @return the exceptionThrown
-	 */
-	public Throwable getExceptionThrown() {
-		return exceptionThrown;
-	}
-	/**
-	 * @return the uniqueSessionID
-	 */
-	public String getUniqueSessionID() {
-		return uniqueSessionID;
-	}
-	/**
-	 * @return the uniqueTransactionID
-	 */
-	public String getUniqueTransactionID() {
-		return uniqueTransactionID;
-	}
-
-	/**
-	 * @return the uniqueServiceProviderId
-	 */
-	public String getUniqueServiceProviderId() {
-		return uniqueServiceProviderId;
-	}
-	
-	
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
deleted file mode 100644
index cb3def678..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.data;
-
-import java.util.Date;
-import java.util.List;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
-import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
-
-/**
- * @author tlenz
- *
- */
-public interface IAuthData {
-
-	 Date getIssueInstant();
-	 String getIssuer();
-	 boolean isBaseIDTransferRestrication();
-	 
-	 boolean isSsoSession();
-	 //boolean isInterfederatedSSOSession();
-	 boolean isUseMandate();
-	 
-	 String getFamilyName();
-	 String getGivenName();
-	 Date getDateOfBirth();
-	 String getFormatedDateOfBirth();
-
-	 String getBPK();
-	 String getBPKType();
-	 
-	 Date getSsoSessionValidTo();
-	 
-	 //String getInterfederatedIDP();
-	 
-	 String getIdentificationValue();
-	 String getIdentificationType();
-	 
-	 String getBkuURL();
-
-	 List<String> getEncbPKList();
-	 
-	 IIdentityLink getIdentityLink();
-	 byte[] getSignerCertificate();
-	 String getAuthBlock();
-
-	 //ISA 1.18 attributes
-	 String getPvpAttribute_OU();
-	 List<AuthenticationRole> getAuthenticationRoles();
-	 
-	 boolean isPublicAuthority();
-	 String getPublicAuthorityCode();
-	 boolean isQualifiedCertificate();
-
-	 IMISMandate getMISMandate();
-	 Element getMandate();
-	 String getMandateReferenceValue();
-
-	 @Deprecated
-	 /**
-	  * Return STORK QAA level
-	  * 
-	  * @return
-	  */
-	 String getQAALevel();
-	 
-	 /**
-	  * Return authentication QAA level from eIDAS
-	  * 
-	  * @return
-	  */
-	 public String getEIDASQAALevel();
-	 
-	 String getSessionIndex();
-	 String getNameID(); 
-	 String getNameIDFormat();
-	 
-	 boolean isForeigner();
-	 String getCcc();
-	 
-	 public <T> T getGenericData(String key, final Class<T> clazz);
-
-	 	 
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
index 2d84bf472..1d1e2f36a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
@@ -26,6 +26,7 @@ import java.io.Serializable;
 
 import org.opensaml.saml2.metadata.SingleLogoutService;
 
+
 /**
  * @author tlenz
  *
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
deleted file mode 100644
index ae2771427..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.moduls;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.data.SLOInformationInterface;
-
-public interface IAction {
-	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) 
-			throws MOAIDException;
-	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp);
-	
-	public String getDefaultActionName();
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
deleted file mode 100644
index b9b161bb6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.moduls;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-
-
-public interface IModulInfo {
-	//public List<ServletInfo> getServlets();
-	public String getName();
-	public String getPath();
-		
-	public boolean generateErrorMessage(Throwable e,
-			HttpServletRequest request, HttpServletResponse response,
-			IRequest protocolRequest) throws Throwable;
-	
-	public boolean validate(HttpServletRequest request, 
-			HttpServletResponse response, IRequest pending);
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java
deleted file mode 100644
index 987d92e16..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.moduls;
-
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-
-/**
- * @author tlenz
- *
- */
-public interface IRequestStorage {
-
-	public IRequest getPendingRequest(String pendingReqID);
-	
-	public void storePendingRequest(IRequest pendingRequest) throws MOAIDException;
-	
-	public void removePendingRequest(String requestID);
-	
-	public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException, MOADatabaseException;
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java
deleted file mode 100644
index f1db466e9..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.moduls;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-public class NoPassivAuthenticationException extends MOAIDException {
-
-	public NoPassivAuthenticationException() {
-		super("auth.18", null);
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 596920452166197688L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
deleted file mode 100644
index b87574d52..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ /dev/null
@@ -1,454 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.moduls;
-
-import java.io.Serializable;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.util.Collection;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-
-import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
-import at.gv.egovernment.moa.id.commons.MOAIDConstants;
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public abstract class RequestImpl implements IRequest, Serializable{
-		
-	public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL";
-	public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse";
-	public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes";
-	public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "interIDPEntityID";
-	
-	public static final String DATAID_REQUESTER_IP_ADDRESS = "requesterIP";
-	
-//	public static final String eIDAS_GENERIC_REQ_DATA_COUNTRY = "country";
-	public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_LoA";
-	
-	
-	
-	private static final long serialVersionUID = 1L;
-
-	private String module = null;
-	private String action = null;
-	
-	private String requestID;
-	private String processInstanceId;
-	private String ssoMoaSessionId;
-	
-	private String uniqueTransactionIdentifer;
-	private String uniqueSessionIdentifer;
-	
-	private String oaURL;
-	private String authURL = null;
-
-	private IOAAuthParameters OAConfiguration = null;
-	
-	private boolean passiv = false;
-	private boolean force = false;
-	private boolean needSSO = false;
-	private boolean isAbortedByUser = false;
-	
-	//every request needs authentication by default
-	private boolean needAuthentication = true;
-	
-	//every request is not authenticated by default
-	private boolean isAuthenticated = false;
-		
-	private Map<String, Object> genericDataStorage = new HashMap<String, Object>();
-	
-	private IAuthenticationSession moaSSOSessionContainer = null;
-	
-	 	
-	/**
-	 * @throws ConfigurationException 
-	 * 
-	 */
-	public final void initialize(HttpServletRequest req) throws ConfigurationException {				
-		//set requestID
-		requestID = Random.nextLongRandom();
-				
-		//set unique transaction identifier for logging
-		uniqueTransactionIdentifer = Random.nextLongRandom();		
-		TransactionIDUtils.setTransactionId(uniqueTransactionIdentifer);
-		
-		//initialize session object
-		genericDataStorage.put(AuthProzessDataConstants.VALUE_CREATED, new Date());
-		genericDataStorage.put(AuthProzessDataConstants.VALUE_SESSIONID, Random.nextLongRandom());
-		
-		//check if End-Point is valid		
-		String authURLString = HTTPUtils.extractAuthURLFromRequest(req);
-		URL authURL;
-		try {
-			authURL = new URL(authURLString);
-			
-		} catch (MalformedURLException e) {
-			Logger.error("IDP AuthenticationServiceURL Prefix is not a valid URL." + authURLString, e);
-			throw new ConfigurationException("1299", null, e);
-			
-		}
-		
-		AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();		
-		List<String> configuredPublicURLPrefix = config.getPublicURLPrefix();
-				
-		if (!config.isVirtualIDPsEnabled()) {
-			Logger.trace("Virtual IDPs are disabled. Use default IDP PublicURLPrefix from configuration: " + configuredPublicURLPrefix.get(0));
-			this.authURL = configuredPublicURLPrefix.get(0); 
-			
-		} else {
-			Logger.debug("Extract AuthenticationServiceURL: " + authURLString);
-			URL resultURL = null;
-			
-			for (String el : configuredPublicURLPrefix) {
-				try {
-					URL configuredURL = new URL(el);
-
-					//get Ports from URL
-					int configPort = configuredURL.getPort();					
-					if (configPort == -1)
-						configPort = configuredURL.getDefaultPort();
-					
-					int authURLPort = authURL.getPort();
-					if (authURLPort == -1)
-						authURLPort = authURL.getDefaultPort();
-					
-					//check AuthURL against ConfigurationURL
-					if (configuredURL.getHost().equals(authURL.getHost()) &&
-							configPort == authURLPort &&
-							configuredURL.getPath().equals(authURL.getPath())) {
-						Logger.debug("Select configurated PublicURLPrefix: " + configuredURL 
-								+ " for authURL: " + authURLString);
-						resultURL = configuredURL;
-					}
-					
-				} catch (MalformedURLException e) {
-					Logger.error("Configurated IDP PublicURLPrefix is not a valid URL." + el);
-					
-				}				
-			}
-			
-			if (resultURL == null) {
-				Logger.warn("Extract AuthenticationServiceURL: " + authURL + " is NOT found in configuration.");
-				throw new ConfigurationException("config.25", new Object[]{authURLString});
-				
-			} else {
-				this.authURL = resultURL.toExternalForm();
-				
-			}					
-		}
-				
-		//set unique session identifier
-		String uniqueID = (String) req.getAttribute(MOAIDConstants.UNIQUESESSIONIDENTIFIER);
-		if (MiscUtil.isNotEmpty(uniqueID))
-			uniqueSessionIdentifer = uniqueID;
-		
-		else
-			Logger.warn("No unique session-identifier FOUND, but it should be allready set into request!?!");
-		
-		//set requester's IP address
-		try {
-			setGenericDataToSession(DATAID_REQUESTER_IP_ADDRESS, req.getRemoteAddr());
-			
-		} catch (SessionDataStorageException e) {
-			Logger.warn("Can not store remote IP address to 'pendingRequest' during an exception." , e);
-			
-		}
-		
-	}
-	
-	/**
-	 * This method map the protocol specific requested attributes to PVP 2.1 attributes.
-	 * 
-	 * @return List of PVP 2.1 attribute names with maps all protocol specific attributes
-	 */
-	public abstract Collection<String> getRequestedAttributes(MetadataProvider metadataProvider);
-	
-	public void setOAURL(String value) {
-		oaURL = value;
-	}
-	
-	public String getOAURL() {
-		return oaURL;
-	}
-
-	public boolean isPassiv() {
-		return passiv;
-	}
-
-	public boolean forceAuth() {
-		return force;
-	}
-
-	public void setPassiv(boolean passiv) {
-		this.passiv = passiv;
-	}
-
-	public void setForce(boolean force) {
-		this.force = force;
-	}
-
-	public String requestedAction() {
-		return action;
-	}
-
-	public void setAction(String action) {
-		this.action = action;
-	}
-	
-	/**
-	 * @return the module
-	 */
-	public String requestedModule() {
-		return module;
-	}
-
-	/**
-	 * @param module the module to set
-	 */
-	public void setModule(String module) {
-		this.module = module;
-	}
-
-	public void setRequestID(String id) {
-		this.requestID = id;
-		
-	}
-
-	public String getRequestID() {
-		return requestID;
-	}
-	
-	public String getInternalSSOSessionIdentifier() {
-		return this.ssoMoaSessionId;
-	}
-	
-	/**
-	 * Set the internal SSO session identifier, which associated with this pending request
-	 * 
-	 * @param internalSSOSessionId 
-	 */
-	public void setInternalSSOSessionIdentifier(String internalSSOSessionId) {
-		this.ssoMoaSessionId = internalSSOSessionId;
-		
-	}
-	
-	public IAuthenticationSession getMOASession() {
-		//if SSO session information are set, use this
-		if (moaSSOSessionContainer != null)
-			return moaSSOSessionContainer;
-		
-		else
-			return new AuthenticationSessionWrapper(genericDataStorage);
-				
-	}
-	
-	public void populateMOASessionWithSSOInformation(IAuthenticationSession ssoSession) {
-		if (ssoSession instanceof AuthenticationSession) {
-			moaSSOSessionContainer = ssoSession;
-						
-		} else 
-			throw new IllegalStateException("Session information can only be populated with SSO information from database");
-		
-		
-	}
-	
-	
-	public IOAAuthParameters getOnlineApplicationConfiguration() {
-		return this.OAConfiguration;
-	
-	}
-	
-	public void setOnlineApplicationConfiguration(IOAAuthParameters oaConfig) {
-		this.OAConfiguration = oaConfig;
-		
-	}
-
-	public String getUniqueTransactionIdentifier() {
-		return this.uniqueTransactionIdentifer;
-		
-	}
-	
-	public String getUniqueSessionIdentifier() {
-		return this.uniqueSessionIdentifer;
-		
-	}
-	
-	public String getProcessInstanceId() {
-		return this.processInstanceId;
-		
-	}
-	
-	public void setUniqueTransactionIdentifier(String id) {
-		this.uniqueTransactionIdentifer = id;
-		
-	}
-	
-	public void setUniqueSessionIdentifier(String id) {
-		this.uniqueSessionIdentifer = id;
-		
-	}
-	
-	public void setProcessInstanceId(String id) {
-		this.processInstanceId = id;
-		
-	}
-	
-	/**
-	 * @return the authURL
-	 */
-	public String getAuthURL() {
-		return authURL;
-	}
-	
-	public String getAuthURLWithOutSlash() {
-		if (authURL.endsWith("/"))
-			return authURL.substring(0, authURL.length()-1);
-		else
-			return authURL;
-		
-	}
-
-	/**
-	 * @return the needAuthentication
-	 */
-	public boolean isNeedAuthentication() {
-		return needAuthentication;
-	}
-
-	/**
-	 * @param needAuthentication the needAuthentication to set
-	 */
-	public void setNeedAuthentication(boolean needAuthentication) {
-		this.needAuthentication = needAuthentication;
-	}
-
-	/**
-	 * @return the isAuthenticated
-	 */
-	public boolean isAuthenticated() {
-		return isAuthenticated;
-	}
-
-	/**
-	 * @param isAuthenticated the isAuthenticated to set
-	 */
-	public void setAuthenticated(boolean isAuthenticated) {
-		this.isAuthenticated = isAuthenticated;
-	}
-
-	public boolean needSingleSignOnFunctionality() {
-		return needSSO;
-	}
-	public void setNeedSingleSignOnFunctionality(boolean needSSO) {
-		this.needSSO = needSSO;
-		
-	}
-	
-	public boolean isAbortedByUser() {
-		return this.isAbortedByUser;
-	}
-
-	public void setAbortedByUser(boolean isAborted) {
-		this.isAbortedByUser = isAborted;
-		
-	}
-	
-	public Object getGenericData(String key) {
-		if (MiscUtil.isNotEmpty(key)) {
-			return genericDataStorage.get(key);
-			
-		} 
-		
-		Logger.warn("Can not load generic request-data with key='null'");
-		return null;		
-	}
-	
-	public <T> T getGenericData(String key, final Class<T> clazz) {
-		if (MiscUtil.isNotEmpty(key)) {
-			Object data =  genericDataStorage.get(key);
-			
-			if (data == null)
-				return null;
-			
-			try {
-				@SuppressWarnings("unchecked")
-				T test = (T) data;
-				return test;
-				
-			} catch (Exception e) {
-				Logger.warn("Generic request-data object can not be casted to requested type", e);
-				return null;
-				
-			}
-			
-		} 
-		
-		Logger.warn("Can not load generic request-data with key='null'");
-		return null;
-		
-	}
-	
-	public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException {
-		if (MiscUtil.isEmpty(key)) {
-			Logger.warn("Generic request-data can not be stored with a 'null' key");
-			throw new SessionDataStorageException("Generic request-data can not be stored with a 'null' key", null);
-			
-		}
-		
-		if (object != null) {
-			if (!Serializable.class.isInstance(object)) {
-				Logger.warn("Generic request-data can only store objects which implements the 'Seralizable' interface");
-				throw new SessionDataStorageException("Generic request-data can only store objects which implements the 'Seralizable' interface", null);
-				
-			}						
-		}
-		
-		if (genericDataStorage.containsKey(key))
-			Logger.debug("Overwrite generic request-data with key:" + key);
-		else
-			Logger.trace("Add generic request-data with key:" + key + " to session.");
-		
-		genericDataStorage.put(key, object);
-		
-	}
-		
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
deleted file mode 100644
index 90ccb3c27..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
+++ /dev/null
@@ -1,135 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.moduls;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAO;
-import at.gv.egovernment.moa.id.storage.ITransactionStorage;
-import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.logging.Logger;
-
-@Service("RequestStorage")
-public class RequestStorage implements IRequestStorage{
-
-	@Autowired ITransactionStorage transactionStorage;
-	@Autowired ProcessInstanceStoreDAO processInstanceStore;
-	
-	@Override
-	public IRequest getPendingRequest(String pendingReqID) {
-		
-		try {
-			IRequest pendingRequest = transactionStorage.get(pendingReqID, IRequest.class);
-			if (pendingRequest == null) {
-				Logger.info("No PendingRequst found with pendingRequestID " + pendingReqID);			
-				return null;
-				
-			}
-					
-			//set transactionID and sessionID to Logger
-			TransactionIDUtils.setAllLoggingVariables(pendingRequest);
-						
-			return pendingRequest;
-		
-		} catch (MOADatabaseException | NullPointerException e) {
-			Logger.info("No PendingRequst found with pendingRequestID " + pendingReqID);			
-			return null;
-			
-		}
-	}
-
-	@Override
-	public void storePendingRequest(IRequest pendingRequest) throws MOAIDException {
-		try {			
-			if (pendingRequest instanceof IRequest) {
-				transactionStorage.put(((IRequest)pendingRequest).getRequestID(), pendingRequest, -1);
-												
-			} else {
-				throw new MOAIDException("auth.20", null);
-				
-			}
-			
-		} catch (MOADatabaseException e) {
-			Logger.warn("Pending Request with ID=" + ((IRequest)pendingRequest).getRequestID() +
-					" can not stored.", e);
-			throw new MOAIDException("auth.20", null);
-		}
-		
-	}
-	
-	@Override
-	public void removePendingRequest(String requestID) {
-		
-		if (requestID != null) {
-			
-			//remove process-management execution instance
-			try {
-				IRequest pendingReq = getPendingRequest(requestID);
-						
-				if (pendingReq != null && 
-						pendingReq.getProcessInstanceId() != null) {
-					processInstanceStore.remove(pendingReq.getProcessInstanceId());
-					
-				}
-
-			} catch (MOADatabaseException e) {
-				Logger.warn("Removing process associated with pending-request:" + requestID + " FAILED.", e);
-				
-			}
-				
-			transactionStorage.remove(requestID);
-			
-		}
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.storage.IRequestStorage#changePendingRequestID(at.gv.egovernment.moa.id.moduls.IRequest)
-	 */
-	@Override
-	public String changePendingRequestID(IRequest pendingRequest) throws MOAIDException, MOADatabaseException {
-
-		if (pendingRequest instanceof RequestImpl) {
-			String newRequestID = Random.nextRandom();
-			String oldRequestID = pendingRequest.getRequestID();
-			
-			Logger.debug("Change pendingRequestID from " + pendingRequest.getRequestID() 
-				+ " to " + newRequestID);
-			
-			((RequestImpl)pendingRequest).setRequestID(newRequestID);			
-			transactionStorage.changeKey(oldRequestID, newRequestID, pendingRequest);
-			//only delete oldRequestID, no change.
-			
-			return newRequestID;
-						
-		} else {
-			Logger.error("PendingRequest object is not of type 'RequestImpl.class'");
-			throw new MOAIDException("internal.00", null);
-		}
-		
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 557d9af48..b36b5af30 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -31,11 +31,13 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
@@ -43,7 +45,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionSto
 import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java
index b05e60e94..dbfeb5e90 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java
@@ -37,8 +37,8 @@ import org.opensaml.ws.message.encoder.MessageEncodingException;
 import org.opensaml.ws.transport.http.HTTPOutTransport;
 import org.opensaml.ws.transport.http.HTTPTransportUtils;
 
+import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl;
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ExecutionContextImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ExecutionContextImpl.java
deleted file mode 100644
index 080990f71..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ExecutionContextImpl.java
+++ /dev/null
@@ -1,79 +0,0 @@
-package at.gv.egovernment.moa.id.process;
-
-import java.io.Serializable;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-
-/**
- * ExecutionContext implementation, related to a certain process instance.
- * 
- * @author tknall
- * 
- */
-public class ExecutionContextImpl implements ExecutionContext {
-
-	private static final long serialVersionUID = 1L;
-
-	private Map<String, Serializable> ctxData = Collections.synchronizedMap(new HashMap<String, Serializable>());
-
-	private String processInstanceId;
-
-	/**
-	 * Creates a new instance.
-	 */
-	public ExecutionContextImpl() {
-	}
-
-	/**
-	 * Creates a new instance and associated it with a certain process instance.
-	 */
-	public ExecutionContextImpl(String processInstanceId) {
-		this.processInstanceId = processInstanceId;
-	}
-
-	@Override
-	public void setProcessInstanceId(String processInstanceId) {
-		this.processInstanceId = processInstanceId;
-	}
-
-	@Override
-	public String getProcessInstanceId() {
-		return processInstanceId;
-	}
-
-	@Override
-	public Serializable get(String key) {
-		return ctxData.get(key);
-	}
-
-	@Override
-	public Serializable remove(String key) {
-		return ctxData.remove(key);
-	}
-
-	@Override
-	public void put(String key, Serializable object) {
-		ctxData.put(key, object);
-	}
-
-	@Override
-	public Set<String> keySet() {
-		return Collections.unmodifiableSet(ctxData.keySet());
-	}
-
-	@Override
-	public String toString() {
-		StringBuilder builder = new StringBuilder();
-		builder.append("ExecutionContextImpl [");
-		builder.append("id=").append(processInstanceId);
-		builder.append(", variables=");
-		builder.append(ctxData.keySet());
-		builder.append("]");
-		return builder.toString();
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ExpressionEvaluationContextImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ExpressionEvaluationContextImpl.java
deleted file mode 100644
index f0d1c861d..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ExpressionEvaluationContextImpl.java
+++ /dev/null
@@ -1,44 +0,0 @@
-package at.gv.egovernment.moa.id.process;
-
-import java.io.Serializable;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext;
-
-/**
- * Context implementation used for expression evaluation only.
- * 
- * @author tknall
- * 
- */
-public class ExpressionEvaluationContextImpl implements ExpressionEvaluationContext {
-
-	private static final long serialVersionUID = 1L;
-
-	private Map<String, Serializable> ctxData;
-
-	/**
-	 * Creates a new instance and initializes it with data from a given process instance.
-	 * 
-	 * @param processInstance
-	 *            The process instance.
-	 */
-	ExpressionEvaluationContextImpl(ProcessInstance processInstance) {
-		ExecutionContext executionContext = processInstance.getExecutionContext();
-		Set<String> keys = executionContext.keySet();
-		ctxData = Collections.synchronizedMap(new HashMap<String, Serializable>(keys.size()));
-		for (String key : keys) {
-			ctxData.put(key, executionContext.get(key));
-		}
-	}
-
-	@Override
-	public Map<String, Serializable> getCtx() {
-		return Collections.unmodifiableMap(ctxData);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParser.java
deleted file mode 100644
index 162ee624a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParser.java
+++ /dev/null
@@ -1,224 +0,0 @@
-package at.gv.egovernment.moa.id.process;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Objects;
-
-import javax.xml.XMLConstants;
-import javax.xml.namespace.QName;
-import javax.xml.stream.XMLEventReader;
-import javax.xml.stream.XMLInputFactory;
-import javax.xml.stream.XMLStreamConstants;
-import javax.xml.stream.XMLStreamException;
-import javax.xml.stream.events.Attribute;
-import javax.xml.stream.events.StartElement;
-import javax.xml.stream.events.XMLEvent;
-import javax.xml.stream.util.EventReaderDelegate;
-import javax.xml.transform.stax.StAXSource;
-import javax.xml.transform.stream.StreamSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.SchemaFactory;
-import javax.xml.validation.Validator;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.xml.sax.SAXException;
-
-import at.gv.egovernment.moa.id.process.model.EndEvent;
-import at.gv.egovernment.moa.id.process.model.ProcessDefinition;
-import at.gv.egovernment.moa.id.process.model.ProcessNode;
-import at.gv.egovernment.moa.id.process.model.StartEvent;
-import at.gv.egovernment.moa.id.process.model.TaskInfo;
-import at.gv.egovernment.moa.id.process.model.Transition;
-
-/**
- * Parses an XML representation of a process definition as defined by the respective XML schema.
- * <p/
- * The parser is thread-safe.
- * @author tknall
- *
- */
-public class ProcessDefinitionParser {
-	
-	private static final String NS = "http://reference.e-government.gv.at/namespace/moa/process/definition/v1";
-	
-	private static Logger log = LoggerFactory.getLogger(ProcessDefinitionParser.class);
-
-	private static class LazyProcessDefinitionSchemaHolder {
-		private static final Schema PD_SCHEMA_INSTANCE;
-		static {
-			try (InputStream in = ProcessDefinitionParser.class.getResourceAsStream("ProcessDefinition.xsd")) {
-				log.trace("Compiling process definition schema.");
-				SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
-				// schema is thread-safe
-				PD_SCHEMA_INSTANCE = factory.newSchema(new StreamSource(in));
-			} catch (Exception e) {
-				throw new RuntimeException("Unable to compile process definition schema.", e);
-			}
-		}
-	}
-
-	/**
-	 * Parses an XML representation of a process definition. The representation is being validated in order to suffice
-	 * the related XML schema.
-	 * 
-	 * @param processDefinitionInputStream
-	 *            The process definition.
-	 * @return A new process definition.
-	 * @throws ProcessDefinitionParserException
-	 *             Thrown in case of error parsing the process definition.
-	 */
-	public ProcessDefinition parse(InputStream processDefinitionInputStream) throws ProcessDefinitionParserException {
-		XMLEventReader reader = null;
-		final ProcessDefinition pd = new ProcessDefinition();
-		log.debug("Parsing and validating process definition.");
-		try {
-
-			// Standard implementation of XMLInputFactory seems not to be thread-safe
-			XMLInputFactory inputFactory = XMLInputFactory.newInstance();
-			reader = inputFactory.createXMLEventReader(processDefinitionInputStream);
-
-			final List<StartElement> transitionElements = new ArrayList<>();
-			final List<StartEvent> startEvents = new ArrayList<>();
-			
-			reader = new EventReaderDelegate(reader) {
-
-				@Override
-				public XMLEvent nextEvent() throws XMLStreamException {
-					XMLEvent event = super.nextEvent();
-
-					switch (event.getEventType()) {
-					case XMLStreamConstants.START_ELEMENT:
-						StartElement element = event.asStartElement();
-						QName qname = element.getName();
-						
-						if (NS.equals(qname.getNamespaceURI())) {
-							log.trace("Found process description element '{}'.", qname.getLocalPart());
-							Attribute id = element.getAttributeByName(new QName("id"));
-							
-							switch (qname.getLocalPart()) {
-							case "ProcessDefinition":
-								if (id != null) {
-									pd.setId(id.getValue());
-								}
-								break;
-							case "StartEvent":
-								StartEvent startEvent = new StartEvent();
-								if (id != null) {
-									startEvent.setId(id.getValue());
-								}
-								startEvents.add(startEvent);
-								break;
-							case "EndEvent":
-								EndEvent endEvent = new EndEvent();
-								if (id != null) {
-									endEvent.setId(id.getValue());
-									pd.getEndEvents().put(id.getValue(), endEvent);
-								}
-								break;
-							case "Transition":
-								transitionElements.add(element);
-								break;
-							case "Task":
-								TaskInfo taskInfo = new TaskInfo();
-								if (id != null) {
-									taskInfo.setId(id.getValue());
-									pd.getTaskInfos().put(id.getValue(), taskInfo);
-								}
-								Attribute async = element.getAttributeByName(new QName("async"));
-								if (async != null) {
-									taskInfo.setAsync(Boolean.valueOf(async.getValue()));
-								}
-								Attribute implementingClass = element.getAttributeByName(new QName("class"));
-								if (implementingClass != null) {
-									taskInfo.setTaskImplementingClass(implementingClass.getValue());
-								}
-								break;
-							}
-							
-						}
-						
-						break;
-					}
-
-					return event;
-				}
-
-			};
-
-			// validator is not thread-safe
-			Validator validator = LazyProcessDefinitionSchemaHolder.PD_SCHEMA_INSTANCE.newValidator();
-			validator.validate(new StAXSource(reader));
-			log.trace("Process definition successfully schema validated.");
-
-			// perform some basic checks
-			log.trace("Building model and performing some plausibility checks.");
-			if (startEvents.size() != 1) {
-				throw new ProcessDefinitionParserException("A ProcessDefinition must contain exactly one single StartEvent.");
-			}
-			pd.setStartEvent(startEvents.get(0));
-			
-			// link transitions
-			Iterator<StartElement> transitions = transitionElements.iterator();
-			while (transitions.hasNext()) {
-				StartElement element = transitions.next();
-				Transition transition = new Transition();
-				Attribute id = element.getAttributeByName(new QName("id"));
-				if (id != null) {
-					transition.setId(id.getValue());
-				}
-				Attribute conditionExpression = element.getAttributeByName(new QName("conditionExpression"));
-				if (conditionExpression != null) {
-					transition.setConditionExpression(conditionExpression.getValue());
-				}
-				Attribute from = element.getAttributeByName(new QName("from"));
-				if (from != null) {
-					ProcessNode fromNode = pd.getProcessNode(from.getValue());
-					if (fromNode == null) {
-						throw new ProcessDefinitionParserException("Transition's 'from'-attribute refers to a non-existing event or task '" + from.getValue() + '.');
-					}
-					if (fromNode instanceof EndEvent) {
-						throw new ProcessDefinitionParserException("Transition cannot start from end event.");
-					}
-					transition.setFrom(fromNode);
-					fromNode.getOutgoingTransitions().add(transition);
-				}
-				Attribute to = element.getAttributeByName(new QName("to"));
-				if (to != null) {
-					ProcessNode toNode = pd.getProcessNode(to.getValue());
-					if (toNode == null) {
-						throw new ProcessDefinitionParserException("Transition's 'to'-attribute refers to a non-existing event or task '" + to.getValue() + '.');
-					}
-					transition.setTo(toNode);
-					toNode.getIncomingTransitions().add(transition);
-				}
-				if (transition.getConditionExpression() == null && Objects.equals(transition.getFrom(), transition.getTo())) {
-					throw new ProcessDefinitionParserException("Transition's 'from' equals its 'to'. Since no 'conditionExpression' has been set this will cause a loop.");
-				}
-			}
-			log.debug("Process definition '{}' successfully parsed.", pd.getId());
-			return pd;
-
-		} catch (ProcessDefinitionParserException e) {
-			throw e;
-		} catch (XMLStreamException|IOException e) {
-			throw new ProcessDefinitionParserException("Unable to read process definition from inputstream.", e);
-		} catch (SAXException e) {
-			throw new ProcessDefinitionParserException("Schema validation of process description failed.", e);
-		} catch (Exception e) {
-			throw new ProcessDefinitionParserException("Internal error creating process definition from inputstream.", e);
-		} finally {
-			if (reader != null) {
-				try {
-					reader.close();
-				} catch (XMLStreamException e) {
-					// error freeing resources
-				}
-			}
-		}
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParserException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParserException.java
deleted file mode 100644
index 0c214750d..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParserException.java
+++ /dev/null
@@ -1,35 +0,0 @@
-package at.gv.egovernment.moa.id.process;
-
-/**
- * Exception thrown in case of error parsing a process definition.
- * 
- * @author tknall
- * 
- */
-public class ProcessDefinitionParserException extends Exception {
-
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Creates a new parser exception providing a {@code message} describing the reason and the {@code cause}.
-	 * 
-	 * @param message
-	 *            The message.
-	 * @param cause
-	 *            The cause.
-	 */
-	public ProcessDefinitionParserException(String message, Throwable cause) {
-		super(message, cause);
-	}
-
-	/**
-	 * Creates a new parser exception providing a {@code message} describing the reason.
-	 * 
-	 * @param message
-	 *            The message.
-	 */
-	public ProcessDefinitionParserException(String message) {
-		super(message);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java
deleted file mode 100644
index 44f622fa0..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java
+++ /dev/null
@@ -1,110 +0,0 @@
-package at.gv.egovernment.moa.id.process;
-
-
-import java.io.InputStream;
-
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.model.ProcessDefinition;
-
-/**
- * Process engine providing means for starting and resuming processes.
- * 
- * @author tknall
- */
-public interface ProcessEngine {
-
-	/**
-	 * Registers a new process definition. Note that existing definitions with the same identifier will be replaced.
-	 * 
-	 * @param processDefinition
-	 *            The process definition to be registered.
-	 */
-	void registerProcessDefinition(ProcessDefinition processDefinition);
-
-	/**
-	 * Registers a new process definition given as {@link InputStream}. Note that existing definitions with the same identifier will be replaced.
-	 *
-	 * @param processDefinitionInputStream The input stream to the definition to be registered.
-	 * @throws ProcessDefinitionParserException Thrown in case of an error parsing the process definition.
-	 * @return The process definition's identifier.
-	 */
-	String registerProcessDefinition(InputStream processDefinitionInputStream) throws ProcessDefinitionParserException;
-
-	/**
-	 * Creates a process instance according to the referenced process definition, persists it into the database and returns it identifier.
-	 * <p/>
-	 * Note that the method returns the identifier of a process instance which will be needed in order to start a process or to continue
-	 * process execution after asynchronous task execution (refer to {@link #start(String)} and
-	 * {@link #signal(String)} for further information).
-	 * 
-	 * @param processDefinitionId
-	 *            The identifier of the respective process definition.
-	 * @param executionContext The execution context (may be {@code null}).
-	 * @return The id of the newly created process instance (never {@code null}).
-	 * @throws ProcessExecutionException
-	 *             Thrown in case of error, e.g. when a {@code processDefinitionId} is referenced that does not exist.
-	 */
-	String createProcessInstance(String processDefinitionId, ExecutionContext executionContext) throws ProcessExecutionException;
-
-	/**
-	 * Creates a process instance according to the referenced process definition, persists it into the database and returns it identifier.
-	 * <p/>
-	 * Note that the method returns the identifier of a process instance which will be needed in order to start a process or to continue
-	 * process execution after asynchronous task execution (refer to {@link #start(String)} and
-	 * {@link #signal(String)} for further information).
-	 * 
-	 * @param processDefinitionId
-	 *            The identifier of the respective process definition.
-	 * @return The id of the newly created process instance (never {@code null}).
-	 * @throws ProcessExecutionException
-	 *             Thrown in case of error, e.g. when a {@code processDefinitionId} is referenced that does not exist.
-	 */
-	String createProcessInstance(String processDefinitionId) throws ProcessExecutionException;
-
-	
-	/**
-	 * Delete a process instance 
-	 * 
-	 * @param processInstanceId
-	 *            The identifier of the respective process.
-	 * @throws ProcessExecutionException
-	 *             Thrown in case of error, e.g. when a {@code processInstanceId} is referenced that does not exist.
-	 */
-	void deleteProcessInstance(String processInstanceId) throws ProcessExecutionException;
-	
-	/**
-	 * Returns the process instance with a given {@code processInstanceId}.
-	 * 
-	 * @param processInstanceId
-	 *            The process instance id.
-	 * @return The process instance (never {@code null}).
-	 * @throws IllegalArgumentException
-	 *             In case the process instance does not/no longer exist.
-	 * @throws RuntimeException
-	 *             In case the process instance could not be retrieved from persistence.
-	 */
-	ProcessInstance getProcessInstance(String processInstanceId);
-
-	/**
-	 * Starts the process using the given {@code pendingReq}.
-	 * 
-	 * @param pendingReq
-	 *            The protocol request for which a process should be started.
-	 * @throws ProcessExecutionException
-	 *             Thrown in case of error.
-	 */
-	void start(IRequest pendingReq) throws ProcessExecutionException;
-
-
-	/**
-	 * Resumes process execution after an asynchronous task has been executed.
-	 * 
-	 * @param pendingReq
-	 *            The process instance id.
-	 * @throws ProcessExecutionException
-	 *             Thrown in case of error.
-	 */
-	void signal(IRequest pendingReq) throws ProcessExecutionException;
-
-}
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
deleted file mode 100644
index 76e6605c1..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
+++ /dev/null
@@ -1,420 +0,0 @@
-package at.gv.egovernment.moa.id.process;
-
-import java.io.InputStream;
-import java.io.Serializable;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
-
-import org.apache.commons.collections4.CollectionUtils;
-import org.apache.commons.collections4.Predicate;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.slf4j.MDC;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext;
-import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator;
-import at.gv.egovernment.moa.id.process.api.Task;
-import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStore;
-import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAO;
-import at.gv.egovernment.moa.id.process.model.EndEvent;
-import at.gv.egovernment.moa.id.process.model.ProcessDefinition;
-import at.gv.egovernment.moa.id.process.model.ProcessNode;
-import at.gv.egovernment.moa.id.process.model.StartEvent;
-import at.gv.egovernment.moa.id.process.model.TaskInfo;
-import at.gv.egovernment.moa.id.process.model.Transition;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * Process engine implementation allowing starting and continuing processes as well as providing means for cleanup actions.
- */
-public class ProcessEngineImpl implements ProcessEngine {
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-
-	@Autowired ProcessInstanceStoreDAO piStoreDao;
-	@Autowired ApplicationContext context;
-	
-	private ProcessDefinitionParser pdp = new ProcessDefinitionParser();
-
-	private Map<String, ProcessDefinition> processDefinitions = new ConcurrentHashMap<String, ProcessDefinition>();
-
-	private final static String MDC_CTX_PI_NAME = "processInstanceId";
-	private final static String MDC_CTX_TASK_NAME = "taskId";
-
-	private ExpressionEvaluator transitionConditionExpressionEvaluator;
-
-	@Override
-	public void registerProcessDefinition(ProcessDefinition processDefinition) {
-		log.info("Registering process definition '{}'.", processDefinition.getId());
-		processDefinitions.put(processDefinition.getId(), processDefinition);
-	}
-
-	@Override
-	public String registerProcessDefinition(InputStream processDefinitionInputStream) throws ProcessDefinitionParserException{
-		ProcessDefinition pd = pdp.parse(processDefinitionInputStream);
-		registerProcessDefinition(pd);
-		return pd.getId();
-	}
-
-	/**
-	 * Sets the process definitions.
-	 *
-	 * @param processDefinitions
-	 *            The process definitions.
-	 * @throws IllegalArgumentException
-	 *             In case the process definitions contain definitions with the same identifier.
-	 */
-	public void setProcessDefinitions(Iterable<ProcessDefinition> processDefinitions) {
-		this.processDefinitions.clear();
-		for (ProcessDefinition pd : processDefinitions) {
-			if (this.processDefinitions.containsKey(pd.getId())) {
-				throw new IllegalArgumentException("Duplicate process definition identifier '" + pd.getId() + "'.");
-			}
-			registerProcessDefinition(pd);
-		}
-	}
-
-	/**
-	 * Sets an expression evaluator that should be used to process transition condition expressions.
-	 * @param transitionConditionExpressionEvaluator The expression evaluator.
-	 */
-	public void setTransitionConditionExpressionEvaluator(
-			ExpressionEvaluator transitionConditionExpressionEvaluator) {
-		this.transitionConditionExpressionEvaluator = transitionConditionExpressionEvaluator;
-	}
-
-
-	@Override
-	public String createProcessInstance(String processDefinitionId, ExecutionContext executionContext) throws ProcessExecutionException {
-		// look for respective process definition
-		ProcessDefinition pd = processDefinitions.get(processDefinitionId);
-		if (pd == null) {
-			throw new ProcessExecutionException("Unable to find process definition for process '" + processDefinitionId + "'.");
-		}
-		// create and keep process instance
-		ProcessInstance pi = new ProcessInstance(pd, executionContext);
-		log.info("Creating process instance from process definition '{}': {}", processDefinitionId, pi.getId());
-
-		try {
-			saveOrUpdateProcessInstance(pi);
-		} catch (MOADatabaseException e) {
-			throw new ProcessExecutionException("Unable to persist process instance.", e);
-		}
-
-		return pi.getId();
-	}
-
-	@Override
-	public String createProcessInstance(String processDefinitionId) throws ProcessExecutionException {
-		return createProcessInstance(processDefinitionId, null);
-	}
-
-	@Override
-	public void start(IRequest pendingReq) throws ProcessExecutionException {
-		try {
-			if (MiscUtil.isEmpty(pendingReq.getProcessInstanceId())) {
-				log.error("Pending-request with id:" + pendingReq.getRequestID() 
-					+ " includes NO 'ProcessInstanceId'");
-				throw new ProcessExecutionException("Pending-request with id:" + pendingReq.getRequestID() 
-					+ " includes NO 'ProcessInstanceId'");
-			}
-			
-			ProcessInstance pi = loadProcessInstance(pendingReq.getProcessInstanceId());
-
-			if (pi == null ) {
-				throw new ProcessExecutionException("Process instance '" + pendingReq.getProcessInstanceId() + "' does not exist.");
-				
-			}
-			
-			MDC.put(MDC_CTX_PI_NAME, pi.getId());
-
-			if (!ProcessInstanceState.NOT_STARTED.equals(pi.getState())) {
-				throw new ProcessExecutionException("Process instance '" + pi.getId() + "' has already been started (current state is " + pi.getState() + ").");
-			}
-			log.info("Starting process instance '{}'.", pi.getId());
-			// execute process
-			pi.setState(ProcessInstanceState.STARTED);
-			execute(pi, pendingReq);
-
-			//store ProcessInstance if it is not already ended
-			if (!ProcessInstanceState.ENDED.equals(pi.getState()))
-				saveOrUpdateProcessInstance(pi);
-				
-		} catch (MOADatabaseException e) {
-			throw new ProcessExecutionException("Unable to load/save process instance.", e);
-
-		} finally {
-			MDC.remove(MDC_CTX_PI_NAME);
-		}
-	}
-	
-	@Override
-	public void signal(IRequest pendingReq) throws ProcessExecutionException {
-
-		try {
-			if (MiscUtil.isEmpty(pendingReq.getProcessInstanceId())) {
-				log.error("Pending-request with id:" + pendingReq.getRequestID() 
-					+ " includes NO 'ProcessInstanceId'");
-				throw new ProcessExecutionException("Pending-request with id:" + pendingReq.getRequestID() 
-					+ " includes NO 'ProcessInstanceId'");
-			}
-			
-			ProcessInstance pi = loadProcessInstance(pendingReq.getProcessInstanceId());
-
-			if (pi == null ) {
-				throw new ProcessExecutionException("Process instance '" + pendingReq.getProcessInstanceId() + "' does not exist.");
-				
-			}
-			
-			MDC.put(MDC_CTX_PI_NAME, pi.getId());
-
-			if (!ProcessInstanceState.SUSPENDED.equals(pi.getState())) {
-				throw new ProcessExecutionException("Process instance '" + pi.getId() + "' has not been suspended (current state is " + pi.getState() + ").");
-			}
-
-			log.info("Waking up process instance '{}'.", pi.getId());
-			pi.setState(ProcessInstanceState.STARTED);
-
-			//put pending-request ID on execution-context because it could be changed
-			pi.getExecutionContext().put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID());
-			
-			execute(pi, pendingReq);
-
-			//store ProcessInstance if it is not already ended
-			if (!ProcessInstanceState.ENDED.equals(pi.getState()))
-				saveOrUpdateProcessInstance(pi);
-						
-		} catch (MOADatabaseException e) {
-			throw new ProcessExecutionException("Unable to load/save process instance.", e);
-
-		} finally {
-			MDC.remove(MDC_CTX_PI_NAME);
-		}
-	}
-	
-
-	/**
-	 * Instantiates a task implementation given by a {@link TaskInfo}.
-	 * @param ti The task info.
-	 * @return A Task implementation or {@code null} if the task info does not reference any task implementing classes.
-	 * @throws ProcessExecutionException Thrown in case of error (when the referenced class does not implement {@link Task} for instance).
-	 */
-	private Task createTaskInstance(TaskInfo ti) throws ProcessExecutionException {
-		String clazz = StringUtils.trimToNull(ti.getTaskImplementingClass());
-		Task task = null;
-		
-		if (clazz != null) {
-			log.debug("Instantiating task implementing class '{}'.", clazz);
-			Object instanceClass = null;
-			try {
-				instanceClass = context.getBean(clazz);
-				
-			} catch (Exception e) {
-				throw new ProcessExecutionException("Unable to get class '" + clazz + "' associated with task '" + ti.getId() + "' .", e);
-				
-			}
-			if (instanceClass == null || !(instanceClass instanceof Task)) {
-				throw new ProcessExecutionException("Class '" + clazz + "' associated with task '" + ti.getId() + "' is not assignable to " + Task.class.getName() + ".");
-				
-			}
-			try {
-				task = (Task) instanceClass;
-				
-			} catch (Exception e) {
-				throw new ProcessExecutionException("Unable to instantiate class '" + clazz + "' associated with task '" + ti.getId() + "' .", e);
-			}
-		}
-
-		return task;
-	}
-
-	/**
-	 * Starts/executes a given process instance.
-	 * @param pi The process instance.
-	 * @param pendingReq 
-	 * @throws ProcessExecutionException Thrown in case of error.
-	 */
-	private void execute(final ProcessInstance pi, IRequest pendingReq) throws ProcessExecutionException {
-		if (ProcessInstanceState.ENDED.equals(pi.getState())) {
-			throw new ProcessExecutionException("Process for instance '" + pi.getId() + "' has already been ended.");
-		}
-		ProcessDefinition pd = pi.getProcessDefinition();
-		ProcessNode processNode = pd.getProcessNode(pi.getNextId());
-		log.debug("Processing node '{}'.", processNode.getId());
-		
-		// distinguish process node types StartEvent, TaskInfo and EndEvent
-		
-		if (processNode instanceof TaskInfo) {
-			// TaskInfo types need to be executed
-			TaskInfo ti = (TaskInfo) processNode;
-			MDC.put(MDC_CTX_TASK_NAME, ti.getId());
-			try {
-				log.info("Processing task '{}'.", ti.getId());
-				Task task = createTaskInstance(ti);
-				if (task != null) {
-					try {
-						log.info("Executing task implementation for task '{}'.", ti.getId());
-						log.debug("Execution context before task execution: {}", pi.getExecutionContext().keySet());
-						pendingReq = task.execute(pendingReq, pi.getExecutionContext());
-						log.info("Returned from execution of task '{}'.", ti.getId());
-						log.debug("Execution context after task execution: {}", pi.getExecutionContext().keySet());
-					} catch (Throwable t) {
-						throw new ProcessExecutionException("Error executing task '" + ti.getId() + "'.", t);
-					}
-				} else {
-					log.debug("No task implementing class set.");
-				}
-			} finally {
-				MDC.remove(MDC_CTX_TASK_NAME);
-			}
-			
-		} else if (processNode instanceof EndEvent) {
-			log.info("Finishing process instance '{}'.", pi.getId());
-
-			try {
-				piStoreDao.remove(pi.getId());
-				
-			} catch (MOADatabaseException e) {
-				throw new ProcessExecutionException("Unable to remove process instance.", e);
-				
-			}
-			pi.setState(ProcessInstanceState.ENDED);
-			log.debug("Final process context: {}", pi.getExecutionContext().keySet());
-			return;
-		}
-		
-		final ExpressionEvaluationContext expressionContext = new ExpressionEvaluationContextImpl(pi);
-		
-		// traverse pointer
-		Transition t = CollectionUtils.find(processNode.getOutgoingTransitions(), new Predicate<Transition>() {
-			@Override
-			public boolean evaluate(Transition transition) {
-				if (transitionConditionExpressionEvaluator != null && transition.getConditionExpression() != null) {
-					log.trace("Evaluating transition expression '{}'.", transition.getConditionExpression());
-					return transitionConditionExpressionEvaluator.evaluate(expressionContext, transition.getConditionExpression());
-				}
-				return true;
-			}
-		});
-		if (t == null) {
-			throw new ProcessExecutionException("No valid transition starting from process node '" + processNode.getId()+ "'.");
-		}
-		log.trace("Found suitable transition: {}", t);
-		// update pointer
-		log.trace("Shifting process token from '{}' to '{}'.", pi.getNextId(), t.getTo().getId());
-		pi.setNextId(t.getTo().getId());
-		
-		// inspect current task
-		if (t.getTo() instanceof TaskInfo && (((TaskInfo) t.getTo()).isAsync())) {
-			// immediately return in case of asynchonous task
-			log.info("Suspending process instance '{}' for asynchronous task '{}'.", pi.getId(), t.getTo().getId());
-			pi.setState(ProcessInstanceState.SUSPENDED);
-			return;
-		}
-		
-		// continue execution in case of StartEvent or Task
-		if (processNode instanceof StartEvent || processNode instanceof TaskInfo) {
-			execute(pi, pendingReq);
-		}
-	}
-
-	@Override
-	public ProcessInstance getProcessInstance(String processInstanceId) {
-
-		ProcessInstance processInstance;
-		try {
-			processInstance = loadProcessInstance(processInstanceId);
-
-		} catch (MOADatabaseException e) {
-			throw new RuntimeException("The process instance '" + processInstanceId + "' could not be retrieved.", e);
-		}
-
-		if (processInstance == null) {
-			throw new IllegalArgumentException("The process instance '" + processInstanceId + "' does not/no longer exist.");
-		}
-
-		return processInstance;
-	}
-
-	/**
-	 * Persists a {@link ProcessInstance} to the database.
-	 * @param processInstance The object to persist.
-	 * @throws MOADatabaseException Thrown if an error occurs while accessing the database.
-	 */
-	private void saveOrUpdateProcessInstance(ProcessInstance processInstance) throws MOADatabaseException {
-		ProcessInstanceStore store = new ProcessInstanceStore();
-
-		ExecutionContext ctx = processInstance.getExecutionContext();
-
-		Map<String, Serializable> ctxData = new HashMap<String, Serializable>();
-		for (String key : ctx.keySet()) {
-			ctxData.put(key, ctx.get(key));
-		}
-		store.setExecutionContextData(ctxData);
-
-		store.setNextTaskId(processInstance.getNextId());
-		store.setProcessDefinitionId(processInstance.getProcessDefinition().getId());
-
-		store.setProcessInstanceId(processInstance.getId());
-		store.setProcessState(processInstance.getState());
-
-		piStoreDao.saveOrUpdate(store);
-	}
-
-	/**
-	 * Load a {@link ProcessInstance} with a certain id from the database.
-	 * @param processInstanceId The process instance id
-	 * @return The process instance corresponding to the id or {@code null} if no such object is found.
-	 * @throws MOADatabaseException Thrown if an error occurs while accessing the database.
-	 */
-	private ProcessInstance loadProcessInstance(String processInstanceId) throws MOADatabaseException {
-
-		ProcessInstanceStore piStore = piStoreDao.load(processInstanceId);
-
-		if (piStore == null) {
-			return null;
-		}
-
-		ExecutionContext executionContext = new ExecutionContextImpl(piStore.getProcessInstanceId());
-
-		Map<String, Serializable> executionContextData = piStore.getExecutionContextData();
-		for (String key : executionContextData.keySet()) {
-			executionContext.put(key, executionContextData.get(key));
-		}
-
-		ProcessInstance pi = new ProcessInstance(processDefinitions.get(piStore.getProcessDefinitionId()), executionContext);
-		pi.setNextId(piStore.getNextTaskId());
-		pi.setState(piStore.getProcessState());
-
-		return pi;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.process.ProcessEngine#deleteProcessInstance(java.lang.String)
-	 */
-	@Override
-	public void deleteProcessInstance(String processInstanceId) throws ProcessExecutionException {
-		if (MiscUtil.isEmpty(processInstanceId)) {
-			throw new ProcessExecutionException("Unable to remove process instance: ProcessInstanceId is empty");
-			
-		}
-			
-		try {
-			piStoreDao.remove(processInstanceId);
-			
-		} catch (MOADatabaseException e) {
-			throw new ProcessExecutionException("Unable to remove process instance.", e);
-			
-		}
-		
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessExecutionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessExecutionException.java
deleted file mode 100644
index 821bbe6dc..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessExecutionException.java
+++ /dev/null
@@ -1,36 +0,0 @@
-package at.gv.egovernment.moa.id.process;
-
-/**
- * Indicates a problem when executing a process.
- * 
- * @author tknall
- * 
- */
-public class ProcessExecutionException extends Exception {
-
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * Creates a new process execution exception providing a {@code message} describing the reason and the respective
-	 * {@code cause}.
-	 * 
-	 * @param message
-	 *            The message.
-	 * @param cause
-	 *            The cause.
-	 */
-	public ProcessExecutionException(String message, Throwable cause) {
-		super(message, cause);
-	}
-
-	/**
-	 * Creates a new process execution exception providing a {@code message} describing the reason.
-	 * 
-	 * @param message
-	 *            The message.
-	 */
-	public ProcessExecutionException(String message) {
-		super(message);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessInstance.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessInstance.java
deleted file mode 100644
index a6cf3b57f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessInstance.java
+++ /dev/null
@@ -1,164 +0,0 @@
-package at.gv.egovernment.moa.id.process;
-
-import java.io.Serializable;
-import java.util.Date;
-
-import org.apache.commons.lang3.RandomStringUtils;
-import org.apache.commons.lang3.time.DurationFormatUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.model.ProcessDefinition;
-import at.gv.egovernment.moa.id.process.support.SecureRandomHolder;
-
-/**
- * Represents a process being executed. The process instance provides information about the process and its state.
- * 
- * @author tknall
- * 
- */
-public class ProcessInstance implements Serializable {
-
-	private static final long serialVersionUID = 1L;
-	private static final int RND_ID_LENGTH = 22;
-
-	private ProcessDefinition processDefinition;
-	private String nextId;
-	private Date lru;
-	private ExecutionContext executionContext;
-	private ProcessInstanceState state = ProcessInstanceState.NOT_STARTED;
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-
-	/**
-	 * Creates a new process instance, based on a given process definition and a
-	 * given execution context. If the given execution context is {@code null} a new execution context will be created.<p/>
-	 * The process instance id of the execution context will be newly generated if it is {@code null} in the execution context.
-	 * 
-	 * @param processDefinition
-	 *            The process definition.
-	 * @param executionContext
-	 *            The execution context (may be {@code null}). If {@code null} a new execution context will be created internally.
-	 */
-	ProcessInstance(ProcessDefinition processDefinition, ExecutionContext executionContext) {
-		this.processDefinition = processDefinition;
-		nextId = processDefinition.getStartEvent().getId();
-		if (executionContext == null) {
-			executionContext = new ExecutionContextImpl();
-		}
-		if (executionContext.getProcessInstanceId() == null) {
-			String pdIdLocalPart = RandomStringUtils.random(RND_ID_LENGTH, 0, 0, true, true, null,
-					SecureRandomHolder.getInstance());
-			executionContext.setProcessInstanceId(this.processDefinition.getId() + "-" + pdIdLocalPart);
-		} else {
-			log.debug("Using process instance id from execution context.");
-		}
-		log.debug("Creating process instance with id '{}'.", executionContext.getProcessInstanceId());
-		this.executionContext = executionContext;
-		touch();
-	}
-
-	/**
-	 * Returns the underlying process definition.
-	 * 
-	 * @return The underlying process definition.
-	 */
-	ProcessDefinition getProcessDefinition() {
-		touch();
-		return processDefinition;
-	}
-
-	/**
-	 * Returns the id of the process node to be executed next.
-	 * 
-	 * @return The process node pointer indicating the process node to be executed next.
-	 */
-	public String getNextId() {
-		touch();
-		return nextId;
-	}
-
-	/**
-	 * Sets the internal pointer to the process node to be executed next.
-	 * 
-	 * @param nextId
-	 *            The process node id to be executed next.
-	 */
-	void setNextId(String nextId) {
-		touch();
-		this.nextId = nextId;
-	}
-
-	/**
-	 * Returns the current state of the process instance.
-	 * 
-	 * @return The current state.
-	 */
-	public ProcessInstanceState getState() {
-		touch();
-		return state;
-	}
-
-	/**
-	 * Sets the current state of the process instance.
-	 * 
-	 * @param state
-	 *            The current state.
-	 */
-	void setState(ProcessInstanceState state) {
-		touch();
-		this.state = state;
-	}
-
-	public String getId() {
-		touch();
-		return executionContext.getProcessInstanceId();
-	}
-
-	/**
-	 * Updates the last recently used date of the process instance.
-	 */
-	private void touch() {
-		lru = new Date();
-	}
-
-	/**
-	 * Returns the date the process instance has been accessed last.
-	 * 
-	 * @return The last recently used date.
-	 */
-	Date getLru() {
-		return lru;
-	}
-
-	/**
-	 * Returns the associated execution context.
-	 * @return The execution context (never {@code null}).
-	 */
-	public ExecutionContext getExecutionContext() {
-		touch();
-		return executionContext;
-	}
-
-	@Override
-	public String toString() {
-		StringBuilder builder = new StringBuilder();
-		builder.append("ProcessInstance [");
-		builder.append("id=").append(executionContext.getProcessInstanceId());
-		builder.append(", idle since=").append(
-				DurationFormatUtils.formatDurationWords(new Date().getTime() - this.lru.getTime(), true, true));
-		if (processDefinition != null) {
-			builder.append(", processDefinition.id=");
-			builder.append(processDefinition.getId());
-		}
-		if (nextId != null) {
-			builder.append(", nextId=");
-			builder.append(nextId);
-		}
-		builder.append(", executionContext=").append(executionContext);
-		builder.append("]");
-		return builder.toString();
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessInstanceState.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessInstanceState.java
deleted file mode 100644
index 2765283a0..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessInstanceState.java
+++ /dev/null
@@ -1,30 +0,0 @@
-package at.gv.egovernment.moa.id.process;
-
-/**
- * Represents a certain process instance state.
- * @author tknall
- *
- */
-public enum ProcessInstanceState {
-	
-	/**
-	 * Indicates that the process with this process instance has not yet been started.
-	 */
-	NOT_STARTED,
-	
-	/**
-	 * Indicates that the process is currently running.
-	 */
-	STARTED,
-	
-	/**
-	 * Indicates that the process has been suspended until being waken up by someonce calling {@code signal}.
-	 */
-	SUSPENDED,
-	
-	/**
-	 * Indicates that the process has been completed.
-	 */
-	ENDED
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExecutionContext.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExecutionContext.java
deleted file mode 100644
index 4a9dfc336..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExecutionContext.java
+++ /dev/null
@@ -1,63 +0,0 @@
-package at.gv.egovernment.moa.id.process.api;
-
-import java.io.Serializable;
-import java.util.Set;
-
-/**
- * Encapsulates data needed for or provided by task execution.
- * 
- * @author tknall
- * 
- */
-public interface ExecutionContext extends Serializable {
-
-	/**
-	 * Returns the identifier of underlying process instance.
-	 * 
-	 * @return The identifier of the process instance.
-	 */
-	String getProcessInstanceId();
-
-	/**
-	 * Sets the identifier of underlying process instance.
-	 * 
-	 * @param processInstanceId
-	 *            The identifier of the process instance.
-	 */
-	void setProcessInstanceId(String processInstanceId);
-
-	/**
-	 * Stores a serializable object using {@code key}.
-	 * 
-	 * @param key
-	 *            The key under that the {@code object} should be stored.
-	 * @param object The object to be stored.
-	 */
-	void put(String key, Serializable object);
-
-	/**
-	 * Returns an serializable object stored within this process context using {@code key}.
-	 * 
-	 * @param key
-	 *            The key that has been used to store the serializable object (may be {@code null}).
-	 * @return The object or {@code null} in case the key does not relate to a stored object or the stored object itself
-	 *         was {@code null}.
-	 */
-	Serializable get(String key);
-	
-	/**
-	 * Removes the object stored using {@code key}.
-	 * @param key
-	 *            The key that has been used to store the serializable object (may be {@code null}).
-	 * @return The object that has been removed or {@code null} there was no object stored using {@code key}.
-	 */
-	Serializable remove(String key);
-
-	/**
-	 * Returns an unmodifiable set containing the stored keys.
-	 * 
-	 * @return The keyset (never {@code null}).
-	 */
-	Set<String> keySet();
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExpressionEvaluationContext.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExpressionEvaluationContext.java
deleted file mode 100644
index 94854dcad..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExpressionEvaluationContext.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package at.gv.egovernment.moa.id.process.api;
-
-import java.io.Serializable;
-import java.util.Map;
-
-import at.gv.egovernment.moa.id.process.model.Transition;
-
-/**
- * Context used for evaluation of condition expressions set for {@linkplain Transition Transitions}.
- * 
- * @author tknall
- * 
- */
-public interface ExpressionEvaluationContext extends Serializable {
-
-	/**
-	 * Returns the context data map used for expression evaluation.
-	 * 
-	 * @return An unmodifiable map (never {@code null}).
-	 */
-	Map<String, Serializable> getCtx();
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExpressionEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExpressionEvaluator.java
deleted file mode 100644
index fe0743201..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExpressionEvaluator.java
+++ /dev/null
@@ -1,25 +0,0 @@
-package at.gv.egovernment.moa.id.process.api;
-
-/**
- * Evaluates a given {@code expression} returning a boolean value.
- * 
- * @author tknall
- */
-public interface ExpressionEvaluator {
-
-	/**
-	 * Evaluates a given {@code expression} returning a boolean value.
-	 * 
-	 * @param expressionContext
-	 *            The context which can be used for evaluation of the expression.
-	 * @param expression
-	 *            The expression resulting in a boolean (must not be {@code null}).
-	 * @return A boolean value.
-	 * @throws IllegalArgumentException
-	 *             In case of an invalid {@code expression}.
-	 * @throws NullPointerException
-	 *             In case of a {@code null} expression.
-	 */
-	boolean evaluate(ExpressionEvaluationContext expressionContext, String expression);
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java
deleted file mode 100644
index cff85ad60..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java
+++ /dev/null
@@ -1,26 +0,0 @@
-package at.gv.egovernment.moa.id.process.api;
-
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-
-
-/**
- * Represents a single task to be performed upon process execution.
- * 
- * @author tknall
- * 
- */
-public interface Task {
-
-	/**
-	 * Executes this task.
-	 * @param pendingReq 
-	 * 			  Provides the current processed protocol request
-	 * @param executionContext
-	 *            Provides execution related information.
-	 * @return The pending-request object, because Process-management works recursive
-	 * @throws Exception An exception upon task execution.
-	 */
-	IRequest execute(IRequest pendingReq, ExecutionContext executionContext) throws TaskExecutionException;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStore.java
deleted file mode 100644
index 3620f2950..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStore.java
+++ /dev/null
@@ -1,91 +0,0 @@
-package at.gv.egovernment.moa.id.process.dao;
-
-import java.io.Serializable;
-import java.util.Map;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.EnumType;
-import javax.persistence.Enumerated;
-import javax.persistence.Id;
-import javax.persistence.Lob;
-import javax.persistence.Table;
-
-import org.hibernate.internal.util.SerializationHelper;
-
-import at.gv.egovernment.moa.id.process.ProcessInstanceState;
-
-@Entity
-@Table(name = "processinstance")
-public class ProcessInstanceStore implements Serializable{
-
-	private static final long serialVersionUID = -6147519767313903808L;
-
-	/**
-	 * A process instance identifier qualifies as natural primary key by satisfying these requirements
-	 * ("unique, constant, required"):
-	 * <ul>
-	 * <li>unique value</li>
-	 * <li>never changes (immutable)</li>
-	 * <li>never {@code null}</li>
-	 * </ul>
-	 */
-	@Id
-	private String processInstanceId;
-
-	@Column(name = "processDefinitionId", nullable = false)
-	private String processDefinitionId;
-
-	@Column(name = "nextTaskId", nullable = false)
-	private String nextTaskId;
-
-	@Column(name = "processState", nullable = false)
-	@Enumerated(value = EnumType.STRING)
-	private ProcessInstanceState processState;
-
-	@Column(name = "executionContextData", nullable = false)
-	@Lob
-	private byte[] executionContextData;
-
-	public String getProcessInstanceId() {
-		return processInstanceId;
-	}
-
-	public String getProcessDefinitionId() {
-		return processDefinitionId;
-	}
-
-	public String getNextTaskId() {
-		return nextTaskId;
-	}
-
-	public ProcessInstanceState getProcessState() {
-		return processState;
-	}
-
-	@SuppressWarnings("unchecked")
-	public Map<String, Serializable> getExecutionContextData() {
-		return  (Map<String, Serializable>) SerializationHelper.deserialize(executionContextData);
-	}
-
-	public void setProcessInstanceId(String processInstanceId) {
-		this.processInstanceId = processInstanceId;
-	}
-
-	public void setProcessDefinitionId(String processDefinitionId) {
-		this.processDefinitionId = processDefinitionId;
-	}
-
-	public void setNextTaskId(String nextTaskId) {
-		this.nextTaskId = nextTaskId;
-	}
-
-	public void setProcessState(ProcessInstanceState processState) {
-		this.processState = processState;
-	}
-
-	public void setExecutionContextData(Map<String, Serializable> executionContextData) {
-		this.executionContextData = SerializationHelper.serialize((Serializable) executionContextData);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAO.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAO.java
deleted file mode 100644
index 57ce70c08..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAO.java
+++ /dev/null
@@ -1,43 +0,0 @@
-package at.gv.egovernment.moa.id.process.dao;
-
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.process.ProcessInstance;
-
-public interface ProcessInstanceStoreDAO {
-
-	/**
-	 * Stores a {@link ProcessInstance} defined by {@code pIStore} in the
-	 * database.
-	 * 
-	 * @param pIStore
-	 *            the {@link ProcessInstanceStore} to persist.
-	 * @throws MOADatabaseException
-	 *             is thrown if a problem occurs while accessing the database.
-	 */
-	void saveOrUpdate(ProcessInstanceStore pIStore) throws MOADatabaseException;
-
-	/**
-	 * Returns a {@link ProcessInstanceStore}, defined by
-	 * {@code processInstanceID} from the database, or {@code null} if the
-	 * object could not be found.
-	 * 
-	 * @param processInstanceId
-	 *            the id of the {@code ProcessInstanceStore} to retrieve.
-	 * @return a ProcessInstanceStore, or {@code null}.
-	 * @throws MOADatabaseException
-	 *             is thrown if a problem occurs while accessing the database.
-	 */
-	ProcessInstanceStore load(String processInstanceId) throws MOADatabaseException;
-
-	/**
-	 * Deletes the {@link ProcessInstance} corresponding with the
-	 * {@code processInstanceId}.
-	 * 
-	 * @param processInstanceId
-	 *            the id of the {@code ProcessInstance} to be deleted.
-	 * @throws MOADatabaseException
-	 *             is thrown if a problem occurs while accessing the database.
-	 */
-	void remove(String processInstanceId) throws MOADatabaseException;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java
deleted file mode 100644
index 428931b5e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java
+++ /dev/null
@@ -1,93 +0,0 @@
-package at.gv.egovernment.moa.id.process.dao;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.storage.ITransactionStorage;
-
-/**
- * Database backed implementation of the {@link ProcessInstanceStoreDAO}
- * interface.
- */
-@Service("ProcessInstanceStoreage")
-public class ProcessInstanceStoreDAOImpl implements ProcessInstanceStoreDAO {
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-
-	@Autowired ITransactionStorage transactionStorage;
-	
-	@Override
-	public void saveOrUpdate(ProcessInstanceStore pIStore) throws MOADatabaseException {
-		try {
-			transactionStorage.put(pIStore.getProcessInstanceId(), pIStore, -1);
-			
-//			MOASessionDBUtils.saveOrUpdate(pIStore);
-			log.debug("Store process instance with='{}' in the database.", pIStore.getProcessInstanceId());
-		} catch (MOADatabaseException e) {
-			log.warn("ProcessInstanceStore could not be persisted to the database.");
-			throw e;
-		}
-	}
-
-	@Override
-	public ProcessInstanceStore load(String processInstanceId) throws MOADatabaseException {
-
-		log.debug("Retrieve the ProcessInstanceStore for id='{}' from the database.", processInstanceId);
-		
-		
-//		Session session = MOASessionDBUtils.getCurrentSession();
-//
-		ProcessInstanceStore result = null;
-//		Transaction tx = null;
-//		synchronized (session) {
-			try {
-
-				result = transactionStorage.get(processInstanceId, ProcessInstanceStore.class);
-				
-//				tx = session.beginTransaction();
-//				// select all where processInstanceId equals processInstanceId
-//				Criteria criteria = session.createCriteria(ProcessInstanceStore.class);
-//				criteria.add(Restrictions.eq("processInstanceId", processInstanceId));
-//				result = (ProcessInstanceStore) criteria.uniqueResult();
-//				tx.commit();
-//
-			} catch (Exception e) {
-				log.error("There are multiple persisted processes with the same process instance id '{}'",
-					processInstanceId);
-//				if (tx != null) {
-//					tx.rollback();
-//				}
-				throw e;
-			} finally {
-				//MOASessionDBUtils.closeSession();
-			}
-//		}
-		if (result != null) {
-			log.debug("Found process instance store for instance '{}'.", processInstanceId);
-		} else {
-			log.debug("Unable to find process instance store for instance '{}'.", processInstanceId);
-		}
-		return result;
-	}
-
-	@Override
-	public void remove(String processInstanceId) throws MOADatabaseException {
-
-		log.debug("Delete the ProcessInstanceStore for id='{}' from the database.", processInstanceId);		
-		//ProcessInstanceStore toBeDeleted = load(processInstanceId);
-				
-		if (transactionStorage.containsKey(processInstanceId)) {
-			transactionStorage.remove(processInstanceId);
-//			if (!MOASessionDBUtils.delete(toBeDeleted)) {
-//				log.warn("Could not delete the ProcessInstanceStore with process instance id '{}'", processInstanceId);
-//				throw new MOADatabaseException("Could not delete the ProcessInstanceStore with process instance id '"
-//						+ processInstanceId + "'.");
-//			}
-		} else 
-			log.trace("ProcessInstanceStore for id='{}' was not found and could therefore not be deleted.", processInstanceId);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/EndEvent.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/EndEvent.java
deleted file mode 100644
index 49fb082ea..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/EndEvent.java
+++ /dev/null
@@ -1,42 +0,0 @@
-package at.gv.egovernment.moa.id.process.model;
-
-import java.io.Serializable;
-
-import org.apache.commons.collections4.CollectionUtils;
-
-/**
- * Represents an end event. Process execution terminates when an end event is reached.
- * 
- * @author tknall
- */
-public class EndEvent extends ProcessNode implements Serializable {
-
-	private static final long serialVersionUID = 1L;
-
-	@Override
-	public String toString() {
-		StringBuilder builder = new StringBuilder();
-		builder.append("EndEvent [");
-		if (getId() != null) {
-			builder.append("id=");
-			builder.append(getId());
-		}
-		if (CollectionUtils.isNotEmpty(getIncomingTransitions())) {
-			if (builder.length() > 0) {
-				builder.append(", ");
-			}
-			builder.append("incomingTransitions=");
-			builder.append(getIncomingTransitions());
-		}
-		if (CollectionUtils.isNotEmpty(getOutgoingTransitions())) {
-			if (builder.length() > 0) {
-				builder.append(", ");
-			}
-			builder.append("outgoingTransitions=");
-			builder.append(getOutgoingTransitions());
-		}
-		builder.append("]");
-		return builder.toString();
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/ProcessDefinition.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/ProcessDefinition.java
deleted file mode 100644
index 518409ecf..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/ProcessDefinition.java
+++ /dev/null
@@ -1,158 +0,0 @@
-package at.gv.egovernment.moa.id.process.model;
-
-import java.util.LinkedHashMap;
-import java.util.Map;
-import java.util.Objects;
-
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParser;
-
-/**
- * Represents a single process definition containing
- * <ul>
- * <li>a {@link StartEvent},</li>
- * <li>one or more {@linkplain TaskInfo Tasks},</li>
- * <li>one or more {@linkplain EndEvent EndEvents} and</li>
- * <li>some {@linkplain Transition Transitions} linking StartEvents, Tasks and EndEvents.
- * </ul>
- * 
- * @author tknall
- * 
- */
-public class ProcessDefinition {
-
-	private String id;
-	private StartEvent startEvent;
-	private Map<String, TaskInfo> taskInfos = new LinkedHashMap<>();
-	private Map<String, EndEvent> endEvents = new LinkedHashMap<>();
-
-	/**
-	 * Returns the unique identifier of the process definition.
-	 * 
-	 * @return The unique identifier (never {@code null} if process definition comes from
-	 *         {@link ProcessDefinitionParser}).
-	 */
-	public String getId() {
-		return id;
-	}
-
-	/**
-	 * Sets the unique identifier of the process definition.
-	 * 
-	 * @param id
-	 *            The unique identifier.
-	 */
-	public void setId(String id) {
-		this.id = id;
-	}
-
-	/**
-	 * Returns the start event of the process definition.
-	 * 
-	 * @return The start event (never {@code null} if process definition comes from {@link ProcessDefinitionParser}).
-	 */
-	public StartEvent getStartEvent() {
-		return startEvent;
-	}
-
-	/**
-	 * Sets the start event of the process definition.
-	 * 
-	 * @param startEvent
-	 *            The start event.
-	 */
-	public void setStartEvent(StartEvent startEvent) {
-		this.startEvent = startEvent;
-	}
-
-	/**
-	 * Returns a map containing the tasks of the process definition.
-	 * 
-	 * @return The tasks (map is never {@code null} if process definition comes from {@link ProcessDefinitionParser}).
-	 */
-	public Map<String, TaskInfo> getTaskInfos() {
-		return taskInfos;
-	}
-
-	/**
-	 * Sets the map containing the tasks.
-	 * 
-	 * @param taskInfos
-	 *            The map containing the tasks.
-	 */
-	public void setTaskInfos(Map<String, TaskInfo> taskInfos) {
-		this.taskInfos = taskInfos;
-	}
-
-	/**
-	 * Returns a map containing the end events of the process description.
-	 * 
-	 * @return The map containing the end events (map is never {@code null} if process definition comes from
-	 *         {@link ProcessDefinitionParser}).
-	 */
-	public Map<String, EndEvent> getEndEvents() {
-		return endEvents;
-	}
-
-	/**
-	 * Sets a map containing the end events of the process description.
-	 * 
-	 * @param endEvents
-	 *            The map containing the end events.
-	 */
-	public void setEndEvents(Map<String, EndEvent> endEvents) {
-		this.endEvents = endEvents;
-	}
-
-	/**
-	 * Returns the process node associated with the given {@code id}.
-	 * 
-	 * @param id
-	 *            The identifier of the process node.
-	 * @return The process node (may be {code null} when no process node with the given {@code id} exists).
-	 */
-	public ProcessNode getProcessNode(String id) {
-		Objects.requireNonNull(id, "Identifier must not be null.");
-		if (startEvent != null && id.equals(startEvent.getId())) {
-			return startEvent;
-		}
-		TaskInfo task = taskInfos.get(id);
-		if (task != null) {
-			return task;
-		}
-		return endEvents.get(id);
-	}
-
-	@Override
-	public String toString() {
-		StringBuilder builder = new StringBuilder();
-		if (id != null) {
-			builder.append("id=");
-			builder.append(id);
-		}
-		if (startEvent != null) {
-			if (builder.length() > 0) {
-				builder.append(", ");
-			}
-			builder.append("startEvent=");
-			builder.append(startEvent);
-		}
-		if (taskInfos != null && !taskInfos.isEmpty()) {
-			if (builder.length() > 0) {
-				builder.append(", ");
-			}
-			builder.append("tasksInfos=");
-			builder.append(taskInfos.values());
-		}
-		if (endEvents != null && !endEvents.isEmpty()) {
-			if (builder.length() > 0) {
-				builder.append(", ");
-			}
-			builder.append("endEvents=");
-			builder.append(endEvents.values());
-		}
-		builder.insert(0, "ProcessDefinition [");
-		builder.append("]");
-		return builder.toString();
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/ProcessNode.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/ProcessNode.java
deleted file mode 100644
index 42f2e3cc2..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/ProcessNode.java
+++ /dev/null
@@ -1,69 +0,0 @@
-package at.gv.egovernment.moa.id.process.model;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParser;
-
-/**
- * Represents a {@link StartEvent}, an {@link EndEvent} or a {@linkplain TaskInfo Task}.
- * @author tknall
- *
- */
-public abstract class ProcessNode {
-
-	private String id;
-	private List<Transition> outgoingTransitions = new ArrayList<>();
-	private List<Transition> incomingTransitions = new ArrayList<>();
-
-	/**
-	 * Returns the unique identifier of the process node.
-	 * 
-	 * @return The unique identifier (never {@code null} if process node comes from a process definition from
-	 *         {@link ProcessDefinitionParser}).
-	 */
-	public String getId() {
-		return id;
-	}
-
-	/**
-	 * Sets the unique identifier of the process node.
-	 * @param id The unique identifier.
-	 */
-	public void setId(String id) {
-		this.id = id;
-	}
-
-	/**
-	 * Returns a list of transitions pointing from this process node to another one.
-	 * @return A list of transitions (never {@code null} if process node comes from a process definition from {@link ProcessDefinitionParser}).
-	 */
-	public List<Transition> getOutgoingTransitions() {
-		return outgoingTransitions;
-	}
-
-	/**
-	 * Sets the list of transitions pointing from this process node to another one.
-	 * @param outgoingTransitions The list of transitions originating from this process node.
-	 */
-	public void setOutgoingTransitions(List<Transition> outgoingTransitions) {
-		this.outgoingTransitions = outgoingTransitions;
-	}
-
-	/**
-	 * Returns a list of transitions pointing from another process node to this one.
-	 * @return A list of transitions (never {@code null} if process node comes from a process definition from {@link ProcessDefinitionParser}).
-	 */
-	public List<Transition> getIncomingTransitions() {
-		return incomingTransitions;
-	}
-
-	/**
-	 * Sets the list of transitions pointing from another process node to this one.
-	 * @param incomingTransitions A list of transitions pointing to this process node.
-	 */
-	public void setIncomingTransitions(List<Transition> incomingTransitions) {
-		this.incomingTransitions = incomingTransitions;
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/StartEvent.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/StartEvent.java
deleted file mode 100644
index 60175e09c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/StartEvent.java
+++ /dev/null
@@ -1,45 +0,0 @@
-package at.gv.egovernment.moa.id.process.model;
-
-import java.io.Serializable;
-
-import org.apache.commons.collections4.CollectionUtils;
-
-/**
- * Represents a start event. Each process description contains a single start event. Process execution starts with a
- * start event.
- * 
- * @author tknall
- * 
- */
-public class StartEvent extends ProcessNode implements Serializable {
-
-	private static final long serialVersionUID = 1L;
-
-	@Override
-	public String toString() {
-		StringBuilder builder = new StringBuilder();
-		builder.append("StartEvent [");
-		if (getId() != null) {
-			builder.append("id=");
-			builder.append(getId());
-		}
-		if (CollectionUtils.isNotEmpty(getIncomingTransitions())) {
-			if (builder.length() > 0) {
-				builder.append(", ");
-			}
-			builder.append("incomingTransitions=");
-			builder.append(getIncomingTransitions());
-		}
-		if (CollectionUtils.isNotEmpty(getOutgoingTransitions())) {
-			if (builder.length() > 0) {
-				builder.append(", ");
-			}
-			builder.append("outgoingTransitions=");
-
-			builder.append(getOutgoingTransitions());
-		}
-		builder.append("]");
-		return builder.toString();
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/TaskInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/TaskInfo.java
deleted file mode 100644
index 78a9d6a0a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/TaskInfo.java
+++ /dev/null
@@ -1,94 +0,0 @@
-package at.gv.egovernment.moa.id.process.model;
-
-import java.io.Serializable;
-
-import org.apache.commons.collections4.CollectionUtils;
-
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * Represents information about a single task to be performed upon process execution.
- * @author tknall
- *
- */
-public class TaskInfo extends ProcessNode implements Serializable {
-
-	private static final long serialVersionUID = 1L;
-	private static final boolean DEFAULT_ASYNC = false;
-	
-	private String taskImplementingClass;
-	private boolean async = DEFAULT_ASYNC;
-	
-	/**
-	 * Determines if the task is marked asynchronous ({@code true}) or synchronous ({@code false}).
-	 * @return A flag indicating if the task should be executed asynchronously or synchronously. (Default: {@code false})
-	 */
-	public boolean isAsync() {
-		return async;
-	}
-
-	/**
-	 * Marks a task to executed asynchronously ({@code true}) or synchronously ({@code false}).
-	 * @param async The flag.
-	 */
-	public void setAsync(boolean async) {
-		this.async = async;
-	}
-
-	/**
-	 * Returns the class that implements the actual task (must implement {@link Task}).
-	 * @return The task implementing class.
-	 */
-	public String getTaskImplementingClass() {
-		return taskImplementingClass;
-	}
-
-	/**
-	 * Sets the class that implements the actual task (must implement {@link Task}).
-	 * @param taskImplementingClass The task implementing class.
-	 */
-	public void setTaskImplementingClass(String taskImplementingClass) {
-		this.taskImplementingClass = taskImplementingClass;
-	}
-
-	@Override
-	public String toString() {
-		StringBuilder builder = new StringBuilder();
-		if (getId() != null) {
-			builder.append("id=");
-			builder.append(getId());
-		}
-		if (async != DEFAULT_ASYNC) {
-			if (builder.length() > 0) {
-				builder.append(", ");
-			}
-			builder.append("async=");
-			builder.append(async);
-		}
-		if (taskImplementingClass != null) {
-			if (builder.length() > 0) {
-				builder.append(", ");
-			}
-			builder.append("taskImplementingClass=");
-			builder.append(taskImplementingClass);
-		}
-		if (CollectionUtils.isNotEmpty(getIncomingTransitions())) {
-			if (builder.length() > 0) {
-				builder.append(", ");
-			}
-			builder.append("incomingTransitions=");
-			builder.append(getIncomingTransitions());
-		}
-		if (CollectionUtils.isNotEmpty(getOutgoingTransitions())) {
-			if (builder.length() > 0) {
-				builder.append(", ");
-			}
-			builder.append("outgoingTransitions=");
-			builder.append(getOutgoingTransitions());
-		}
-		builder.insert(0, "TaskInfo [");
-		builder.append("]");
-		return builder.toString();
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/Transition.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/Transition.java
deleted file mode 100644
index bc3005534..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/Transition.java
+++ /dev/null
@@ -1,136 +0,0 @@
-package at.gv.egovernment.moa.id.process.model;
-
-import java.io.Serializable;
-
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParser;
-
-/**
- * Represents a single transition from a {@link StartEvent} or {@linkplain TaskInfo Task} to another
- * {@linkplain TaskInfo Task} or {@link EndEvent}.
- * 
- * @author tknall
- * 
- */
-public class Transition implements Serializable {
-
-	private static final long serialVersionUID = 1L;
-
-	private String id;
-	private String conditionExpression;
-	private ProcessNode from;
-	private ProcessNode to;
-
-	/**
-	 * Returns the process node (effectively a {@link StartEvent} or {@linkplain TaskInfo Task}) the transition is
-	 * pointing from.
-	 * 
-	 * @return The transition's source process node (never {@code null} if transition comes from a process definition
-	 *         from {@link ProcessDefinitionParser}).
-	 */
-	public ProcessNode getFrom() {
-		return from;
-	}
-
-	/**
-	 * Sets the process node the transition is pointing from.
-	 * 
-	 * @param from
-	 *            The transition's source process node.
-	 */
-	public void setFrom(ProcessNode from) {
-		this.from = from;
-	}
-
-	/**
-	 * Returns the process node (effectively a {@linkplain TaskInfo Task} or {@link EndEvent}) the transition is
-	 * pointing to.
-	 * 
-	 * @return The transition's destination process node (never {@code null} if transition comes from a process
-	 *         definition from {@link ProcessDefinitionParser}).
-	 */
-	public ProcessNode getTo() {
-		return to;
-	}
-
-	/**
-	 * Sets the process node the transition is pointing to.
-	 * 
-	 * @param to
-	 *            The transition's destination process node.
-	 */
-	public void setTo(ProcessNode to) {
-		this.to = to;
-	}
-
-	/**
-	 * Returns the unique identifier of the transition.
-	 * 
-	 * @return The unique identifier (may be {@code null}).
-	 */
-	public String getId() {
-		return id;
-	}
-
-	/**
-	 * Sets the unique identifier of the transition.
-	 * 
-	 * @param id
-	 *            The unique identifier.
-	 */
-	public void setId(String id) {
-		this.id = id;
-	}
-
-	/**
-	 * Returns the condition expression for this transition.
-	 * 
-	 * @return The condition expression (may be {@code null}).
-	 */
-	public String getConditionExpression() {
-		return conditionExpression;
-	}
-
-	/**
-	 * Sets the condition expression for this transition.
-	 * 
-	 * @param conditionExpression
-	 *            The condition expression.
-	 */
-	public void setConditionExpression(String conditionExpression) {
-		this.conditionExpression = conditionExpression;
-	}
-
-	@Override
-	public String toString() {
-		StringBuilder builder = new StringBuilder();
-		if (id != null) {
-			builder.append("id=");
-			builder.append(id);
-		}
-		if (from != null) {
-			if (builder.length() > 0) {
-				builder.append(", ");
-			}
-			builder.append("from.id=");
-			builder.append(from.getId());
-		}
-		if (to != null) {
-			if (builder.length() > 0) {
-				builder.append(", ");
-			}
-			builder.append("to.id=");
-			builder.append(to.getId());
-		}
-		if (conditionExpression != null) {
-			if (builder.length() > 0) {
-				builder.append(", ");
-			}
-			builder.append("conditionExpression=");
-			builder.append(conditionExpression);
-		}
-		builder.insert(0, "Transition [");
-		builder.append("]");
-		return builder.toString();
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/spring/SpringExpressionEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/spring/SpringExpressionEvaluator.java
deleted file mode 100644
index 5b30c7172..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/spring/SpringExpressionEvaluator.java
+++ /dev/null
@@ -1,61 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring;
-
-import java.util.Objects;
-
-import javax.annotation.PostConstruct;
-
-import org.apache.commons.lang3.BooleanUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.expression.BeanFactoryResolver;
-import org.springframework.expression.Expression;
-import org.springframework.expression.ExpressionParser;
-import org.springframework.expression.spel.standard.SpelExpressionParser;
-import org.springframework.expression.spel.support.StandardEvaluationContext;
-
-import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext;
-import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator;
-import at.gv.egovernment.moa.id.process.model.Transition;
-
-/**
- * Expression evaluator for processing {@link Transition} conditions allowing to reference Spring beans from the
- * application context.
- * 
- * @author tknall
- * 
- */
-public class SpringExpressionEvaluator implements ExpressionEvaluator {
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-	private ExpressionParser parser = new SpelExpressionParser();
-	private StandardEvaluationContext evaluationContext = new StandardEvaluationContext();
-
-	@Autowired(required = false)
-	private ApplicationContext ctx;
-
-	@PostConstruct
-	private void init() {
-		if (ctx != null) {
-			evaluationContext.setBeanResolver(new BeanFactoryResolver(ctx));
-		}
-	}
-
-	@Override
-	public boolean evaluate(ExpressionEvaluationContext expressionContext, String expression) {
-		Objects.requireNonNull(expression, "Expression must not be null.");
-		log.trace("Evaluating '{}'.", expression);
-
-		Expression expr = parser.parseExpression(expression);
-		Boolean result = expr.getValue(evaluationContext, expressionContext, Boolean.class);
-		if (result == null) {
-			log.warn("Evaluation of '{}' results in null-value.", expression);
-		} else {
-			log.debug("Expression '{}' -> {}", expression, result);
-		}
-
-		return BooleanUtils.isTrue(result);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/AbstractAuthSourceServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/AbstractAuthSourceServlet.java
deleted file mode 100644
index 738b58834..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/AbstractAuthSourceServlet.java
+++ /dev/null
@@ -1,116 +0,0 @@
-package at.gv.egovernment.moa.id.process.springweb;
-
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.beans.BeansException;
-import org.springframework.beans.factory.NoSuchBeanDefinitionException;
-import org.springframework.beans.factory.NoUniqueBeanDefinitionException;
-import org.springframework.web.context.WebApplicationContext;
-import org.springframework.web.context.support.WebApplicationContextUtils;
-
-import at.gv.egovernment.moa.id.process.ProcessEngine;
-import at.gv.egovernment.moa.id.process.ProcessInstance;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-
-/**
- * Abstract HttpServlet that provides means for retrieving the process engine (Spring Web required) as well as
- * retrieving the underlying process instance and execution context evaluating a certain request parameter.
- * 
- * @author tknall
- * 
- */
-public abstract class AbstractAuthSourceServlet extends HttpServlet {
-
-	private static final long serialVersionUID = 1L;
-
-	private ProcessEngine processEngine;
-	
-	/**
-	 * Returns the name of the request parameter representing the respective instance id.
-	 * <p/>Default is {@code processInstanceId}.
-	 * @return The request parameter name.
-	 */
-	public String getProcessInstanceIdParameterName() {
-		return "processInstanceId";
-	}
-
-	/**
-	 * Returns the underlying process engine instance.
-	 * 
-	 * @return The process engine (never {@code null}).
-	 * @throws NoSuchBeanDefinitionException
-	 *             if no {@link ProcessEngine} bean was found.
-	 * @throws NoUniqueBeanDefinitionException
-	 *             if more than one {@link ProcessEngine} bean was found.
-	 * @throws BeansException
-	 *             if a problem getting the {@link ProcessEngine} bean occurred.
-	 * @throws IllegalStateException
-	 *             if the Spring WebApplicationContext was not found, which means that the servlet is used outside a
-	 *             Spring web environment.
-	 */
-	public synchronized ProcessEngine getProcessEngine() {
-		if (processEngine == null) {
-			WebApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(getServletContext());
-			if (ctx == null) {
-				throw new IllegalStateException(
-						"Unable to find Spring WebApplicationContext. Servlet needs to be executed within a Spring web environment.");
-			}
-			processEngine = ctx.getBean(ProcessEngine.class);
-		}
-		return processEngine;
-	}
-
-	/**
-	 * Retrieves the process instance referenced by the request parameter {@link #getProcessInstanceIdParameterName()}.
-	 * 
-	 * @param request
-	 *            The HttpServletRequest.
-	 * @return The process instance (never {@code null}).
-	 * @throws NoSuchBeanDefinitionException
-	 *             if no {@link ProcessEngine} bean was found.
-	 * @throws NoUniqueBeanDefinitionException
-	 *             if more than one {@link ProcessEngine} bean was found.
-	 * @throws BeansException
-	 *             if a problem getting the {@link ProcessEngine} bean occurred.
-	 * @throws IllegalStateException
-	 *             if the Spring WebApplicationContext was not found, which means that the servlet is used outside a
-	 *             Spring web environment.
-	 * @throws IllegalArgumentException
-	 *             in case the process instance id referenced by the request parameter
-	 *             {@link #getProcessInstanceIdParameterName()} does not exist.
-	 */
-	public ProcessInstance getProcessInstance(HttpServletRequest request) {
-		String processInstanceId = StringUtils.trimToNull(request.getParameter(getProcessInstanceIdParameterName()));
-		if (processInstanceId == null) {
-			throw new IllegalArgumentException("Missing request parameter '" + getProcessInstanceIdParameterName() + "'.");
-		}
-		return getProcessEngine().getProcessInstance(processInstanceId);
-	}
-
-	/**
-	 * Retrieves the execution context for the respective process instance referenced by the request parameter
-	 * {@link #getProcessInstanceIdParameterName()}.
-	 * 
-	 * @param request
-	 *            The HttpServletRequest.
-	 * @return The execution context (never {@code null}).
-	 * @throws NoSuchBeanDefinitionException
-	 *             if no {@link ProcessEngine} bean was found.
-	 * @throws NoUniqueBeanDefinitionException
-	 *             if more than one {@link ProcessEngine} bean was found.
-	 * @throws BeansException
-	 *             if a problem getting the {@link ProcessEngine} bean occurred.
-	 * @throws IllegalStateException
-	 *             if the Spring WebApplicationContext was not found, which means that the servlet is used outside a
-	 *             Spring web environment.
-	 * @throws IllegalArgumentException
-	 *             in case the process instance id referenced by the request parameter
-	 *             {@link #getProcessInstanceIdParameterName()} does not exist.
-	 */
-	public ExecutionContext getExecutionContext(HttpServletRequest request) {
-		return getProcessInstance(request).getExecutionContext();
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java
deleted file mode 100644
index dd0d87dd7..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java
+++ /dev/null
@@ -1,99 +0,0 @@
-package at.gv.egovernment.moa.id.process.springweb;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.web.context.request.RequestAttributes;
-import org.springframework.web.context.request.RequestContextHolder;
-import org.springframework.web.context.request.ServletRequestAttributes;
-import org.springframework.web.filter.RequestContextFilter;
-
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * Abstract task implementation providing {@link HttpServletRequest} and {@link HttpServletResponse}.
- * <p/>
- * Note that this abstract task requires the Spring (web) framework including a {@link RequestContextFilter} to be set
- * within {@code web.xml}.
- * 
- * <pre>
- * ...
- * &lt;filter&gt;
- *   &lt;filter-name&gt;requestContextFilter&lt;/filter-name&gt;
- *   &lt;filter-class&gt;org.springframework.web.filter.RequestContextFilter&lt;/filter-class&gt;
- * &lt;/filter&gt;
- * &lt;filter-mapping&gt;
- *   &lt;filter-name&gt;requestContextFilter&lt;/filter-name&gt;
- *   &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
- * &lt;/filter-mapping&gt;
- * ...
- * </pre>
- * 
- * @author tknall
- * @author tlenz
- * 
- */
-public abstract class MoaIdTask implements Task {
-
-	/**
-	 * Executes the task providing the underlying {@link ExecutionContext} {@code executionContext} as well as the
-	 * respective {@link HttpServletRequest} and {@link HttpServletResponse}.
-	 * 
-	 * @param executionContext
-	 *            The execution context (never {@code null}).
-	 * @param request
-	 *            The HttpServletRequest (never {@code null}).
-	 * @param response
-	 *            The HttpServletResponse (never {@code null}).
-	 * @throws IllegalStateException
-	 *             Thrown in case the task is nur being run within the required environment. Refer to javadoc for
-	 *             further information.
-	 * @throws Exception
-	 *             Thrown in case of error executing the task.
-	 */
-	public abstract void execute(ExecutionContext executionContext, HttpServletRequest request,
-			HttpServletResponse response) throws TaskExecutionException;
-
-	/**
-	 * Executes the task providing the underlying {@link ExecutionContext} {@code executionContext} 
-	 * and the {@link IRequest} {@code pendingReq }as well as the
-	 * respective {@link HttpServletRequest} and {@link HttpServletResponse}.
-	 * 
-	 * This method sets the pending-request object of the task implementation and starts the 
-	 * {@code execute} method of the task
-	 * 
-	 * @param pendingReq The pending-request object (never {@code null}).
-	 * @param executionContext The execution context (never {@code null}).
-	 * @param request The HttpServletRequest (never {@code null}).
-	 * @param response The HttpServletResponse (never {@code null}).
-	 * @return The pending-request object, because Process-management works recursive
-	 * 
-	 * @throws IllegalStateException
-	 *             Thrown in case the task is being run within the required environment. Refer to javadoc for
-	 *             further information.
-	 * @throws Exception
-	 *             Thrown in case of error executing the task.
-	 */
-	protected abstract IRequest internalExecute(IRequest pendingReq, ExecutionContext executionContext, HttpServletRequest request,
-			HttpServletResponse response) throws TaskExecutionException;
-	
-	@Override
-	public IRequest execute(IRequest pendingReq, ExecutionContext executionContext) throws TaskExecutionException {
-		RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
-		if (requestAttributes != null && requestAttributes instanceof ServletRequestAttributes) {
-			HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest();
-			HttpServletResponse response = ((ServletRequestAttributes) requestAttributes).getResponse();
-			if (request == null || response == null) {
-				throw new IllegalStateException(
-						"Spring's RequestContextHolder did not provide HttpServletResponse. Did you forget to set the required org.springframework.web.filter.RequestContextFilter in your web.xml.");
-			}
-			return internalExecute(pendingReq, executionContext, request, response);
-		} else {
-			throw new IllegalStateException("Task needs to be executed within a Spring web environment.");
-		}
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/SpringWebExpressionEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/SpringWebExpressionEvaluator.java
deleted file mode 100644
index af6822ba6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/SpringWebExpressionEvaluator.java
+++ /dev/null
@@ -1,143 +0,0 @@
-package at.gv.egovernment.moa.id.process.springweb;
-
-import java.io.Serializable;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Objects;
-
-import javax.annotation.PostConstruct;
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.commons.lang3.ArrayUtils;
-import org.apache.commons.lang3.BooleanUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.expression.BeanFactoryResolver;
-import org.springframework.expression.Expression;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import org.springframework.expression.ExpressionParser;
-import org.springframework.expression.spel.standard.SpelExpressionParser;
-import org.springframework.expression.spel.support.StandardEvaluationContext;
-
-import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext;
-import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator;
-import at.gv.egovernment.moa.id.process.model.Transition;
-
-/**
- * Expression evaluator for processing {@link Transition} conditions allowing to
- * <ul>
- * <li>reference Spring beans from the application context using {@code @myBeanName...},</li>
- * <li>{@link ExecutionContext} properties using {@code ctx['property']},</li>
- * <li>Multi valued {@link HttpServletRequest} parameters using {@code requestParameters['foo']} (keep in mind that this
- * expression returns an array of String values) and</li>
- * <li>Single valued {@link HttpServletRequest} parameters using {@code requestParameter['foo']}</li>
- * </ul>
- * 
- * @author tknall
- * 
- */
-public class SpringWebExpressionEvaluator implements ExpressionEvaluator {
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-	private ExpressionParser parser = new SpelExpressionParser();
-	private StandardEvaluationContext evaluationContext = new StandardEvaluationContext();
-
-	@Autowired(required = false)
-	private ApplicationContext ctx;
-
-	@Autowired(required = false)
-	private HttpServletRequest request;
-
-	@PostConstruct
-	private void init() {
-		if (ctx != null) {
-			evaluationContext.setBeanResolver(new BeanFactoryResolver(ctx));
-		}
-	}
-
-	/**
-	 * Evaluation context that provides access to {@link HttpServletRequest} parameters using
-	 * {@code requestParameter['foo']} for single value parameters or {@code requestParameters['foo']} for multi value
-	 * parameters. Basic calls to {@code ctx} will be delegated.
-	 * 
-	 * @author tknall
-	 * 
-	 */
-	private class SpringWebExpressionEvaluationContext implements ExpressionEvaluationContext {
-
-		private static final long serialVersionUID = 1L;
-
-		/**
-		 * Creates a new expression evaluation context, providing access to HttpServletRequest parameter(s).
-		 * 
-		 * @param delegate
-		 *            The original {@link ExpressionEvaluationContext} to be delegated to for {@code ctx['foo']}
-		 *            expressions.
-		 */
-		public SpringWebExpressionEvaluationContext(ExpressionEvaluationContext delegate) {
-			this.delegate = delegate;
-		}
-
-		private ExpressionEvaluationContext delegate;
-
-		@Override
-		public Map<String, Serializable> getCtx() {
-			return delegate.getCtx();
-		}
-
-		@SuppressWarnings("unused")
-		public Map<String, String> getRequestParameter() {
-			if (request != null) {
-				Map<String, String> singleValueMap = new HashMap<String, String>();
-				Iterator<Entry<String, String[]>> it = request.getParameterMap().entrySet().iterator();
-				while (it.hasNext()) {
-					Entry<String, String[]> entry = it.next();
-					if (ArrayUtils.isNotEmpty(entry.getValue())) {
-						singleValueMap.put(entry.getKey(), entry.getValue()[0]);
-					}
-				}
-				return singleValueMap;
-			} else {
-				return Collections.<String, String> emptyMap();
-			}
-		}
-
-		@SuppressWarnings("unused")
-		public Map<String, String[]> getRequestParameters() {
-			if (request != null) {
-				return request.getParameterMap();
-			} else {
-				return Collections.<String, String[]> emptyMap();
-			}
-		}
-
-	}
-
-	@Override
-	public boolean evaluate(ExpressionEvaluationContext expressionContext, String expression) {
-		Objects.requireNonNull(expression, "Expression must not be null.");
-		log.trace("Evaluating '{}'.", expression);
-
-		Expression expr = parser.parseExpression(expression);
-		Boolean result = null;
-		try {
-			result = expr.getValue(evaluationContext, new SpringWebExpressionEvaluationContext(expressionContext),
-					Boolean.class);
-			if (result == null) {
-				log.warn("Evaluation of '{}' results in null-value.", expression);
-			} else {
-				log.debug("Expression '{}' -> {}", expression, result);
-			}
-		} catch (Exception e) {
-			log.warn("Expression '{}' could not be processed.", expression, e);
-		}
-
-		return BooleanUtils.isTrue(result);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/support/SecureRandomHolder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/support/SecureRandomHolder.java
deleted file mode 100644
index 72677739a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/support/SecureRandomHolder.java
+++ /dev/null
@@ -1,35 +0,0 @@
-package at.gv.egovernment.moa.id.process.support;
-
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-
-/**
- * Holder for a secure random instance following the initialization on demand holder design pattern. The secure random
- * instance is a singleton that is initialized on first usage.
- * 
- * @author tknall
- * 
- */
-public class SecureRandomHolder {
-
-	private SecureRandomHolder() {
-	}
-
-	private static final SecureRandom SRND_INSTANCE;
-	static {
-		try {
-			SRND_INSTANCE = SecureRandom.getInstance("SHA1PRNG");
-		} catch (NoSuchAlgorithmException e) {
-			throw new RuntimeException("Unable to instantiate SHA1PRNG.", e);
-		}
-	}
-
-	/**
-	 * Returns a secure random generator instance.
-	 * @return The secure random instance.
-	 */
-	public static SecureRandom getInstance() {
-		return SecureRandomHolder.SRND_INSTANCE;
-	}
-
-}
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java
deleted file mode 100644
index 9b30368e3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java
+++ /dev/null
@@ -1,309 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols;
-
-import java.io.IOException;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.servlet.AbstractController;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
-import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IModulInfo;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
-import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-
-public abstract class AbstractAuthProtocolModulController extends AbstractController implements IModulInfo {
-
-	public static final String FINALIZEPROTOCOL_ENDPOINT = "finalizeAuthProtocol";	
-	
-	@Autowired protected ApplicationContext applicationContext;	
-	@Autowired private SSOManager ssomanager; 
-	@Autowired protected AuthenticationManager authmanager;
-	@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
-	@Autowired private AuthenticationDataBuilder authDataBuilder;
-		
-	/**
-	 * Initialize an authentication process for this protocol request
-	 * 
-	 * @param httpReq HttpServletRequest	
-	 * @param httpResp HttpServletResponse
-	 * @param protocolRequest Authentication request which is actually in process
-	 * @throws IOException 
-	 */
-	protected void performAuthentication(HttpServletRequest req, HttpServletResponse resp, 
-			RequestImpl pendingReq) throws IOException {
-		try {
-			if (pendingReq.isNeedAuthentication()) {
-				//request needs authentication --> start authentication process ...
-			
-				//load Parameters from OnlineApplicationConfiguration
-				IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
-				
-				if (oaParam == null) {
-					throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() });
-				}
-		
-				
-				AuthenticationSession ssoMoaSession = authmanager.doAuthentication(req, resp, pendingReq);
-				if (ssoMoaSession != null) {					
-					//authenticated MOASession already exists --> protocol-specific postProcessing can start directly 					
-					finalizeAuthenticationProcess(req, resp, pendingReq, ssoMoaSession);
-					
-					//transaction is finished, log transaction finished event
-					revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier());
-					
-				}
-							
-			} else {			
-				executeProtocolSpecificAction(req, resp, pendingReq, null);
-			
-			}
-			
-		} catch (Exception e) {
-			buildProtocolSpecificErrorResponse(e, req, resp, pendingReq);
-			
-			removeUserSession(pendingReq, req, resp);
-						
-		}		
-	}
-	
-	
-	protected String createNewSSOSessionCookie(HttpServletRequest req, HttpServletResponse resp, 
-			IRequest pendingReq, IAuthenticationSession moaSession) {
-		Logger.debug("Add SSO information to MOASession.");
-		
-		//Store SSO information into database
-		String newSSOSessionId = ssomanager.createSSOSessionInformations(moaSession.getSessionID(), 
-				pendingReq.getOAURL());
-
-		//set SSO cookie to response
-		if (MiscUtil.isNotEmpty(newSSOSessionId)) {
-			ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
-	
-		} else {
-			ssomanager.deleteSSOSessionID(req, resp);
-		
-		}
-		
-		return newSSOSessionId;
-	}
-	
-	/**
-	 * Finalize the requested protocol operation
-	 * 
-	 * @param httpReq HttpServletRequest	
-	 * @param httpResp HttpServletResponse
-	 * @param protocolRequest Authentication request which is actually in process
-	 * @param moaSession MOASession object, which is used to generate the protocol specific authentication information
-	 * @throws Exception 
-	 */
-	protected void finalizeAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp, 
-			IRequest pendingReq, IAuthenticationSession moaSession) throws Exception {
-
-		String newSSOSessionId = null;
-		
-		//if Single Sign-On functionality is enabled for this request
-		if (pendingReq.needSingleSignOnFunctionality()) {
-			newSSOSessionId = createNewSSOSessionCookie(req, resp, pendingReq, moaSession);
-			
-		}
-		
-		//build authenticationdata from session information and OA configuration
-		IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq, moaSession);	
-			
-		//execute the protocol-specific action
-		SLOInformationInterface sloInformation = executeProtocolSpecificAction(req, resp, pendingReq, authData);
-		
-		//check if SSO 
-		boolean isSSOCookieSetted = MiscUtil.isNotEmpty(newSSOSessionId);
-		
-		//Store OA specific SSO session information if an SSO cookie is set
-		if (isSSOCookieSetted) { 		
-			try {
-				AuthenticationSession internalDBSSOSession = null;
-
-				//create new SSO session, if actually no SSO session exists
-				if (MiscUtil.isEmpty(pendingReq.getInternalSSOSessionIdentifier())) {
-					internalDBSSOSession = authenticatedSessionStorage.createInternalSSOSession(pendingReq);				
-					authenticatedSessionStorage.addSSOInformation(internalDBSSOSession.getSessionID(), 
-							newSSOSessionId, sloInformation, pendingReq);
-				
-					//MOA SSO-session already exists only update is required
-				} else if (MiscUtil.isNotEmpty(pendingReq.getInternalSSOSessionIdentifier()) && 
-							moaSession instanceof AuthenticationSession) {
-					authenticatedSessionStorage.addSSOInformation(moaSession.getSessionID(), 
-							newSSOSessionId, sloInformation, pendingReq);
-					
-				} else {
-					Logger.fatal("MOA-Session data object has a suspect or unsupported type:" + moaSession.getClass().getName()
-							+ " pendingReq_internalSsoId:" + pendingReq.getInternalSSOSessionIdentifier());
-					throw new AuthenticationException("1299", null);
-					
-				}
-											
-			} catch (AuthenticationException e) {
-				Logger.warn("SSO Session information can not be stored  -> SSO is not enabled!");				
-				authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID());
-				
-			}
-		
-		} else {
-			//remove MOASession from database
-			authmanager.performOnlyIDPLogOut(req, resp, moaSession.getSessionID());
-			
-		}
-	
-		//Advanced statistic logging
-		statisticLogger.logSuccessOperation(pendingReq, authData, isSSOCookieSetted);
-				
-	}
-	
-	/**
-	 * Executes the requested protocol action
-	 * 
-	 * @param httpReq HttpServletRequest	
-	 * @param httpResp HttpServletResponse
-	 * @param protocolRequest Authentication request which is actually in process
-	 * @param authData Service-provider specific authentication data
-	 * 
-	 * @return Return Single LogOut information or null if protocol supports no SSO
-	 * 
-	 * @throws Exception 
-	 */
-	private SLOInformationInterface executeProtocolSpecificAction(HttpServletRequest httpReq, HttpServletResponse httpResp, 
-			IRequest pendingReq, IAuthData authData) throws Exception {
-		try {
-		//	request needs no authentication --> start request processing
-			Class<?> clazz = Class.forName(pendingReq.requestedAction());
-			if (clazz == null || 
-					!IAction.class.isAssignableFrom(clazz)) {
-				Logger.fatal("Requested protocol-action processing Class is NULL or does not implement the IAction interface.");
-				throw new Exception("Requested protocol-action processing Class is NULL or does not implement the IAction interface.");
-				
-			}
-			
-			IAction protocolAction = (IAction) applicationContext.getBean(clazz);			 
-			return protocolAction.processRequest(pendingReq, httpReq, httpResp, authData);
-			
-		} catch (ClassNotFoundException e) {
-			Logger.fatal("Requested Auth. protocol processing Class is NULL or does not implement the IAction interface.");
-			throw new Exception("Requested Auth. protocol processing Class is NULL or does not implement the IAction interface.");
-		}
-		
-	}
-	
-	protected void removeUserSession(IRequest pendingReq, HttpServletRequest req, 
-			HttpServletResponse resp) {		
-		authmanager.performOnlyIDPLogOut(req, resp, pendingReq.getInternalSSOSessionIdentifier());
-				
-	}
-	
-	protected void buildProtocolSpecificErrorResponse(Throwable throwable, HttpServletRequest req, 
-			HttpServletResponse resp, IRequest protocolRequest) throws IOException {
-		try {
-			
-			Class<?> clazz = Class.forName(protocolRequest.requestedModule());
-			
-			if (clazz == null || 
-					!IModulInfo.class.isAssignableFrom(clazz)) {
-				Logger.fatal("Requested protocol module Class is NULL or does not implement the IModulInfo interface.");
-				throw new Exception("Requested protocol module Class is NULL or does not implement the IModulInfo interface.");
-				
-			}
-							
-			IModulInfo handlingModule = (IModulInfo) applicationContext.getBean(clazz);
-												
-			if (handlingModule.generateErrorMessage(
-					throwable, req, resp, protocolRequest)) {
-		
-				//log Error to technical log
-				logExceptionToTechnicalLog(throwable);
-				
-				//log Error Message
-				statisticLogger.logErrorOperation(throwable, protocolRequest);
-				
-				//write revision log entries
-				revisionsLogger.logEvent(protocolRequest, MOAIDEventConstants.TRANSACTION_ERROR, protocolRequest.getUniqueTransactionIdentifier());
-				
-				return;
-				
-			} else {
-				handleErrorNoRedirect(throwable, req, resp, true);
-				
-			}
-			
-		} catch (Throwable e) {
-			handleErrorNoRedirect(throwable, req, resp, true);
-			
-		}
-		
-	}
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IModulInfo#getName()
-	 */
-	@Override
-	public abstract String getName();
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IModulInfo#getPath()
-	 */
-	@Override
-	public abstract String getPath();
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IModulInfo#generateErrorMessage(java.lang.Throwable, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest)
-	 */
-	@Override
-	public abstract boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response,
-			IRequest protocolRequest) throws Throwable;
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IModulInfo#validate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest)
-	 */
-	@Override
-	public abstract boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending);
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
deleted file mode 100644
index 41a4c9835..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
+++ /dev/null
@@ -1,195 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols;
-
-import java.io.IOException;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.ExceptionContainer;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-@Controller
-public class ProtocolFinalizationController extends AbstractAuthProtocolModulController {
-	
-	@RequestMapping(value = "/finalizeAuthProtocol", method = {RequestMethod.GET})
-	public void finalizeAuthProtocol(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {
-		
-		//read pendingRequest from http request
-		Object idObject = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_TARGET_PENDINGREQUESTID));
-		IRequest pendingReq = null;
-		String pendingRequestID = null;
-		if (idObject != null && (idObject instanceof String)) {
-			pendingRequestID = (String) idObject;
-			pendingReq = requestStorage.getPendingRequest(pendingRequestID);
-			
-		}
- 				
-		//receive an authentication error
-		String errorid = StringEscapeUtils.escapeHtml(req.getParameter(ERROR_CODE_PARAM));
-		if (errorid != null) {
-			try {				
-				//load stored exception from database
-				ExceptionContainer container = transactionStorage.get(errorid, ExceptionContainer.class);								
-				if (container != null) {					
-					//remove exception if it was found
-					transactionStorage.remove(errorid);
-					
-					Throwable throwable = container.getExceptionThrown();
-					
-					if (pendingReq != null) {													
-						//build protocol-specific error message if possible
-						buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq);
-																
-						//remove active user-session
-						removeUserSession(pendingReq, req, resp);
-	
-						return;
-	
-					} else {
-						handleErrorNoRedirect(throwable, req, resp, true);
-	
-					}
-				} else {
-					handleErrorNoRedirect(new MOAIDException("auth.26", null), req, resp, false);
-					
-				}
-				
-			} catch (Throwable e) {
-				Logger.error(e);				
-				handleErrorNoRedirect(e, req, resp, false);
-			
-			}
-					
-			// receive a pending request 
-		} else {
-			if (pendingReq == null) {
-				Logger.error("No PendingRequest with ID " + pendingRequestID + " found.!");		
-				handleErrorNoRedirect(new MOAIDException("auth.28", new Object[]{pendingRequestID}), req, resp, false);							
-				return;
-				
-			}
-			try {
-				Logger.debug("Finalize PendingRequest with ID " + pendingRequestID);
-			
-				//get MOA session data object from pending request
-				IAuthenticationSession pendingMoaSession = pendingReq.getMOASession();
-				
-					//check if pending-request has 'abortedByUser' flag set
-				if (pendingReq.isAbortedByUser()) {
-					//send authentication aborted error to Service Provider
-					buildProtocolSpecificErrorResponse(
-							new AuthenticationException("auth.21", new Object[] {}), 
-							req, resp, pendingReq);
-					
-					//do not remove the full active SSO-Session 
-					// in case of only one Service-Provider authentication request is aborted   
-					if ( !(pendingMoaSession.isAuthenticated() 
-							&& pendingReq.needSingleSignOnFunctionality()) ) {
-						removeUserSession(pendingReq, req, resp);
-						
-					}							
-
-					//check if MOASession and pending-request are authenticated					
-				} else if (pendingMoaSession.isAuthenticated() && pendingReq.isAuthenticated()) {				
-					finalizeAuthenticationProcess(req, resp, pendingReq, pendingMoaSession);
-
-				} else {
-					//suspect state: pending-request is not aborted but also are not authenticated 
-					Logger.error("MOASession oder Pending-Request are not authenticated --> Abort authentication process!");		
-					handleErrorNoRedirect(new MOAIDException("auth.20", null), req, resp, true);							
-									
-				}
-							
-			} catch (Exception e) {
-				Logger.error("Finalize authentication protocol FAILED." , e);
-				buildProtocolSpecificErrorResponse(e, req, resp, pendingReq);
-				
-				removeUserSession(pendingReq, req, resp);
-				
-			}		
-		}
-		
-		//remove pending-request
-		if (pendingReq != null) {
-			requestStorage.removePendingRequest(pendingReq.getRequestID());
-			revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier());
-			
-		}
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#getName()
-	 */
-	@Override
-	public String getName() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#getPath()
-	 */
-	@Override
-	public String getPath() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#generateErrorMessage(java.lang.Throwable, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest)
-	 */
-	@Override
-	public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response,
-			IRequest protocolRequest) throws Throwable {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController#validate(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest)
-	 */
-	@Override
-	public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) {
-		// TODO Auto-generated method stub
-		return false;
-	}
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java
index c13c5e288..9262e97c2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java
@@ -22,10 +22,12 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -36,8 +38,8 @@ public class BPKAttributeBuilder implements IPVPAttributeBuilder {
 		return BPK_NAME;
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		String bpk = authData.getBPK();
 		String type = authData.getBPKType();
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BirthdateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BirthdateAttributeBuilder.java
deleted file mode 100644
index f1d88f877..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BirthdateAttributeBuilder.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-
-public class BirthdateAttributeBuilder implements IPVPAttributeBuilder {
-		
-	public String getName() {
-		return BIRTHDATE_NAME;
-	}
-	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
-		
-		if (authData.getDateOfBirth() != null) {			
-			DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN);
-			String dateString = pvpDateFormat.format(authData.getDateOfBirth());
-		
-			return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString);
-			
-		} else {
-			//build empty attribute if no Birthday date is found (STORK2)
-			return g.buildEmptyAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME);
-			
-		}
-	}
-	
-	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
-		return g.buildEmptyAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME);
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
index 6f7c0dc97..d3b2a5c38 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
@@ -26,10 +26,12 @@ import java.io.IOException;
 
 import org.springframework.util.Base64Utils;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -39,8 +41,8 @@ public class EIDAuthBlock implements IPVPAttributeBuilder {
 		return EID_AUTH_BLOCK_NAME;
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		
 		try {
 			String authblock = authData.getAuthBlock();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java
index 623acd18e..f87a9b673 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java
@@ -22,11 +22,12 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class EIDCcsURL implements IPVPAttributeBuilder {
@@ -35,8 +36,8 @@ public class EIDCcsURL implements IPVPAttributeBuilder {
 		return EID_CCS_URL_NAME;
 	}
 
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		
 		String bkuurl = authData.getBkuURL();
 		if (MiscUtil.isNotEmpty(bkuurl))
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
index b254bc305..715bc376e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
@@ -22,9 +22,13 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+
 
 @Deprecated
 public class EIDCitizenQAALevelAttributeBuilder implements IPVPAttributeBuilder {
@@ -33,12 +37,12 @@ public class EIDCitizenQAALevelAttributeBuilder implements IPVPAttributeBuilder
 		return EID_CITIZEN_QAA_LEVEL_NAME;
 	}
 
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		
 		String qaaLevel = null;
-		if (authData.getQAALevel().startsWith(STORK_QAA_PREFIX))
-			qaaLevel = authData.getQAALevel().substring(STORK_QAA_PREFIX.length());
+		if (authData.getQAALevel().startsWith(PVPConstants.STORK_QAA_PREFIX))
+			qaaLevel = authData.getQAALevel().substring(PVPConstants.STORK_QAA_PREFIX.length());
 		else
 			qaaLevel = authData.getQAALevel();
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java
deleted file mode 100644
index a01605986..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java
+++ /dev/null
@@ -1,67 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import java.io.IOException;
-
-import org.springframework.util.Base64Utils;
-
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.logging.Logger;
-
-public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder {
-
-	public String getName() {
-		return EID_IDENTITY_LINK_NAME;
-	}
-
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
-		try {
-			String ilAssertion = null;
-			
-			if (authData.getIdentityLink() == null)
-				throw new UnavailableAttributeException(EID_IDENTITY_LINK_NAME);
-			
-			ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion();
-			
-			return g.buildStringAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
-					EID_IDENTITY_LINK_NAME, Base64Utils.encodeToString(ilAssertion.getBytes("UTF-8")));
-			
-		} catch (IOException e) {
-			Logger.warn("IdentityLink serialization error.", e);
-			return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
-					EID_IDENTITY_LINK_NAME);
-		}
-		
-	}
-
-	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
-		return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
-				EID_IDENTITY_LINK_NAME);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIssuingNationAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIssuingNationAttributeBuilder.java
deleted file mode 100644
index fc80ad7fe..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIssuingNationAttributeBuilder.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class EIDIssuingNationAttributeBuilder implements IPVPAttributeBuilder {
-
-	public String getName() {
-		return EID_ISSUING_NATION_NAME;
-	}
-
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
-		String countryCode = authData.getCcc();
-		if (MiscUtil.isNotEmpty(countryCode))
-			return g.buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME,
-					EID_ISSUING_NATION_NAME, countryCode);
-		
-		else
-			return null;
-	}
-
-	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
-		return g.buildEmptyAttribute(EID_ISSUING_NATION_FRIENDLY_NAME,
-				EID_ISSUING_NATION_NAME);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java
index 71fc7966c..b38660a57 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java
@@ -26,11 +26,13 @@ import java.io.IOException;
 
 import org.springframework.util.Base64Utils;
 
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -41,8 +43,8 @@ public class EIDSTORKTOKEN implements IPVPAttributeBuilder  {
 		return EID_STORK_TOKEN_NAME;
 	}
 
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		
 		
 		if (!authData.isForeigner()) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java
index c3300d60f..783e044f8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java
@@ -22,11 +22,12 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder {
@@ -35,8 +36,8 @@ public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder {
 		return EID_SECTOR_FOR_IDENTIFIER_NAME;
 	}
 
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {		
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {		
 		String bpktype = authData.getBPKType();
 		
 		if (MiscUtil.isEmpty(authData.getBPKType()))
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java
index 4b4296536..2f18c78e2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java
@@ -25,10 +25,12 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
 import org.springframework.util.Base64Utils;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.logging.Logger;
 
 public class EIDSignerCertificate implements IPVPAttributeBuilder {
@@ -37,8 +39,8 @@ public class EIDSignerCertificate implements IPVPAttributeBuilder {
 		return EID_SIGNER_CERTIFICATE_NAME;
 	}
 
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		
 		try {
 			byte[] signerCertificate = authData.getSignerCertificate();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePIN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePIN.java
deleted file mode 100644
index b4846db12..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePIN.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributePolicyException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class EIDSourcePIN implements IPVPAttributeBuilder  {
-
-	public String getName() {
-		return EID_SOURCE_PIN_NAME;
-	}
-
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
-		
-		if (authData.isBaseIDTransferRestrication())
-			throw new AttributePolicyException(EID_SOURCE_PIN_NAME);
-		
-		else {
-			if (MiscUtil.isEmpty(authData.getIdentificationValue()))
-				throw new UnavailableAttributeException(EID_SOURCE_PIN_NAME);
-			
-			return g.buildStringAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME, authData.getIdentificationValue());
-		}
-	}
-
-	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
-		return g.buildEmptyAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePINType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePINType.java
deleted file mode 100644
index ccaecb3b6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePINType.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
-
-public class EIDSourcePINType implements IPVPAttributeBuilder {
-
-	public String getName() {
-		return EID_SOURCE_PIN_TYPE_NAME;
-	}
-	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
-		
-		if (authData.isBaseIDTransferRestrication())
-			throw new UnavailableAttributeException(EID_SOURCE_PIN_TYPE_NAME);
-		
-		else {
-			return g.buildStringAttribute(EID_SOURCE_PIN_TYPE_FRIENDLY_NAME, EID_SOURCE_PIN_TYPE_NAME, authData.getIdentificationType());
-		}
-	}
-
-	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
-		return g.buildEmptyAttribute(EID_SOURCE_PIN_TYPE_FRIENDLY_NAME, EID_SOURCE_PIN_TYPE_NAME);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDeIDASQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDeIDASQAALevelAttributeBuilder.java
deleted file mode 100644
index ca3dfa765..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDeIDASQAALevelAttributeBuilder.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-
-public class EIDeIDASQAALevelAttributeBuilder implements IPVPAttributeBuilder {
-
-	public String getName() {
-		return EID_CITIZEN_EIDAS_QAA_LEVEL_NAME;
-	}
-
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
-		
-		return g.buildStringAttribute(EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, 
-				EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, authData.getEIDASQAALevel());
-	}
-	
-	
-	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
-		return g.buildEmptyAttribute(EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, 
-				EID_CITIZEN_EIDAS_QAA_LEVEL_NAME);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
index 9dfbe00b2..e91bc90d6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
@@ -22,13 +22,12 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Constants;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
 
 public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
 	
@@ -36,8 +35,8 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
 		return ENC_BPK_LIST_NAME;
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 
 		if (authData.getEncbPKList() != null &&
 				authData.getEncbPKList().size() > 0) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/GivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/GivenNameAttributeBuilder.java
deleted file mode 100644
index af87a319a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/GivenNameAttributeBuilder.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-
-public class GivenNameAttributeBuilder implements IPVPAttributeBuilder {
-
-	public String getName() {
-		return GIVEN_NAME_NAME;
-	}
-
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
-		return g.buildStringAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME, authData.getGivenName());
-	}
-	
-	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
-		return g.buildEmptyAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java
index 1d3faff2d..e1e7440e6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java
@@ -24,11 +24,13 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
 import java.io.IOException;
 
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 
@@ -38,8 +40,8 @@ public class HolderOfKey implements IPVPAttributeBuilder {
 		return PVP_HOLDEROFKEY_NAME;
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		
 		try {
 			byte[] certEncoded = authData.getGenericData(
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IAttributeBuilder.java
deleted file mode 100644
index 5b44f02aa..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IAttributeBuilder.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-
-public interface IAttributeBuilder {
-	public String getName();
-	
-	public <ATT> ATT build(final IOAAuthParameters oaParam, final IAuthData authData,
-			final IAttributeGenerator<ATT> g) throws AttributeException;
-	
-	public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g);
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IAttributeGenerator.java
deleted file mode 100644
index ecd67db64..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IAttributeGenerator.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-public interface IAttributeGenerator<ATT> {
-	/**
-	 * 
-	 * @param friendlyName FriendlyName
-	 * @param name	Name
-	 * @param value value
-	 * @return
-	 */
-	public abstract ATT buildStringAttribute(final String friendlyName, final String name, final String value);
-	
-	public abstract ATT buildIntegerAttribute(final String friendlyName, final String name, final int value);
-	
-	public abstract ATT buildLongAttribute(final String friendlyName, final String name, final long value);
-	
-	public abstract ATT buildEmptyAttribute(final String friendlyName, final String name);
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IPVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IPVPAttributeBuilder.java
deleted file mode 100644
index dbb799256..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IPVPAttributeBuilder.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-
-interface IPVPAttributeBuilder extends PVPConstants, IAttributeBuilder {
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
index ffb69c2dc..007f7403a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -28,9 +28,11 @@ import javax.xml.transform.TransformerException;
 
 import org.springframework.util.Base64Utils;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DOMUtils;
@@ -41,8 +43,8 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder
 		return MANDATE_FULL_MANDATE_NAME;
 	}
 
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		if (authData.isUseMandate()) {
 			//only provide full mandate if it is included. 
 			//In case of federation only a short mandate could be include 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
index f85fd7cae..e41a5ccf1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
@@ -26,9 +26,11 @@ import org.w3c.dom.Element;
 
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -40,8 +42,8 @@ public class MandateLegalPersonFullNameAttributeBuilder implements IPVPAttribute
 		return MANDATE_LEG_PER_FULL_NAME_NAME;
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		if (authData.isUseMandate()) {
 			
 			//get PVP attribute directly, if exists 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
index 7e0815ab2..e20cf6684 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
@@ -26,9 +26,11 @@ import org.w3c.dom.Element;
 
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -40,8 +42,8 @@ public class MandateLegalPersonSourcePinAttributeBuilder  implements IPVPAttribu
 		return MANDATE_LEG_PER_SOURCE_PIN_NAME;
 	}
 
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		if(authData.isUseMandate()) {				
 			return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, 
 					MANDATE_LEG_PER_SOURCE_PIN_NAME, getLegalPersonIdentifierFromMandate(authData));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
index 8b22acc01..098ecf68f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
@@ -26,9 +26,11 @@ import org.w3c.dom.Element;
 
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -40,8 +42,8 @@ public class MandateLegalPersonSourcePinTypeAttributeBuilder implements IPVPAttr
 		return MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME;
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		if (authData.isUseMandate()) {
 			//get PVP attribute directly, if exists 
 			String sourcePinType = authData.getGenericData(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index ad469921c..ebec019ae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -27,15 +27,18 @@ import org.w3c.dom.Element;
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
@@ -47,10 +50,10 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
 		return MANDATE_NAT_PER_BPK_NAME;
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {						
-		try {	
-			Pair<String, String> calcResult = internalBPKGenerator(oaParam, authData);
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {						
+		try {			
+			Pair<String, String> calcResult = internalBPKGenerator((IOAAuthParameters)oaParam, authData);
 			if (calcResult != null) {					
 				String bpk = calcResult.getFirst();
 				String type = calcResult.getSecond();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
index ebba376f8..0b8263ffb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
@@ -31,10 +31,12 @@ import org.w3c.dom.Element;
 
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.InvalidDateFormatAttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -46,8 +48,8 @@ public class MandateNaturalPersonBirthDateAttributeBuilder implements IPVPAttrib
 		return MANDATE_NAT_PER_BIRTHDATE_NAME;
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		
 		String attrValue = internalAttributGeneration(oaParam, authData);
 		if (attrValue != null)
@@ -62,7 +64,7 @@ public class MandateNaturalPersonBirthDateAttributeBuilder implements IPVPAttrib
 	}
 	
 	
-	protected String internalAttributGeneration(IOAAuthParameters oaParam, IAuthData authData) throws InvalidDateFormatAttributeException, NoMandateDataAttributeException {		
+	protected String internalAttributGeneration(ISPConfiguration oaParam, IAuthData authData) throws InvalidDateFormatAttributeException, NoMandateDataAttributeException {		
 		if (authData.isUseMandate()) {
 			
 			//get PVP attribute directly, if exists 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
index 07e5c9d09..38a520298 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
@@ -29,9 +29,11 @@ import org.w3c.dom.Element;
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType.FamilyName;
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -43,8 +45,8 @@ public class MandateNaturalPersonFamilyNameAttributeBuilder  implements IPVPAttr
 		return MANDATE_NAT_PER_FAMILY_NAME_NAME;
 	}
 
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		if(authData.isUseMandate()) {
 			
 			//get PVP attribute directly, if exists 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
index 51a3d2e74..be8e761e0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
@@ -28,9 +28,11 @@ import org.w3c.dom.Element;
 
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -42,8 +44,8 @@ public class MandateNaturalPersonGivenNameAttributeBuilder implements IPVPAttrib
 		return MANDATE_NAT_PER_GIVEN_NAME_NAME;
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		if (authData.isUseMandate()) {			
 			//get PVP attribute directly, if exists 
 			String givenName = authData.getGenericData(MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
index 8be85415e..2890b72d9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
@@ -27,10 +27,12 @@ import org.w3c.dom.Element;
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributePolicyException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.AttributePolicyException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -41,8 +43,8 @@ public class MandateNaturalPersonSourcePinAttributeBuilder  implements IPVPAttri
 		return MANDATE_NAT_PER_SOURCE_PIN_NAME;
 	}
 
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		if(authData.isUseMandate()) {
 			Element mandate = authData.getMandate();
 			if(mandate == null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
index d89ae0225..6b3ed6768 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
@@ -27,9 +27,11 @@ import org.w3c.dom.Element;
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -40,8 +42,8 @@ public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAt
 		return MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME;
 	}
 
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		if(authData.isUseMandate()) {
 			Element mandate = authData.getMandate();
 			if(mandate == null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
index b7d21f903..d8804d395 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
@@ -25,10 +25,12 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes;
 import org.w3c.dom.Element;
 
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -39,8 +41,8 @@ public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder
 		return MANDATE_PROF_REP_DESC_NAME;
 	}
 
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		if(authData.isUseMandate()) {						
 			String profRepName = authData.getGenericData(MANDATE_PROF_REP_DESC_NAME, String.class);
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
index 04de3288a..555f92fe0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
@@ -22,10 +22,12 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -35,8 +37,8 @@ public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder {
 		return MANDATE_PROF_REP_OID_NAME;
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		if (authData.isUseMandate()) {			
 			String profRepOID = authData.getGenericData(MANDATE_PROF_REP_OID_NAME, String.class);			
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java
index 5ad562ffa..45cce5852 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java
@@ -22,10 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuilder {
 	
@@ -33,8 +34,8 @@ public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuild
 		return MANDATE_REFERENCE_VALUE_NAME;
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		if (authData.isUseMandate()) {
 		
 			return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java
index a531e31fc..3bc7d5a2d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java
@@ -25,9 +25,11 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes;
 import org.w3c.dom.Element;
 
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -38,8 +40,8 @@ public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder {
 		return MANDATE_TYPE_NAME;
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		if (authData.isUseMandate()) {						
 			//get PVP attribute directly, if exists 
 			String mandateType = authData.getGenericData(MANDATE_TYPE_NAME, String.class);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
index b967ad42c..d5c89fc97 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
@@ -22,9 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -34,8 +36,8 @@ public class MandateTypeOIDAttributeBuilder implements IPVPAttributeBuilder {
 		return MANDATE_TYPE_OID_NAME;
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		if (authData.isUseMandate()) {						
 			//get PVP attribute directly, if exists 
 			String mandateType = authData.getGenericData(MANDATE_TYPE_OID_NAME, String.class);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PVPVersionAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PVPVersionAttributeBuilder.java
deleted file mode 100644
index 285a6977f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PVPVersionAttributeBuilder.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-
-public class PVPVersionAttributeBuilder implements IPVPAttributeBuilder {
-	
-	public String getName() {
-		return PVP_VERSION_NAME;
-	}
-	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
-		return g.buildStringAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME, PVP_VERSION_2_1);
-	}
-	
-	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
-		return g.buildEmptyAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME);
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PrincipalNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PrincipalNameAttributeBuilder.java
deleted file mode 100644
index b2465b5c1..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PrincipalNameAttributeBuilder.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-
-public class PrincipalNameAttributeBuilder implements IPVPAttributeBuilder {
-	
-	public String getName() {
-		return PRINCIPAL_NAME_NAME;
-	}
-	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
-		return g.buildStringAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME, authData.getFamilyName());
-	}
-	
-	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
-		return g.buildEmptyAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME);
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index 4ef9fa05e..cc48873af 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -42,20 +42,20 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.api.IAction;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
 import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.data.Trible;
-import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index 9d60ae4b2..a8adc9ca0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -38,13 +38,13 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.api.IAction;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 851f47a68..baaf8b681 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -30,13 +30,13 @@ import org.springframework.stereotype.Service;
 
 import com.google.common.net.MediaType;
 
+import at.gv.egiz.eaaf.core.api.IAction;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.IDPPVPMetadataConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
@@ -48,7 +48,7 @@ public class MetadataAction implements IAction {
 
 	
-	@Autowired private MOAReversionLogger revisionsLogger;
+	@Autowired private IRevisionLogger revisionsLogger;
 	@Autowired private IDPCredentialProvider credentialProvider;
 	@Autowired private PVPMetadataBuilder metadatabuilder;
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 4b9b21093..e6298527b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -55,19 +55,21 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.exceptions.NoPassivAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityLogAdapter;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
-import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
@@ -76,7 +78,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
@@ -94,7 +95,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
index 62105abda..46e5b83f6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
@@ -28,9 +28,9 @@ import org.opensaml.xml.io.MarshallingException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.StoredAssertion;
-import at.gv.egovernment.moa.id.storage.ITransactionStorage;
 
 @Service("PVPAssertionStorage")
 public class PVPAssertionStorage implements SAMLArtifactMap {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index 95e3c5bc2..67e7a47f3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -29,9 +29,10 @@ import java.util.List;
 import org.opensaml.xml.encryption.EncryptionConstants;
 import org.opensaml.xml.signature.SignatureConstants;
 
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeConstants;
 import at.gv.egovernment.moa.id.data.Trible;
 
-public interface PVPConstants {
+public interface PVPConstants extends PVPAttributeConstants {
 	
 	public static final String SSLSOCKETFACTORYNAME = "MOAMetaDataProvider";
 		
@@ -54,249 +55,6 @@ public interface PVPConstants {
 	
 	public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/";
 	
-	public static final String URN_OID_PREFIX = "urn:oid:";
-	
-	public static final String PVP_VERSION_OID = "1.2.40.0.10.2.1.1.261.10";
-	public static final String PVP_VERSION_NAME = URN_OID_PREFIX + PVP_VERSION_OID;
-	public static final String PVP_VERSION_FRIENDLY_NAME = "PVP-VERSION";
-	public static final String PVP_VERSION_2_1 = "2.1";
-
-	
-	public static final String SECCLASS_OID = "1.2.40.0.10.2.1.1.261.110";
-	public static final String SECCLASS_FRIENDLY_NAME = "SECCLASS";
-	public static final String SECCLASS_NAME = URN_OID_PREFIX + SECCLASS_OID;
-	public static final int SECCLASS_MAX_LENGTH = 128;
-	
-	public static final String PRINCIPAL_NAME_OID = "1.2.40.0.10.2.1.1.261.20";
-	public static final String PRINCIPAL_NAME_NAME = URN_OID_PREFIX + PRINCIPAL_NAME_OID;
-	public static final String PRINCIPAL_NAME_FRIENDLY_NAME = "PRINCIPAL-NAME";
-	public static final int PRINCIPAL_NAME_MAX_LENGTH = 128;
-	
-	public static final String GIVEN_NAME_OID = "2.5.4.42";
-	public static final String GIVEN_NAME_NAME = URN_OID_PREFIX + GIVEN_NAME_OID;
-	public static final String GIVEN_NAME_FRIENDLY_NAME = "GIVEN-NAME";
-	public static final int GIVEN_NAME_MAX_LENGTH = 128;
-	
-	public static final String BIRTHDATE_OID = "1.2.40.0.10.2.1.1.55";
-	public static final String BIRTHDATE_NAME = URN_OID_PREFIX + BIRTHDATE_OID;
-	public static final String BIRTHDATE_FRIENDLY_NAME = "BIRTHDATE";
-	public static final String BIRTHDATE_FORMAT_PATTERN = "yyyy-MM-dd";
-	
-	public static final String USERID_OID = "0.9.2342.19200300.100.1.1";
-	public static final String USERID_NAME = URN_OID_PREFIX + USERID_OID;
-	public static final String USERID_FRIENDLY_NAME = "USERID";
-	public static final int USERID_MAX_LENGTH = 128;
-	
-	public static final String GID_OID = "1.2.40.0.10.2.1.1.1";
-	public static final String GID_NAME = URN_OID_PREFIX + GID_OID;
-	public static final String GID_FRIENDLY_NAME = "GID";
-	public static final int GID_MAX_LENGTH = 128;
-	
-	public static final String BPK_OID = "1.2.40.0.10.2.1.1.149";
-	public static final String BPK_NAME = URN_OID_PREFIX + BPK_OID;
-	public static final String BPK_FRIENDLY_NAME = "BPK";
-	public static final int BPK_MAX_LENGTH = 1024;
-	
-	public static final String ENC_BPK_LIST_OID = "1.2.40.0.10.2.1.1.261.22";
-	public static final String ENC_BPK_LIST_NAME = URN_OID_PREFIX+ENC_BPK_LIST_OID;
-	public static final String ENC_BPK_LIST_FRIENDLY_NAME = "ENC-BPK-LIST";
-	public static final int ENC_BPK_LIST_MAX_LENGTH = 32767;
-	
-	public static final String MAIL_OID = "0.9.2342.19200300.100.1.3";
-	public static final String MAIL_NAME = URN_OID_PREFIX + MAIL_OID;
-	public static final String MAIL_FRIENDLY_NAME = "MAIL";
-	public static final int MAIL_MAX_LENGTH = 128;
-	
-	public static final String TEL_OID = "2.5.4.20";
-	public static final String TEL_NAME = URN_OID_PREFIX + TEL_OID;
-	public static final String TEL_FRIENDLY_NAME = "TEL";
-	public static final int TEL_MAX_LENGTH = 32;
-	
-	public static final String PARTICIPANT_ID_OID = "1.2.40.0.10.2.1.1.71";
-	public static final String PARTICIPANT_ID_NAME = URN_OID_PREFIX + PARTICIPANT_ID_OID;
-	public static final String PARTICIPANT_ID_FRIENDLY_NAME = "PARTICIPANT-ID";
-	public static final int PARTICIPANT_MAX_LENGTH = 39;
-	
-	public static final String PARTICIPANT_OKZ_OID = "1.2.40.0.10.2.1.1.261.24";
-	public static final String PARTICIPANT_OKZ_NAME = URN_OID_PREFIX + PARTICIPANT_OKZ_OID;
-	public static final String PARTICIPANT_OKZ_FRIENDLY_NAME = "PARTICIPANT-OKZ";
-	public static final int PARTICIPANT_OKZ_MAX_LENGTH = 32;
-	
-	public static final String OU_OKZ_OID = "1.2.40.0.10.2.1.1.153";
-	public static final String OU_OKZ_NAME =  URN_OID_PREFIX + OU_OKZ_OID;
-	public static final int OU_OKZ_MAX_LENGTH = 32;
-	
-	public static final String OU_GV_OU_ID_OID = "1.2.40.0.10.2.1.1.3";
-	public static final String OU_GV_OU_ID_NAME = URN_OID_PREFIX + OU_GV_OU_ID_OID;
-	public static final String OU_GV_OU_ID_FRIENDLY_NAME = "OU-GV-OU-ID";
-	public static final int OU_GV_OU_ID_MAX_LENGTH = 39;
-	
-	public static final String OU_OID = "2.5.4.11";
-	public static final String OU_NAME = URN_OID_PREFIX + OU_OID;
-	public static final String OU_FRIENDLY_NAME = "OU";
-	public static final int OU_MAX_LENGTH = 64;
-	
-	public static final String FUNCTION_OID = "1.2.40.0.10.2.1.1.33";
-	public static final String FUNCTION_NAME = URN_OID_PREFIX + FUNCTION_OID;
-	public static final String FUNCTION_FRIENDLY_NAME = "FUNCTION";
-	public static final int FUNCTION_MAX_LENGTH = 32;
-	
-	public static final String ROLES_OID = "1.2.40.0.10.2.1.1.261.30";
-	public static final String ROLES_NAME = URN_OID_PREFIX + ROLES_OID;
-	public static final String ROLES_FRIENDLY_NAME = "ROLES";
-	public static final int ROLES_MAX_LENGTH = 32767;
-	
-	@Deprecated public static final String EID_CITIZEN_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.94";	
-	@Deprecated public static final String EID_CITIZEN_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_QAA_LEVEL_OID;
-	@Deprecated public static final String EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-LEVEL";
-	
-	public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.108";	
-	public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_EIDAS_QAA_LEVEL_OID;
-	public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-EIDAS-LEVEL";
-	
-	public static final String EID_ISSUING_NATION_OID = "1.2.40.0.10.2.1.1.261.32";
-	public static final String EID_ISSUING_NATION_NAME = URN_OID_PREFIX + EID_ISSUING_NATION_OID;
-	public static final String EID_ISSUING_NATION_FRIENDLY_NAME = "EID-ISSUING-NATION";
-	public static final int EID_ISSUING_NATION_MAX_LENGTH = 2;
-	
-	public static final String EID_SECTOR_FOR_IDENTIFIER_OID = "1.2.40.0.10.2.1.1.261.34";
-	public static final String EID_SECTOR_FOR_IDENTIFIER_NAME = URN_OID_PREFIX + EID_SECTOR_FOR_IDENTIFIER_OID;
-	public static final String EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME = "EID-SECTOR-FOR-IDENTIFIER";
-	public static final int EID_SECTOR_FOR_IDENTIFIER_MAX_LENGTH = 255;
-	
-	public static final String EID_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.36";
-	public static final String EID_SOURCE_PIN_NAME = URN_OID_PREFIX + EID_SOURCE_PIN_OID;
-	public static final String EID_SOURCE_PIN_FRIENDLY_NAME = "EID-SOURCE-PIN";
-	public static final int EID_SOURCE_PIN_MAX_LENGTH = 128;
-	
-	public static final String EID_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.104";
-	public static final String EID_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + EID_SOURCE_PIN_TYPE_OID;
-	public static final String EID_SOURCE_PIN_TYPE_FRIENDLY_NAME = "EID-SOURCE-PIN-TYPE";
-	public static final int EID_SOURCE_PIN_TYPE_MAX_LENGTH = 128;
-	
-	public static final String EID_IDENTITY_LINK_OID = "1.2.40.0.10.2.1.1.261.38";
-	public static final String EID_IDENTITY_LINK_NAME = URN_OID_PREFIX + EID_IDENTITY_LINK_OID;
-	public static final String EID_IDENTITY_LINK_FRIENDLY_NAME = "EID-IDENTITY-LINK";
-	public static final int EID_IDENTITY_LINK_MAX_LENGTH = 32767;
-	
-	public static final String EID_AUTH_BLOCK_OID = "1.2.40.0.10.2.1.1.261.62";
-	public static final String EID_AUTH_BLOCK_NAME = URN_OID_PREFIX + EID_AUTH_BLOCK_OID;
-	public static final String EID_AUTH_BLOCK_FRIENDLY_NAME = "EID-AUTH-BLOCK";
-	public static final int EID_AUTH_BLOCK_MAX_LENGTH = 32767;
-	
-	public static final String EID_CCS_URL_OID = "1.2.40.0.10.2.1.1.261.64";
-	public static final String EID_CCS_URL_NAME = URN_OID_PREFIX + EID_CCS_URL_OID;
-	public static final String EID_CCS_URL_FRIENDLY_NAME = "EID-CCS-URL";
-	public static final int EID_CCS_URL_MAX_LENGTH = 1024;
-	
-	public static final String EID_SIGNER_CERTIFICATE_OID = "1.2.40.0.10.2.1.1.261.66";
-	public static final String EID_SIGNER_CERTIFICATE_NAME = URN_OID_PREFIX + EID_SIGNER_CERTIFICATE_OID;
-	public static final String EID_SIGNER_CERTIFICATE_FRIENDLY_NAME = "EID-SIGNER-CERTIFICATE";
-	public static final int EID_SIGNER_CERTIFICATE_MAX_LENGTH = 32767;
-	
-	public static final String EID_STORK_TOKEN_OID = "1.2.40.0.10.2.1.1.261.96";
-	public static final String EID_STORK_TOKEN_NAME = URN_OID_PREFIX + EID_STORK_TOKEN_OID;
-	public static final String EID_STORK_TOKEN_FRIENDLY_NAME = "EID-STORK-TOKEN";
-	public static final int EID_STORK_TOKEN_MAX_LENGTH = 32767;
-	
-	public static final String MANDATE_TYPE_OID = "1.2.40.0.10.2.1.1.261.68";
-	public static final String MANDATE_TYPE_NAME = URN_OID_PREFIX + MANDATE_TYPE_OID;
-	public static final String MANDATE_TYPE_FRIENDLY_NAME = "MANDATE-TYPE";
-	public static final int MANDATE_TYPE_MAX_LENGTH = 256;
-	
-	public static final String MANDATE_TYPE_OID_OID = "1.2.40.0.10.2.1.1.261.106";
-	public static final String MANDATE_TYPE_OID_NAME = URN_OID_PREFIX + MANDATE_TYPE_OID_OID;
-	public static final String MANDATE_TYPE_OID_FRIENDLY_NAME = "MANDATE-TYPE-OID";
-	public static final int MANDATE_TYPE_OID_MAX_LENGTH = 256;
-	
-	public static final String MANDATE_NAT_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.70";
-	public static final String MANDATE_NAT_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_OID;
-	public static final String MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN";
-	public static final int MANDATE_NAT_PER_SOURCE_PIN_MAX_LENGTH = 128;
-	
-	public static final String MANDATE_LEG_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.100";
-	public static final String MANDATE_LEG_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_SOURCE_PIN_OID;
-	public static final String MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-SOURCE-PIN";
-	public static final int MANDATE_LEG_PER_SOURCE_PIN_MAX_LENGTH = 128;
-	
-	public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.102";
-	public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID;
-	public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN-TYPE";
-	public static final int MANDATE_NAT_PER_SOURCE_PIN_TYPE_MAX_LENGTH = 128;
-	
-	public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.76";
-	public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_SOURCE_PIN_TYPE_OID;
-	public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-SOURCE-PIN-TYPE";
-	public static final int MANDATE_LEG_PER_SOURCE_PIN_TYPE_MAX_LENGTH = 128;
-	
-	public static final String MANDATE_NAT_PER_BPK_OID = "1.2.40.0.10.2.1.1.261.98";
-	public static final String MANDATE_NAT_PER_BPK_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_BPK_OID;
-	public static final String MANDATE_NAT_PER_BPK_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-BPK";
-	public static final int MANDATE_NAT_PER_BPK_MAX_LENGTH = 1024;
-	
-	public static final String MANDATE_NAT_PER_ENC_BPK_LIST_OID = "1.2.40.0.10.2.1.1.261.72";
-	public static final String MANDATE_NAT_PER_ENC_BPK_LIST_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_ENC_BPK_LIST_OID;
-	public static final String MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-ENC-BPK-LIST";
-	public static final int MANDATE_NAT_PER_ENC_BPK_LIST_MAX_LENGTH = 32767;
-	
-	public static final String MANDATE_NAT_PER_GIVEN_NAME_OID = "1.2.40.0.10.2.1.1.261.78";
-	public static final String MANDATE_NAT_PER_GIVEN_NAME_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_GIVEN_NAME_OID;
-	public static final String MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-GIVEN-NAME";
-	public static final int MANDATE_NAT_PER_GIVEN_NAME_MAX_LENGTH = 128;
-	
-	public static final String MANDATE_NAT_PER_FAMILY_NAME_OID = "1.2.40.0.10.2.1.1.261.80";
-	public static final String MANDATE_NAT_PER_FAMILY_NAME_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_FAMILY_NAME_OID;
-	public static final String MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-FAMILY-NAME";
-	public static final int MANDATE_NAT_PER_FAMILY_NAME_MAX_LENGTH = 128;
-	
-	public static final String MANDATE_NAT_PER_BIRTHDATE_OID = "1.2.40.0.10.2.1.1.261.82";
-	public static final String MANDATE_NAT_PER_BIRTHDATE_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_BIRTHDATE_OID;
-	public static final String MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-BIRTHDATE";
-	public static final String MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN = BIRTHDATE_FORMAT_PATTERN;
-	
-	public static final String MANDATE_LEG_PER_FULL_NAME_OID = "1.2.40.0.10.2.1.1.261.84";
-	public static final String MANDATE_LEG_PER_FULL_NAME_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_FULL_NAME_OID;
-	public static final String MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-FULL-NAME";
-	public static final int MANDATE_LEG_PER_FULL_NAME_MAX_LENGTH = 256;
-	
-	public static final String MANDATE_PROF_REP_OID_OID = "1.2.40.0.10.2.1.1.261.86";
-	public static final String MANDATE_PROF_REP_OID_NAME = URN_OID_PREFIX + MANDATE_PROF_REP_OID_OID;
-	public static final String MANDATE_PROF_REP_OID_FRIENDLY_NAME = "MANDATE-PROF-REP-OID";
-	public static final int MANDATE_PROF_REP_OID_MAX_LENGTH = 256;
-	
-	public static final String MANDATE_PROF_REP_DESC_OID = "1.2.40.0.10.2.1.1.261.88";
-	public static final String MANDATE_PROF_REP_DESC_NAME = URN_OID_PREFIX + MANDATE_PROF_REP_DESC_OID;
-	public static final String MANDATE_PROF_REP_DESC_FRIENDLY_NAME = "MANDATE-PROF-REP-DESCRIPTION";
-	public static final int MANDATE_PROF_REP_DESC_MAX_LENGTH = 1024;
-	
-	public static final String MANDATE_REFERENCE_VALUE_OID = "1.2.40.0.10.2.1.1.261.90";
-	public static final String MANDATE_REFERENCE_VALUE_NAME = URN_OID_PREFIX + MANDATE_REFERENCE_VALUE_OID;
-	public static final String MANDATE_REFERENCE_VALUE_FRIENDLY_NAME = "MANDATE-REFERENCE-VALUE";
-	public static final int MANDATE_REFERENCE_VALUE_MAX_LENGTH = 100;
-	
-	public static final String MANDATE_FULL_MANDATE_OID = "1.2.40.0.10.2.1.1.261.92";
-	public static final String MANDATE_FULL_MANDATE_NAME = URN_OID_PREFIX + MANDATE_FULL_MANDATE_OID;
-	public static final String MANDATE_FULL_MANDATE_FRIENDLY_NAME = "MANDATE-FULL-MANDATE";
-	public static final int MANDATE_FULL_MANDATE_MAX_LENGTH = 32767;
-	
-	public static final String INVOICE_RECPT_ID_OID = "1.2.40.0.10.2.1.1.261.40";
-	public static final String INVOICE_RECPT_ID_NAME = URN_OID_PREFIX + INVOICE_RECPT_ID_OID;
-	public static final String INVOICE_RECPT_ID_FRIENDLY_NAME = "INVOICE-RECPT-ID";
-	public static final int INVOICE_RECPT_ID_MAX_LENGTH = 64;
-	
-	public static final String COST_CENTER_ID_OID = "1.2.40.0.10.2.1.1.261.50";
-	public static final String COST_CENTER_ID_NAME = URN_OID_PREFIX + COST_CENTER_ID_OID;
-	public static final String COST_CENTER_ID_FRIENDLY_NAME = "COST-CENTER-ID";
-	public static final int COST_CENTER_ID_MAX_LENGTH = 32767;
-	
-	public static final String CHARGE_CODE_OID = "1.2.40.0.10.2.1.1.261.60";
-	public static final String CHARGE_CODE_NAME = URN_OID_PREFIX + CHARGE_CODE_OID;
-	public static final String CHARGE_CODE_FRIENDLY_NAME = "CHARGE-CODE";
-	public static final int CHARGE_CODE_MAX_LENGTH = 32767;
-	
-	public static final String PVP_HOLDEROFKEY_OID = "1.2.40.0.10.2.1.1.261.xx.xx";
-	public static final String PVP_HOLDEROFKEY_NAME = URN_OID_PREFIX + PVP_HOLDEROFKEY_OID;
-	public static final String PVP_HOLDEROFKEY_FRIENDLY_NAME = "HOLDER-OF-KEY-CERTIFICATE";
 	
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index caf66942e..060a5fcc2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -37,7 +37,7 @@ import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index f709da213..2d8d0f66f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -35,30 +35,30 @@ import org.opensaml.saml2.metadata.SingleLogoutService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.api.IAction;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.data.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.data.ISLOInformationContainer;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
-import at.gv.egovernment.moa.id.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
-import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.storage.ITransactionStorage;
-import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.URLEncoder;
@@ -75,7 +75,7 @@ public class SingleLogOutAction implements IAction {
 	@Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
 	@Autowired private ITransactionStorage transactionStorage;
 	@Autowired private SingleLogOutBuilder sloBuilder;
-	@Autowired private MOAReversionLogger revisionsLogger;
+	@Autowired private IRevisionLogger revisionsLogger;
 
 
 	/* (non-Javadoc)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
index ccbef6e6c..409f995fc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
@@ -31,7 +31,7 @@ import org.opensaml.ws.message.encoder.MessageEncodingException;
 import org.opensaml.xml.security.SecurityException;
 import org.opensaml.xml.security.credential.Credential;
 
-import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
 
 public interface IEncoder {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index c7688c14b..998249028 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -50,12 +50,12 @@ import org.opensaml.xml.security.credential.Credential;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl;
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.opemsaml.MOAIDHTTPPostEncoder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index 95c4f1726..caebd456b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -51,7 +51,7 @@ import org.opensaml.xml.security.SecurityException;
 import org.opensaml.xml.security.credential.Credential;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
index 552b64ac6..2b4374a64 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -50,7 +50,7 @@ import org.opensaml.xml.signature.SignableXMLObject;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
index f4cd7422c..c662a0af5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
@@ -49,7 +49,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.Document;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
index b82e6c1f0..6beaee92b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
@@ -32,13 +32,13 @@ import java.util.ServiceLoader;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.metadata.RequestedAttribute;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.InvalidDateFormatAttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
index f29418853..be8c2abdf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
@@ -48,7 +48,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index 4fef52aec..cc916ef73 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -63,13 +63,12 @@ import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.Document;
 
+import at.gv.egiz.eaaf.core.api.data.ISLOInformationContainer;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
-import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.data.ISLOInformationContainer;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.opemsaml.MOAStringRedirectDeflateEncoder;
@@ -86,6 +85,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 196aa47af..40c85945f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -59,11 +59,12 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
 import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
@@ -77,7 +78,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttribut
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.id.util.QAALevelVerifier;
-import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributeException.java
deleted file mode 100644
index 9f13b8270..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributeException.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions;
-
-public class AttributeException extends Exception {
-	
-	private static final long serialVersionUID = 1L;
-	
-	public AttributeException(String message) {
-		super(message);
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributePolicyException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributePolicyException.java
deleted file mode 100644
index 1e0e2ee51..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributePolicyException.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions;
-
-public class AttributePolicyException extends AttributeException {
-	
-	private static final long serialVersionUID = 1L;
-	
-	private String attributeName;
-	
-	public AttributePolicyException(String attributeName) {
-		super("Attribute " + attributeName + " is restricted by IDP policy.");
-		this.attributeName = attributeName;
-	}
-	
-	public String getAttributeName() {
-		return attributeName;
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/InvalidDateFormatAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/InvalidDateFormatAttributeException.java
deleted file mode 100644
index dd251f0cd..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/InvalidDateFormatAttributeException.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions;
-
-public class InvalidDateFormatAttributeException extends AttributeException {
-
-	private static final long serialVersionUID = 1L;
-	
-	public InvalidDateFormatAttributeException() {
-		super("Date format is invalid.");
-	}
-
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/NoMandateDataAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/NoMandateDataAttributeException.java
index 066330a2d..ad505efa5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/NoMandateDataAttributeException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/NoMandateDataAttributeException.java
@@ -22,7 +22,9 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions;
 
-public class NoMandateDataAttributeException extends AttributeException {
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+
+public class NoMandateDataAttributeException extends AttributeBuilderException {
 	
 	private static final long serialVersionUID = 1L;
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/UnavailableAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/UnavailableAttributeException.java
deleted file mode 100644
index f63edf909..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/UnavailableAttributeException.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions;
-
-public class UnavailableAttributeException extends AttributeException {
-	
-	private static final long serialVersionUID = 1L;
-	
-	private String attributeName;
-	
-	public UnavailableAttributeException(String attributeName) {
-		super("Attribute " + attributeName + " is not available.");
-		this.attributeName = attributeName;
-	}
-	
-	public String getAttributeName() {
-		return attributeName;
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index 47c4b0736..64f5c7d73 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -44,7 +44,7 @@ import org.opensaml.saml2.metadata.OrganizationURL;
 import org.opensaml.saml2.metadata.SurName;
 import org.opensaml.saml2.metadata.TelephoneNumber;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestValidatorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestValidatorException.java
deleted file mode 100644
index f65c4d265..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestValidatorException.java
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-
-/**
- * @author tlenz
- *
- */
-public class AuthnRequestValidatorException extends PVP2Exception {
-
-	private IRequest errorRequest = null;
-	
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 4939651000658508576L;
-
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public AuthnRequestValidatorException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-		
-	}
-	
-	public AuthnRequestValidatorException(String messageId, Object[] parameters, IRequest errorRequest) {
-		super(messageId, parameters);
-		this.errorRequest = errorRequest;
-		
-	}
-
-	/**
-	 * @return the errorRequest
-	 */
-	public IRequest getErrorRequest() {
-		return errorRequest;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
index 87e443930..b1e7df014 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
@@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
 
 import org.opensaml.saml2.core.StatusCode;
 
+import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
+
 public class NameIDFormatNotSupportedException extends AuthnRequestValidatorException {
 
 	public NameIDFormatNotSupportedException(String nameIDFormat) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 7f6f9b88c..86284a2f4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -49,10 +49,10 @@ import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.parse.BasicParserPool;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.auth.IDestroyableObject;
 import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
index 28a85b4af..29dd70545 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
@@ -46,7 +46,7 @@ import org.opensaml.xml.io.Marshaller;
 import org.opensaml.xml.io.MarshallingException;
 import org.w3c.dom.Document;
 
-import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 
 public class SAML2Utils {
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
index 4ae89466d..7b7ba6883 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
@@ -26,7 +26,7 @@ import org.opensaml.saml2.core.AuthnRequest;
 import org.opensaml.saml2.core.NameID;
 import org.opensaml.saml2.core.NameIDPolicy;
 
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException;
+import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
 import at.gv.egovernment.moaspss.logging.Logger;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
index d05d180e1..528d8cbb6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
@@ -34,7 +34,7 @@ import org.opensaml.xml.security.x509.BasicX509Credential;
 import org.opensaml.xml.signature.SignatureValidator;
 import org.opensaml.xml.validation.ValidationException;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
index f6104bdeb..870c70efe 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
@@ -46,7 +46,7 @@ import org.springframework.stereotype.Service;
 import org.w3c.dom.Element;
 import org.xml.sax.SAXException;
 
-import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
index 0df6379b0..9ae41c06c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
@@ -40,13 +40,15 @@ import org.springframework.transaction.annotation.Transactional;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
@@ -55,10 +57,8 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.commons.utils.JsonMapper;
 import at.gv.egovernment.moa.id.data.EncryptedData;
-import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.id.util.SessionEncrytionUtil;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
index 2395b913d..958ef4977 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
@@ -37,6 +37,7 @@ import org.hibernate.HibernateException;
 import org.springframework.stereotype.Repository;
 import org.springframework.transaction.annotation.Transactional;
 
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
@@ -240,16 +241,16 @@ public class DBTransactionStorage implements ITransactionStorage {
 		}
 	}
 
-	public Object getAssertionStore(String key) throws MOADatabaseException{
-		return searchInDatabase(key);
-		
-	}
+//	public Object getAssertionStore(String key) throws MOADatabaseException{
+//		return searchInDatabase(key);
+//		
+//	}
 	
-	@Override
-	public void putAssertionStore(Object element) throws MOADatabaseException{
-		entityManager.merge(element);
-		
-	}
+//	@Override
+//	public void putAssertionStore(Object element) throws MOADatabaseException{
+//		entityManager.merge(element);
+//		
+//	}
 	
 	private void cleanDelete(AssertionStore element) {
 	
@@ -310,7 +311,7 @@ public class DBTransactionStorage implements ITransactionStorage {
 			
 		} catch (BuildException e) {
 			Logger.warn("Sessioninformation could not be stored.");
-			throw new MOADatabaseException(e);
+			throw new MOADatabaseException("Can not store data into transaction-storage", e);
 			
 		}
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
index c8d09e17e..414df1328 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
@@ -25,18 +25,18 @@ package at.gv.egovernment.moa.id.storage;
 import java.util.Date;
 import java.util.List;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
deleted file mode 100644
index 51a36d426..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
+++ /dev/null
@@ -1,135 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.storage;
-
-import java.util.Date;
-import java.util.List;
-
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-
-/**
- * @author tlenz
- *
- */
-public interface ITransactionStorage {
-
-	/**
-	 * Check if transaction storage contains a data object with a specific key
-	 * 
-	 * @param key Key, which identifies a data object
-	 * @return true if key is found, otherwise false
-	 */
-	public boolean containsKey(String key);
-	
-	/**
-	 * Store a data object with a key to transaction storage
-	 * 
-	 * @param key Id which identifiers the data object
-	 * @param value Data object which should be stored. 
-	 *              This data must implement the <code>java.io.Serializable</code> interface
-	 * @param timeout_ms Defines the period of time a data object is kept within the storage
-	 * @throws MOADatabaseException In case of store operation failed
-	 */
-	public void put(String key, Object value, int timeout_ms) throws MOADatabaseException;
-	
-	/**
-	 * Get a data object from transaction storage
-	 * 
-	 * @param key key Id which identifiers the data object
-	 * @return The transaction-data object, or null
-	 * @throws MOADatabaseException In case of load operation failed
-	 */
-	public Object get(String key) throws MOADatabaseException;
-	
-	/**
-	 * Get a data object from transaction storage
-	 * 
-	 * @param key Id which identifiers the data object
-	 * @param clazz The class type which is stored with this key
-	 * @return The transaction-data object from type class, or null
-	 * @throws MOADatabaseException In case of load operation failed
-	 */
-	public <T> T get(String key, final Class<T> clazz) throws MOADatabaseException;
-	
-	/**
-	 * Get a data object from transaction storage
-	 * 
-	 * @param key Id which identifiers the data object
-	 * @param clazz The class type which is stored with this key
-	 * @param Data-object timeout in [ms]
-	 * @return The transaction-data object from type class, or null
-	 * @throws MOADatabaseException In case of load operation failed
-	 * @throws AuthenticationException In case of data-object timeout occurs
-	 */
-	public <T> T get(String key, final Class<T> clazz, long dataTimeOut) throws MOADatabaseException, AuthenticationException;
-	
-	
-	/**
-	 * Change the key of a data object and store it under the new key
-	 * 
-	 * @param oldKey Old key of the data object
-	 * @param newKey New key, which should be used to store the data object
-	 * @param value Data object which should be stored
-	 * @throws MOADatabaseException In case of store operation failed
-	 */
-	public void changeKey(String oldKey, String newKey, Object value) throws MOADatabaseException; 
-	
-	/**
-	 * Remove a data object from transaction storage
-	 * 
-	 * @param key Id which identifiers the data object
-	 */
-	public void remove(String key);
-	
-	/**
-	 * Get all entries for Clean-up the transaction storage
-	 * 
-	 * @param now Current time
-	 * @param dataTimeOut Data-object timeout in [ms]
-	 * @return List of entry-keys which as a timeout
-	 */
-	public List<String> clean(Date now, long dataTimeOut);
-	
-	
-	/**
-	 * Get whole AssertionStoreObject, required for SLO
-	 * <br>
-	 * <b>IMPORTANT:</b> This method does NOT decrypt information before storage
-	 * 
-	 * @param key key Id which identifiers the data object
-	 * @return The transaction-data object, or null
-	 * @throws MOADatabaseException In case of load operation failed
-	 */
-	public Object getAssertionStore(String key) throws MOADatabaseException;
-	
-	/**
-	 * Put whole AssertionStoreObject to db, required for SLO
- 	 * <br>
-	 * <b>IMPORTANT:</b> This method does NOT encrypt information before storage
-	 * 
-	 * @param element assertion store object
-	 */
-	public void putAssertionStore(Object element) throws MOADatabaseException;
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
index 2b9a6656b..f30613474 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
@@ -39,6 +39,7 @@ import org.springframework.data.redis.core.SessionCallback;
 import org.springframework.data.redis.serializer.JacksonJsonRedisSerializer;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
index 84d40f619..8fdf1eab8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
@@ -37,6 +37,7 @@ import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEKeySpec;
 import javax.crypto.spec.SecretKeySpec;
 
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.DatabaseEncryptionException;
 import at.gv.egovernment.moa.id.data.EncryptedData;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java
deleted file mode 100644
index 655675f00..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.util;
-
-import java.util.Locale;
-
-import at.gv.egovernment.moa.id.auth.exception.BKUException;
-import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.ProcessExecutionException;
-import at.gv.egovernment.moa.util.Messages;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-public class ErrorResponseUtils {
-
-	public static final String INTERNALERRORCODE = "9199"; 
-	
-	private static ErrorResponseUtils instance = null;
-	private static final String[] DEFAULT_MESSAGE_RESOURCES =
-		    { "resources/properties/protocol_response_statuscodes" };  
-	private static final Locale[] DEFAULT_MESSAGE_LOCALES =
-		    new Locale[] { new Locale("de", "AT") };
-	private Messages messages = null;
-	
-	
-	public static ErrorResponseUtils getInstance() {
-		if (instance == null) {
-			instance = new ErrorResponseUtils(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES);
-			
-		}
-		return instance;
-	}
-	
-	private ErrorResponseUtils(String[] resourceNames, Locale[] locales) {
-		this.messages = new Messages(resourceNames, locales);
-	}
-	
-	public String getResponseErrorCode(Throwable throwable) {
-		String errorCode = null;
-		
-		if (throwable instanceof BKUException) {
-			BKUException error = (BKUException) throwable;			
-			errorCode = mapInternalErrorToExternalError(error.getMessageId()) + 
-					error.getBkuErrorCode();			
-			
-		} else if (throwable instanceof MISSimpleClientException) {
-			MISSimpleClientException error = (MISSimpleClientException) throwable;
-			
-			if (MiscUtil.isNotEmpty(error.getMISErrorCode()))
-				errorCode = mapInternalErrorToExternalError(error.getMessageId()) + 
-						error.getMISErrorCode();							
-			else
-				errorCode = mapInternalErrorToExternalError(error.getMessageId());
-						
-		} else if (throwable instanceof MOAIDException) {
-			MOAIDException error = (MOAIDException) throwable;
-			errorCode = mapInternalErrorToExternalError(error.getMessageId());
-		
-		} else if (throwable instanceof ProcessExecutionException) {
-			errorCode = "1100";
-			
-		} else {
-			errorCode = INTERNALERRORCODE;
-						
-		}
-				
-		return errorCode;
-		
-	}
-	
-	public String mapInternalErrorToExternalError(String intErrorCode) {		
-		String extErrorCode = messages.getMessage(intErrorCode, null);
-		
-		if (MiscUtil.isEmpty(extErrorCode))
-			extErrorCode = INTERNALERRORCODE;
-				
-		return extErrorCode;
-		
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
deleted file mode 100644
index 4cb6af127..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
+++ /dev/null
@@ -1,196 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.util;
-
-/**
- * HTTP Utilities  
- * 
- * @author Rudolf Schamberger
- * @version $Id$
- */
-
-import java.io.BufferedInputStream;
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.Reader;
-import java.net.HttpURLConnection;
-import java.net.URL;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.regexp.RE;
-import org.apache.regexp.RESyntaxException;
-
-import at.gv.egovernment.moa.util.StringUtils;
-
-/**
- * 
- * @author Rudolf Schamberger
- *
- */
-public class HTTPUtils {
-
-  /**
-   * Utility used to obtainin correct encoded HTTP content.
-   * Reads a given Content adressed by HTTP-URL into String. 
-   * Content encoding is considered by using the Content-Type HTTP header charset value.
-   * @param URL HTTP URL to read from.
-   * @return String representation of content
-   * @throws IOException on data-reading problems
-   */
-  public static String readHttpURL(String URL) 
-    throws IOException {
-      
-    URL url = new URL(URL);
-    HttpURLConnection conn = (HttpURLConnection)url.openConnection();
-    conn.setRequestMethod("GET");
-    String contentType = conn.getContentType();
-    RE regExp = null;
-    try {
-        regExp = new RE("(;.*charset=)(\"*)(.*[^\"])");
-    } catch (RESyntaxException e) {
-        //RESyntaxException is not possible = expr. is costant
-    }
-    boolean charsetSupplied = regExp.match(contentType);
-    String encoding = "ISO-8859-1"; 		//default HTTP encoding 
-    if (charsetSupplied) {
-      encoding = regExp.getParen(3);
-    }
-    InputStream instream = new BufferedInputStream(conn.getInputStream());
-    InputStreamReader isr = new InputStreamReader(instream, encoding);
-    Reader in = new BufferedReader(isr);
-    int ch;
-  	StringBuffer buffer = new StringBuffer();
-    while ((ch = in.read()) > -1) {
-  		buffer.append((char)ch);
-  	}     
-    in.close();
-    conn.disconnect();
-    return buffer.toString();
-  }
-  
-  	/**
-  	 * Helper method to retrieve server URL including context path
-  	 * @param request HttpServletRequest
-  	 * @return Server URL including context path (e.g. http://localhost:8443/moa-id-auth
-  	 */
-  	public static String getBaseURL(HttpServletRequest request) {
-		StringBuffer buffer = new StringBuffer(getServerURL(request));
-		
-	    // add context path if available
-	    String contextPath = request.getContextPath();
-	    if (!StringUtils.isEmpty(contextPath)) {
-	    	buffer.append(contextPath);
-	    }
-		
-		return buffer.toString(); 
-	}
-	
-  	/**
-  	 * Helper method to retrieve server URL
-  	 * @param request HttpServletRequest
-  	 * @return Server URL (e.g. http://localhost:8443)
-  	 */
-	public static String getServerURL(HttpServletRequest request) {
-		StringBuffer buffer = new StringBuffer();
-		
-		// get protocol
-		String protocol = request.getScheme();
-		buffer.append(protocol).append("://");
-		
-		// server name
-		buffer.append(request.getServerName());
-		
-		// add port if necessary
-		int port = request.getServerPort();
-	    if ((protocol.equals("http") && port != 80) || (protocol.equals("https") && port != 443)) {
-	    	buffer.append(':');
-	    	buffer.append(port);
-	    }
-	
-	    return buffer.toString(); 
-	}
-	
-	/**
-	 * Extract the IDP PublicURLPrefix from authrequest
-	 * 
-	 * @param req HttpServletRequest
-	 * @return PublicURLPrefix <String> which ends always without /
-	 */
-	public static String extractAuthURLFromRequest(HttpServletRequest req) {
-	    String authURL = req.getScheme() + "://" + req.getServerName();
-	    if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { 
-	      authURL = authURL.concat(":" + req.getServerPort());
-	    }
-	    authURL = authURL.concat(req.getContextPath());
-	    return authURL;
-		
-	}
-	
-	/**
-	 * Extract the IDP requested URL from authrequest
-	 * 
-	 * @param req HttpServletRequest
-	 * @return RequestURL <String> which ends always without /
-	 */ 
-	public static String extractAuthServletPathFromRequest(HttpServletRequest req) {
-	    return extractAuthURLFromRequest(req).concat(req.getServletPath());
-	 	
-	}
-	
-	public static String addURLParameter(String url, String paramname,
-			String paramvalue) {
-		String param = paramname + "=" + paramvalue;
-		if (url.indexOf("?") < 0)
-			return url + "?" + param;
-		else
-			return url + "&" + param;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java
new file mode 100644
index 000000000..335cf55ce
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java
@@ -0,0 +1,144 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.util;
+
+import java.util.Locale;
+
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.IStatusMessager;
+import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
+import at.gv.egovernment.moa.id.auth.exception.BKUException;
+import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.util.Messages;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * A singleton wrapper around a <code>Message</code> object, providing the messages used in MOA-ID.
+ * 
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+@Service("MOAIDMessageProvider")
+public class MOAIDMessageProvider implements IStatusMessager {
+  
+  //internal messanges
+  private static final String[] DEFAULT_MESSAGE_RESOURCES = { "resources/properties/id_messages" };  
+  private static final Locale[] DEFAULT_MESSAGE_LOCALES = new Locale[] { new Locale("de", "AT") };
+  private Messages messages;
+  
+  //external error codes
+  private static final String[] DEFAULT_EXTERNALERROR_RESOURCES = { "resources/properties/protocol_response_statuscodes" };  
+  private static final Locale[] DEFAULT_EXTERNALERROR_LOCALES = new Locale[] { new Locale("de", "AT") };
+  private Messages externalError = null;
+  
+  
+  public MOAIDMessageProvider() {
+	  this.messages = new Messages(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES);
+	  this.externalError = new Messages(DEFAULT_EXTERNALERROR_RESOURCES, DEFAULT_EXTERNALERROR_LOCALES);
+	  
+  }	
+  
+  /**
+   * Get the message corresponding to a given message ID.
+   *
+   * @param messageId The ID of the message.
+   * @param parameters The parameters to fill in into the message arguments.
+   * @return The formatted message. 
+   */
+  @Override
+  public String getMessage(String messageId, Object[] parameters) {
+    return messages.getMessage(messageId, parameters);
+  }
+
+
+@Override
+public String getResponseErrorCode(Throwable throwable) {
+	String errorCode = null;
+	
+	if (throwable instanceof BKUException) {
+		BKUException error = (BKUException) throwable;			
+		errorCode = mapInternalErrorToExternalError(error.getMessageId()) + 
+				error.getBkuErrorCode();			
+		
+	} else if (throwable instanceof MISSimpleClientException) {
+		MISSimpleClientException error = (MISSimpleClientException) throwable;
+		
+		if (MiscUtil.isNotEmpty(error.getMISErrorCode()))
+			errorCode = mapInternalErrorToExternalError(error.getMessageId()) + 
+					error.getMISErrorCode();							
+		else
+			errorCode = mapInternalErrorToExternalError(error.getMessageId());
+					
+	} else if (throwable instanceof MOAIDException) {
+		MOAIDException error = (MOAIDException) throwable;
+		errorCode = mapInternalErrorToExternalError(error.getMessageId());
+	
+	} else if (throwable instanceof ProcessExecutionException) {
+		errorCode = IStatusMessager.CODES_EXTERNAL_ERROR_PROCESSENGINE;
+		
+	} else {
+		errorCode = IStatusMessager.CODES_EXTERNAL_ERROR_GENERIC;
+					
+	}
+			
+	return errorCode;
+}
+
+
+@Override
+public String mapInternalErrorToExternalError(String intErrorCode) {
+	String extErrorCode = messages.getMessage(intErrorCode, null);
+	
+	if (MiscUtil.isEmpty(extErrorCode))
+		extErrorCode = IStatusMessager.CODES_EXTERNAL_ERROR_GENERIC;
+			
+	return extErrorCode;
+}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
deleted file mode 100644
index 38c384c3a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
+++ /dev/null
@@ -1,187 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.util;
-
-
-import java.nio.ByteBuffer;
-import java.security.SecureRandom;
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-
-import org.apache.commons.codec.binary.Hex;
-
-import com.google.common.primitives.Bytes;
-
-import iaik.security.random.SeedGenerator;
-
-
-/**
- * Random number generator used to generate ID's
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class Random {
-
-	
-	private final static char[] allowedPreFix = 
-		{'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
-		 'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z'};
-	private static final DateFormat dateFormater = new SimpleDateFormat("yyyyddMM");
-	
-  /** random number generator used */
-	//private static SecureRandom random = new SecureRandom();
-	private static SecureRandom random;
-	private static SeedGenerator seedgenerator;	
-		
-	static {
-		random = iaik.security.random.SHA256FIPS186Random.getDefault();
-	    seedgenerator = iaik.security.random.AutoSeedGenerator.getDefault();
-		
-	}
-	
-	/**
-	 * Generate a unique process reference-value [160bit], which always starts with a letter
-	 * <br>
-	 * This unique ID consists of single letter, a 64bit date String[yyyyddMM],
-	 *  and a 88bit random value.  
-	 * 
-	 * @return 160bit ID, which is hex encoded
-	 */
-	public static String nextProcessReferenceValue() {		
-		//pre-process all three parts of a unique reference value
-		String now = dateFormater.format(new Date()); //8 bytes = 64bit
-		byte[] randValue = nextByteRandom(11);
-		char preFix = allowedPreFix[Math.abs(random.nextInt() % allowedPreFix.length)];
-	 
-		//generate ID
-		String returnValue = preFix + new String(Hex.encodeHex(Bytes.concat(now.getBytes(), randValue))); // 20 bytes = 160 bits
-		if (returnValue.length() > 40)
-			return returnValue.substring(0, 40);
-		else
-			return returnValue;
-				
-	}
-	
-	
-	
-	/**
-	 * Creates a new random number [256bit], and encode it as hex value.
-	 * 
-	 * @return random hex encoded value [256bit]
-	 */
-	public static String nextHexRandom32() {
-		return new String(Hex.encodeHex(nextByteRandom(32))); // 32 bytes = 256 bits
-		
-	}
-	
-	/**
-	 * Creates a new random number [128bit], and encode it as hex value.
-	 * 
-	 * @return random hex encoded value [128bit]
-	 */
-	public static String nextHexRandom16() {
-		return new String(Hex.encodeHex(nextByteRandom(16))); // 16 bytes = 128 bits
-		
-	}
-	
-	  /**
-	   * Creates a new random number [64bit], to be used as an ID.
-	   * 
-	   * @return random long as a String [64bit]
-	   */
-	public static String nextLongRandom() {	  
-		return "".concat(String.valueOf(Math.abs(generateLongRandom(32)))); // 32 bytes = 256 bits	
-			
-	  }
-		
-  /**
-   * Creates a new random number, to be used as an ID.
-   * 
-   * @return random long as a String [64bit]
-   */
-	@Deprecated
-  public static String nextRandom() {	  
-	long l = ByteBuffer.wrap(nextByteRandom(32)).getLong(); // 32 bytes = 256 bits
-	return "" + Math.abs(l);
-		
-  }
-  
-/**
- * Creates a new random byte[]
- * 	
- * @param size Size of random number in byte
- * @return
- */
-public static byte[] nextBytes(int size) {
-	return  nextByteRandom(size);
-	
-}
-  
-  public static void seedRandom() {
-	  
-	  if (seedgenerator.seedAvailable())
-		  random.setSeed(seedgenerator.getSeed());
-  }
-  
-	private static long generateLongRandom(int size) {
-		return ByteBuffer.wrap(nextByteRandom(size)).getLong(); 	
-	}
-  
-  /**
-   * Generate a new random number
-   * 
-   * @param size Size of random number in byte
-   * @return
-   */
-  private static synchronized byte[] nextByteRandom(int size) {
-	  byte[] b = new byte[size];
-	  random.nextBytes(b);			 
-	  return b;
-	  
-  }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
deleted file mode 100644
index a4d79ac05..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
+++ /dev/null
@@ -1,69 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-/**
- * 
- */
-package at.gv.egovernment.moa.id.util;
-
-import javax.servlet.http.HttpServletRequest;
-
-public class ServletUtils {
-  
-	
-  public static String getBaseUrl( HttpServletRequest request ) {
-	    if ( ( request.getServerPort() == 80 ) ||
-	         ( request.getServerPort() == 443 ) )
-	      return request.getScheme() + "://" +
-	             request.getServerName() +
-	             request.getContextPath();
-	    else
-	      return request.getScheme() + "://" +
-	             request.getServerName() + ":" + request.getServerPort() +
-	             request.getContextPath();
-	  }
-  
-}
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
index 6a5ce2171..1e3672a0d 100644
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
@@ -1,17 +1,11 @@
-at.gv.egovernment.moa.id.protocols.builder.attributes.BirthdateAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIssuingNationAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSectorForIDAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate
-at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePIN
-at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePINType
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN
 at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.GivenNameAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.MandateFullMandateAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder
@@ -27,7 +21,4 @@ at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepOIDAttribute
 at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeOIDAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.PrincipalNameAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.PVPVersionAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey
-at.gv.egovernment.moa.id.protocols.builder.attributes.EIDeIDASQAALevelAttributeBuilder
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
index 3ecbb84a2..9b6eedb11 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
@@ -26,8 +26,8 @@ import java.util.Collection;
 
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
 
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java
index ab08c0f5c..08fb4e043 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java
@@ -7,9 +7,9 @@ import java.util.List;
 
 import javax.sql.DataSource;
 
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.storage.ITransactionStorage;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java
index 54515ab8e..d3b9789fc 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java
@@ -10,8 +10,8 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.Task;
 
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java
index 266878d7e..7657f1c1f 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java
@@ -10,8 +10,8 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.Task;
 
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java
index 915cb3b1e..1163a0706 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java
@@ -4,7 +4,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.Task;
 
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java
index 41ccb4451..1d10b08a8 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java
@@ -10,8 +10,8 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.Task;
 
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java
index 818e8b479..19a87d520 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java
@@ -6,7 +6,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.Task;
 
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java
index 2ee67ec27..afae6463d 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java
@@ -6,8 +6,8 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.Task;
 
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java
index 1f77eadbc..d808713c1 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java
@@ -2,7 +2,7 @@ package at.gv.egovernment.moa.id.process.test;
 
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.Task;
 
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java
index bc640e97a..ee02d0030 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java
@@ -2,7 +2,7 @@ package at.gv.egovernment.moa.id.process.test;
 
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.Task;
 
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java
index 4b7f61ef5..fc415097c 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java
@@ -11,9 +11,9 @@ import org.springframework.context.support.FileSystemXmlApplicationContext;
 import org.w3c.dom.Element;
 import org.xml.sax.SAXException;
 
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.storage.DBTransactionStorage;
-import at.gv.egovernment.moa.id.storage.ITransactionStorage;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.util.DOMUtils;
 
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index 5d2a1b367..ef80dd60e 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -55,6 +55,10 @@
 
 
     <dependencies>
+    		<dependency>
+    			<groupId>at.gv.egiz.eaaf</groupId>
+	  			<artifactId>eaaf-core</artifactId>
+    		</dependency>    
     		<dependency>
     			<groupId>MOA.id.server</groupId>
     			<artifactId>moa-id-jaxb_classes</artifactId>
@@ -108,6 +112,11 @@
     			<version>0.2</version>
     		</dependency>        
     
+    		<dependency>
+    			<groupId>at.gv.egiz.eaaf</groupId>
+	  			<artifactId>eaaf-core</artifactId>
+    		</dependency>
+    
         <dependency>
             <groupId>iaik.prod</groupId>
             <artifactId>iaik_jce_full</artifactId>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
index 6f6735d48..5b3379ae7 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
@@ -35,8 +35,8 @@ public class MOAIDAuthConstants extends MOAIDConstants{
   public static final String PARAM_ACTION = "ACTION";
   public static final String PARAM_SSO = "SSO";
   public static final String INTERFEDERATION_IDP = "interIDP";
-  public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid";
   
+ 
   public static final String PARAM_SLOSTATUS = "status";
   public static final String PARAM_SLORESTART = "restart";
   public static final String SLOSTATUS_SUCCESS = "success";
@@ -171,12 +171,7 @@ public class MOAIDAuthConstants extends MOAIDConstants{
   public static final String COUNTRYCODE_AUSTRIA = "AT";
   
   public static final String REGEX_PATTERN_TARGET = "^[A-Za-z]{2}(-.*)?$";
-  
-  //MDC variables for logging
-  public static final String MDC_TRANSACTION_ID = "transactionId";
-  public static final String MDC_SESSION_ID = "sessionId";
-  public static final String MDC_SERVICEPROVIDER_ID = "oaId";
-  
+    
   //AuthnRequest IssueInstant validation
   public static final int TIME_JITTER = 5;  //all 5 minutes time jitter 
 
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
index 436dcc91d..958fb25ce 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
@@ -28,6 +28,7 @@ import java.util.Hashtable;
 import java.util.List;
 import java.util.Map;
 
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egovernment.moa.util.Constants;
 
 /**
@@ -38,18 +39,18 @@ public class MOAIDConstants {
 
 	//general configuration constants
 	
-	public static final String DEFAULT_CONTENT_TYPE_HTML_UTF8 = "text/html; charset=UTF-8";
+	public static final String DEFAULT_CONTENT_TYPE_HTML_UTF8 = EAAFConstants.CONTENTTYPE_HTML_UTF8;
 	
 	public static final String FILE_URI_PREFIX = "file:/";
 	
-	public static final String PREFIX_BASEID = Constants.URN_PREFIX_BASEID;	
-	public static final String PREFIX_PBK    = Constants.URN_PREFIX_BPK;
+	public static final String PREFIX_BASEID = EAAFConstants.URN_PREFIX_BASEID;	
+	public static final String PREFIX_PBK    = EAAFConstants.URN_PREFIX_BPK;
 	public static final String PREFIX_HPI    = Constants.URN_PREFIX_HPI;
 	
-	public static final String PREFIX_CDID   = Constants.URN_PREFIX_CDID + "+";
-	public static final String PREFIX_WPBK   = Constants.URN_PREFIX_WBPK + "+";
+	public static final String PREFIX_CDID   = EAAFConstants.URN_PREFIX_CDID;
+	public static final String PREFIX_WPBK   = EAAFConstants.URN_PREFIX_WBPK;
     public static final String PREFIX_STORK  = Constants.URN_PREFIX_STORK + "+";
-    public static final String PREFIX_EIDAS  = Constants.URN_PREFIX_EIDAS + "+";
+    public static final String PREFIX_EIDAS  = EAAFConstants.URN_PREFIX_EIDAS;
     
 	
 	public static final String IDENIFICATIONTYPE_FN = "FN";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
index 4dda4c736..541285219 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
@@ -29,35 +29,7 @@ public interface AuthConfiguration extends ConfigurationProvider{
 	public Map<String, String> getConfigurationWithPrefix(final String Prefix);
 	
 	public String getConfigurationWithKey(final String key);
-	
-	/**
-	 * Get a configuration value from basic file based MOA-ID configuration
-	 * 
-	 * @param key configuration key 
-	 * @return configuration value or null if it is not found
-	 */
-	public String getBasicMOAIDConfiguration(final String key);
-	
-	
-	/**
-	 * Get a configuration value from basic file based MOA-ID configuration
-	 * 
-	 * @param key configuration key 
-	 * @param defaultValue Default value if no value with this key is found
-	 * @return configuration value 
-	 */
-	public String getBasicMOAIDConfiguration(final String key, final String defaultValue);
-	
-	/**
-	 * Get a set of configuration values from basic file based MOA-ID configuration that starts with this prefix
-	 * <br><br>
-	 * <b>Important:</b> The configuration values must be of type String! 
-	 * 
-	 * @param prefix Prefix of the configuration key
-	 * @return Map<String, String> without prefix, but never null
-	 */
-	public Map<String, String> getBasicMOAIDConfigurationWithPrefix(final String prefix);
-	
+		
 	public int getTransactionTimeOut();
 	public int getSSOCreatedTimeOut();
 	public int getSSOUpdatedTimeOut();
@@ -66,8 +38,6 @@ public interface AuthConfiguration extends ConfigurationProvider{
 
 	public List<String> getLegacyAllowedProtocols();
 
-	public IOAAuthParameters getOnlineApplicationParameter(String oaURL);
-
 	public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException;
 
 	public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException;
@@ -205,12 +175,4 @@ public interface AuthConfiguration extends ConfigurationProvider{
 	 */
 	public String[] getRevocationMethodOrder();
 
-	/**
-	 * Get a boolean value from basic MOA-ID configuration file
-	 * 
-	 * @param key Configuration key
-	 * @param defaultValue Default result
-	 * @return returns the value of the configuration key, or the default value if the key is not set
-	 */
-	public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue);
 }
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java
index e14f9c9ce..12b9517a6 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java
@@ -22,11 +22,14 @@
  */
 package at.gv.egovernment.moa.id.commons.api;
 
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+
 /**
  * @author tlenz
  *
  */
-public interface ConfigurationProvider {
+public interface ConfigurationProvider extends IConfiguration{
 
 	  /** 
 	   * The name of the system property which contains the file name of the 
@@ -54,14 +57,15 @@ public interface ConfigurationProvider {
 		public static final String TRUST_MANAGER_REVOCATION_CHECKING =
 			"TrustManager.RevocationChecking";   
 		
-		public String getRootConfigFileDir();
-		
 		public String getDefaultChainingMode();
 	
 		public String getTrustedCACertificates();
 		
 		public boolean isTrustmanagerrevoationchecking();
 		
+		
+		public String getRootConfigFileDir() throws ConfigurationException;
+		
 		/**
 		 * Get active Spring profiles from file based configuration
 		 * 
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
index 1e1bfa94b..8ca65e745 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
@@ -25,8 +25,9 @@ package at.gv.egovernment.moa.id.commons.api;
 import java.security.PrivateKey;
 import java.util.Collection;
 import java.util.List;
-import java.util.Map;
 
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
 import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
@@ -37,10 +38,7 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
  * @author tlenz
  *
  */
-public interface IOAAuthParameters {
-
-	public static final String CONFIG_KEY_RESTRICTIONS_BASEID_INTERNAL = "configuration.restrictions.baseID.idpProcessing";
-	public static final String CONFIG_KEY_RESTRICTIONS_BASEID_TRANSMISSION = "configuration.restrictions.baseID.spTransmission";
+public interface IOAAuthParameters extends ISPConfiguration{
 	
 	public static final String THIRDBKU = "thirdBKU";
 	public static final String HANDYBKU = "handy";
@@ -53,20 +51,6 @@ public interface IOAAuthParameters {
 	public static final String EIDAS = "eIDAS";
 	public static final String AUTHTYPE_OTHERS = "others";
 
-	/**
-	 * Get the full key/value configuration for this online application
-	 * 
-	 * @return an unmodifiable map of key/value pairs
-	 */
-	public Map<String, String> getFullConfiguration();
-	
-	  /**
-	   * Get a configuration value from online application key/value configuration
-	   * 
-	   * @param key: The key identifier of a configuration value   * 
-	   * @return The configuration value {String} or null if the key does not exist
-	   */  
-	public String getConfigurationValue(String key);
 	
 	public String getFriendlyName();
 	
@@ -82,7 +66,8 @@ public interface IOAAuthParameters {
 	 * @return true if there is a restriction, otherwise false
 	 * @throws ConfigurationException In case of online-application configuration has public and private identifies
 	 */
-	public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException;
+	@Override
+	public boolean hasBaseIdInternalProcessingRestriction() throws EAAFConfigurationException;
 	
 	
 	/**
@@ -95,7 +80,8 @@ public interface IOAAuthParameters {
 	 * @return true if there is a restriction, otherwise false
 	 * @throws ConfigurationException In case of online-application configuration has public and private identifies
 	 */
-	public boolean hasBaseIdTransferRestriction() throws ConfigurationException;
+	@Override
+	public boolean hasBaseIdTransferRestriction() throws EAAFConfigurationException;
 	
 	
 	/**
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java
deleted file mode 100644
index 88cd89319..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java
+++ /dev/null
@@ -1,221 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.commons.api;
-
-import java.util.Collection;
-
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
-
-public interface IRequest {
-		
-	/**
-	 * Indicates the module, which implements this authentication protocol.
-	 * The class, which is referenced, had to implement the 'IModulInfo' interface.
-	 * 
-	 * @return Full-qualified name of the class which implements this protocol
-	 */
-	public String requestedModule();
-	
-	/**
-	 * Indicates the protocol specific action, which should executed if the request is processed. 
-	 * The class, which is referenced, had to implement the 'IAction' interface.
-	 * 
-	 * @return Full-qualified name of the class which implements the action  
-	 */
-	public String requestedAction();
-	
-	/**
-	 * Unique identifier, which indicates the service provider. 
-	 * In case of SAML1 protocol, it is the OA http-GET parameter
-	 * 
-	 * @return Unique identifier for the service provider
-	 */
-	public String getOAURL();
-	
-	/**
-	 * Indicates the passive flag in authentication requests.
-	 * If the passive flag is set, the identification and authentication process 
-	 * failed if no active SSO session is found. 
-	 * 
-	 * @return true, if the is passive flag is set in authentication request, otherwise false
-	 */
-	public boolean isPassiv();
-	
-	/**
-	 * Indicates the force authentication flag in authentication request
-	 * If this flag is set, a new identification and authentication process
-	 * is carried out in any case.
-	 * 
-	 * @return true, if the force authentication flag is set, otherwise false
-	 */
-	public boolean forceAuth();
-	
-	
-	/**
-	 * Returns a generic request-data object with is stored with a specific identifier 
-	 * 
-	 * @param key The specific identifier of the request-data object
-	 * @return The request-data object or null if no data is found with this key
-	 */
-	public Object getGenericData(String key);
-	
-	/**
-	 * Returns a generic request-data object with is stored with a specific identifier 
-	 * 
-	 * @param key The specific identifier of the request-data object
-	 * @param clazz The class type which is stored with this key
-	 * @return The request-data object or null if no data is found with this key
-	 */
-	public <T> T getGenericData(String key, final Class<T> clazz);
-	
-	/** 
-	 * Store a generic data-object to request with a specific identifier
-	 * 
-	 * @param key Identifier for this data-object
-	 * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
-	 * @throws SessionDataStorageException Error message if the data-object can not stored to generic request-data storage
-	 */
-	public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException;
-		
-	/**
-	 * Hold the identifier of this request object. 
-	 * This identifier can be used to load the request from request storage 
-	 * 
-	 * @return Request identifier
-	 */
-	public String getRequestID();
-	
-
-	/**
-	 * Hold the identifier of the SSO MOASession which is associated with this request
-	 * 
-	 * @return SSO MOASession identifier if a associated session exists, otherwise null
-	 */
-	public String getInternalSSOSessionIdentifier();
-
-	
-	/**
-	 * Hold the MOASession object of a pending request
-	 * This MOASession object is NOT stored to AuthenticationSession database, because it is only part of the pending request 
-	 * 
-	 * @return {@link IAuthenticationSession} AuthenticationSession data object of this pending request
-	 */
-	public IAuthenticationSession getMOASession();
-	
-	
-	/**
-	 * Populate the MOASession object of a pending request with information from an SSO session database
-	 * 
-	 * @param ssoSession
-	 */
-	public void populateMOASessionWithSSOInformation(IAuthenticationSession ssoSession);
-		
-	/**
-	 * Holds a unique transaction identifier, which could be used for looging
-	 * This transaction identifier is unique for a single identification and authentication process
-	 * 
-	 * @return Unique transaction identifier. 
-	 */
-	public String getUniqueTransactionIdentifier();
-	
-	/**
-	 * Holds a unique session identifier, which could be used for logging 
-	 * This session identifier is unique for the full Single Sign-On session time
-	 * 
-	 * @return Unique session identifier
-	 */
-	public String getUniqueSessionIdentifier();
-	
-	
-	/**
-	 * Hold the identifier if the process instance, which is associated with this request 
-	 * 
-	 * @return ProcessInstanceID if this request is associated with a authentication process, otherwise null
-	 */
-	public String getProcessInstanceId();
-	
-	
-	/**
-	 * get the IDP URL PreFix, which was used for authentication request
-	 * 
-	 * @return IDP URL PreFix <String>. The URL prefix always ends without /
-	 */
-	public String getAuthURL();
-	public String getAuthURLWithOutSlash();
-	
-	/**
-	 * Indicates if this pending request needs authentication
-	 * 
-	 * @return true if this request needs authentication, otherwise false
-	 */
-	public boolean isNeedAuthentication();
-	
-	/**
-	 * Indicates, if this pending request needs Single Sign-On (SSO) functionality 
-	 * 
-	 * @return true if this request needs SSO, otherwise false
-	 */
-	public boolean needSingleSignOnFunctionality();
-	public void setNeedSingleSignOnFunctionality(boolean needSSO);
-	
-	/**
-	 * Indicates, if this pending request is already authenticated
-	 * 
-	 * @return true if this request is already authenticated, otherwise false
-	 */
-	public boolean isAuthenticated();
-	public void setAuthenticated(boolean isAuthenticated);
-	
-	/**
-	 * Get get Service-Provider configuration which is associated with this request.
-	 * 
-	 * @return Service-Provider configuration
-	 */
-	public IOAAuthParameters getOnlineApplicationConfiguration();
-
-	/**
-	 * Indicates, if this pending-request is aborted by the user
-	 * 
-	 * @return true, if it is aborted, otherwise false
-	 */
-	public boolean isAbortedByUser();
-
-	/**
-	 * Set the 'isAboredByUser' flag of this pending-request
-	 * 
-	 * @param b true, if the user has abort the authentication process, otherwise false
-	 */
-	public void setAbortedByUser(boolean isAborted);
-	
-	/**
-	 * This method get a Set of PVP 2.1 attribute, which are request by this pending-request.
-	 * @param metadataProvider SAML2 Metadata Provider, or null if no metadata provider is required
-	 * 
-	 * @return A set of PVP attribute names or null if no attributes are requested 
-	 * 			or the Service Provider, which sends this request needs no attributes
-	 */
-	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider);
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java
index 6841be92b..75f466f0a 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java
@@ -49,7 +49,8 @@ package at.gv.egovernment.moa.id.commons.api.exceptions;
 import java.io.PrintStream;
 import java.io.PrintWriter;
 
-import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 
 /**
  * Base class of technical MOA exceptions.
@@ -60,7 +61,7 @@ import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
  * @author Patrick Peck, Ivancsics Paul
  * @version $Id$
  */
-public class MOAIDException extends Exception {
+public class MOAIDException extends EAAFException {
   /**
 	 * 
 	 */
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
index 93f26051c..de120fd9c 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
@@ -32,6 +32,7 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral;
@@ -82,7 +83,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TimeOuts;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.TransformsInfoType;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyAuthBlock;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.validation.TargetValidator;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
index 695df3123..bb7bcfd0f 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
@@ -1,5 +1,6 @@
 package at.gv.egovernment.moa.id.commons.config;
 
+import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 
 /**
@@ -33,7 +34,8 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants {
 	public static final String PREFIX_MOAID_SERVICES_GATEWAY = PREFIX_MOAID_SERVICES + "." + PREFIX_GATEWAY;
 	
 	//Namespaces for online applications
-	public static final String SERVICE_UNIQUEIDENTIFIER = "uniqueID";   	//publicURLPrefix
+	public static final String SERVICE_UNIQUEIDENTIFIER 
+						= EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER;   	//publicURLPrefix
 	public static final String SERVICE_FRIENDLYNAME = "friendlyName";   	//friendlyName
 	public static final String SERVICE_BUSINESSSERVICE = "businessservice";	//type
 	public static final String SERVICE_ISACTIVE = "isActive";		   		//isActive
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java
index 4944813ad..6ef7a00cd 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/persistence/MOAIDConfigurationImpl.java
@@ -14,11 +14,11 @@ import org.springframework.transaction.annotation.Transactional;
 
 import at.gv.egiz.components.configuration.api.Configuration;
 import at.gv.egiz.components.configuration.api.ConfigurationException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.commons.db.dao.config.AbstractConfigProperty;
 //import at.gv.egovernment.moa.id.commons.db.dao.config.ConfigProperty;
 import at.gv.egovernment.moa.id.commons.db.dao.config.DatabaseConfigPropertyImpl;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java
index a3d01024c..cada51b9a 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/NewConfigurationDBRead.java
@@ -9,11 +9,11 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.transaction.annotation.Transactional;
 
 import at.gv.egiz.components.configuration.api.ConfigurationException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ex/MOADatabaseException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ex/MOADatabaseException.java
index 46484879d..d2d411074 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ex/MOADatabaseException.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ex/MOADatabaseException.java
@@ -22,13 +22,12 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.commons.db.ex;
 
-public class MOADatabaseException extends Exception {
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+
+public class MOADatabaseException extends EAAFStorageException {
 
   private static final long serialVersionUID = 1L;
 
-	public MOADatabaseException() {
-	  super();
-  }
 
 	public MOADatabaseException(String message, Throwable cause) {
 	  super(message, cause);
@@ -38,7 +37,4 @@ public class MOADatabaseException extends Exception {
 	  super(message);
   }
 
-	public MOADatabaseException(Throwable cause) {
-	  super(cause);
-  }
 }
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
deleted file mode 100644
index 40ef5a23a..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
+++ /dev/null
@@ -1,341 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.commons.utils;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Properties;
-import java.util.Set;
-
-import org.apache.commons.lang3.StringUtils;
-
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-public class KeyValueUtils {
-	
-	public static final String KEY_DELIMITER = ".";
-	public static final String CSV_DELIMITER = ",";
-	
-	/**
-	 * Convert Java properties into a Map<String, String>
-	 * <br><br>
-	 * <b>Important:</b> The key/values from properties must be of type String! 
-	 * 
-	 * @param properties
-	 * @return
-	 */
-	public static Map<String, String> concertPropertiesToMap(Properties properties) {
-		return new HashMap<String, String>((Map) properties);
-				
-		//INFO Java8 solution ;)
-		//		return properties.entrySet().stream().collect(
-//			    Collectors.toMap(
-//			            e -> e.getKey().toString(),
-//			            e -> e.getValue().toString()
-//			       )
-//			   );
-		
-	}
-	
-	/**
-	 * Extract the first child of an input key after a the prefix
-	 * 
-	 * @param key Full input key 
-	 * @param prefix Prefix 
-	 * @return Child key {String} if it exists or null
-	 */
-	public static String getFirstChildAfterPrefix(String key, String prefix) {		
-		String idAfterPrefix = removePrefixFromKey(key, prefix);
-		if (idAfterPrefix != null) {
-			int index = idAfterPrefix.indexOf(KEY_DELIMITER);
-			if (index > 0) {
-				String adding = idAfterPrefix.substring(0, index);
-				if (!(adding.isEmpty())) {
-					return adding;
-					
-				}
-			} else if (!(idAfterPrefix.isEmpty())) {
-				return idAfterPrefix;
-				
-			}
-			
-		}					
-		return null;
-	}
-	
-	/**
-	 * Extract the prefix from an input key
-	 * 
-	 * @param key Full input key
-	 * @param suffix Suffix of this key
-	 * @return Prefix {String} of the key or null if input key does not ends with postfix string 
-	 */
-	public static String getPrefixFromKey(String key, String suffix) {
-		if (key != null && key.endsWith(suffix)) {
-			String idPreforeSuffix = key.substring(0, key.length()-suffix.length());			
-			if (idPreforeSuffix.endsWith(KEY_DELIMITER))
-				return idPreforeSuffix.substring(0, idPreforeSuffix.length()-1);
-			else
-				return idPreforeSuffix;
-		}
-		return null;
-		
-	}
-	
-	/**
-	 * Remove a prefix string from a key
-	 * 
-	 * @param key Full input key
-	 * @param prefix Prefix, which should be removed
-	 * @return The suffix of the input key or null if the input does not starts with the prefix
-	 */
-	public static String removePrefixFromKey(String key, String prefix) {
-		if (prefix == null)
-			prefix = new String();
-		
-		if (key!=null && key.startsWith(prefix)) {
-			String afterPrefix = key.substring(prefix.length()); 
-			int index = afterPrefix.indexOf(KEY_DELIMITER);
-
-			if (index == 0) {
-				afterPrefix = afterPrefix.substring(1);
-				
-			}
-			return afterPrefix;
-			
-		}		
-		return null;
-	}
-	
-	/**
-	 * Remove a prefix string from all keys in {Map<String, String>} of key/value pairs
-	 * 
-	 * @param keys Input data of key/value pairs
-	 * @param prefix Prefix which should be removed
-	 * @return {Map<String, String>} of key/value pairs without prefix in key, but never null
-	 */
-	public static Map<String, String> removePrefixFromKeys(Map<String, String> keys, String prefix) {
-		Map<String, String> result = new HashMap<String, String>();
-		Iterator<Entry<String, String>> interator = keys.entrySet().iterator();
-		while(interator.hasNext()) {
-			Entry<String, String> el = interator.next();
-			String newKey = removePrefixFromKey(el.getKey(), prefix); 
-			if (MiscUtil.isNotEmpty(newKey)) {
-				result.put(newKey, el.getValue());
-			}			
-		}
-		
-		return result;
-	}
-
-	/**
-	 * Get a subset of key/value pairs which starts with a prefix string
-	 * The Prefix is removed from the key
-	 * 
-	 * @param keys Input data of key/value pairs
-	 * @param prefix Prefix string
-	 * @return {Map<String, String>} of key/value pairs without prefix in key, but never null
-	 */
-	public static Map<String, String> getSubSetWithPrefix(Map<String, String> keys, String prefix) {
-		return removePrefixFromKeys(keys, prefix);
-	}
-	
-	
-	/**
-	 * Add a prefix to key/value pairs to make the key absolute according to key namespace convention
-	 * 
-	 * @param input Input key/value pairs which should be updated
-	 * @param prefix Key prefix, which should be added if the key is not absolute
-	 * @param absolutIdentifier Key identifier, which indicates an absolute key
-	 * @return {Map<String, String>} of key/value pairs in which all keys are absolute but never null
-	 */
-	public static Map<String, String> makeKeysAbsolut(Map<String, String> input, String prefix, String absolutIdentifier) {
-		Map<String, String> result = new HashMap<String, String>();
-		Iterator<Entry<String, String>> interator = input.entrySet().iterator();
-		while(interator.hasNext()) {
-			Entry<String, String> el = interator.next();
-			if (!el.getKey().startsWith(absolutIdentifier)) {
-				//key is not absolute -> add prefix
-				result.put(prefix 
-						+ KEY_DELIMITER
-						+ el.getKey(), 
-						el.getValue());
-								
-			} else {
-				//key is absolute
-				result.put(el.getKey(), el.getValue());
-			}
-		}
-		return result;
-	}
-	
-	/**
-	 * Get the parent key string from an input key
-	 * 
-	 * @param key input key
-	 * @return parent key or the empty String if no parent exists
-	 */
-	public static String getParentKey(String key) {
-		if (MiscUtil.isNotEmpty(key)) {
-			int index = key.lastIndexOf(KEY_DELIMITER);
-			if (index > 0) {
-				return key.substring(0, index);
-				
-			}			
-		}
-		
-		return new String();
-	}
-
-	/**
-	 * Find the highest free list counter
-	 * 
-	 * @param input Array of list keys
-	 * @param listPrefix {String} prefix of the list
-	 * @return {int} highest free list counter
-	 */
-	public static int findNextFreeListCounter(String[] input,
-			String listPrefix) {
-		List<Integer> counters = new ArrayList<Integer>();
-		if (input == null || input.length == 0)
-			return 0;
-		
-		else {
-			for (String key : input) {
-				String listIndex = getFirstChildAfterPrefix(key, listPrefix);
-				counters.add(Integer.parseInt(listIndex));
-			
-			}		
-			Collections.sort(counters);		
-			return counters.get(counters.size()-1) + 1;
-		}
-	}
-
-	/**
-	 * Find the highest free list counter
-	 * 
-	 * @param keySet {Set<String>} of list keys
-	 * @param listPrefix {String} prefix of the list
-	 * @return {int} highest free list counter
-	 */
-	public static int findNextFreeListCounter(Set<String> keySet,
-			String listPrefix) {
-		if (keySet.isEmpty())
-			return 0;
-		
-		String[] array = new String[keySet.size()];
-		keySet.toArray(array);
-		return findNextFreeListCounter(array, listPrefix);
-	}
-	
-	
-	/**
-	 * Normalize a CSV encoded list of value of an key/value pair
-	 * 
-	 * This method removes all whitespace at the begin or the 
-	 * end of CSV values and remove newLine signs at the end of value.
-	 * The ',' is used as list delimiter
-	 * 
-	 * @param value CSV encoded input data
-	 * @return normalized CSV encoded data or null if {value} is null or empty
-	 */
-	public static String normalizeCSVValueString(String value) {
-		String normalizedCodes = null;
-		if (MiscUtil.isNotEmpty(value)) {			
-			String[] codes = value.split(CSV_DELIMITER);
-			for (String el: codes) {
-				if (normalizedCodes == null)
-					normalizedCodes = StringUtils.chomp(el.trim());
-				else
-					normalizedCodes += "," + StringUtils.chomp(el.trim());
-				
-			}
-		}
-		return normalizedCodes;
-	}
-	
-	
-	/**
-	 * Check a String if it is a comma separated list of values
-	 * 
-	 * This method uses the ',' as list delimiter.
-	 * 
-	 * @param value CSV encoded input data
-	 * @return true if the input data contains a ',' and has more then 1 list element, otherwise false
-	 */
-	public static boolean isCSVValueString(String value) {
-		if (MiscUtil.isNotEmpty(value)) {			
-			String[] codes = value.split(CSV_DELIMITER);
-			if (codes.length >= 2) {
-				if (MiscUtil.isNotEmpty(codes[1].trim()))
-					return true;
-				
-			}			
-		}
-		
-		return false;
-	}
-	
-	/**
-	 * Convert a CSV list to a List of CSV values
-	 * <br><br>
-	 * This method removes all whitespace at the begin or the 
-	 * end of CSV values and remove newLine signs at the end of value.
-	 * The ',' is used as list delimiter
-	 * 
-	 * @param csv CSV encoded input data
-	 * @return List of CSV normalized values, but never null
-	 */
-	public static List<String> getListOfCSVValues(String csv) {
-		List<String> list = new ArrayList<String>();
-		if (MiscUtil.isNotEmpty(csv)) {		
-			String[] values = csv.split(CSV_DELIMITER);
-			for (String el: values)
-				list.add(el.trim());
-		
-		}
-		
-		return list;
-	}
-	
-	/**
-	 * This method remove all newline delimiter (\n or \r\n) from input data
-	 * 
-	 * @param value Input String
-	 * @return Input String without newline characters
-	 */
-	public static String removeAllNewlineFromString(String value) {
-		return value.replaceAll("(\\t|\\r?\\n)+", "");
-		
-	}
-	
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java
deleted file mode 100644
index 4d8a07a55..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java
+++ /dev/null
@@ -1,104 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.commons.utils;
-
-import java.util.Locale;
-
-import at.gv.egovernment.moa.util.Messages;
-
-/**
- * A singleton wrapper around a <code>Message</code> object, providing the messages used in MOA-ID.
- * 
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class MOAIDMessageProvider {
-  
-  /** DEFAULT_MESSAGE_RESOURCES are resources/properties/id_messages */
-  private static final String[] DEFAULT_MESSAGE_RESOURCES =
-    { "resources/properties/id_messages" };
-  /** DEFAULT_MESSAGE_LOCALES are "de", "AT" */  
-  private static final Locale[] DEFAULT_MESSAGE_LOCALES =
-    new Locale[] { new Locale("de", "AT") };
-   /** The instance for our singleton */  
-  private static MOAIDMessageProvider instance;
-  /** The Messages */
-  private Messages messages;
-  
-  /**
-   * Returns the single instance of <code>MOAIDMessageProvider</code>.
-   * 
-   * @return the single instance of <code>MOAIDMessageProvider</code>
-   */
-  public static MOAIDMessageProvider getInstance() {
-    if (instance == null)
-      instance = new MOAIDMessageProvider(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES);
-    return instance;
-  }
-  
-  /**
-   * Create a <code>MOAIDMessageProvider</code>.
-   * 
-   * @param resourceNames The names of the resources containing the messages.
-   * @param locales The corresponding locales.
-   */
-  protected MOAIDMessageProvider(String[] resourceNames, Locale[] locales) {
-    this.messages = new Messages(resourceNames, locales);
-  }
-  
-  /**
-   * Get the message corresponding to a given message ID.
-   *
-   * @param messageId The ID of the message.
-   * @param parameters The parameters to fill in into the message arguments.
-   * @return The formatted message. 
-   */
-  public String getMessage(String messageId, Object[] parameters) {
-    return messages.getMessage(messageId, parameters);
-  }
-
-}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java
index d57834192..999552891 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.frontend.builder;
 import java.util.HashMap;
 import java.util.Map;
 
+import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
index ad068ac49..8f09dc1aa 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
@@ -29,10 +29,10 @@ import java.util.Map;
 
 import org.apache.commons.lang.StringEscapeUtils;
 
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
index 8cc7040dc..a1223b093 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
@@ -28,7 +28,8 @@ import java.util.Map;
 
 import org.apache.commons.lang.StringEscapeUtils;
 
-import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration;
 	
 /**
  * This class builds MOA-ID GUI forms from default resource paths
@@ -36,7 +37,7 @@ import at.gv.egovernment.moa.id.commons.api.IRequest;
  * @author tlenz 
  *
  */
-public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderConfiguration {
+public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderConfiguration implements ModifyableGuiBuilderConfiguration {
 	
 	public static final String VIEW_REDIRECT = "redirectForm.html";
 	public static final String VIEW_ERRORMESSAGE = "error_message.html";
@@ -70,13 +71,10 @@ public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderCo
 		
 	}
 	
-	/**
-	 * Add a key/value pair into Velocity context.<br>
-	 * <b>IMPORTANT:</b> external HTML escapetion is required, because it is NOT done internally
-	 * 
-	 * @param key velocity context key
-	 * @param value of this key
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.frontend.builder.ModifyableGuiBuilderConfiguration#putCustomParameterWithOutEscaption(java.lang.String, java.lang.Object)
 	 */
+	@Override
 	public void putCustomParameterWithOutEscaption(String key, Object value) {
 		if (customParameters == null)
 			customParameters = new HashMap<String, Object>();
@@ -84,13 +82,10 @@ public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderCo
 		customParameters.put(key, value);
 	}
 	
-	/**
-	 * Add a key/value pair into Velocity context.<br>
-	 * All parameters get escaped internally
-	 * 
-	 * @param key velocity context key
-	 * @param value of this key
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.frontend.builder.ModifyableGuiBuilderConfiguration#putCustomParameter(java.lang.String, java.lang.String)
 	 */
+	@Override
 	public void putCustomParameter(String key, String value) {
 		if (customParameters == null)
 			customParameters = new HashMap<String, Object>();
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
index 285c90163..2ce4488a8 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
@@ -41,7 +41,9 @@ import org.apache.velocity.app.VelocityEngine;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
+import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIBuilderConfiguration.java
deleted file mode 100644
index 51f6295c7..000000000
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIBuilderConfiguration.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.frontend.builder;
-
-import java.io.InputStream;
-import java.util.Map;
-
-/**
- * @author tlenz
- *
- */
-public interface IGUIBuilderConfiguration {
-	
-	
-	/**
-	 * Define the name of the template (with suffix) which should be used
-	 * 
-	 * @return templatename, but never null
-	 */
-	public String getViewName();
-	
-	/**
-	 * Define the parameters, which should be evaluated in the template
-	 * 
-	 * @return Map of parameters, which should be added to template
-	 */
-	public Map<String, Object> getViewParameters();
-	
-	
-	/**
-	 * Get a specific classpath template-directory prefix, which is used 
-	 *  to load a template from classpath by using <code>ClassLoader.getResourceAsStream(...)</code>  
-	 * 
-	 * @return Classpath directory, or null if the default directory should be used
-	 */
-	public String getClasspathTemplateDir();
-		
-	/** 
-	 * Get the GUI template with a specific name
-	 * 
-	 * @param viewName Name of the template
-	 * @return Tempate as <code>InputStream</code>, or null if default getTemplate method should be used  
-	 */
-	public InputStream getTemplate(String viewName);
-	
-	/**
-	 * Get the contentType, which should be set in HTTP response
-	 * <br><br>
-	 * <b>DefaultValue:</b> text/html;charset=UTF-8
-	 * 
-	 * @return ContentType, or null if default ContentType should be used.
-	 */
-	public String getDefaultContentType();
-}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java
deleted file mode 100644
index 8e8a63094..000000000
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.frontend.builder;
-
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
-
-/**
- * @author tlenz
- *
- */
-public interface IGUIFormBuilder {
-
-	/**
-	 * Parse a GUI template, with parameters into a http servlet-response 
-	 * and use the default http-response content-type.
-	 * <br><br>
-	 *  The parser use the <code>VelocityEngine</code> as internal template evaluator. 
-	 * 
-	 * @param httpResp http-response object
-	 * @param viewName Name of the template (with suffix), which should be used. 
-	 *    The template is selected by using the <code>getTemplate(String viewName)</code> method
-	 * @param viewParams Map of parameters, which should be added to template
-	 * @param loggerName String, which should be used from logger
-	 * 
-	 * @throws GUIBuildException
-	 */
-	public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String loggerName) throws GUIBuildException;
-
-	/**
-	 * Parse a GUI template, with parameters into a http servlet-response.
-	 * <br><br>
-	 *  The parser use the <code>VelocityEngine</code> as internal template evaluator. 
-	 * 
-	 * @param httpResp http-response object
-	 * @param viewName Name of the template (with suffix), which should be used. 
-	 *    The template is selected by using the <code>getTemplate(String viewName)</code> method
-	 * @param viewParams Map of parameters, which should be added to template
-	 * @param contentType http-response content-type, which should be set
-	 * @param loggerName String, which should be used from logger
-	 * 
-	 * @throws GUIBuildException
-	 */
-	void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String contentType,
-			String loggerName) throws GUIBuildException;
-		
-}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
index 0215afc41..8d5a8bf9b 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
@@ -25,7 +25,7 @@ package at.gv.egovernment.moa.id.auth.frontend.builder;
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 
-import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequest;
 
 /**
  * @author tlenz
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
index b5c50004b..bb947a15f 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
@@ -31,7 +31,7 @@ import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
 
-import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/exception/GUIBuildException.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/exception/GUIBuildException.java
deleted file mode 100644
index fff458546..000000000
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/exception/GUIBuildException.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.frontend.exception;
-
-/**
- * @author tlenz
- *
- */
-public class GUIBuildException extends Exception {
-
-	private static final long serialVersionUID = -278663750102498205L;
-	
-	/**
-	 * @param string
-	 */
-	public GUIBuildException(String msg) {
-		super(msg);
-		
-	}
-	
-	public GUIBuildException(String msg, Throwable e) {
-		super(msg, e);
-		
-	}
-
-}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
index 66bfd9c3e..947a42345 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
@@ -26,7 +26,7 @@ package at.gv.egovernment.moa.id.auth.frontend.utils;
 import java.util.HashMap;
 import java.util.Map;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.util.MiscUtil;
 
diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
index d8146786a..f806654a8 100644
--- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
+++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
@@ -24,7 +24,7 @@ import org.springframework.web.servlet.DispatcherServlet;
 
 import at.gv.egiz.components.spring.api.SpringLoader;
 import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
-import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 7c435d0b0..f12ef1994 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -25,12 +25,14 @@ import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 import org.xml.sax.SAXException;
 
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
 import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
 import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
@@ -56,8 +58,6 @@ import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index bc28d4f0e..1c5fe0c5b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -47,18 +47,18 @@ import javax.xml.transform.stream.StreamResult;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
index f7aba5e53..8c3147af2 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
@@ -50,9 +50,9 @@ import java.io.IOException;
 import java.io.StringReader;
 import java.io.StringWriter;
 
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.util.MiscUtil;
 
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
index 7caf2f5a1..c6faad2bb 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
@@ -3,7 +3,7 @@ package at.gv.egovernment.moa.id.auth.modules.internal;
 
 import org.apache.commons.lang3.StringUtils;
 
-import at.gv.egovernment.moa.id.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
index 000a47438..3e2ebdc3c 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
@@ -10,12 +10,12 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.lang3.BooleanUtils;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
index e1495f254..fbb900cf6 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
@@ -10,12 +10,12 @@ import org.springframework.stereotype.Component;
 
 import com.google.common.net.MediaType;
 
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
index ba778002d..1f20ee389 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
@@ -18,13 +18,13 @@ import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.client.SZRGWClientException;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
index 3383cf201..a56c8f6ac 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
@@ -15,11 +15,11 @@ import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
 import org.xml.sax.SAXException;
 
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
index 88a235978..ceaf4ca38 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
@@ -30,14 +30,14 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
index f7a816c74..2fac58e44 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
@@ -7,9 +7,9 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.CitizenCardServletUtils;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
index d2fd4d1de..703d72f00 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
@@ -33,14 +33,14 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.stereotype.Component;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
index ddd52c337..c16eec30c 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
@@ -13,11 +13,11 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
index 6aefb75a1..e7a66b5a9 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
@@ -13,12 +13,12 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.CitizenCardServletUtils;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
index 4408f3852..b9fed684c 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
@@ -10,11 +10,11 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 8e3ccb01b..21de37603 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -56,6 +56,8 @@ import javax.xml.bind.DatatypeConverter;
 import org.jaxen.SimpleNamespaceContext;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
@@ -63,8 +65,6 @@ import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.ValidateException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index c4ea80df9..a8d0f2236 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -54,15 +54,15 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Set;
 
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.ValidateException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import iaik.asn1.structures.Name;
 import iaik.security.ec.common.ECPublicKey;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
index d093cc7f0..3eb1114ea 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
@@ -56,9 +56,10 @@ import javax.servlet.http.HttpServletResponse;
 
 import com.google.common.net.MediaType;
 
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.ServletUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
index 0cef4cb41..2e09bf55c 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
@@ -29,12 +29,12 @@ import javax.annotation.PostConstruct;
 
 import org.springframework.beans.factory.annotation.Autowired;
 
-import at.gv.egovernment.moa.id.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.tasks.FirstBKAMobileAuthTask;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
index 43043ddd6..37ee3f201 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
@@ -53,12 +53,12 @@ import com.google.gson.JsonObject;
 import com.google.gson.JsonParseException;
 import com.google.gson.JsonParser;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
index 4b18e7112..5c70b2628 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
@@ -31,11 +31,11 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationModulImpl.java
index 6e3170534..6883e0cb5 100644
--- a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationModulImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationModulImpl.java
@@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.auth.modules.eidas_v2;
 
 import org.apache.commons.lang3.StringUtils;
 
-import at.gv.egovernment.moa.id.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 
 /**
diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/CreateIdentityLinkTask.java
index dec4f6a89..b0add27ba 100644
--- a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/CreateIdentityLinkTask.java
@@ -33,10 +33,10 @@ import org.springframework.stereotype.Component;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/GenerateAuthnRequestTask.java
index 3085d0e70..08496afcc 100644
--- a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/GenerateAuthnRequestTask.java
@@ -45,15 +45,15 @@ import org.springframework.util.StringUtils;
 
 import com.google.common.net.MediaType;
 
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.eidas_v2.Constants;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
 import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/ReceiveAuthnResponseTask.java
index 9ead5e4fe..03e345b43 100644
--- a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/ReceiveAuthnResponseTask.java
@@ -7,10 +7,10 @@ import org.opensaml.saml2.core.StatusCode;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
index 7b044522c..90dbb7342 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
@@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.auth.modules.eidas;
 
 import org.apache.commons.lang3.StringUtils;
 
-import at.gv.egovernment.moa.id.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 
 /**
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
index cf3a13e32..4045e1ad6 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -33,10 +33,10 @@ import org.springframework.stereotype.Component;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index d21334faf..4ad5194a9 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -44,18 +44,18 @@ import org.springframework.util.StringUtils;
 
 import com.google.common.net.MediaType;
 
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
 import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 5e83f0a3f..5f6f01f01 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -7,10 +7,10 @@ import org.opensaml.saml2.core.StatusCode;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAWhiteListConfigurator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAWhiteListConfigurator.java
index a2c6a3ad9..9d1ec6d98 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAWhiteListConfigurator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAWhiteListConfigurator.java
@@ -29,7 +29,7 @@ import org.apache.commons.lang.StringUtils;
 
 import com.google.common.collect.ImmutableSet;
 
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 
 /**
  * @author tlenz
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
index f148421bd..37eca73e5 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
@@ -30,8 +30,8 @@ import java.util.ServiceLoader;
 
 import com.google.common.collect.ImmutableSet;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
index 694efab80..7d25af05a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
@@ -7,7 +7,7 @@ import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
 import eu.eidas.auth.commons.protocol.IAuthenticationRequest;
 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 2948c0d53..019a61b7c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -43,6 +43,11 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
@@ -54,12 +59,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
-import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.EidasStringUtil;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index cc9b09107..5df905d31 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -28,6 +28,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.api.IAction;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
@@ -35,12 +39,8 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.utils.NewMoaEidasMetadata;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.engine.ProtocolEngineI;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java
index 4195eeeef..6fde4696a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java
@@ -22,8 +22,8 @@
  */
 package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java
index 2a654ac44..812e9f83a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java
@@ -22,8 +22,8 @@
  */
 package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
index 4d89aec3d..028be9096 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
@@ -22,8 +22,8 @@
  */
 package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java
index cb659c2b1..f36f9298c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java
@@ -24,14 +24,14 @@ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder;
 
 import java.security.MessageDigest;
 
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
index 47cc71e01..692896842 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
@@ -22,8 +22,8 @@
  */
 package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
index 52396ae90..98915a562 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
@@ -24,16 +24,16 @@ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder;
 
 import java.security.MessageDigest;
 
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index ee0f72f34..509d4b71a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -36,19 +36,19 @@ import org.springframework.stereotype.Service;
 
 import com.google.common.collect.ImmutableSet;
 
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egiz.eaaf.core.api.IAction;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeBuilder;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.commons.EidasStringUtil;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
@@ -73,7 +73,7 @@ import eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils;
 @Service("eIDASAuthenticationRequest")
 public class eIDASAuthenticationRequest implements IAction {
 	
-	@Autowired protected MOAReversionLogger revisionsLogger;
+	@Autowired protected IRevisionLogger revisionsLogger;
 	@Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
 	
 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java
index f0527bc5e..48b438b09 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java
@@ -22,10 +22,10 @@
  */
 package at.gv.egovernment.moa.id.protocols.eidas.validator;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
index ca7401ab7..aaed6655b 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
@@ -34,14 +34,14 @@ import org.springframework.web.bind.annotation.RequestMethod;
 
 import com.google.common.net.MediaType;
 
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesMetadataConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
-import at.gv.egovernment.moa.id.auth.servlet.AbstractController;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java
index f05446771..7a8c0c9e0 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java
@@ -28,9 +28,9 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.lang.StringEscapeUtils;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
index 81c3322c9..015a40507 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
@@ -37,11 +37,11 @@ import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java
index 76108cafe..6eff5e574 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java
@@ -28,9 +28,9 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils;
 import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
index 299eb442e..abe23f0a4 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
@@ -35,10 +35,11 @@ import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesRequestBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.exceptions.ELGAMetadataException;
@@ -47,7 +48,6 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCred
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java
index 52970e240..978f9db9d 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java
@@ -28,12 +28,12 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad;
-import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils;
 import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController;
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java
index 03f8fa195..90eb7b0fb 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java
@@ -24,10 +24,10 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils;
 
 import java.util.List;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 
 /**
  * @author tlenz
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 9b19e0a4d..6afc68161 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -30,9 +30,9 @@ import org.apache.commons.lang.StringUtils;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonPrimitive;
 
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
 import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java
index a43c8fce9..076ded75a 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java
@@ -22,9 +22,9 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
index c6775b692..0e99a18c3 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
@@ -22,9 +22,9 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
index 5f32e32a2..05638c907 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
@@ -24,9 +24,9 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
 import java.util.Date;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
index 04f38faf6..b40d752eb 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
@@ -24,9 +24,9 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
 import java.util.Date;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
index ff19a618a..d212feb12 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
@@ -22,9 +22,9 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
index eda276df2..99465bf95 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
@@ -22,8 +22,8 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
index 7de90e98e..4b1219c9d 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
@@ -22,9 +22,9 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
index 3ebadba52..f1b0bd108 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
@@ -22,9 +22,9 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
index 89209b062..0ea6ba643 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
@@ -22,9 +22,9 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
index 895037b2e..e6c7fd18d 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
@@ -22,9 +22,9 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index b7c54203f..0189bc97d 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -33,16 +33,18 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.api.IAction;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
 import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder;
@@ -53,14 +55,12 @@ import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorE
 import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil;
 import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthJsonToken;
 import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner;
-import at.gv.egovernment.moa.id.storage.ITransactionStorage;
-import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
 
 @Service("OAuth20AuthAction")
 class OAuth20AuthAction implements IAction {
 	
-	@Autowired protected MOAReversionLogger revisionsLogger;
+	@Autowired protected IRevisionLogger revisionsLogger;
 	@Autowired protected ITransactionStorage transactionStorage;
 	
 	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index 258b77b98..67c0aafce 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -33,7 +33,7 @@ import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
index 3ab283db5..d3136b43e 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -31,11 +31,11 @@ import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index d72fe9686..55348b5f8 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -17,14 +17,14 @@ import org.springframework.web.bind.annotation.RequestMethod;
 
 import com.google.gson.JsonObject;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
-import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
index 2117e2ab8..239665801 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
@@ -31,25 +31,25 @@ import org.springframework.stereotype.Service;
 
 import com.google.gson.JsonObject;
 
+import at.gv.egiz.eaaf.core.api.IAction;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20UnauthorizedClientException;
-import at.gv.egovernment.moa.id.storage.ITransactionStorage;
 import at.gv.egovernment.moa.logging.Logger;
 
 @Service("OAuth20TokenAction")
 class OAuth20TokenAction implements IAction {
 	
-	@Autowired protected MOAReversionLogger revisionsLogger;
+	@Autowired protected IRevisionLogger revisionsLogger;
 	@Autowired protected ITransactionStorage transactionStorage;
 	
 	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index 50638ebf8..cada39a3a 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -31,7 +31,7 @@ import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
index a4044ce21..1b49c3969 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
@@ -27,10 +27,10 @@ import javax.annotation.PostConstruct;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 
-import at.gv.egovernment.moa.id.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
index b1dfa9b0d..85ec1e213 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
@@ -22,10 +22,11 @@ import org.springframework.stereotype.Component;
 
 import com.google.gson.JsonObject;
 
-import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception;
@@ -35,7 +36,6 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20HttpBindingUtils
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
index 698546a4f..add6d78e4 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -22,10 +22,11 @@ import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 import com.google.gson.JsonSyntaxException;
 
-import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
+import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception;
@@ -39,7 +40,6 @@ import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.DateTimeUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java
index 2a2b7bf80..f65694703 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java
@@ -22,7 +22,7 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.ssotransfer;
 
-import at.gv.egovernment.moa.id.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 
 /**
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
index 4ce77d861..1a1d06479 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
@@ -28,6 +28,7 @@ import java.util.List;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
@@ -35,7 +36,6 @@ import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.data.AuthenticationRole;
-import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
index c2132c1f9..8656c1224 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
@@ -27,7 +27,7 @@ import java.util.Collection;
 import java.util.List;
 import java.util.Map;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
 import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
index af64e745e..055a49bd2 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
@@ -72,11 +72,14 @@ import org.springframework.web.bind.annotation.RequestMethod;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer;
@@ -92,9 +95,6 @@ import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.storage.ITransactionStorage;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.FileUtils;
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
index e92925dfb..694f26b65 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
@@ -32,9 +32,9 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
-import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
 import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.logging.Logger;
 
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
index be27de9a1..2b53a1e75 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
@@ -33,9 +33,11 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer;
@@ -44,8 +46,6 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
index 1a216f0df..72ed9c7be 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
@@ -43,9 +43,10 @@ import com.google.common.net.MediaType;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils;
@@ -56,7 +57,6 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
index 9cfe12791..fac59ed4e 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
@@ -30,9 +30,9 @@ import javax.servlet.http.HttpServletResponse;
 
 import com.google.gson.JsonObject;
 
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
 import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
-import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
index 568ffb330..5c85fd8b0 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
@@ -97,6 +97,10 @@ import org.w3c.dom.NodeList;
 
 import com.google.gson.JsonObject;
 
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair;
@@ -104,14 +108,11 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferAuthent
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferOnlineApplication;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
@@ -126,7 +127,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java
index 49275c6eb..6bf6652c8 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java
@@ -22,7 +22,7 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.federatedauth;
 
-import at.gv.egovernment.moa.id.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
index e86d31708..399845643 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
@@ -34,14 +34,14 @@ import org.springframework.web.bind.annotation.RequestMethod;
 
 import com.google.common.net.MediaType;
 
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthMetadataConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
-import at.gv.egovernment.moa.id.auth.servlet.AbstractController;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
index f5896bc25..4c829f6ca 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
@@ -35,15 +35,15 @@ import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthnRequestBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder;
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
index dea5e4894..2fc1ec053 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
@@ -41,21 +41,21 @@ import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
index b21c5e93f..a616e80ad 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
@@ -25,10 +25,10 @@ package at.gv.egovernment.moa.id.monitoring;
 import java.util.ArrayList;
 import java.util.List;
 
-import at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger;
+import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.storage.ITransactionStorage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
index 9f0083fb8..60d64a3ac 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
@@ -29,10 +29,10 @@ import java.util.Map;
 
 import org.springframework.beans.factory.annotation.Autowired;
 
-import at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger;
+import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.storage.ITransactionStorage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.FileUtils;
 
diff --git a/pom.xml b/pom.xml
index e4aa52d33..c682d9eb8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -33,7 +33,9 @@
 			<demo-oa-version>2.0.6</demo-oa-version>
 			
 			<moa-id-module-elga_mandate_client>1.3</moa-id-module-elga_mandate_client>
-							
+
+			<!-- =================================================================================== -->
+			<eaaf-core.version>1.0.0-snapshot</eaaf-core.version>							
 			<org.springframework.version>4.3.13.RELEASE</org.springframework.version>
 			<org.springframework.data.spring-data-jpa>1.11.9.RELEASE</org.springframework.data.spring-data-jpa>
 			<surefire.version>2.20.1</surefire.version>		
@@ -436,7 +438,14 @@
 							<version>1.46</version>
 						</dependency> -->
 
-      			<dependency>
+
+						<dependency>
+	    					<groupId>at.gv.egiz.eaaf</groupId>
+	  						<artifactId>eaaf-core</artifactId>
+	  						<version>${eaaf-core.version}</version>
+	  					</dependency> 
+
+      					<dependency>
 							<groupId>MOA.id.server</groupId>
 							<artifactId>moa-id-spring-initializer</artifactId>
 							<version>${moa-id-version}</version>
@@ -705,6 +714,8 @@
 				<version>${org.springframework.version}</version>
 			</dependency>
 			
+			
+			
             <!-- the core, which includes Streaming API, shared low-level abstractions (but NOT data-binding) -->
             <dependency>
                 <groupId>com.fasterxml.jackson.core</groupId>
-- 
cgit v1.2.3


From 52ad604e54cb91073503d708cd0c50ff0121174a Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Wed, 30 May 2018 06:29:29 +0200
Subject: add additional validation to SL20 module

---
 .../auth/builder/SignatureVerificationUtils.java   |  27 +-
 .../id/auth/validator/IdentityLinkValidator.java   | 210 +++++++++++
 .../VerifyXMLSignatureRequestBuilder.java          | 408 +++++++++++++++++++++
 .../VerifyXMLSignatureResponseValidator.java       | 307 ++++++++++++++++
 .../pvp2x/utils/AssertionAttributeExtractor.java   |  98 +++--
 .../moa/id/auth/AuthenticationServer.java          |   2 +-
 .../builder/VerifyXMLSignatureRequestBuilder.java  | 408 ---------------------
 .../id/auth/validator/IdentityLinkValidator.java   | 210 -----------
 .../VerifyXMLSignatureResponseValidator.java       | 302 ---------------
 .../modules/sl20_auth/sl20/JsonSecurityUtils.java  |  67 +++-
 .../sl20/verifier/QualifiedeIDVerifier.java        | 132 +++++++
 .../sl20_auth/tasks/ReceiveQualeIDTask.java        |   5 +-
 12 files changed, 1212 insertions(+), 964 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureRequestBuilder.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
 delete mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
 delete mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
 delete mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
index 9ca15c76f..27d983785 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
@@ -22,6 +22,8 @@
  */
 package at.gv.egovernment.moa.id.auth.builder;
 
+import java.util.List;
+
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 
@@ -74,10 +76,15 @@ public class SignatureVerificationUtils {
 		  }
 	  }
 	  
-	  public IVerifiyXMLSignatureResponse verify(byte[] signature, String trustProfileID) throws MOAIDException {		  
+	  public IVerifiyXMLSignatureResponse verify(byte[] signature, String trustProfileID) throws MOAIDException {	
+		  return verify(signature, trustProfileID, null);
+		  
+	  }
+	  
+	  public IVerifiyXMLSignatureResponse verify(byte[] signature, String trustProfileID,  List<String> verifyTransformsInfoProfileID) throws MOAIDException {		  
 		  try {
 			  //build signature-verification request
-			  Element domVerifyXMLSignatureRequest = build(signature, trustProfileID);
+			  Element domVerifyXMLSignatureRequest = build(signature, trustProfileID, verifyTransformsInfoProfileID);
 
 			  //send signature-verification to MOA-SP 
 			  Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance()
@@ -112,7 +119,7 @@ public class SignatureVerificationUtils {
 	   * 
 	   * @throws ParseException
 	   */
-	  private Element build(byte[] signature, String trustProfileID)
+	  private Element build(byte[] signature, String trustProfileID, List<String> verifyTransformsInfoProfileID)
 	    throws ParseException 
 	  { 
 	    try {
@@ -153,6 +160,20 @@ public class SignatureVerificationUtils {
 	      requestElem_.appendChild(signatureManifestCheckParamsElem);
 	      signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
 
+	      //verify transformations
+	      if (verifyTransformsInfoProfileID != null && !verifyTransformsInfoProfileID.isEmpty()) {
+	    	  Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
+	    	  signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
+	    	  for (String element : verifyTransformsInfoProfileID) {
+	    		  Element verifyTransformsInfoProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID");
+	              referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem);
+	              verifyTransformsInfoProfileIDElem.appendChild(requestDoc_.createTextNode(element));
+	            
+	    	  }
+	      }
+	      
+	      
+	      //hashinput data
 	      Element returnHashInputDataElem = 
 	        requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
 	      requestElem_.appendChild(returnHashInputDataElem);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
new file mode 100644
index 000000000..f3ce6888b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
@@ -0,0 +1,210 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.auth.validator;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.ValidateException;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * This class is used to validate an {@link IdentityLink} 
+ * returned by the security layer
+ * 
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class IdentityLinkValidator implements Constants {
+
+  //
+  // XPath namespace prefix shortcuts
+  //
+  /** Xpath prefix for reaching PersonData Namespaces */
+  private static final String PDATA = PD_PREFIX + ":";
+  /** Xpath prefix for reaching SAML Namespaces */
+  private static final String SAML = SAML_PREFIX + ":";
+  /** Xpath prefix for reaching XML-DSIG Namespaces */
+  private static final String DSIG = DSIG_PREFIX + ":";
+  /** Xpath prefix for reaching ECDSA Namespaces */
+  private static final String ECDSA = ECDSA_PREFIX + ":";
+  /** Xpath expression to the root element */
+  private static final String ROOT = "";
+  /** Xpath expression to the SAML:SubjectConfirmationData element */
+  private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH =
+    ROOT
+      + SAML
+      + "AttributeStatement/"
+      + SAML
+      + "Subject/"
+      + SAML
+      + "SubjectConfirmation/"
+      + SAML
+      + "SubjectConfirmationData";
+/** Xpath expression to the PersonData:Person element */
+  private static final String PERSON_XPATH =
+    SAML_SUBJECT_CONFIRMATION_DATA_XPATH + "/" + PDATA + "Person";
+  /** Xpath expression to the SAML:Attribute element */
+  private static final String ATTRIBUTE_XPATH =
+    ROOT + SAML + "AttributeStatement/" + SAML + "Attribute";
+//  /** Xpath expression to the SAML:AttributeName attribute */
+//  private static final String ATTRIBUTE_NAME_XPATH =
+//    ROOT + SAML + "AttributeStatement/" + SAML + "Attribute/@AttributeName";
+//  /** Xpath expression to the SAML:AttributeNamespace attribute */
+//  private static final String ATTRIBUTE_NAMESPACE_XPATH =
+//    ROOT
+//      + SAML
+//      + "AttributeStatement/"
+//      + SAML
+//      + "Attribute/@AttributeNamespace";
+//  /** Xpath expression to the SAML:AttributeValue element */
+//  private static final String ATTRIBUTE_VALUE_XPATH =
+//    ROOT
+//      + SAML
+//      + "AttributeStatement/"
+//      + SAML
+//      + "Attribute/"
+//      + SAML
+//      + "AttributeValue";
+
+  /** Singleton instance. <code>null</code>, if none has been created. */
+  private static IdentityLinkValidator instance;
+
+  /**
+   * Constructor for a singleton IdentityLinkValidator.
+   * @return a new IdentityLinkValidator instance
+   * @throws ValidateException if no instance can be created
+   */
+  public static synchronized IdentityLinkValidator getInstance()
+    throws ValidateException {
+    if (instance == null) {
+      instance = new IdentityLinkValidator();
+    }
+    return instance;
+  }
+
+  /**
+   * Method validate. Validates the {@link IdentityLink} 
+   * @param identityLink The identityLink to validate
+   * @throws ValidateException on any validation error
+   */
+  public void validate(IIdentityLink identityLink) throws ValidateException {
+
+    Element samlAssertion = identityLink.getSamlAssertion();
+    //Search the SAML:ASSERTION Object (A2.054)
+    if (samlAssertion == null) {
+      throw new ValidateException("validator.00", null);
+    }
+
+    // Check how many saml:Assertion/saml:AttributeStatement/
+    //      saml:Subject/ saml:SubjectConfirmation/
+    //      saml:SubjectConfirmationData/pr:Person of type
+    //      PhysicalPersonType exist (A2.056)
+    NodeList nl = XPathUtils.selectNodeList(samlAssertion, PERSON_XPATH);
+    // If we have just one Person-Element we don't need to check the attributes
+    int counterPhysicalPersonType = 0;
+    if (nl.getLength() > 1)
+      for (int i = 0; i < nl.getLength(); i++) {
+        String xsiType =
+          ((Element) nl.item(i))
+            .getAttributeNodeNS(
+              "http://www.w3.org/2001/XMLSchema-instance",
+              "type")
+            .getNodeValue();
+        // We have to check if xsiType contains "PhysicalPersonType"
+        // An equal-check will fail because of the Namespace-prefix of the attribute value
+        if (xsiType.indexOf("PhysicalPersonType") > -1)
+          counterPhysicalPersonType++;
+      }
+    if (counterPhysicalPersonType > 1)
+      throw new ValidateException("validator.01", null);
+
+    //Check the SAML:ATTRIBUTES
+    nl = XPathUtils.selectNodeList(samlAssertion, ATTRIBUTE_XPATH);
+    for (int i = 0; i < nl.getLength(); i++) {
+      String attributeName =
+        XPathUtils.getAttributeValue(
+          (Element) nl.item(i),
+          "@AttributeName",
+          null);
+      String attributeNS =
+        XPathUtils.getAttributeValue(
+          (Element) nl.item(i),
+          "@AttributeNamespace",
+          null);
+      if (attributeName.equals("CitizenPublicKey")) {
+                
+        if (attributeNS.equals("http://www.buergerkarte.at/namespaces/personenbindung/20020506#") ||
+            attributeNS.equals("urn:publicid:gv.at:namespaces:identitylink:1.2")) {
+          Element attributeValue = 
+              (Element) XPathUtils.selectSingleNode((Element) nl.item(i),nSMap, SAML + "AttributeValue/" + DSIG + "RSAKeyValue");          
+           if (attributeValue==null) 
+             attributeValue = 
+               (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + ECDSA + "ECDSAKeyValue");
+           if (attributeValue==null) 
+               attributeValue = 
+                 (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + DSIG + "DSAKeyValue");
+           if (attributeValue == null)
+            throw new ValidateException("validator.02", null);
+                      
+        }
+        else
+          throw new ValidateException("validator.03", new Object [] {attributeNS} );
+      }
+      else
+        throw new ValidateException("validator.04", new Object [] {attributeName} );
+    }
+    
+    //Check if dsig:Signature exists
+     Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion,ROOT + DSIG + "Signature");
+     if (dsigSignature==null) throw new ValidateException("validator.05", new Object[] {"in der Personenbindung"});
+  }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureRequestBuilder.java
new file mode 100644
index 000000000..ae9ff80ae
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureRequestBuilder.java
@@ -0,0 +1,408 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.auth.validator;
+
+import java.util.List;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * Builder for the <code>&lt;VerifyXMLSignatureRequestBuilder&gt;</code> structure
+ * used for sending the DSIG-Signature of the Security Layer card for validating to MOA-SP.
+ * 
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class VerifyXMLSignatureRequestBuilder {
+  
+  /** shortcut for XMLNS namespace URI */
+  private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI;
+  /** shortcut for MOA namespace URI */
+  private static final String MOA_NS_URI = Constants.MOA_NS_URI;
+  /** The DSIG-Prefix */
+  private static final String DSIG = Constants.DSIG_PREFIX + ":";
+  
+  /** The document containing the <code>VerifyXMLsignatureRequest</code> */
+  private Document requestDoc_;
+  /** the <code>VerifyXMLsignatureRequest</code> root element */
+  private Element requestElem_;
+  
+  
+  /**
+   * Builds the body for a <code>VerifyXMLsignatureRequest</code> including the root
+   * element and namespace declarations.
+   * 
+   * @throws BuildException If an error occurs on building the document.
+   */
+  public VerifyXMLSignatureRequestBuilder() throws BuildException {
+    try {
+      DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();        
+      requestDoc_ = docBuilder.newDocument();
+      requestElem_ = requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest");
+      requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI);
+      requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
+      requestDoc_.appendChild(requestElem_);       
+    } catch (Throwable t) {
+      throw new BuildException(
+        "builder.00", 
+        new Object[] {"VerifyXMLSignatureRequest", t.toString()}, 
+        t);
+    }
+  }
+  
+  
+  /**
+   * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
+   * from an IdentityLink with a known trustProfileID which 
+   * has to exist in MOA-SP
+   * @param identityLink - The IdentityLink
+   * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
+   * 
+   * @return Element - The complete request as Dom-Element
+   * 
+   * @throws ParseException
+   */
+  public Element build(IIdentityLink identityLink, String trustProfileID)
+    throws ParseException 
+  { 
+    try {
+      // build the request
+      Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime");
+      requestElem_.appendChild(dateTimeElem);
+      Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant());
+      dateTimeElem.appendChild(dateTime);
+      Element verifiySignatureInfoElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
+      requestElem_.appendChild(verifiySignatureInfoElem);
+      Element verifySignatureEnvironmentElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
+      verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
+      Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content");
+      verifySignatureEnvironmentElem.appendChild(base64ContentElem);
+      // insert the base64 encoded identity link SAML assertion
+      String serializedAssertion = identityLink.getSerializedSamlAssertion();
+      String base64EncodedAssertion = Base64Utils.encode(serializedAssertion.getBytes("UTF-8"));
+      //replace all '\r' characters by no char.
+      StringBuffer replaced = new StringBuffer();
+      for (int i = 0; i < base64EncodedAssertion.length(); i ++) {
+        char c = base64EncodedAssertion.charAt(i);
+        if (c != '\r') {
+          replaced.append(c);
+        }
+      }
+      base64EncodedAssertion = replaced.toString();
+      Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion);
+      base64ContentElem.appendChild(base64Content);      
+      // specify the signature location
+      Element verifySignatureLocationElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
+      verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
+      Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
+      verifySignatureLocationElem.appendChild(signatureLocation);      
+      // signature manifest params
+      Element signatureManifestCheckParamsElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+      requestElem_.appendChild(signatureManifestCheckParamsElem);
+      signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
+      // add the transforms
+      Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
+      signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
+      Element[] dsigTransforms = identityLink.getDsigReferenceTransforms();
+      
+      for (int i = 0; i < dsigTransforms.length; i++) {        
+        Element verifyTransformsInfoProfileElem = 
+          requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile");
+        referenceInfoElem.appendChild(verifyTransformsInfoProfileElem);
+        verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true));        
+      }
+      Element returnHashInputDataElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
+      requestElem_.appendChild(returnHashInputDataElem);
+      Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
+      trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
+      requestElem_.appendChild(trustProfileIDElem);
+    } catch (Throwable t) {
+      throw new ParseException("builder.00", 
+        new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t);
+    }
+
+    return requestElem_;
+  }
+  
+  /**
+   * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
+   * from an IdentityLink with a known trustProfileID which 
+   * has to exist in MOA-SP
+   * @param identityLink - The IdentityLink
+   * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
+   * 
+   * @return Element - The complete request as Dom-Element
+   * 
+   * @throws ParseException
+   */
+  public Element build(byte[]mandate, String trustProfileID)
+    throws ParseException 
+  { 
+    try {
+      // build the request
+//      Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime");
+//      requestElem_.appendChild(dateTimeElem);
+//      Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant());
+//      dateTimeElem.appendChild(dateTime);
+      Element verifiySignatureInfoElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
+      requestElem_.appendChild(verifiySignatureInfoElem);
+      Element verifySignatureEnvironmentElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
+      verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
+      Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content");
+      verifySignatureEnvironmentElem.appendChild(base64ContentElem);
+      // insert the base64 encoded identity link SAML assertion
+      //String serializedAssertion = identityLink.getSerializedSamlAssertion();
+      //String base64EncodedAssertion = Base64Utils.encode(mandate.getBytes("UTF-8"));
+      String base64EncodedAssertion = Base64Utils.encode(mandate);
+      //replace all '\r' characters by no char.
+      StringBuffer replaced = new StringBuffer();
+      for (int i = 0; i < base64EncodedAssertion.length(); i ++) {
+        char c = base64EncodedAssertion.charAt(i);
+        if (c != '\r') {
+          replaced.append(c);
+        }
+      }
+      base64EncodedAssertion = replaced.toString();
+      Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion);
+      base64ContentElem.appendChild(base64Content);      
+      // specify the signature location
+      Element verifySignatureLocationElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
+      verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
+      Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
+      verifySignatureLocationElem.appendChild(signatureLocation);      
+      // signature manifest params
+      Element signatureManifestCheckParamsElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+      requestElem_.appendChild(signatureManifestCheckParamsElem);
+      signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
+//      // add the transforms
+//      Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
+//      signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
+//      Element[] dsigTransforms = identityLink.getDsigReferenceTransforms();
+//      
+//      for (int i = 0; i < dsigTransforms.length; i++) {        
+//        Element verifyTransformsInfoProfileElem = 
+//          requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile");
+//        referenceInfoElem.appendChild(verifyTransformsInfoProfileElem);
+//        verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true));        
+//      }
+      Element returnHashInputDataElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
+      requestElem_.appendChild(returnHashInputDataElem);
+      Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
+      trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
+      requestElem_.appendChild(trustProfileIDElem);
+    } catch (Throwable t) {
+      throw new ParseException("builder.00", 
+        new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t);
+    }
+
+    return requestElem_;
+  }
+  
+  
+  /**
+   * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
+   * from the signed AUTH-Block with a known trustProfileID which 
+   * has to exist in MOA-SP
+   * @param csr - signed AUTH-Block
+   * @param verifyTransformsInfoProfileID - allowed verifyTransformsInfoProfileID 
+   * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
+   * @return Element - The complete request as Dom-Element
+   * @throws ParseException
+   */
+  public Element build(
+    CreateXMLSignatureResponse csr,
+    List<String> verifyTransformsInfoProfileID,
+    String trustProfileID)
+    throws BuildException { //samlAssertionObject
+    
+    try {
+      // build the request
+//      requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:" 
+//        + Constants.XML_PREFIX, Constants.XMLNS_NS_URI);
+      Element verifiySignatureInfoElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
+      requestElem_.appendChild(verifiySignatureInfoElem);
+      Element verifySignatureEnvironmentElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
+      verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
+      Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent");
+      verifySignatureEnvironmentElem.appendChild(xmlContentElem);
+      xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve");
+      // insert the SAML assertion
+      xmlContentElem.appendChild(requestDoc_.importNode(csr.getSamlAssertion(), true));          
+      // specify the signature location
+      Element verifySignatureLocationElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
+      verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
+      Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
+      verifySignatureLocationElem.appendChild(signatureLocation);      
+      // signature manifest params
+      Element signatureManifestCheckParamsElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+      requestElem_.appendChild(signatureManifestCheckParamsElem);
+      signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true");
+      // add the transform profile IDs
+      Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
+        signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
+        
+//      for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) {
+//    	  
+//        Element verifyTransformsInfoProfileIDElem = 
+//          requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID");
+//        referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem);
+//        verifyTransformsInfoProfileIDElem.appendChild(
+//          requestDoc_.createTextNode(verifyTransformsInfoProfileID[i]));        
+//      }
+      
+        for (String element : verifyTransformsInfoProfileID) {
+      	  
+            Element verifyTransformsInfoProfileIDElem = 
+              requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID");
+            referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem);
+            verifyTransformsInfoProfileIDElem.appendChild(
+              requestDoc_.createTextNode(element));        
+          }
+        
+      Element returnHashInputDataElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
+      requestElem_.appendChild(returnHashInputDataElem);
+      Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
+      trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
+      requestElem_.appendChild(trustProfileIDElem);
+
+    } catch (Throwable t) {
+      throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t);
+    }
+
+    return requestElem_;
+  }
+  
+  /**
+   * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
+   * from the signed data with a known trustProfileID which 
+   * has to exist in MOA-SP
+   * @param csr - signed AUTH-Block
+   * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
+   * @return Element - The complete request as Dom-Element
+   * @throws ParseException
+   */
+  public Element buildDsig(
+    CreateXMLSignatureResponse csr,
+    String trustProfileID)
+    throws BuildException { //samlAssertionObject
+    
+    try {
+      // build the request
+//      requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:" 
+//        + Constants.XML_PREFIX, Constants.XMLNS_NS_URI);
+     
+      Element verifiySignatureInfoElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
+      requestElem_.appendChild(verifiySignatureInfoElem);
+      Element verifySignatureEnvironmentElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
+      verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
+      
+      Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent");
+      verifySignatureEnvironmentElem.appendChild(xmlContentElem);
+      xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve");
+      
+      // insert the dsig:Signature
+      xmlContentElem.appendChild(requestDoc_.importNode(csr.getDsigSignature(), true));          
+      // specify the signature location
+      Element verifySignatureLocationElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
+      verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
+      Node signatureLocation = requestDoc_.createTextNode("/"+ DSIG + "Signature");
+      verifySignatureLocationElem.appendChild(signatureLocation);      
+      // signature manifest params
+      Element signatureManifestCheckParamsElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+      requestElem_.appendChild(signatureManifestCheckParamsElem);
+      signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true");
+      // add the transform profile IDs
+      Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
+        signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
+        
+      Element returnHashInputDataElem = 
+        requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
+      requestElem_.appendChild(returnHashInputDataElem);
+      Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
+      
+      trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
+      requestElem_.appendChild(trustProfileIDElem);
+
+    } catch (Throwable t) {
+      throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t);
+    }
+
+    return requestElem_;
+  }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
new file mode 100644
index 000000000..832aa58c6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -0,0 +1,307 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.auth.validator;
+
+import java.security.InvalidKeyException;
+import java.security.PublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.exception.ValidateException;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.logging.Logger;
+import iaik.asn1.structures.Name;
+import iaik.security.ec.common.ECPublicKey;
+import iaik.utils.RFC2253NameParserException;
+import iaik.x509.X509Certificate;
+import iaik.x509.X509ExtensionInitException;
+
+/**
+ * This class is used to validate an {@link VerifyXMLSignatureResponse} 
+ * returned by MOA-SPSS
+ * 
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class VerifyXMLSignatureResponseValidator {
+  
+  /** Identification string for checking identity link */
+  public static final String CHECK_IDENTITY_LINK = "IdentityLink";
+  /** Identification string for checking authentication block */
+  public static final String CHECK_AUTH_BLOCK = "AuthBlock";
+  
+  /** Singleton instance. <code>null</code>, if none has been created. */
+  private static VerifyXMLSignatureResponseValidator instance;
+
+  /**
+   * Constructor for a singleton VerifyXMLSignatureResponseValidator.
+   */
+  public static synchronized VerifyXMLSignatureResponseValidator getInstance()
+    throws ValidateException {
+    if (instance == null) {
+      instance = new VerifyXMLSignatureResponseValidator();
+    }
+    return instance;
+  }
+
+  /**
+   * Validates a {@link VerifyXMLSignatureResponse} returned by MOA-SPSS. 
+   * 
+   * @param verifyXMLSignatureResponse the <code>&lt;VerifyXMLSignatureResponse&gt;</code>
+   * @param identityLinkSignersSubjectDNNames subject names configured
+   * @param whatToCheck is used to identify whether the identityLink or the Auth-Block is validated
+   * @param oaParam specifies whether the validation result of the 
+   *                                       manifest has to be ignored (identityLink validation if
+   *                                       the OA is a business service) or not
+   * @throws ValidateException on any validation error
+ * @throws ConfigurationException 
+   */
+  public void validate(IVerifiyXMLSignatureResponse verifyXMLSignatureResponse,
+                       List<String> identityLinkSignersSubjectDNNames, 
+                       String whatToCheck,
+                       IOAAuthParameters oaParam)
+    throws ValidateException, ConfigurationException {
+
+    if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0)
+      throw new ValidateException("validator.06", null);
+      
+    if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) {
+			String checkFailedReason ="";
+			if (verifyXMLSignatureResponse.getCertificateCheckCode() == 1) 
+				checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.21", null);
+			if (verifyXMLSignatureResponse.getCertificateCheckCode() == 2) 
+				checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.22", null);
+			if (verifyXMLSignatureResponse.getCertificateCheckCode() == 3) 
+				checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.23", null);
+			if (verifyXMLSignatureResponse.getCertificateCheckCode() == 4) 
+				checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.24", null);
+			if (verifyXMLSignatureResponse.getCertificateCheckCode() == 5) 
+				checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.25", null);
+
+//     TEST CARDS
+      if (whatToCheck.equals(CHECK_IDENTITY_LINK))
+        throw new ValidateException("validator.07", new Object[] { checkFailedReason } );
+      else
+        throw new ValidateException("validator.19", new Object[] { checkFailedReason } );
+    }
+    
+    //check QC 
+    if (AuthConfigurationProviderFactory.getInstance().isCertifiacteQCActive() &&
+    		!whatToCheck.equals(CHECK_IDENTITY_LINK) &&
+    		!verifyXMLSignatureResponse.isQualifiedCertificate()) {
+    	    	
+    	//check if testcards are active and certificate has an extension for test credentials
+    	if (oaParam.isTestCredentialEnabled()) {
+        	boolean foundTestCredentialOID = false;
+        	try {
+        		X509Certificate signerCert = verifyXMLSignatureResponse.getX509certificate();
+    		
+        		List<String> validOIDs = new ArrayList<String>();
+        		if (oaParam.getTestCredentialOIDs() != null)
+        			validOIDs.addAll(oaParam.getTestCredentialOIDs());
+        		else
+        			validOIDs.add(MOAIDAuthConstants.TESTCREDENTIALROOTOID);
+    		
+        		Set<String> extentsions = signerCert.getCriticalExtensionOIDs();
+        		extentsions.addAll(signerCert.getNonCriticalExtensionOIDs());
+        		Iterator<String> extit = extentsions.iterator();
+        		while(extit.hasNext()) {
+        			String certOID = extit.next();
+        			for (String el : validOIDs) {
+        				if (certOID.startsWith(el))
+        					foundTestCredentialOID = true;
+        			}    			
+        		}
+        		
+        	} catch (Exception e) {
+        		Logger.warn("Test credential OID extraction FAILED.", e);
+        		
+        	}
+        	//throw Exception if not TestCredentialOID is found
+        	if (!foundTestCredentialOID)
+        		throw new ValidateException("validator.72", null);
+    		
+    	} else    	
+    		throw new ValidateException("validator.71", null);        
+    }
+    
+    // if OA is type is business service the manifest validation result has
+    // to be ignored
+    boolean ignoreManifestValidationResult = false;
+    if (whatToCheck.equals(CHECK_IDENTITY_LINK))    	
+    	ignoreManifestValidationResult = (oaParam.hasBaseIdInternalProcessingRestriction()) ? true
+            : false;
+    
+    if (ignoreManifestValidationResult) {
+      Logger.debug("OA type is business service, thus ignoring DSIG manifest validation result");
+    } else {
+      if (verifyXMLSignatureResponse.isXmlDSIGManigest())
+        if (verifyXMLSignatureResponse.getXmlDSIGManifestCheckCode() != 0)
+          throw new ValidateException("validator.08", null);
+    }
+    
+    
+    // Check the signature manifest only when verifying the signed AUTHBlock
+    if (whatToCheck.equals(CHECK_AUTH_BLOCK)) {
+      if (verifyXMLSignatureResponse.getSignatureManifestCheckCode() > 0) {
+        throw new ValidateException("validator.50", null);
+      }
+    }
+        
+    //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not
+    if (identityLinkSignersSubjectDNNames != null) {
+      String subjectDN = "";
+      X509Certificate x509Cert = verifyXMLSignatureResponse.getX509certificate();
+      try {
+        subjectDN = ((Name) x509Cert.getSubjectDN()).getRFC2253String();
+      }
+      catch (RFC2253NameParserException e) {
+        throw new ValidateException("validator.17", null);
+      }
+      //System.out.println("subjectDN: " + subjectDN);
+      // check the authorisation to sign the identity link
+      if (!identityLinkSignersSubjectDNNames.contains(subjectDN)) {
+        // subject DN check failed, try OID check:
+        try {
+          if (x509Cert.getExtension(MOAIDAuthConstants.IDENTITY_LINK_SIGNER_OID) == null) {
+            throw new ValidateException("validator.18", new Object[] { subjectDN });
+          } else {
+            Logger.debug("Identity link signer cert accepted for signing identity link: " +
+                         "subjectDN check failed, but OID check successfully passed.");
+          }
+        } catch (X509ExtensionInitException e) {
+          throw new ValidateException("validator.49", null);
+        }
+      } else {
+        Logger.debug("Identity link signer cert accepted for signing identity link: " +
+                     "subjectDN check successfully passed.");
+      }
+      
+    }
+  }
+  
+  /**
+   * Method validateCertificate.
+   * @param verifyXMLSignatureResponse The VerifyXMLSignatureResponse
+   * @param idl The Identitylink
+   * @throws ValidateException
+   */
+  public void validateCertificate(
+    IVerifiyXMLSignatureResponse verifyXMLSignatureResponse,
+    IIdentityLink idl)
+    throws ValidateException {
+
+    X509Certificate x509Response = verifyXMLSignatureResponse.getX509certificate();
+    PublicKey[] pubKeysIdentityLink = (PublicKey[]) idl.getPublicKey();
+
+    PublicKey pubKeySignature = x509Response.getPublicKey();
+    checkIDLAgainstSignatureCertificate(pubKeysIdentityLink, pubKeySignature);
+    
+  }
+  
+  
+  public void checkIDLAgainstSignatureCertificate( PublicKey[] pubKeysIdentityLink, PublicKey pubKeySignature) throws ValidateException {
+    boolean found = false;
+    for (int i = 0; i < pubKeysIdentityLink.length; i++) {
+      PublicKey idlPubKey = pubKeysIdentityLink[i];
+      //compare RSAPublicKeys
+      if ((idlPubKey instanceof java.security.interfaces.RSAPublicKey) &&  
+      		(pubKeySignature instanceof java.security.interfaces.RSAPublicKey)) {
+
+          RSAPublicKey rsaPubKeySignature = (RSAPublicKey) pubKeySignature;
+          RSAPublicKey rsakey = (RSAPublicKey) pubKeysIdentityLink[i];
+          
+          if (rsakey.getModulus().equals(rsaPubKeySignature.getModulus())
+              && rsakey.getPublicExponent().equals(rsaPubKeySignature.getPublicExponent()))
+          found = true;      
+      }
+      
+      //compare ECDSAPublicKeys
+      if( ( (idlPubKey instanceof java.security.interfaces.ECPublicKey) || 
+    		  (idlPubKey instanceof ECPublicKey)) && 
+         ( (pubKeySignature instanceof java.security.interfaces.ECPublicKey) || 
+        		(pubKeySignature instanceof ECPublicKey) ) ) {
+
+		try {
+			ECPublicKey ecdsaPubKeySignature = new ECPublicKey(pubKeySignature.getEncoded());
+			ECPublicKey ecdsakey = new ECPublicKey(pubKeysIdentityLink[i].getEncoded());
+			
+	        if(ecdsakey.equals(ecdsaPubKeySignature))
+	              found = true;
+			
+		} catch (InvalidKeyException e) {
+			Logger.warn("ECPublicKey can not parsed into a iaik.ECPublicKey", e);
+			throw new ValidateException("validator.09", null);
+		}
+          
+          
+
+      }
+      
+//  		Logger.debug("IDL-Pubkey=" + idl.getPublicKey()[i].getClass().getName()
+//  				+ "  Resp-Pubkey=" + pubKeySignature.getClass().getName());
+      
+    }
+
+    if (!found) {
+       	
+      throw new ValidateException("validator.09", null);
+            
+    }
+  }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index 9d585bc86..05bb16d0d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -63,6 +63,7 @@ public class AssertionAttributeExtractor {
 			PVPConstants.EID_SOURCE_PIN_NAME,
 			PVPConstants.EID_SOURCE_PIN_TYPE_NAME);
 	
+
 	/**
 	 * Parse the SAML2 Response element and extracts included information
 	 * <br><br>
@@ -81,36 +82,25 @@ public class AssertionAttributeExtractor {
 				Logger.warn("Found more then ONE PVP2.1 assertions. Only the First is used.");
 			
 			assertion = assertions.get(0);
-
-			if (assertion.getAttributeStatements() != null &&
-					assertion.getAttributeStatements().size() > 0) {
-				AttributeStatement attrStat = assertion.getAttributeStatements().get(0);
-				for (Attribute attr : attrStat.getAttributes()) {
-					if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) {							
-						List<String> storkAttrValues = new ArrayList<String>();
-						for (XMLObject el : attr.getAttributeValues())
-							storkAttrValues.add(el.getDOM().getTextContent());
-						
-//						PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(), 
-//								false, storkAttrValues , "Available");
-//						storkAttributes.put(attr.getName(), storkAttr );
-						
-					} else {
-						List<String> attrList = new ArrayList<String>();
-						for (XMLObject el : attr.getAttributeValues())
-							attrList.add(el.getDOM().getTextContent());
-
-						attributs.put(attr.getName(), attrList);
-												
-					}
-			}
-				
-			}
-						
+			internalInitialize();
+			
 		} else 
-			throw new AssertionAttributeExtractorExeption();		
+			throw new AssertionAttributeExtractorExeption();
 	}
-
+	
+	/**
+	 * Parse the SAML2 Assertion element and extracts included information
+	 * <br><br>
+	 * 
+	 * @param assertion SAML2 Assertion
+	 * @throws AssertionAttributeExtractorExeption
+	 */
+	public AssertionAttributeExtractor(Assertion assertion) throws AssertionAttributeExtractorExeption {			
+			this.assertion = assertion;
+			internalInitialize();
+			
+	}
+	
 	/**
 	 * Get all SAML2 attributes from first SAML2 AttributeStatement element
 	 * 
@@ -274,7 +264,30 @@ public class AssertionAttributeExtractor {
 			
 		} 
 		
-		return getFullAssertion().getConditions().getNotOnOrAfter().toDate();
+		try {
+			return getFullAssertion().getConditions().getNotOnOrAfter().toDate();
+			
+		} catch (NullPointerException e) {
+			return null;
+			
+		}
+	}
+	
+	/**
+	 * Get the Assertion validFrom period
+	 * 
+     * This method returns value of  SAML 'Conditions' element. 
+	 * 
+	 * @return Date, after this SAML2 assertion is valid, otherwise null
+	 */
+	public Date getAssertionNotBefore() {
+		try {
+			return getFullAssertion().getConditions().getNotBefore().toDate();
+			
+		} catch (NullPointerException e) {
+			return null;
+			
+		}
 					
 	}
 	
@@ -288,5 +301,32 @@ public class AssertionAttributeExtractor {
 		
 		return authnList.get(0);
 	}
+	
+	private void internalInitialize() {
+		internalInitialize();
+		if (assertion.getAttributeStatements() != null &&
+				assertion.getAttributeStatements().size() > 0) {
+			AttributeStatement attrStat = assertion.getAttributeStatements().get(0);
+			for (Attribute attr : attrStat.getAttributes()) {
+				if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) {							
+					List<String> storkAttrValues = new ArrayList<String>();
+					for (XMLObject el : attr.getAttributeValues())
+						storkAttrValues.add(el.getDOM().getTextContent());
+					
+//					PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(), 
+//							false, storkAttrValues , "Available");
+//					storkAttributes.put(attr.getName(), storkAttr );
+					
+				} else {
+					List<String> attrList = new ArrayList<String>();
+					for (XMLObject el : attr.getAttributeValues())
+						attrList.add(el.getDOM().getTextContent());
+
+					attributs.put(attr.getName(), attrList);
+											
+				}
+			}	
+		}	
+	}
 
 }
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 7c435d0b0..a67b27315 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -33,7 +33,6 @@ import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
 import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
-import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
@@ -51,6 +50,7 @@ import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
 import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
 import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator;
 import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
+import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureRequestBuilder;
 import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
 import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
deleted file mode 100644
index e6adcf159..000000000
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ /dev/null
@@ -1,408 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.util.List;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.Constants;
-
-/**
- * Builder for the <code>&lt;VerifyXMLSignatureRequestBuilder&gt;</code> structure
- * used for sending the DSIG-Signature of the Security Layer card for validating to MOA-SP.
- * 
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class VerifyXMLSignatureRequestBuilder {
-  
-  /** shortcut for XMLNS namespace URI */
-  private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI;
-  /** shortcut for MOA namespace URI */
-  private static final String MOA_NS_URI = Constants.MOA_NS_URI;
-  /** The DSIG-Prefix */
-  private static final String DSIG = Constants.DSIG_PREFIX + ":";
-  
-  /** The document containing the <code>VerifyXMLsignatureRequest</code> */
-  private Document requestDoc_;
-  /** the <code>VerifyXMLsignatureRequest</code> root element */
-  private Element requestElem_;
-  
-  
-  /**
-   * Builds the body for a <code>VerifyXMLsignatureRequest</code> including the root
-   * element and namespace declarations.
-   * 
-   * @throws BuildException If an error occurs on building the document.
-   */
-  public VerifyXMLSignatureRequestBuilder() throws BuildException {
-    try {
-      DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();        
-      requestDoc_ = docBuilder.newDocument();
-      requestElem_ = requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest");
-      requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI);
-      requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
-      requestDoc_.appendChild(requestElem_);       
-    } catch (Throwable t) {
-      throw new BuildException(
-        "builder.00", 
-        new Object[] {"VerifyXMLSignatureRequest", t.toString()}, 
-        t);
-    }
-  }
-  
-  
-  /**
-   * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
-   * from an IdentityLink with a known trustProfileID which 
-   * has to exist in MOA-SP
-   * @param identityLink - The IdentityLink
-   * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
-   * 
-   * @return Element - The complete request as Dom-Element
-   * 
-   * @throws ParseException
-   */
-  public Element build(IIdentityLink identityLink, String trustProfileID)
-    throws ParseException 
-  { 
-    try {
-      // build the request
-      Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime");
-      requestElem_.appendChild(dateTimeElem);
-      Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant());
-      dateTimeElem.appendChild(dateTime);
-      Element verifiySignatureInfoElem = 
-        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
-      requestElem_.appendChild(verifiySignatureInfoElem);
-      Element verifySignatureEnvironmentElem = 
-        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
-      verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
-      Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content");
-      verifySignatureEnvironmentElem.appendChild(base64ContentElem);
-      // insert the base64 encoded identity link SAML assertion
-      String serializedAssertion = identityLink.getSerializedSamlAssertion();
-      String base64EncodedAssertion = Base64Utils.encode(serializedAssertion.getBytes("UTF-8"));
-      //replace all '\r' characters by no char.
-      StringBuffer replaced = new StringBuffer();
-      for (int i = 0; i < base64EncodedAssertion.length(); i ++) {
-        char c = base64EncodedAssertion.charAt(i);
-        if (c != '\r') {
-          replaced.append(c);
-        }
-      }
-      base64EncodedAssertion = replaced.toString();
-      Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion);
-      base64ContentElem.appendChild(base64Content);      
-      // specify the signature location
-      Element verifySignatureLocationElem = 
-        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
-      verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
-      Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
-      verifySignatureLocationElem.appendChild(signatureLocation);      
-      // signature manifest params
-      Element signatureManifestCheckParamsElem = 
-        requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
-      requestElem_.appendChild(signatureManifestCheckParamsElem);
-      signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
-      // add the transforms
-      Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
-      signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
-      Element[] dsigTransforms = identityLink.getDsigReferenceTransforms();
-      
-      for (int i = 0; i < dsigTransforms.length; i++) {        
-        Element verifyTransformsInfoProfileElem = 
-          requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile");
-        referenceInfoElem.appendChild(verifyTransformsInfoProfileElem);
-        verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true));        
-      }
-      Element returnHashInputDataElem = 
-        requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
-      requestElem_.appendChild(returnHashInputDataElem);
-      Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
-      trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
-      requestElem_.appendChild(trustProfileIDElem);
-    } catch (Throwable t) {
-      throw new ParseException("builder.00", 
-        new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t);
-    }
-
-    return requestElem_;
-  }
-  
-  /**
-   * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
-   * from an IdentityLink with a known trustProfileID which 
-   * has to exist in MOA-SP
-   * @param identityLink - The IdentityLink
-   * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
-   * 
-   * @return Element - The complete request as Dom-Element
-   * 
-   * @throws ParseException
-   */
-  public Element build(byte[]mandate, String trustProfileID)
-    throws ParseException 
-  { 
-    try {
-      // build the request
-//      Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime");
-//      requestElem_.appendChild(dateTimeElem);
-//      Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant());
-//      dateTimeElem.appendChild(dateTime);
-      Element verifiySignatureInfoElem = 
-        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
-      requestElem_.appendChild(verifiySignatureInfoElem);
-      Element verifySignatureEnvironmentElem = 
-        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
-      verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
-      Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content");
-      verifySignatureEnvironmentElem.appendChild(base64ContentElem);
-      // insert the base64 encoded identity link SAML assertion
-      //String serializedAssertion = identityLink.getSerializedSamlAssertion();
-      //String base64EncodedAssertion = Base64Utils.encode(mandate.getBytes("UTF-8"));
-      String base64EncodedAssertion = Base64Utils.encode(mandate);
-      //replace all '\r' characters by no char.
-      StringBuffer replaced = new StringBuffer();
-      for (int i = 0; i < base64EncodedAssertion.length(); i ++) {
-        char c = base64EncodedAssertion.charAt(i);
-        if (c != '\r') {
-          replaced.append(c);
-        }
-      }
-      base64EncodedAssertion = replaced.toString();
-      Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion);
-      base64ContentElem.appendChild(base64Content);      
-      // specify the signature location
-      Element verifySignatureLocationElem = 
-        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
-      verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
-      Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
-      verifySignatureLocationElem.appendChild(signatureLocation);      
-      // signature manifest params
-      Element signatureManifestCheckParamsElem = 
-        requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
-      requestElem_.appendChild(signatureManifestCheckParamsElem);
-      signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
-//      // add the transforms
-//      Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
-//      signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
-//      Element[] dsigTransforms = identityLink.getDsigReferenceTransforms();
-//      
-//      for (int i = 0; i < dsigTransforms.length; i++) {        
-//        Element verifyTransformsInfoProfileElem = 
-//          requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile");
-//        referenceInfoElem.appendChild(verifyTransformsInfoProfileElem);
-//        verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true));        
-//      }
-      Element returnHashInputDataElem = 
-        requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
-      requestElem_.appendChild(returnHashInputDataElem);
-      Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
-      trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
-      requestElem_.appendChild(trustProfileIDElem);
-    } catch (Throwable t) {
-      throw new ParseException("builder.00", 
-        new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t);
-    }
-
-    return requestElem_;
-  }
-  
-  
-  /**
-   * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
-   * from the signed AUTH-Block with a known trustProfileID which 
-   * has to exist in MOA-SP
-   * @param csr - signed AUTH-Block
-   * @param verifyTransformsInfoProfileID - allowed verifyTransformsInfoProfileID 
-   * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
-   * @return Element - The complete request as Dom-Element
-   * @throws ParseException
-   */
-  public Element build(
-    CreateXMLSignatureResponse csr,
-    List<String> verifyTransformsInfoProfileID,
-    String trustProfileID)
-    throws BuildException { //samlAssertionObject
-    
-    try {
-      // build the request
-//      requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:" 
-//        + Constants.XML_PREFIX, Constants.XMLNS_NS_URI);
-      Element verifiySignatureInfoElem = 
-        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
-      requestElem_.appendChild(verifiySignatureInfoElem);
-      Element verifySignatureEnvironmentElem = 
-        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
-      verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
-      Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent");
-      verifySignatureEnvironmentElem.appendChild(xmlContentElem);
-      xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve");
-      // insert the SAML assertion
-      xmlContentElem.appendChild(requestDoc_.importNode(csr.getSamlAssertion(), true));          
-      // specify the signature location
-      Element verifySignatureLocationElem = 
-        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
-      verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
-      Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
-      verifySignatureLocationElem.appendChild(signatureLocation);      
-      // signature manifest params
-      Element signatureManifestCheckParamsElem = 
-        requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
-      requestElem_.appendChild(signatureManifestCheckParamsElem);
-      signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true");
-      // add the transform profile IDs
-      Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
-        signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
-        
-//      for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) {
-//    	  
-//        Element verifyTransformsInfoProfileIDElem = 
-//          requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID");
-//        referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem);
-//        verifyTransformsInfoProfileIDElem.appendChild(
-//          requestDoc_.createTextNode(verifyTransformsInfoProfileID[i]));        
-//      }
-      
-        for (String element : verifyTransformsInfoProfileID) {
-      	  
-            Element verifyTransformsInfoProfileIDElem = 
-              requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID");
-            referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem);
-            verifyTransformsInfoProfileIDElem.appendChild(
-              requestDoc_.createTextNode(element));        
-          }
-        
-      Element returnHashInputDataElem = 
-        requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
-      requestElem_.appendChild(returnHashInputDataElem);
-      Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
-      trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
-      requestElem_.appendChild(trustProfileIDElem);
-
-    } catch (Throwable t) {
-      throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t);
-    }
-
-    return requestElem_;
-  }
-  
-  /**
-   * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
-   * from the signed data with a known trustProfileID which 
-   * has to exist in MOA-SP
-   * @param csr - signed AUTH-Block
-   * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
-   * @return Element - The complete request as Dom-Element
-   * @throws ParseException
-   */
-  public Element buildDsig(
-    CreateXMLSignatureResponse csr,
-    String trustProfileID)
-    throws BuildException { //samlAssertionObject
-    
-    try {
-      // build the request
-//      requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:" 
-//        + Constants.XML_PREFIX, Constants.XMLNS_NS_URI);
-     
-      Element verifiySignatureInfoElem = 
-        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
-      requestElem_.appendChild(verifiySignatureInfoElem);
-      Element verifySignatureEnvironmentElem = 
-        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
-      verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
-      
-      Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent");
-      verifySignatureEnvironmentElem.appendChild(xmlContentElem);
-      xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve");
-      
-      // insert the dsig:Signature
-      xmlContentElem.appendChild(requestDoc_.importNode(csr.getDsigSignature(), true));          
-      // specify the signature location
-      Element verifySignatureLocationElem = 
-        requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
-      verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
-      Node signatureLocation = requestDoc_.createTextNode("/"+ DSIG + "Signature");
-      verifySignatureLocationElem.appendChild(signatureLocation);      
-      // signature manifest params
-      Element signatureManifestCheckParamsElem = 
-        requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
-      requestElem_.appendChild(signatureManifestCheckParamsElem);
-      signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true");
-      // add the transform profile IDs
-      Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
-        signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
-        
-      Element returnHashInputDataElem = 
-        requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
-      requestElem_.appendChild(returnHashInputDataElem);
-      Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
-      
-      trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
-      requestElem_.appendChild(trustProfileIDElem);
-
-    } catch (Throwable t) {
-      throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t);
-    }
-
-    return requestElem_;
-  }
-
-}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
deleted file mode 100644
index f3ce6888b..000000000
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
+++ /dev/null
@@ -1,210 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.validator;
-
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.exception.ValidateException;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-/**
- * This class is used to validate an {@link IdentityLink} 
- * returned by the security layer
- * 
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class IdentityLinkValidator implements Constants {
-
-  //
-  // XPath namespace prefix shortcuts
-  //
-  /** Xpath prefix for reaching PersonData Namespaces */
-  private static final String PDATA = PD_PREFIX + ":";
-  /** Xpath prefix for reaching SAML Namespaces */
-  private static final String SAML = SAML_PREFIX + ":";
-  /** Xpath prefix for reaching XML-DSIG Namespaces */
-  private static final String DSIG = DSIG_PREFIX + ":";
-  /** Xpath prefix for reaching ECDSA Namespaces */
-  private static final String ECDSA = ECDSA_PREFIX + ":";
-  /** Xpath expression to the root element */
-  private static final String ROOT = "";
-  /** Xpath expression to the SAML:SubjectConfirmationData element */
-  private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH =
-    ROOT
-      + SAML
-      + "AttributeStatement/"
-      + SAML
-      + "Subject/"
-      + SAML
-      + "SubjectConfirmation/"
-      + SAML
-      + "SubjectConfirmationData";
-/** Xpath expression to the PersonData:Person element */
-  private static final String PERSON_XPATH =
-    SAML_SUBJECT_CONFIRMATION_DATA_XPATH + "/" + PDATA + "Person";
-  /** Xpath expression to the SAML:Attribute element */
-  private static final String ATTRIBUTE_XPATH =
-    ROOT + SAML + "AttributeStatement/" + SAML + "Attribute";
-//  /** Xpath expression to the SAML:AttributeName attribute */
-//  private static final String ATTRIBUTE_NAME_XPATH =
-//    ROOT + SAML + "AttributeStatement/" + SAML + "Attribute/@AttributeName";
-//  /** Xpath expression to the SAML:AttributeNamespace attribute */
-//  private static final String ATTRIBUTE_NAMESPACE_XPATH =
-//    ROOT
-//      + SAML
-//      + "AttributeStatement/"
-//      + SAML
-//      + "Attribute/@AttributeNamespace";
-//  /** Xpath expression to the SAML:AttributeValue element */
-//  private static final String ATTRIBUTE_VALUE_XPATH =
-//    ROOT
-//      + SAML
-//      + "AttributeStatement/"
-//      + SAML
-//      + "Attribute/"
-//      + SAML
-//      + "AttributeValue";
-
-  /** Singleton instance. <code>null</code>, if none has been created. */
-  private static IdentityLinkValidator instance;
-
-  /**
-   * Constructor for a singleton IdentityLinkValidator.
-   * @return a new IdentityLinkValidator instance
-   * @throws ValidateException if no instance can be created
-   */
-  public static synchronized IdentityLinkValidator getInstance()
-    throws ValidateException {
-    if (instance == null) {
-      instance = new IdentityLinkValidator();
-    }
-    return instance;
-  }
-
-  /**
-   * Method validate. Validates the {@link IdentityLink} 
-   * @param identityLink The identityLink to validate
-   * @throws ValidateException on any validation error
-   */
-  public void validate(IIdentityLink identityLink) throws ValidateException {
-
-    Element samlAssertion = identityLink.getSamlAssertion();
-    //Search the SAML:ASSERTION Object (A2.054)
-    if (samlAssertion == null) {
-      throw new ValidateException("validator.00", null);
-    }
-
-    // Check how many saml:Assertion/saml:AttributeStatement/
-    //      saml:Subject/ saml:SubjectConfirmation/
-    //      saml:SubjectConfirmationData/pr:Person of type
-    //      PhysicalPersonType exist (A2.056)
-    NodeList nl = XPathUtils.selectNodeList(samlAssertion, PERSON_XPATH);
-    // If we have just one Person-Element we don't need to check the attributes
-    int counterPhysicalPersonType = 0;
-    if (nl.getLength() > 1)
-      for (int i = 0; i < nl.getLength(); i++) {
-        String xsiType =
-          ((Element) nl.item(i))
-            .getAttributeNodeNS(
-              "http://www.w3.org/2001/XMLSchema-instance",
-              "type")
-            .getNodeValue();
-        // We have to check if xsiType contains "PhysicalPersonType"
-        // An equal-check will fail because of the Namespace-prefix of the attribute value
-        if (xsiType.indexOf("PhysicalPersonType") > -1)
-          counterPhysicalPersonType++;
-      }
-    if (counterPhysicalPersonType > 1)
-      throw new ValidateException("validator.01", null);
-
-    //Check the SAML:ATTRIBUTES
-    nl = XPathUtils.selectNodeList(samlAssertion, ATTRIBUTE_XPATH);
-    for (int i = 0; i < nl.getLength(); i++) {
-      String attributeName =
-        XPathUtils.getAttributeValue(
-          (Element) nl.item(i),
-          "@AttributeName",
-          null);
-      String attributeNS =
-        XPathUtils.getAttributeValue(
-          (Element) nl.item(i),
-          "@AttributeNamespace",
-          null);
-      if (attributeName.equals("CitizenPublicKey")) {
-                
-        if (attributeNS.equals("http://www.buergerkarte.at/namespaces/personenbindung/20020506#") ||
-            attributeNS.equals("urn:publicid:gv.at:namespaces:identitylink:1.2")) {
-          Element attributeValue = 
-              (Element) XPathUtils.selectSingleNode((Element) nl.item(i),nSMap, SAML + "AttributeValue/" + DSIG + "RSAKeyValue");          
-           if (attributeValue==null) 
-             attributeValue = 
-               (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + ECDSA + "ECDSAKeyValue");
-           if (attributeValue==null) 
-               attributeValue = 
-                 (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + DSIG + "DSAKeyValue");
-           if (attributeValue == null)
-            throw new ValidateException("validator.02", null);
-                      
-        }
-        else
-          throw new ValidateException("validator.03", new Object [] {attributeNS} );
-      }
-      else
-        throw new ValidateException("validator.04", new Object [] {attributeName} );
-    }
-    
-    //Check if dsig:Signature exists
-     Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion,ROOT + DSIG + "Signature");
-     if (dsigSignature==null) throw new ValidateException("validator.05", new Object[] {"in der Personenbindung"});
-  }
-
-}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
deleted file mode 100644
index c4ea80df9..000000000
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ /dev/null
@@ -1,302 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.validator;
-
-import java.security.InvalidKeyException;
-import java.security.PublicKey;
-import java.security.interfaces.RSAPublicKey;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.exception.ValidateException;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
-import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.logging.Logger;
-import iaik.asn1.structures.Name;
-import iaik.security.ec.common.ECPublicKey;
-import iaik.utils.RFC2253NameParserException;
-import iaik.x509.X509Certificate;
-import iaik.x509.X509ExtensionInitException;
-
-/**
- * This class is used to validate an {@link VerifyXMLSignatureResponse} 
- * returned by MOA-SPSS
- * 
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class VerifyXMLSignatureResponseValidator {
-  
-  /** Identification string for checking identity link */
-  public static final String CHECK_IDENTITY_LINK = "IdentityLink";
-  /** Identification string for checking authentication block */
-  public static final String CHECK_AUTH_BLOCK = "AuthBlock";
-  
-  /** Singleton instance. <code>null</code>, if none has been created. */
-  private static VerifyXMLSignatureResponseValidator instance;
-
-  /**
-   * Constructor for a singleton VerifyXMLSignatureResponseValidator.
-   */
-  public static synchronized VerifyXMLSignatureResponseValidator getInstance()
-    throws ValidateException {
-    if (instance == null) {
-      instance = new VerifyXMLSignatureResponseValidator();
-    }
-    return instance;
-  }
-
-  /**
-   * Validates a {@link VerifyXMLSignatureResponse} returned by MOA-SPSS. 
-   * 
-   * @param verifyXMLSignatureResponse the <code>&lt;VerifyXMLSignatureResponse&gt;</code>
-   * @param identityLinkSignersSubjectDNNames subject names configured
-   * @param whatToCheck is used to identify whether the identityLink or the Auth-Block is validated
-   * @param oaParam specifies whether the validation result of the 
-   *                                       manifest has to be ignored (identityLink validation if
-   *                                       the OA is a business service) or not
-   * @throws ValidateException on any validation error
- * @throws ConfigurationException 
-   */
-  public void validate(IVerifiyXMLSignatureResponse verifyXMLSignatureResponse,
-                       List<String> identityLinkSignersSubjectDNNames, 
-                       String whatToCheck,
-                       IOAAuthParameters oaParam)
-    throws ValidateException, ConfigurationException {
-
-    if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0)
-      throw new ValidateException("validator.06", null);
-      
-    if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) {
-			String checkFailedReason ="";
-			if (verifyXMLSignatureResponse.getCertificateCheckCode() == 1) 
-				checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.21", null);
-			if (verifyXMLSignatureResponse.getCertificateCheckCode() == 2) 
-				checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.22", null);
-			if (verifyXMLSignatureResponse.getCertificateCheckCode() == 3) 
-				checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.23", null);
-			if (verifyXMLSignatureResponse.getCertificateCheckCode() == 4) 
-				checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.24", null);
-			if (verifyXMLSignatureResponse.getCertificateCheckCode() == 5) 
-				checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.25", null);
-
-//     TEST CARDS
-      if (whatToCheck.equals(CHECK_IDENTITY_LINK))
-        throw new ValidateException("validator.07", new Object[] { checkFailedReason } );
-      else
-        throw new ValidateException("validator.19", new Object[] { checkFailedReason } );
-    }
-    
-    //check QC 
-    if (AuthConfigurationProviderFactory.getInstance().isCertifiacteQCActive() &&
-    		!whatToCheck.equals(CHECK_IDENTITY_LINK) &&
-    		!verifyXMLSignatureResponse.isQualifiedCertificate()) {
-    	    	
-    	//check if testcards are active and certificate has an extension for test credentials
-    	if (oaParam.isTestCredentialEnabled()) {
-        	boolean foundTestCredentialOID = false;
-        	try {
-        		X509Certificate signerCert = verifyXMLSignatureResponse.getX509certificate();
-    		
-        		List<String> validOIDs = new ArrayList<String>();
-        		if (oaParam.getTestCredentialOIDs() != null)
-        			validOIDs.addAll(oaParam.getTestCredentialOIDs());
-        		else
-        			validOIDs.add(MOAIDAuthConstants.TESTCREDENTIALROOTOID);
-    		
-        		Set<String> extentsions = signerCert.getCriticalExtensionOIDs();
-        		extentsions.addAll(signerCert.getNonCriticalExtensionOIDs());
-        		Iterator<String> extit = extentsions.iterator();
-        		while(extit.hasNext()) {
-        			String certOID = extit.next();
-        			for (String el : validOIDs) {
-        				if (certOID.startsWith(el))
-        					foundTestCredentialOID = true;
-        			}    			
-        		}
-        		
-        	} catch (Exception e) {
-        		Logger.warn("Test credential OID extraction FAILED.", e);
-        		
-        	}
-        	//throw Exception if not TestCredentialOID is found
-        	if (!foundTestCredentialOID)
-        		throw new ValidateException("validator.72", null);
-    		
-    	} else    	
-    		throw new ValidateException("validator.71", null);        
-    }
-    
-    // if OA is type is business service the manifest validation result has
-    // to be ignored
-    boolean ignoreManifestValidationResult = false;
-    if (whatToCheck.equals(CHECK_IDENTITY_LINK))    	
-    	ignoreManifestValidationResult = (oaParam.hasBaseIdInternalProcessingRestriction()) ? true
-            : false;
-    
-    if (ignoreManifestValidationResult) {
-      Logger.debug("OA type is business service, thus ignoring DSIG manifest validation result");
-    } else {
-      if (verifyXMLSignatureResponse.isXmlDSIGManigest())
-        if (verifyXMLSignatureResponse.getXmlDSIGManifestCheckCode() != 0)
-          throw new ValidateException("validator.08", null);
-    }
-    
-    
-    // Check the signature manifest only when verifying the signed AUTHBlock
-    if (whatToCheck.equals(CHECK_AUTH_BLOCK)) {
-      if (verifyXMLSignatureResponse.getSignatureManifestCheckCode() > 0) {
-        throw new ValidateException("validator.50", null);
-      }
-    }
-        
-    //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not
-    if (identityLinkSignersSubjectDNNames != null) {
-      String subjectDN = "";
-      X509Certificate x509Cert = verifyXMLSignatureResponse.getX509certificate();
-      try {
-        subjectDN = ((Name) x509Cert.getSubjectDN()).getRFC2253String();
-      }
-      catch (RFC2253NameParserException e) {
-        throw new ValidateException("validator.17", null);
-      }
-      //System.out.println("subjectDN: " + subjectDN);
-      // check the authorisation to sign the identity link
-      if (!identityLinkSignersSubjectDNNames.contains(subjectDN)) {
-        // subject DN check failed, try OID check:
-        try {
-          if (x509Cert.getExtension(MOAIDAuthConstants.IDENTITY_LINK_SIGNER_OID) == null) {
-            throw new ValidateException("validator.18", new Object[] { subjectDN });
-          } else {
-            Logger.debug("Identity link signer cert accepted for signing identity link: " +
-                         "subjectDN check failed, but OID check successfully passed.");
-          }
-        } catch (X509ExtensionInitException e) {
-          throw new ValidateException("validator.49", null);
-        }
-      } else {
-        Logger.debug("Identity link signer cert accepted for signing identity link: " +
-                     "subjectDN check successfully passed.");
-      }
-      
-    }
-  }
-  
-  /**
-   * Method validateCertificate.
-   * @param verifyXMLSignatureResponse The VerifyXMLSignatureResponse
-   * @param idl The Identitylink
-   * @throws ValidateException
-   */
-  public void validateCertificate(
-    IVerifiyXMLSignatureResponse verifyXMLSignatureResponse,
-    IIdentityLink idl)
-    throws ValidateException {
-
-    X509Certificate x509Response = verifyXMLSignatureResponse.getX509certificate();
-    PublicKey[] pubKeysIdentityLink = (PublicKey[]) idl.getPublicKey();
-
-    PublicKey pubKeySignature = x509Response.getPublicKey();
-
-    boolean found = false;
-    for (int i = 0; i < pubKeysIdentityLink.length; i++) {
-      
-      //compare RSAPublicKeys
-      if ((idl.getPublicKey()[i] instanceof java.security.interfaces.RSAPublicKey) &&  
-      		(pubKeySignature instanceof java.security.interfaces.RSAPublicKey)) {
-
-          RSAPublicKey rsaPubKeySignature = (RSAPublicKey) pubKeySignature;
-          RSAPublicKey rsakey = (RSAPublicKey) pubKeysIdentityLink[i];
-          
-          if (rsakey.getModulus().equals(rsaPubKeySignature.getModulus())
-              && rsakey.getPublicExponent().equals(rsaPubKeySignature.getPublicExponent()))
-          found = true;      
-      }
-      
-      //compare ECDSAPublicKeys
-      if( ( (idl.getPublicKey()[i] instanceof java.security.interfaces.ECPublicKey) || 
-    		  (idl.getPublicKey()[i] instanceof ECPublicKey)) && 
-         ( (pubKeySignature instanceof java.security.interfaces.ECPublicKey) || 
-        		(pubKeySignature instanceof ECPublicKey) ) ) {
-
-		try {
-			ECPublicKey ecdsaPubKeySignature = new ECPublicKey(pubKeySignature.getEncoded());
-			ECPublicKey ecdsakey = new ECPublicKey(pubKeysIdentityLink[i].getEncoded());
-			
-	        if(ecdsakey.equals(ecdsaPubKeySignature))
-	              found = true;
-			
-		} catch (InvalidKeyException e) {
-			Logger.warn("ECPublicKey can not parsed into a iaik.ECPublicKey", e);
-			throw new ValidateException("validator.09", null);
-		}
-          
-          
-
-      }
-      
-//  		Logger.debug("IDL-Pubkey=" + idl.getPublicKey()[i].getClass().getName()
-//  				+ "  Resp-Pubkey=" + pubKeySignature.getClass().getName());
-      
-    }
-
-    if (!found) {
-       	
-      throw new ValidateException("validator.09", null);
-            
-    }
-  }
-
-}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
index e0965c712..d00ef8a04 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
@@ -5,6 +5,9 @@ import java.security.KeyStore;
 import java.security.PrivateKey;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Enumeration;
 import java.util.List;
 
 import javax.annotation.PostConstruct;
@@ -14,6 +17,8 @@ import org.jose4j.jwa.AlgorithmConstraints.ConstraintType;
 import org.jose4j.jwe.JsonWebEncryption;
 import org.jose4j.jws.AlgorithmIdentifiers;
 import org.jose4j.jws.JsonWebSignature;
+import org.jose4j.jwx.JsonWebStructure;
+import org.jose4j.keys.resolvers.X509VerificationKeyResolver;
 import org.jose4j.lang.JoseException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
@@ -33,6 +38,7 @@ import at.gv.egovernment.moa.id.commons.utils.X509Utils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.KeyStoreUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 @Service
 public class JsonSecurityUtils implements IJOSETools{
@@ -44,6 +50,8 @@ public class JsonSecurityUtils implements IJOSETools{
 	private Key encPrivKey = null;
 	private X509Certificate[] encCertChain = null;
 	
+	private List<X509Certificate> trustedCerts = new ArrayList<X509Certificate>();
+	
 	@PostConstruct
 	protected void initalize() {
 		Logger.info("Initialize SL2.0 authentication security constrains ... ");
@@ -83,6 +91,21 @@ public class JsonSecurityUtils implements IJOSETools{
 		
 			}
 			
+			//load trusted certificates
+			Enumeration<String> aliases = keyStore.aliases();
+			while(aliases.hasMoreElements()) {
+				String el = aliases.nextElement();
+				Logger.trace("Process TrustStoreEntry: " + el);
+				if (keyStore.isCertificateEntry(el)) {
+					Certificate cert = keyStore.getCertificate(el); 
+					if (cert != null && cert instanceof X509Certificate)
+						trustedCerts.add((X509Certificate) cert);
+					else
+						Logger.info("Can not process entry: " + el + ". Reason: " + cert.toString());
+					
+				}
+			}
+			
 			//some short validation
 			if (signPrivKey == null || !(signPrivKey instanceof PrivateKey)) {
 				Logger.info("Can NOT open privateKey for SL2.0 signing. KeyStore=" + getKeyStoreFilePath());
@@ -144,18 +167,42 @@ public class JsonSecurityUtils implements IJOSETools{
 					SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING.toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING.size()])));
 			
 			//load signinc certs
+			Key selectedKey = null;
 			List<X509Certificate> x5cCerts = jws.getCertificateChainHeaderValue();
-			List<X509Certificate> sortedX5cCerts  = null;
-			if (x5cCerts == null || x5cCerts.size() < 1) {
-				Logger.info("Signed SL2.0 response contains NO signature certificate");
-				throw new SLCommandoParserException("Signed SL2.0 response contains NO signature certificate");
+			String x5t256 = jws.getX509CertSha256ThumbprintHeaderValue();
+			if (x5cCerts != null) {
+				Logger.debug("Found x509 certificate in JOSE header ... ");
+				Logger.trace("Sorting received X509 certificates ... ");
+				List<X509Certificate> sortedX5cCerts  = X509Utils.sortCertificates(x5cCerts);
+				
+				if (trustedCerts.contains(sortedX5cCerts.get(0))) {
+					selectedKey = sortedX5cCerts.get(0).getPublicKey();
+					
+				} else {
+					Logger.info("Can NOT find JOSE certificate in truststore.");
+					Logger.debug("JOSE certificate: " + sortedX5cCerts.get(0).toString());
+					
+				}
 				
-			} 
-			Logger.trace("Sorting received X509 certificates ... ");
-			sortedX5cCerts = X509Utils.sortCertificates(x5cCerts);
-							
+			} else if (MiscUtil.isNotEmpty(x5t256)) {
+				Logger.debug("Found x5t256 fingerprint in JOSE header .... ");
+				X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(trustedCerts);
+				selectedKey = x509VerificationKeyResolver.resolveKey(jws, Collections.<JsonWebStructure>emptyList());
+				
+			} else {
+				Logger.info("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint");
+				throw new SLCommandoParserException("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint");
+				
+			}
+					
+			if (selectedKey == null) {
+				Logger.info("Can NOT select verification key for JWS. Signature verification FAILED.");
+				throw new SLCommandoParserException("Can NOT select verification key for JWS. Signature verification FAILED");
+				
+			}
+			
 			//set verification key
-			jws.setKey(sortedX5cCerts.get(0).getPublicKey());
+			jws.setKey(selectedKey);
 			
 			//validate signature
 			boolean valid = jws.verifySignature();
@@ -169,7 +216,7 @@ public class JsonSecurityUtils implements IJOSETools{
 			//load payLoad
 			JsonElement sl20Req = new JsonParser().parse(jws.getPayload());
 			
-			return new VerificationResult(sl20Req.getAsJsonObject(), sortedX5cCerts, valid) ;
+			return new VerificationResult(sl20Req.getAsJsonObject(), null, valid) ;
 			
 		} catch (JoseException e) {
 			Logger.warn("SL2.0 commando signature validation FAILED", e);
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java
new file mode 100644
index 000000000..7d03a43ac
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java
@@ -0,0 +1,132 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier;
+
+import java.io.IOException;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.GregorianCalendar;
+import java.util.List;
+
+import javax.xml.bind.DatatypeConverter;
+import javax.xml.transform.TransformerException;
+
+import org.jaxen.SimpleNamespaceContext;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.ServiceException;
+import at.gv.egovernment.moa.id.auth.exception.ValidateException;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
+import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.api.impl.VerifyXMLSignatureRequestImpl;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+
+public class QualifiedeIDVerifier {
+
+	 /** Xpath expression to the dsig:Signature element */
+	  private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature";
+	  
+	  private static final String XADES_1_1_1_SIGNINGTIME_PATH = "//" + Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime";
+	  private static final String XADES_1_3_2_SIGNINGTIME_PATH = "//" + Constants.XADES_1_3_2_NS_PREFIX + ":SigningTime";
+	  
+	  
+	  private static final long MAX_DIFFERENCE_IN_MILLISECONDS = 600000; // 10min
+	  
+
+	  private static SimpleNamespaceContext NS_CONTEXT;
+	  static {
+	    NS_CONTEXT = new SimpleNamespaceContext();
+	    NS_CONTEXT.addNamespace(Constants.XADES_1_1_1_NS_PREFIX, Constants.XADES_1_1_1_NS_URI);
+	    NS_CONTEXT.addNamespace(Constants.XADES_1_2_2_NS_PREFIX, Constants.XADES_1_2_2_NS_URI);
+	    NS_CONTEXT.addNamespace(Constants.XADES_1_3_2_NS_PREFIX, Constants.XADES_1_3_2_NS_URI);
+	    NS_CONTEXT.addNamespace(Constants.XADES_1_4_1_NS_PREFIX, Constants.XADES_1_4_1_NS_URI);
+	  }
+	
+	public static boolean verifyIdentityLink(IIdentityLink idl, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException {		
+		// validates the identity link
+		IdentityLinkValidator.getInstance().validate(idl);
+		
+		// builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
+		Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
+				.build(idl, authConfig.getMoaSpIdentityLinkTrustProfileID(oaParam.isUseIDLTestTrustStore()));
+
+		// invokes the call
+		Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance()
+				.verifyXMLSignature(domVerifyXMLSignatureRequest);
+		
+		// parses the <VerifyXMLSignatureResponse>
+		IVerifiyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData();
+				
+		// validates the <VerifyXMLSignatureResponse>
+		VerifyXMLSignatureResponseValidator.getInstance().validate(
+			verifyXMLSignatureResponse,
+			authConfig.getIdentityLinkX509SubjectNames(),
+			VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK,
+			oaParam);
+
+		
+		return false;
+		
+	}
+	
+	public static IVerifiyXMLSignatureResponse verifyAuthBlock(byte[] authblock, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException {
+		String trustProfileId = authConfig.getMoaSpAuthBlockTrustProfileID(oaParam.isUseAuthBlockTestTestStore());
+		List<String> verifyTransformsInfoProfileID = null;
+		
+		SignatureVerificationUtils sigVerify = new SignatureVerificationUtils();
+		IVerifiyXMLSignatureResponse sigVerifyResult = sigVerify.verify(authblock, trustProfileId , verifyTransformsInfoProfileID);
+						
+		// validates the <VerifyXMLSignatureResponse>
+		VerifyXMLSignatureResponseValidator.getInstance().validate(sigVerifyResult,
+					null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, oaParam);
+
+		return sigVerifyResult;
+				
+	}
+	
+	public static boolean checkIDLAgainstAuthblock(IVerifiyXMLSignatureResponse sigVerifyResult, IIdentityLink idl, byte[] authBlock) throws ValidateException {
+		
+		try {        
+			// compares the public keys from the identityLink with the AuthBlock
+			VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(sigVerifyResult, idl);
+
+			
+			// Compare AuthBlock Data with information stored in session, especially
+			// date and time
+			validateSigningDateTime(sigVerifyResult);
+			
+		} catch ( ValidateException e) {
+			Logger.error("Signature verification error. ", e);
+			throw e; 
+			
+		}
+		
+		
+		return false;
+		
+	}
+	
+	private static boolean validateSigningDateTime( IVerifiyXMLSignatureResponse sigVerifyResult) throws ValidateException {
+		Date signingDate = sigVerifyResult.getSigningDateTime();
+		
+		
+			  
+		return false;
+	  }
+	
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
index 698546a4f..90e19326e 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
@@ -128,11 +129,13 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				
 				
 				//TODO: validate results
+				IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink();
+				
 				
 				
 				//add into session
 				defaultTaskInitialization(request, executionContext);
-				moasession.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink());
+				moasession.setIdentityLink(idl);
 				moasession.setBkuURL(ccsURL);
 				//TODO: from AuthBlock
 				moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()));
-- 
cgit v1.2.3


From ecf9de84e76dde785ced8c1632c7909d1d57f94a Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 30 May 2018 14:36:39 +0200
Subject: add error handling and some more validation to SL2.0 module

---
 .../pvp2x/utils/AssertionAttributeExtractor.java   |   6 +
 .../moa/id/protocols/pvp2x/utils/SAML2Utils.java   |  21 ++
 .../metadata/SchemaValidationFilter.java           |  11 +-
 .../resources/properties/id_messages_de.properties |   3 +-
 .../protocol_response_statuscodes_de.properties    |   4 +
 .../moa/id/auth/modules/sl20_auth/Constants.java   |   4 +
 .../auth/modules/sl20_auth/SL20SignalServlet.java  |   7 +-
 .../exceptions/SL20eIDDataValidationException.java |  16 +
 .../modules/sl20_auth/sl20/JsonSecurityUtils.java  |   2 +-
 .../auth/modules/sl20_auth/sl20/SL20Constants.java |   2 +
 .../sl20_auth/sl20/SL20JSONExtractorUtils.java     |  61 +++-
 .../sl20/verifier/QualifiedeIDVerifier.java        |  99 +++++--
 .../sl20_auth/tasks/CreateQualeIDRequestTask.java  |  29 +-
 .../sl20_auth/tasks/ReceiveQualeIDTask.java        | 327 +++++++++++----------
 .../sl20_auth/tasks/VerifyQualifiedeIDTask.java    | 180 ++++++++++++
 .../src/main/resources/moaid_sl20_auth.beans.xml   |   4 +
 .../main/resources/sl20.Authentication.process.xml |  14 +-
 .../moa/id/monitoring/IdentityLinkTestModule.java  |   2 +-
 18 files changed, 575 insertions(+), 217 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20eIDDataValidationException.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index 05bb16d0d..5b1d952ff 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -196,6 +196,12 @@ public class AssertionAttributeExtractor {
 //	}
 	
 	
+	public String getAssertionID() {
+		return assertion.getID();
+		
+	}
+	
+	
 	public String getNameID() throws AssertionAttributeExtractorExeption {		
 		if (assertion.getSubject() != null) {
 			Subject subject = assertion.getSubject();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
index 28a85b4af..da4b54a5a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
@@ -31,9 +31,13 @@ import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.TransformerException;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.Validator;
 
 import org.opensaml.Configuration;
 import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
+import org.opensaml.common.xml.SAMLSchemaBuilder;
 import org.opensaml.saml2.core.Status;
 import org.opensaml.saml2.core.StatusCode;
 import org.opensaml.saml2.metadata.AssertionConsumerService;
@@ -47,6 +51,7 @@ import org.opensaml.xml.io.MarshallingException;
 import org.w3c.dom.Document;
 
 import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
 
 public class SAML2Utils {
 
@@ -142,4 +147,20 @@ public class SAML2Utils {
          
         return envelope;
     }
+    
+    public static void schemeValidation(XMLObject xmlObject) throws Exception {
+    	try {
+			Schema test = SAMLSchemaBuilder.getSAML11Schema();
+			Validator val = test.newValidator();
+			DOMSource source = new DOMSource(xmlObject.getDOM());		
+			val.validate(source);
+			Logger.debug("SAML2 Scheme validation successful");
+			return;
+		
+		} catch (Exception e) {
+			Logger.warn("SAML2 scheme validation FAILED.", e);
+			throw e;
+			
+		}
+    }
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
index 83a2b61d2..489d2fb4a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
@@ -22,11 +22,6 @@
  */
 package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
 
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.Validator;
-
-import org.opensaml.common.xml.SAMLSchemaBuilder;
 import org.opensaml.saml2.metadata.provider.MetadataFilter;
 import org.opensaml.xml.XMLObject;
 import org.xml.sax.SAXException;
@@ -34,6 +29,7 @@ import org.xml.sax.SAXException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -71,10 +67,7 @@ public class SchemaValidationFilter implements MetadataFilter {
 		
 		if (isActive) {
 			try {
-				Schema test = SAMLSchemaBuilder.getSAML11Schema();
-				Validator val = test.newValidator();
-				DOMSource source = new DOMSource(arg0.getDOM());		
-				val.validate(source);
+				SAML2Utils.schemeValidation(arg0);
 				Logger.info("Metadata Schema validation check done OK");
 				return;
 			
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 9cc4b0b5e..84fd93773 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -344,4 +344,5 @@ sl20.03=Fehlende Konfiguration im SL2.0 Modul. Msg: {0}
 sl20.04=Http request enth\u00e4lt keinen SL2.0 Transportcontainer.
 sl20.05=Fehler beim Validieren eines JWS oder JWE Tokens. Reason: {0}.
 sl20.06=Http transport-binding error. Reason: {0} 
-
+sl20.07=Fehler beim Validieren der eID information. Type: {0} Reason: {1}
+sl20.08=SL2.0 Teilnehmer antwortet mit einem Fehler. Code: {0} Reason: {1}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index 6de581cae..d77ea437b 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -258,6 +258,10 @@ sl20.01=14000
 sl20.02=14001
 sl20.03=14800
 sl20.04=14001
+sl20.05=xxxxx
+sl20.06=xxxxx
+sl20.07=xxxxx
+sl20.08=xxxxx
 
 ##Map MIS/BKU statuscodes to MOA-ID-Auth statuscodes
 mis.301=1005
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java
index 920187bfb..a3648220d 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java
@@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth;
 public class Constants {
 
 	public static final String HTTP_ENDPOINT_DATAURL = "/sl20/dataUrl";
+	public static final String HTTP_ENDPOINT_RESUME = "/sl20/resume";
 	
 	public static final String CONFIG_PROP_PREFIX = "modules.sl20";
 	public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT = CONFIG_PROP_PREFIX + ".vda.urls.qualeID.endpoint";
@@ -17,6 +18,9 @@ public class Constants {
 	public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST = CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + ".";
 	public static final String CONFIG_PROP_SP_LIST = CONFIG_PROP_PREFIX + ".sp.entityIds.";
 	
+	public static final String CONFIG_PROP_DISABLE_EID_VALIDATION = CONFIG_PROP_PREFIX + ".security.eID.validation.disable";
+	public static final String CONFIG_PROP_DISABLE_EID_ENCRYPTION = CONFIG_PROP_PREFIX + ".security.eID.encryption.enabled";
+	
 	public static final String PENDING_REQ_STORAGE_PREFIX = "SL20_AUTH_";
 	
 	/**
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
index 87d306822..4f8ef0a76 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
@@ -44,11 +44,14 @@ public class SL20SignalServlet extends AbstractProcessEngineSignalController {
 	public SL20SignalServlet() {
 		super();
 		Logger.debug("Registering servlet " + getClass().getName() + 
-				" with mappings '"+ Constants.HTTP_ENDPOINT_DATAURL + "'.");
+				" with mappings '"+ Constants.HTTP_ENDPOINT_DATAURL + 
+				" and " + Constants.HTTP_ENDPOINT_RESUME + 
+				"'.");
 		
 	}
 	
-	@RequestMapping(value = { Constants.HTTP_ENDPOINT_DATAURL 							  
+	@RequestMapping(value = { Constants.HTTP_ENDPOINT_DATAURL,
+							  Constants.HTTP_ENDPOINT_RESUME
 							}, 
 					method = {RequestMethod.POST, RequestMethod.GET})
 	public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20eIDDataValidationException.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20eIDDataValidationException.java
new file mode 100644
index 000000000..957ace0fb
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20eIDDataValidationException.java
@@ -0,0 +1,16 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions;
+
+public class SL20eIDDataValidationException extends SL20Exception {
+	private static final long serialVersionUID = 1L;
+
+	public SL20eIDDataValidationException(Object[] parameters) {
+		super("sl20.07", parameters);
+		
+	}
+	
+	public SL20eIDDataValidationException(Object[] parameters, Throwable e) {
+		super("sl20.07", parameters, e);
+		
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
index d00ef8a04..2563c7f7d 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
@@ -105,7 +105,7 @@ public class JsonSecurityUtils implements IJOSETools{
 					
 				}
 			}
-			
+
 			//some short validation
 			if (signPrivKey == null || !(signPrivKey instanceof PrivateKey)) {
 				Logger.info("Can NOT open privateKey for SL2.0 signing. KeyStore=" + getKeyStoreFilePath());
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java
index b855c3cac..33bb4fe36 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java
@@ -12,6 +12,8 @@ public class SL20Constants {
 	
 	//http binding parameters
 	public static final String PARAM_SL20_REQ_COMMAND_PARAM = "slcommand";
+	public static final String PARAM_SL20_REQ_COMMAND_PARAM_OLD = "sl2command";
+	
 	public static final String PARAM_SL20_REQ_ICP_RETURN_URL_PARAM = "slIPCReturnUrl";
 	public static final String PARAM_SL20_REQ_TRANSACTIONID = "slTransactionID";
 	
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
index e01945df0..6949b7a18 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
@@ -9,6 +9,7 @@ import java.util.Map;
 import java.util.Map.Entry;
 
 import org.apache.http.Header;
+import org.apache.http.HttpEntity;
 import org.apache.http.HttpResponse;
 import org.apache.http.client.utils.URIBuilder;
 import org.apache.log4j.Logger;
@@ -163,19 +164,23 @@ public class SL20JSONExtractorUtils {
 			return result;
 		
 		else if (encryptedResult != null && encryptedResult.isJsonPrimitive()) {
-			/*TODO:
-			 * 
-			 * Remove dummy code and test real decryption!!!!!
-			 * 
-			 */			
-
-			//return decrypter.decryptPayload(encryptedResult.getAsString());
+			try {
+				return decrypter.decryptPayload(encryptedResult.getAsString());
+				
+			} catch (Exception e) {
+				log.info("Can NOT decrypt SL20 result. Reason:" + e.getMessage());
+				if (!mustBeEncrypted) {
+					log.warn("Decrypted results are disabled by configuration. Parse result in plain if it is possible");
 
-			//dummy code
-			String[] signedPayload = encryptedResult.toString().split("\\.");
-			JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode(signedPayload[1])));
-			return payLoad;
-			
+					//dummy code
+					String[] signedPayload = encryptedResult.toString().split("\\.");
+					JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode(signedPayload[1])));
+					return payLoad;
+					
+				} else
+					throw e;	
+				
+			}
 			
 		} else
 			throw new SLCommandoParserException("Internal build error");
@@ -241,13 +246,21 @@ public class SL20JSONExtractorUtils {
 			
 			} else if (httpResp.getStatusLine().getStatusCode() == 200) {
 				if (!httpResp.getEntity().getContentType().getValue().equals("application/json;charset=UTF-8"))
-					throw new SLCommandoParserException("SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue());
-					
-				sl20Resp = new JsonParser().parse(new InputStreamReader(httpResp.getEntity().getContent())).getAsJsonObject();
+					throw new SLCommandoParserException("SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue());					
+				sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity());
 		
+			} else if ( (httpResp.getStatusLine().getStatusCode() == 500) || 
+					(httpResp.getStatusLine().getStatusCode() == 401) || 
+					(httpResp.getStatusLine().getStatusCode() == 400) ) {
+				log.info("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() 
+						+ ". Search for error message");				
+				sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity());
+				
+				
 			} else
 				throw new SLCommandoParserException("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode());
-				
+
+			log.info("Find JSON object in http response");
 			return sl20Resp;
 			
 		} catch (Exception e) {
@@ -256,6 +269,22 @@ public class SL20JSONExtractorUtils {
 		}		
 	}
 	
+	private static JsonObject parseSL20ResultFromResponse(HttpEntity resp) throws Exception {
+		if (resp != null && resp.getContent() != null) {			
+			JsonElement sl20Resp = new JsonParser().parse(new InputStreamReader(resp.getContent()));
+			if (sl20Resp != null && sl20Resp.isJsonObject()) {
+				return sl20Resp.getAsJsonObject();
+				
+			} else
+				throw new SLCommandoParserException("SL2.0 can NOT parse to a JSON object");
+			
+			
+		} else
+			throw new SLCommandoParserException("Can NOT find content in http response");
+ 					
+	}
+	
+	
 	private static JsonElement getAndCheck(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException {
 		JsonElement internal = input.get(keyID);
 		
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java
index 7d03a43ac..d07d7a78a 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java
@@ -1,24 +1,17 @@
 package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier;
 
 import java.io.IOException;
-import java.util.Calendar;
 import java.util.Date;
-import java.util.GregorianCalendar;
 import java.util.List;
 
-import javax.xml.bind.DatatypeConverter;
-import javax.xml.transform.TransformerException;
-
 import org.jaxen.SimpleNamespaceContext;
 import org.w3c.dom.Element;
 
 import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils;
-import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.auth.exception.ServiceException;
 import at.gv.egovernment.moa.id.auth.exception.ValidateException;
 import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20eIDDataValidationException;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
 import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
 import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
 import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureRequestBuilder;
@@ -27,13 +20,12 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.spss.api.impl.VerifyXMLSignatureRequestImpl;
+import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil;
+import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 
 
 public class QualifiedeIDVerifier {
@@ -57,7 +49,7 @@ public class QualifiedeIDVerifier {
 	    NS_CONTEXT.addNamespace(Constants.XADES_1_4_1_NS_PREFIX, Constants.XADES_1_4_1_NS_URI);
 	  }
 	
-	public static boolean verifyIdentityLink(IIdentityLink idl, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException {		
+	public static void verifyIdentityLink(IIdentityLink idl, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException {		
 		// validates the identity link
 		IdentityLinkValidator.getInstance().validate(idl);
 		
@@ -79,17 +71,15 @@ public class QualifiedeIDVerifier {
 			VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK,
 			oaParam);
 
-		
-		return false;
-		
+				
 	}
 	
-	public static IVerifiyXMLSignatureResponse verifyAuthBlock(byte[] authblock, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException {
+	public static IVerifiyXMLSignatureResponse verifyAuthBlock(String authBlockB64, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException, IOException {
 		String trustProfileId = authConfig.getMoaSpAuthBlockTrustProfileID(oaParam.isUseAuthBlockTestTestStore());
 		List<String> verifyTransformsInfoProfileID = null;
 		
 		SignatureVerificationUtils sigVerify = new SignatureVerificationUtils();
-		IVerifiyXMLSignatureResponse sigVerifyResult = sigVerify.verify(authblock, trustProfileId , verifyTransformsInfoProfileID);
+		IVerifiyXMLSignatureResponse sigVerifyResult = sigVerify.verify(Base64Utils.decode(authBlockB64, false), trustProfileId , verifyTransformsInfoProfileID);
 						
 		// validates the <VerifyXMLSignatureResponse>
 		VerifyXMLSignatureResponseValidator.getInstance().validate(sigVerifyResult,
@@ -99,20 +89,43 @@ public class QualifiedeIDVerifier {
 				
 	}
 	
-	public static boolean checkIDLAgainstAuthblock(IVerifiyXMLSignatureResponse sigVerifyResult, IIdentityLink idl, byte[] authBlock) throws ValidateException {
+	public static boolean checkConsistencyOfeIDData(String sl20ReqId, IIdentityLink idl, AssertionAttributeExtractor authBlockExtractor, IVerifiyXMLSignatureResponse sigVerifyResult) throws SL20eIDDataValidationException {
 		
 		try {        
 			// compares the public keys from the identityLink with the AuthBlock
 			VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(sigVerifyResult, idl);
 
+			//compare requestId from SL20 qualifiedeID command to ID from SAML2 assertion
+			String authBlockId = authBlockExtractor.getAssertionID();
+			if (MiscUtil.isEmpty(authBlockId)) {
+				Logger.info("AuthBlock containts no ID, but ID MUST be included");
+				throw new SL20eIDDataValidationException(new Object[] {
+						SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
+						"AuthBlock containts no ID, but ID MUST be included"
+				});
+			}
 			
+			if (!authBlockId.equals(sl20ReqId)) {
+				Logger.info("SL20 'requestId' does NOT match to AuthBlock Id."
+						+ " Expected : " + sl20ReqId
+						+ " Authblock: " + authBlockId);
+				throw new SL20eIDDataValidationException(new Object[] {
+						SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
+						"SL20 'requestId' does NOT match to AuthBlock Id."
+				});
+			}
+			
+						
 			// Compare AuthBlock Data with information stored in session, especially
 			// date and time
-			validateSigningDateTime(sigVerifyResult);
+			validateSigningDateTime(sigVerifyResult, authBlockExtractor);
 			
 		} catch ( ValidateException e) {
-			Logger.error("Signature verification error. ", e);
-			throw e; 
+			Logger.warn("Validation of eID information FAILED. ", e);
+			throw new SL20eIDDataValidationException(new Object[] {
+					SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL,
+					e.getMessage()
+			});
 			
 		}
 		
@@ -121,12 +134,46 @@ public class QualifiedeIDVerifier {
 		
 	}
 	
-	private static boolean validateSigningDateTime( IVerifiyXMLSignatureResponse sigVerifyResult) throws ValidateException {
+	private static void validateSigningDateTime( IVerifiyXMLSignatureResponse sigVerifyResult, AssertionAttributeExtractor authBlockExtractor) throws SL20eIDDataValidationException {
 		Date signingDate = sigVerifyResult.getSigningDateTime();
+		Date notBefore = authBlockExtractor.getAssertionNotBefore();
+		Date notOrNotAfter = authBlockExtractor.getAssertionNotOnOrAfter();
 		
+		if (signingDate == null) {
+			Logger.info("AuthBlock signature contains NO signing data");
+			throw new SL20eIDDataValidationException(new Object[] {
+					SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
+					"AuthBlock signature contains NO signing data"
+			});
+			
+		}
 		
-			  
-		return false;
+		Logger.debug("AuthBlock signing data: " + signingDate.toString());
+
+		if (notBefore == null || notOrNotAfter == null) {
+			Logger.info("AuthBlock contains NO 'notBefore' or 'notOrNotAfter' dates");
+			throw new SL20eIDDataValidationException(new Object[] {
+					SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
+					"AuthBlock contains NO 'notBefore' or 'notOrNotAfter' dates"
+			});
+			
+		}
+		
+		Logger.debug("AuthBlock valid period."
+				+ " NotBefore:" + notBefore.toString() 
+				+ " NotOrNotAfter:" + notOrNotAfter.toString());
+		
+		if (signingDate.after(notBefore) || signingDate.before(notOrNotAfter))
+			Logger.debug("Signing date validation successfull");
+		
+		else {
+			Logger.info("AuthBlock signing date does NOT match to AuthBlock constrains");
+			throw new SL20eIDDataValidationException(new Object[] {
+					SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
+					"AuthBlock signing date does NOT match to AuthBlock constrains"
+			});
+			
+		}		
 	  }
 	
 }
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
index d9ff9d93c..763454639 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
@@ -5,7 +5,6 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
-import java.util.UUID;
 
 import javax.net.ssl.SSLSocketFactory;
 import javax.servlet.http.HttpServletRequest;
@@ -30,6 +29,7 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.IJOSETools;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20HttpBindingUtils;
@@ -41,6 +41,7 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport;
 import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moaspss.logging.Logger;
@@ -91,7 +92,8 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 						qualifiedeIDParams, 
 						joseTools.getEncryptionCertificate());
 								
-				String qualeIDReqId = UUID.randomUUID().toString();
+				//String qualeIDReqId = UUID.randomUUID().toString();
+				String qualeIDReqId = SAML2Utils.getSecureIdentifier();
 				String signedQualeIDCommand = SL20JSONBuilderUtils.createSignedCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID, qualeIDCommandParams, joseTools);
 				JsonObject sl20Req = SL20JSONBuilderUtils.createGenericRequest(qualeIDReqId, null, null, signedQualeIDCommand);
 								
@@ -107,9 +109,16 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 				HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build());								
 				httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE);
 				List<NameValuePair> parameters = new ArrayList<NameValuePair>();;
-				parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, sl20Req.toString()));
+				
+				//correct one
+				//parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes())));
+				
+				//A-Trust current version
+				parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM_OLD, sl20Req.toString()));
 				httpReq.setEntity(new UrlEncodedFormEntity(parameters ));				
 				
+				
+				
 				//request VDA
 				HttpResponse httpResp = httpClient.execute(httpReq);
 								
@@ -147,10 +156,22 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 					//TODO: maybe add SL2ClientType Header from execution context
 					SL20HttpBindingUtils.writeIntoResponse(request, response, sl20Forward, redirectURL);
 													
+				} else if (respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString()
+						.equals(SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR)) { 
+					JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_RESULT, false);
+					if (result  == null)
+						result = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, false);
+					
+					String errorCode = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, true);
+					String errorMsg = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, true);
+					
+					Logger.info("Receive SL2.0 error. Code:" + errorCode + " Msg:" + errorMsg);
+					throw new SL20Exception("sl20.08", new Object[]{errorCode, errorMsg});
+					
 				} else {
 					//TODO: update to add error handling
 					Logger.warn("Received an unrecognized command: " + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString());
-				
+					throw new SLCommandoParserException("Received an unrecognized command: \" + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString()");
 				}
 				
 				
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
index 90e19326e..b7fe579a3 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -1,9 +1,8 @@
 package at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks;
 
-import java.io.ByteArrayInputStream;
+import java.io.IOException;
 import java.io.StringWriter;
 import java.security.cert.X509Certificate;
-import java.util.Calendar;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -13,7 +12,6 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.http.entity.ContentType;
-import org.jose4j.keys.X509Util;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
@@ -35,18 +33,12 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.IJOSETools;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils;
-import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.DateTimeUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moaspss.logging.Logger;
-import iaik.esi.sva.util.X509Utils;
-import iaik.utils.Util;
+
 
 @Component("ReceiveQualeIDTask")
 public class ReceiveQualeIDTask extends AbstractAuthServletTask {
@@ -57,173 +49,210 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
 			throws TaskExecutionException {
 		
-		Logger.debug("Receiving SL2.0 response process .... ");
 		try {
-			//get SL2.0 command or result from HTTP request
-			Map<String, String> reqParams = getParameters(request);
-			String sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM); 			
-			if (MiscUtil.isEmpty(sl20Result)) {
-				Logger.info("NO SL2.0 commando or result FOUND.");
-				throw new SL20Exception("sl20.04", null);
-				
-			}
-			
-			
-			//parse SL2.0 command/result into JSON
+			Logger.debug("Receiving SL2.0 response process .... ");
 			JsonObject sl20ReqObj = null;
 			try {
-				JsonParser jsonParser = new JsonParser();
-				JsonElement sl20Req = jsonParser.parse(sl20Result);
-				sl20ReqObj = sl20Req.getAsJsonObject();
+				//get SL2.0 command or result from HTTP request
+				Map<String, String> reqParams = getParameters(request);
+				String sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM); 			
+				if (MiscUtil.isEmpty(sl20Result)) {
+					Logger.info("NO SL2.0 commando or result FOUND.");
+					throw new SL20Exception("sl20.04", null);
+					
+				}
+							
+				//parse SL2.0 command/result into JSON			
+				try {
+					JsonParser jsonParser = new JsonParser();
+					JsonElement sl20Req = jsonParser.parse(sl20Result);
+					sl20ReqObj = sl20Req.getAsJsonObject();
+					
+				} catch (JsonSyntaxException e) {
+					Logger.warn("SL2.0 command or result is NOT valid JSON.", e);
+					Logger.debug("SL2.0 msg: " + sl20Result);
+					throw new SL20Exception("sl20.02", new Object[]{"SL2.0 command or result is NOT valid JSON."}, e);
+					
+				}
 				
-			} catch (JsonSyntaxException e) {
-				Logger.warn("SL2.0 command or result is NOT valid JSON.", e);
-				Logger.debug("SL2.0 msg: " + sl20Result);
-				throw new SL20Exception("sl20.02", new Object[]{"SL2.0 command or result is NOT valid JSON."}, e);
+				//validate reqId with inResponseTo 
+				String sl20ReqId = pendingReq.getGenericData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class);
+				String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true);
+				if (sl20ReqId == null || !sl20ReqId.equals(inRespTo)) {
+					Logger.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo);
+					throw new SL20SecurityException("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo);
+				}
 				
-			}
-			
-			//validate reqId with inResponseTo 
-			String sl20ReqId = pendingReq.getGenericData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class);
-			String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true);
-			if (sl20ReqId == null || !sl20ReqId.equals(inRespTo)) {
-				Logger.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo);
-				throw new SL20SecurityException("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo);
-			}
-			
-			
-			//validate signature
-			VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20ReqObj, joseTools, true);
-			if (payLoadContainer.isValidSigned() == null || 
-					!payLoadContainer.isValidSigned()) {
-				Logger.info("SL20 result from VDA was not valid signed");
-				throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."});
 				
-			}
-			
-			//TODO validate certificate
-			List<X509Certificate> sigCertChain = payLoadContainer.getCertChain();
-			
-			
-			//extract payloaf
-			JsonObject payLoad = payLoadContainer.getPayload();
-			
-			//check response type
-			if (SL20JSONExtractorUtils.getStringValue(
-					payLoad, SL20Constants.SL20_COMMAND_CONTAINER_NAME, true)
-						.equals(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID)) {
-				Logger.debug("Find " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result .... ");
-								
-				//TODO: activate decryption in 'SL20JSONExtractorUtils.extractSL20Result'
-				JsonElement qualeIDResult = SL20JSONExtractorUtils.extractSL20Result(payLoad, joseTools, false);
-								
-				//extract attributes from result
-				String idlB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), 
-										SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, true);
-				String authBlockB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), 
-						SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, true);
-				String ccsURL = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), 
-						SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, true);
-				String LoA = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), 
-						SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, true);
+				//validate signature
+				VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20ReqObj, joseTools, true);
+				if (payLoadContainer.isValidSigned() == null || 
+						!payLoadContainer.isValidSigned()) {
+					Logger.info("SL20 result from VDA was not valid signed");
+					throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."});
+					
+				}
 				
+				/*TODO validate certificate by using MOA-SPSS
+				* currently, the certificate is validated in IJOSETools by using a pkcs12 or jks keystore
+				*/
+				List<X509Certificate> sigCertChain = payLoadContainer.getCertChain();
 				
-				//TODO: validate results
-				IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink();
 				
+				//extract payloaf
+				JsonObject payLoad = payLoadContainer.getPayload();
 				
+				//check response type
+				if (SL20JSONExtractorUtils.getStringValue(
+						payLoad, SL20Constants.SL20_COMMAND_CONTAINER_NAME, true)
+							.equals(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID)) {
+					Logger.debug("Find " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result .... ");
+									
+					JsonElement qualeIDResult = SL20JSONExtractorUtils.extractSL20Result(
+							payLoad, joseTools, 
+							authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_ENCRYPTION, true));
+					
+					//extract attributes from result
+					String idlB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), 
+											SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, true);
+					String authBlockB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), 
+							SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, true);
+					String ccsURL = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), 
+							SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, true);
+					String LoA = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), 
+							SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, true);
+					
+					//cache qualified eID data into pending request
+					pendingReq.setGenericDataToSession(
+							Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, 
+							idlB64);
+					pendingReq.setGenericDataToSession(
+							Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, 
+							authBlockB64);
+					pendingReq.setGenericDataToSession(
+							Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, 
+							ccsURL);
+					pendingReq.setGenericDataToSession(
+							Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, 
+							LoA);
+																										
+				} else {
+					Logger.info("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result");
+					throw new SLCommandoParserException("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result");
+				}
 				
-				//add into session
-				defaultTaskInitialization(request, executionContext);
-				moasession.setIdentityLink(idl);
-				moasession.setBkuURL(ccsURL);
-				//TODO: from AuthBlock
-				moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()));
-				moasession.setQAALevel(LoA);
 				
-				//mark as authenticated
-				moasession.setAuthenticated(true);
-				pendingReq.setAuthenticated(true);
-								
-				//store pending request
-				requestStoreage.storePendingRequest(pendingReq);
-								
-				//create response 
-				Map<String, String> reqParameters = new HashMap<String, String>();
-				reqParameters.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID());
-				JsonObject callReqParams = SL20JSONBuilderUtils.createCallCommandParameters(
-						new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT, null), 
-						SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, 
-						false, 
-						reqParameters);
-				JsonObject callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams);
+			} catch (MOAIDException  e) {
+				Logger.warn("SL2.0 processing error:", e);
+				pendingReq.setGenericDataToSession(
+						Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, 
+						new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e));
 				
-				//build first redirect command for app
-				JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters("", callCommand, null, true);
-				JsonObject redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams);
-								
-				//build second redirect command for IDP
-				JsonObject redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters(
-						new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT, null), 
-						redirectOneCommand, null, true);
-				JsonObject redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams);
+			} catch (Exception e) {
+				Logger.warn("ERROR:", e);
+				Logger.warn("SL2.0 Authentication FAILED with a generic error.", e);
+				pendingReq.setGenericDataToSession(
+						Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, 
+						new TaskExecutionException(pendingReq, e.getMessage(), e));
 				
-				//build generic SL2.0 response container								
-				String transactionId = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, false);
-				JsonObject respContainer = SL20JSONBuilderUtils.createGenericRequest(
-						UUID.randomUUID().toString(), 
-						transactionId, 
-						redirectTwoCommand, 
-						null); 
+			} finally {
+					//store pending request
+					requestStoreage.storePendingRequest(pendingReq);
 				
-				if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && 
-						request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) {					
-					Logger.debug("Client request containts 'native client' header ... ");												
-					StringWriter writer = new StringWriter();
-					writer.write(respContainer.toString());						
-					final byte[] content = writer.toString().getBytes("UTF-8");
-					response.setStatus(HttpServletResponse.SC_OK);
-					response.setContentLength(content.length);
-					response.setContentType(ContentType.APPLICATION_JSON.toString());						
-					response.getOutputStream().write(content);
+					//write SL2.0 response
+					if (sl20ReqObj != null)				
+						buildResponse(request, response, sl20ReqObj);
+					else 
+						buildErrorResponse(request, response, "2000", "General transport Binding error");					
 					
-					
-				} else {
-					Logger.info("SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'");
-					throw new SL20Exception("sl20.06", 
-							new Object[] {"SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"});
-					
-				}
-												
-			} else {
-				Logger.info("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result");
-				throw new SLCommandoParserException("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result");
 			}
-			
-			
-		} catch (MOAIDException  e) {
-			Logger.warn("ERROR:", e);
-			throw new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e);
-			
+		
 		} catch (Exception e) {
-			Logger.warn("ERROR:", e);
-			Logger.warn("SL2.0 Authentication FAILED with a generic error.", e);
-			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			//write internal server errror 500 according to SL2.0 specification, chapter https transport binding
+			Logger.warn("Can NOT build SL2.0 response. Reason: " + e.getMessage(), e);
+			try {
+				response.sendError(500, "Internal Server Error.");
+				
+			} catch (IOException e1) {
+				Logger.error("Can NOT send error message. SOMETHING IS REALY WRONG!", e);
+				
+			}	
 			
-		} finally {				
+		} finally {
 			TransactionIDUtils.removeTransactionId();
 			TransactionIDUtils.removeSessionId();
 			
 		}
 	}
 
-	
-	private JsonObject createRedirectCommand() {
-		
+	private void buildErrorResponse(HttpServletRequest request, HttpServletResponse response, String errorCode, String errorMsg) throws Exception {				
+		JsonObject error = SL20JSONBuilderUtils.createErrorCommandResult(errorCode, errorMsg);
+		JsonObject respContainer = SL20JSONBuilderUtils.createGenericRequest(
+				UUID.randomUUID().toString(), 
+				null, 
+				error , 
+				null);
+			
+		Logger.debug("Client request containts 'native client' header ... ");												
+		StringWriter writer = new StringWriter();
+		writer.write(respContainer.toString());						
+		final byte[] content = writer.toString().getBytes("UTF-8");
+		response.setStatus(HttpServletResponse.SC_OK);
+		response.setContentLength(content.length);
+		response.setContentType(ContentType.APPLICATION_JSON.toString());						
+		response.getOutputStream().write(content);
+				
+	}
+
+	private void buildResponse(HttpServletRequest request, HttpServletResponse response, JsonObject sl20ReqObj) throws IOException, SL20Exception {		
+		//create response 
+		Map<String, String> reqParameters = new HashMap<String, String>();
+		reqParameters.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID());
+		JsonObject callReqParams = SL20JSONBuilderUtils.createCallCommandParameters(
+				new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null), 
+				SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, 
+				false, 
+				reqParameters);
+		JsonObject callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams);
 		
-		return null;
+		//build first redirect command for app
+		JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters("", callCommand, null, true);
+		JsonObject redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams);
+						
+		//build second redirect command for IDP
+		JsonObject redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters(
+				new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null), 
+				redirectOneCommand, null, true);
+		JsonObject redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams);
 		
+		//build generic SL2.0 response container								
+		String transactionId = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, false);
+		JsonObject respContainer = SL20JSONBuilderUtils.createGenericRequest(
+				UUID.randomUUID().toString(), 
+				transactionId, 
+				redirectTwoCommand, 
+				null); 
 		
+		if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && 
+				request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) {					
+			Logger.debug("Client request containts 'native client' header ... ");												
+			StringWriter writer = new StringWriter();
+			writer.write(respContainer.toString());						
+			final byte[] content = writer.toString().getBytes("UTF-8");
+			response.setStatus(HttpServletResponse.SC_OK);
+			response.setContentLength(content.length);
+			response.setContentType(ContentType.APPLICATION_JSON.toString());						
+			response.getOutputStream().write(content);
+			
+			
+		} else {
+			Logger.info("SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'");
+			throw new SL20Exception("sl20.06", 
+					new Object[] {"SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"});
+			
+		}
 	}
+
+	
 	
 }
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
new file mode 100644
index 000000000..b5c84d315
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
@@ -0,0 +1,180 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks;
+
+import java.io.ByteArrayInputStream;
+import java.util.Calendar;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.Configuration;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.springframework.stereotype.Component;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20eIDDataValidationException;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier.QualifiedeIDVerifier;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+import at.gv.egovernment.moaspss.logging.Logger;
+
+
+@Component("VerifyQualifiedeIDTask")
+public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
+	
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+		
+		Logger.debug("Verify qualified eID data from SL20 response .... ");
+		try {
+			//check if there was an error 
+			TaskExecutionException sl20Error = pendingReq.getGenericData(
+					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR,
+					TaskExecutionException.class);			
+			if (sl20Error != null) {
+				Logger.info("Found SL2.0 error after redirect ... ");
+				throw sl20Error;
+				
+			}
+			
+			//get data from pending request
+			String sl20ReqId = pendingReq.getGenericData(
+					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, 
+					String.class);
+			String idlB64 =  pendingReq.getGenericData(
+					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL,
+					String.class);
+			String authBlockB64 = pendingReq.getGenericData(
+					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, 
+					String.class);
+			String ccsURL = pendingReq.getGenericData(
+					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, 
+					String.class);
+			String LoA = pendingReq.getGenericData(
+					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, 
+					String.class);
+							
+			//parse eID data
+			IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink();
+			IVerifiyXMLSignatureResponse authBlockVerificationResult = null;
+			try {				
+				Assertion authBlock = parseAuthBlockToSaml2Assertion(authBlockB64);
+				AssertionAttributeExtractor authBlockExtractor = new AssertionAttributeExtractor(authBlock);
+
+			
+				//validate eID data			
+				QualifiedeIDVerifier.verifyIdentityLink(idl, pendingReq.getOnlineApplicationConfiguration(), authConfig);
+				authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock(
+							authBlockB64, pendingReq.getOnlineApplicationConfiguration(), authConfig);
+				QualifiedeIDVerifier.checkConsistencyOfeIDData(sl20ReqId, idl, authBlockExtractor, authBlockVerificationResult);
+			
+				//TODO: add LoA verification
+				
+			} catch (SL20eIDDataValidationException e) {
+				if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_VALIDATION, false)) {
+					Logger.warn("SL20 eID data validation IS DISABLED!!");
+					Logger.warn("SL20 eID data IS NOT VALID!!! Reason: " + e.getMessage(), e);
+					
+				} else
+					throw e;
+				
+			}
+							
+			//add into session
+			defaultTaskInitialization(request, executionContext);
+			moasession.setIdentityLink(idl);
+			moasession.setBkuURL(ccsURL);
+			//TODO: from AuthBlock
+			if (authBlockVerificationResult != null)
+				moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(authBlockVerificationResult.getSigningDateTime()));
+			else
+				moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()));
+			
+			moasession.setQAALevel(LoA);
+
+			//store pending request
+			requestStoreage.storePendingRequest(pendingReq);
+						
+		} catch (MOAIDException  e) {
+			Logger.warn("ERROR:", e);
+			throw new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e);
+			
+		} catch (Exception e) {
+			Logger.warn("ERROR:", e);
+			Logger.warn("SL2.0 Authentication FAILED with a generic error.", e);
+			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			
+		} finally {				
+			TransactionIDUtils.removeTransactionId();
+			TransactionIDUtils.removeSessionId();
+			
+		}
+	}
+
+	private Assertion parseAuthBlockToSaml2Assertion(String authblockB64) throws SL20eIDDataValidationException {
+		try {
+			//parse authBlock into SAML2 Assertion
+			byte[] authBlockBytes = Base64Utils.decode(authblockB64, false);			
+			Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authBlockBytes));
+			UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
+			Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDOM);			 
+			XMLObject samlAssertion = unmarshaller.unmarshall(authBlockDOM);
+			
+			//validate SAML2 Assertion
+			SAML2Utils.schemeValidation(samlAssertion);
+			
+			if (samlAssertion instanceof Assertion)			
+				return (Assertion) samlAssertion;			
+			else 
+				throw new SL20eIDDataValidationException(
+						new Object[] {
+							SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
+							"AuthBlock is NOT of type SAML2 Assertion"
+						});
+				
+		} catch (SL20eIDDataValidationException e) {
+			throw e;
+				
+		} catch (SAXException e) {
+			Logger.info("Scheme validation of SAML2 AuthBlock FAILED. Reason: " + e.getMessage());
+			throw new SL20eIDDataValidationException(
+					new Object[] {
+						SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
+						e.getMessage()
+					}, 
+					e);
+			
+		} catch (Exception e) {
+			Logger.info("Can not parse AuthBlock. Reason: " + e.getMessage());
+			Logger.trace("FullAuthBlock: " + authblockB64);
+			throw new SL20eIDDataValidationException(
+					new Object[] {
+						SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
+						e.getMessage()
+					}, 
+					e);
+		
+		}
+						
+	}
+
+	
+	
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml
index 37551b3f5..a9c9bac8e 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml
@@ -29,5 +29,9 @@
 	<bean id="ReceiveQualeIDResponseTask" 
 				class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks.ReceiveQualeIDTask"
 				scope="prototype"/>
+				
+	<bean id="VerifyQualifiedeIDTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks.VerifyQualifiedeIDTask"
+				scope="prototype"/>				
 																						
 </beans>
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml
index bcd74f84c..4975dc2d7 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml
@@ -3,17 +3,15 @@
 
 	<pd:Task id="createQualifiedeIDRequest" class="CreateQualeIDRequestTask" />
 	<pd:Task id="receiveQualifiedeID" class="ReceiveQualeIDResponseTask"  async="true"/>
-	
-	<!-- <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> -->
+	<pd:Task id="verifyQualifiedeIDTask" class="VerifyQualifiedeIDTask" async="true"/>	
+	<pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" />
 
 	<pd:StartEvent id="start" />
 	<pd:Transition from="start" to="createQualifiedeIDRequest" />	
-	<pd:Transition from="createQualifiedeIDRequest" to="receiveQualifiedeID" />
-	<pd:Transition from="receiveQualifiedeID" to="end" />
-
-	<!-- It's only required if we can not use the finalize redirect on SL20 redirect command -->
-	<!-- <pd:Transition from="receiveQualifiedeID" to="finalizeAuthentication" />		
-	<pd:Transition from="finalizeAuthentication"    to="end" />	 -->
+	<pd:Transition from="createQualifiedeIDRequest" to="receiveQualifiedeID" />	
+	<pd:Transition from="receiveQualifiedeID" to="verifyQualifiedeIDTask" />
+	<pd:Transition from="verifyQualifiedeIDTask" to="finalizeAuthentication" />			
+	<pd:Transition from="finalizeAuthentication"    to="end" />
 	
 	<pd:EndEvent id="end" />
 
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
index a56be1f46..fa4a50992 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
@@ -28,12 +28,12 @@ import java.util.List;
 
 import org.w3c.dom.Element;
 
-import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
 import at.gv.egovernment.moa.id.auth.exception.ValidateException;
 import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
 import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
+import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureRequestBuilder;
 import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
-- 
cgit v1.2.3


From 709197ce12c5502f86e16da1167b97ca318f47fa Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 5 Jun 2018 10:44:40 +0200
Subject: implement user restriction based on whitelisting

---
 id/server/doc/handbook/protocol/protocol.html      |  4 +
 .../internal/tasks/UserRestrictionTask.java        | 85 ++++++++++++++++++++++
 .../id/config/auth/data/UserWhitelistStore.java    | 73 +++++++++++++++++++
 .../main/resources/moaid.authentication.beans.xml  |  9 ++-
 .../resources/properties/id_messages_de.properties |  2 +
 .../protocol_response_statuscodes_de.properties    |  2 +
 .../internal/DefaultAuthentication.process.xml     | 11 ++-
 .../DefaultAuth_with_ELGA_mandates.process.xml     | 13 ++--
 .../main/resources/sl20.Authentication.process.xml |  8 +-
 9 files changed, 195 insertions(+), 12 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html
index 7d3f8d627..8f6ed735c 100644
--- a/id/server/doc/handbook/protocol/protocol.html
+++ b/id/server/doc/handbook/protocol/protocol.html
@@ -621,6 +621,10 @@ Redirect Binding</td>
     <td>1110</td>
     <td>Ung&uuml;ltige Single Sign-On Session</td>
   </tr>
+  <tr>
+    <td>1111</td>
+    <td>Der Anmeldevorgang wurde automatisiert abgebrochten da dem Benutzer die n&ouml;tigen Zugriffsrechte f&uuml;r diese Online Applikation fehlen.</td>
+  </tr>
 </table>
 <h5><a name="statuscodes_12xxx" id="allgemeines_zugangspunkte13"></a>1.3.1.3 STORK (12xxx)</h5>
 <table class="configtable">
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
new file mode 100644
index 000000000..4853a5ab6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
@@ -0,0 +1,85 @@
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
+import at.gv.egovernment.moa.id.config.auth.data.UserWhitelistStore;
+import at.gv.egovernment.moa.id.data.Pair;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class UserRestrictionTask extends AbstractAuthServletTask {
+		
+	public static final String CONFIG_PROPS_SP_LIST = "configuration.restrictions.sp.entityIds";
+	public static final String CONFIG_PROPS_CSV_USER_FILE = "configuration.restrictions.sp.users.url";
+	public static final String CONFIG_PROPS_CSV_USER_SECTOR = "configuration.restrictions.sp.users.sector";
+	
+	@Autowired(required=true) UserWhitelistStore whitelist;
+	
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+		try {			
+			String spEntityId = pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix();			
+			List<String> restrictedSPs = KeyValueUtils.getListOfCSVValues(authConfig.getBasicMOAIDConfiguration(CONFIG_PROPS_SP_LIST));						
+			if (restrictedSPs.contains(spEntityId)) {
+				Logger.debug("SP:" + spEntityId + " has a user restrication. Check users bPK ... ");				
+				defaultTaskInitialization(request, executionContext);;
+				
+				//check if user idl is already loaded
+				if (moasession.getIdentityLink() == null) {
+					Logger.warn("PendingRequest contains NO IdentityLink. User restrictation NOT possible!");
+					throw new MOAIDException("process.03", null);
+					
+				}
+				
+				//calculate whitelist bPK for current user
+				String bpkTarget = authConfig.getBasicMOAIDConfiguration(CONFIG_PROPS_CSV_USER_SECTOR);
+				if (MiscUtil.isEmpty(bpkTarget)) {
+					Logger.info("NO bPK sector for user whitelist in configuration");
+					throw new MOAIDException("config.05", new Object[] {CONFIG_PROPS_CSV_USER_SECTOR});
+					
+				}
+				
+				Pair<String, String> pseudonym = new BPKBuilder().generateAreaSpecificPersonIdentifier(
+						moasession.getIdentityLink().getIdentificationValue(), 
+						moasession.getIdentityLink().getIdentificationType(), 
+						bpkTarget);
+				
+				
+				//check if user's bPK is whitelisted 
+				if (!whitelist.isUserbPKInWhitelist(pseudonym.getFirst())) {
+					Logger.info("User's bPK is not whitelisted. Authentication process stops ...");
+					Logger.trace("User's bPK: " + pseudonym.getFirst());
+					throw new MOAIDException("auth.35", null);
+					
+				}
+				
+				Logger.debug("User was found in whitelist. Continue authentication process ... ");
+				
+			} else
+				Logger.trace("SP: " + spEntityId + " has no user restrication.");
+			
+			
+		} catch (MOAIDException e) {
+			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			
+		} catch (Exception e) {
+			Logger.warn("RestartAuthProzessManagement has an internal error", e);
+			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			
+		}		
+
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
new file mode 100644
index 000000000..a300739b3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
@@ -0,0 +1,73 @@
+package at.gv.egovernment.moa.id.config.auth.data;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.net.URISyntaxException;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.annotation.PostConstruct;
+
+import org.apache.commons.io.IOUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moaspss.logging.Logger;
+
+@Service("UserWhiteList_Store")
+public class UserWhitelistStore {
+
+	@Autowired(required=true) AuthConfiguration authConfig;
+	
+	private List<String> whitelist = new ArrayList<String>();
+	
+	@PostConstruct
+	private void initialize() {
+		String whiteListUrl = authConfig.getBasicMOAIDConfiguration(UserRestrictionTask.CONFIG_PROPS_CSV_USER_FILE);
+		if (MiscUtil.isEmpty(whiteListUrl)) 
+			Logger.debug("Do not initialize user whitelist. Reason: No configuration path to CSV file.");
+		
+		else {
+			String absWhiteListUrl = FileUtils.makeAbsoluteURL(whiteListUrl, authConfig.getRootConfigFileDir());
+			try {			
+				InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI()));
+				String whiteListString = IOUtils.toString(new InputStreamReader(is));
+				whitelist = KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(whiteListString));
+				Logger.info("User whitelist is initialized with " + whitelist.size() + " entries.");
+				 
+			} catch (FileNotFoundException e) {
+				Logger.warn("Do not initialize user whitelist. Reason: CSV file with bPKs NOT found", e);
+
+			} catch (IOException e) {
+				Logger.warn("Do not initialize user whitelist. Reason: CSV file is NOT readable", e);
+				
+			} catch (URISyntaxException e) {
+				Logger.warn("Do not initialize user whitelist. Reason: CSV file looks wrong", e);
+				
+			}
+			
+		}
+		
+	}
+	
+	/**
+	 * Check if bPK is in whitelist
+	 * 
+	 * @param bPK
+	 * @return true if bPK is in whitelist, otherwise false
+	 */
+	public boolean isUserbPKInWhitelist(String bPK) {		
+		return whitelist.contains(bPK);
+		
+	}
+}
diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
index ba8c47304..dc3022ab4 100644
--- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
+++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
@@ -42,6 +42,9 @@
 	<bean id="MOAID_SSOManager" 
 				class="at.gv.egovernment.moa.id.moduls.SSOManager"/>
 
+	<bean id="UserWhiteList_Store" 
+				class="at.gv.egovernment.moa.id.config.auth.data.UserWhitelistStore"/>
+
 	
 
 	<bean id="AuthenticationSessionStoreage" 
@@ -91,7 +94,11 @@
 				
 	<bean id="EvaluateSSOConsentsTaskImpl" 
 				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.EvaluateSSOConsentsTaskImpl"
-				scope="prototype"/>		
+				scope="prototype"/>
+				
+	<bean id="UserRestrictionTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask"
+				scope="prototype"/>			
 				
 	<beans profile="advancedLogOn">
 		<bean id="StatisticLogger" 
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 84fd93773..799b32025 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -52,6 +52,7 @@ auth.31=Federated authentication FAILED. No information for AttributeQuery, mayb
 auth.32=Federated authentication FAILED. No configuration for IDP {0}
 auth.33=Federated authentication FAILED. Configuration of IDP {0} does not allow inbound messages. 
 auth.34=Federated authentication FAILED. Configuration of IDP {0} is marked as BusinessService-IDP, but Public-Service attributes are requested.
+auth.35=Der Anmeldevorgang wurde automatisiert abgebrochen, da der Benutzer nicht f�r dieses Onlineapplikation berechtigt ist. 
 
 init.00=MOA-ID-Auth wurde erfolgreich gestartet
 init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar
@@ -336,6 +337,7 @@ slo.02=Es wurde keine aktive SSO Session gefunden oder Sie sind bei keiner Onlin
 process.01=Fehler beim Ausf\u00FChren des Prozesses.
 process.02=Fehler beim Erstellen eines geeigneten Prozesses f\u00FCr die SessionID {0}.
 process.03=Fehler beim Weiterf\u00FChren es Prozesses. Msg:{0}
+process.03=Fehler beim Ausf\u00FChren des Prozesses. Interner state ung\u00FCltig.
 
 sl20.00=Allgemeiner Fehler w\u00e4hrend SL2.0 Authentifizierung. Msg: {0}
 sl20.01=Fehler beim Generieren des SL2.0 Kommandos. Msg: {0}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index d77ea437b..dae88889f 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -32,6 +32,7 @@ auth.31=4400
 auth.32=4401
 auth.33=4401
 auth.34=4401
+auth.35=1111
 
 init.00=9199
 init.01=9199
@@ -103,6 +104,7 @@ service.10=4500
 process.01=9104
 process.02=9104
 process.03=9105
+process.03=9104
  
 sp.pvp2.00=4501
 sp.pvp2.01=4501
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
index 74792ed72..48c7b6a07 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
@@ -15,7 +15,8 @@
 	<pd:Task id="prepareAuthBlockSignature" class="PrepareAuthBlockSignatureTask" />
 	<pd:Task id="prepareGetMISMandate" 			class="PrepareGetMISMandateTask" />
 	<pd:Task id="finalizeAuthentication" 		class="FinalizeAuthenticationTask" />
-	<pd:Task id="getForeignID"              class="GetForeignIDTask"              async="true" />
+	<pd:Task id="getForeignID"              class="GetForeignIDTask"              async="true" />	
+	<pd:Task id="userRestrictionTask" class="UserRestrictionTask" />
 
 	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
 	<pd:StartEvent id="start" />
@@ -39,13 +40,15 @@
 	<pd:Transition from="verifyCertificate"         to="getForeignID" />
 	
 	<pd:Transition from="verifyAuthBlock"           to="prepareGetMISMandate" conditionExpression="ctx['useMandate']" />
-	<pd:Transition from="verifyAuthBlock"           to="finalizeAuthentication" />
+	<pd:Transition from="verifyAuthBlock"           to="userRestrictionTask" />
 	
 	<pd:Transition from="prepareGetMISMandate"      to="getMISMandate" />
 		
-	<pd:Transition from="getMISMandate"           	to="finalizeAuthentication" />
-	<pd:Transition from="getForeignID"              to="finalizeAuthentication" />
+	<pd:Transition from="getMISMandate"           	to="userRestrictionTask" />
+	<pd:Transition from="getForeignID"              to="userRestrictionTask" />
 	
+	
+	<pd:Transition from="userRestrictionTask"           to="finalizeAuthentication" />
 	<pd:Transition from="finalizeAuthentication"    to="end" />
 		
 	<pd:EndEvent id="end" />
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
index d41e8a017..60fd120d0 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
@@ -17,6 +17,8 @@
 	<pd:Task id="finalizeAuthentication" 		class="FinalizeAuthenticationTask" />
 	<pd:Task id="getForeignID"              class="GetForeignIDTask"              async="true" />
 	
+	<pd:Task id="userRestrictionTask" class="UserRestrictionTask" />
+	
 	<!-- ELGA Mandate-Service Tasks -->
 	<pd:Task id="redirectToMandateSelectionTask"    class="RedirectToMandateSelectionTask" />
 	<pd:Task id="selectMandateServiceTask"    			class="SelectMandateServiceTask" async="true"/>
@@ -47,7 +49,7 @@
 	<pd:Transition from="verifyCertificate"         to="getForeignID" />
 	
 	<pd:Transition from="verifyAuthBlock"           to="redirectToMandateSelectionTask" conditionExpression="ctx['useMandate']" />
-	<pd:Transition from="verifyAuthBlock"           to="finalizeAuthentication" />
+	<pd:Transition from="verifyAuthBlock"           to="userRestrictionTask" />
 	
 	<pd:Transition from="redirectToMandateSelectionTask"   to="prepareGetMISMandate" conditionExpression="ctx['useMISMandate']" />	
 	<pd:Transition from="redirectToMandateSelectionTask"   to="selectMandateServiceTask" />		
@@ -60,13 +62,14 @@
 
 			
 	<pd:Transition from="requestELGAMandateTask"      		to="receiveElgaMandateResponseTask" />
-	<pd:Transition from="receiveElgaMandateResponseTask"  to="finalizeAuthentication" />
+	<pd:Transition from="receiveElgaMandateResponseTask"  to="userRestrictionTask" />
 	
 	<pd:Transition from="prepareGetMISMandate"      to="getMISMandate" />	
-	<pd:Transition from="getMISMandate"           	to="finalizeAuthentication" />
-	
-	<pd:Transition from="getForeignID"              to="finalizeAuthentication" />
+	<pd:Transition from="getMISMandate"           	to="userRestrictionTask" />
 	
+	<pd:Transition from="getForeignID"              to="userRestrictionTask" />
+		
+	<pd:Transition from="userRestrictionTask"       to="finalizeAuthentication" />
 	<pd:Transition from="finalizeAuthentication"    to="end" />
 		
 	<pd:EndEvent id="end" />
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml
index 4975dc2d7..673144b06 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml
@@ -3,16 +3,20 @@
 
 	<pd:Task id="createQualifiedeIDRequest" class="CreateQualeIDRequestTask" />
 	<pd:Task id="receiveQualifiedeID" class="ReceiveQualeIDResponseTask"  async="true"/>
-	<pd:Task id="verifyQualifiedeIDTask" class="VerifyQualifiedeIDTask" async="true"/>	
+	<pd:Task id="verifyQualifiedeIDTask" class="VerifyQualifiedeIDTask" async="true"/>
+	<pd:Task id="userRestrictionTask" class="UserRestrictionTask" />	
 	<pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" />
 
 	<pd:StartEvent id="start" />
 	<pd:Transition from="start" to="createQualifiedeIDRequest" />	
 	<pd:Transition from="createQualifiedeIDRequest" to="receiveQualifiedeID" />	
 	<pd:Transition from="receiveQualifiedeID" to="verifyQualifiedeIDTask" />
-	<pd:Transition from="verifyQualifiedeIDTask" to="finalizeAuthentication" />			
+	<pd:Transition from="verifyQualifiedeIDTask" to="userRestrictionTask" />			
+	<pd:Transition from="userRestrictionTask" to="finalizeAuthentication" />
 	<pd:Transition from="finalizeAuthentication"    to="end" />
 	
+	
+	
 	<pd:EndEvent id="end" />
 
 </pd:ProcessDefinition>
-- 
cgit v1.2.3


From 84a55fe8bec3924102bd2217f7e39e7a698f2829 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 5 Jun 2018 10:46:09 +0200
Subject: update moa-sig to 3.1.2 to get signing time in XML signature
 verification result

---
 id/moa-spss-container/pom.xml                      |   6 +-
 .../auth/invoke/SignatureVerificationInvoker.java  |  77 ++++++++++-----------
 .../parser/VerifyXMLSignatureResponseParser.java   |  20 ++++--
 repository/MOA/spss/common/3.1.2/common-3.1.2.jar  | Bin 0 -> 205464 bytes
 .../server/moa-sig-lib/3.1.2/moa-sig-lib-3.1.2.jar | Bin 0 -> 362340 bytes
 .../MOA/spss/tsl_lib/2.0.1/tsl_lib-2.0.1.jar       | Bin 0 -> 803996 bytes
 6 files changed, 55 insertions(+), 48 deletions(-)
 create mode 100644 repository/MOA/spss/common/3.1.2/common-3.1.2.jar
 create mode 100644 repository/MOA/spss/server/moa-sig-lib/3.1.2/moa-sig-lib-3.1.2.jar
 create mode 100644 repository/MOA/spss/tsl_lib/2.0.1/tsl_lib-2.0.1.jar

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml
index d66a09621..84c3b2f29 100644
--- a/id/moa-spss-container/pom.xml
+++ b/id/moa-spss-container/pom.xml
@@ -47,7 +47,7 @@
 		<dependency>
 			<groupId>MOA.spss.server</groupId>
 			<artifactId>moa-sig-lib</artifactId>
-			<version>3.1.1</version>
+			<version>3.1.2</version>
 			<exclusions>
 				<exclusion> 
 					<groupId>commons-logging</groupId>
@@ -65,12 +65,12 @@
 		<dependency>
 			<groupId>MOA.spss</groupId>
 			<artifactId>common</artifactId>
-			<version>3.1.1</version>
+			<version>3.1.2</version>
 		</dependency>
 		<dependency>
 			<groupId>MOA.spss</groupId>
 			<artifactId>tsl_lib</artifactId>
-			<version>2.0.0</version>
+			<version>2.0.1</version>
 		</dependency>						
 		<dependency>
 			<groupId>iaik.prod</groupId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
index d5ca89656..d2d39e9e6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
@@ -52,10 +52,7 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
 import at.gv.egovernment.moa.id.auth.exception.ServiceException;
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.spss.MOAException;
 import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
@@ -64,7 +61,6 @@ import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser;
 import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder;
 import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
 import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moaspss.logging.Logger;
 
 /**
@@ -93,22 +89,22 @@ public class SignatureVerificationInvoker {
   }
   
   private SignatureVerificationInvoker() {	  
-    try {
-    	AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance();
-		ConnectionParameterInterface authConnParam = authConfigProvider.getMoaSpConnectionParameter();
+//    try {
+//    	AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance();
+//		ConnectionParameterInterface authConnParam = authConfigProvider.getMoaSpConnectionParameter();
 		
-		if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) {
-			
-			
-		} else {
+//		if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) {
+//			
+//			
+//		} else {
 			svs = SignatureVerificationService.getInstance();
 			
-		}
+//		}
 		
-	} catch (ConfigurationException e) {
-		// TODO Auto-generated catch block
-		e.printStackTrace();
-	}
+//	} catch (ConfigurationException e) {
+//		// TODO Auto-generated catch block
+//		e.printStackTrace();
+//	}
 	  
   }
   
@@ -144,35 +140,34 @@ public class SignatureVerificationInvoker {
   protected Element doCall(QName serviceName, Element request) throws ServiceException {
 	  ConnectionParameterInterface authConnParam = null;
     try {      
-      AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance();
-      authConnParam = authConfigProvider.getMoaSpConnectionParameter();
-      //If the ConnectionParameter do NOT exist, we try to get the api to work....
-      if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) {
-    	  
-    	  throw new ServiceException("service.00", new Object[]{"MOA-SP connection via Web-Service is not allowed any more!!!!!!"});
-//        Service service = ServiceFactory.newInstance().createService(serviceName);
-//        Call call = service.createCall();
-//        SOAPBodyElement body = new SOAPBodyElement(request);
-//        SOAPBodyElement[] params = new SOAPBodyElement[] { body };
-//        Vector responses;
-//        SOAPBodyElement response;
+//      AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance();
+//      authConnParam = authConfigProvider.getMoaSpConnectionParameter();
+//      //If the ConnectionParameter do NOT exist, we try to get the api to work....
+//      if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) {
 //    	  
-//        Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix());
-//        call.setTargetEndpointAddress(authConnParam.getUrl());
-//        responses = (Vector) call.invoke(serviceName, params);
-//        Logger.debug("Got responses: " + responses.size()); // TODO handle axis 302 response when incorrect service url is used
-//        response = (SOAPBodyElement) responses.get(0);
-//        return response.getAsDOM();
-      }
-      else {
-        VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request);
-		
+//    	  throw new ServiceException("service.00", new Object[]{"MOA-SP connection via Web-Service is not allowed any more!!!!!!"});
+////        Service service = ServiceFactory.newInstance().createService(serviceName);
+////        Call call = service.createCall();
+////        SOAPBodyElement body = new SOAPBodyElement(request);
+////        SOAPBodyElement[] params = new SOAPBodyElement[] { body };
+////        Vector responses;
+////        SOAPBodyElement response;
+////    	  
+////        Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix());
+////        call.setTargetEndpointAddress(authConnParam.getUrl());
+////        responses = (Vector) call.invoke(serviceName, params);
+////        Logger.debug("Got responses: " + responses.size()); // TODO handle axis 302 response when incorrect service url is used
+////        response = (SOAPBodyElement) responses.get(0);
+////        return response.getAsDOM();
+//      }
+//      else {
+        VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request);		
         VerifyXMLSignatureResponse vsresponse = svs.verifyXMLSignature(vsrequest);
-        Document result = new VerifyXMLSignatureResponseBuilder().build(vsresponse);
-
+        Document result = new VerifyXMLSignatureResponseBuilder(true).build(vsresponse);
+       
         //Logger.setHierarchy("moa.id.auth");
         return result.getDocumentElement();
-      }
+//      }
     }
     catch (Exception ex) {
       if (authConnParam != null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
index b54a43fff..0fba2d3f6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
@@ -46,12 +46,11 @@
 
 package at.gv.egovernment.moa.id.auth.parser;
 
-import iaik.utils.Base64InputStream;
-import iaik.x509.X509Certificate;
-
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 
+import org.joda.time.DateTime;
+import org.joda.time.format.ISODateTimeFormat;
 import org.w3c.dom.Element;
 
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
@@ -59,7 +58,10 @@ import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.XPathUtils;
+import iaik.utils.Base64InputStream;
+import iaik.x509.X509Certificate;
 
 /**
  * Parses a <code>&lt;VerifyXMLSignatureResponse&gt;</code> returned by
@@ -115,6 +117,9 @@ public class VerifyXMLSignatureResponseParser {
   private static final String CERTIFICATE_CHECK_CODE_XPATH = 
    ROOT + MOA + "CertificateCheck/" + MOA + "Code";
   
+  private static final String SIGNING_TIME_XPATH = 
+		  ROOT + MOA + "SigningTime";
+  
     
   /** This is the root element of the XML-Document provided by the Security Layer Card*/
   private Element verifyXMLSignatureResponse;
@@ -200,7 +205,14 @@ public class VerifyXMLSignatureResponseParser {
       if (signatureManifestCheckCode != null) {
         respData.setSignatureManifestCheckCode(new Integer(signatureManifestCheckCode).intValue());
       }
-      respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue());             
+      respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue());
+      
+      String signingTimeElement = XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNING_TIME_XPATH,"");
+      if (MiscUtil.isNotEmpty(signingTimeElement)) {
+    	  DateTime datetime = ISODateTimeFormat.dateTimeNoMillis().parseDateTime(signingTimeElement);
+    	  respData.setSigningDateTime(datetime.toDate());
+    	  
+      }
     }
     catch (Throwable t) {
       throw new ParseException("parser.01", null, t);
diff --git a/repository/MOA/spss/common/3.1.2/common-3.1.2.jar b/repository/MOA/spss/common/3.1.2/common-3.1.2.jar
new file mode 100644
index 000000000..332681971
Binary files /dev/null and b/repository/MOA/spss/common/3.1.2/common-3.1.2.jar differ
diff --git a/repository/MOA/spss/server/moa-sig-lib/3.1.2/moa-sig-lib-3.1.2.jar b/repository/MOA/spss/server/moa-sig-lib/3.1.2/moa-sig-lib-3.1.2.jar
new file mode 100644
index 000000000..fe08d2d1a
Binary files /dev/null and b/repository/MOA/spss/server/moa-sig-lib/3.1.2/moa-sig-lib-3.1.2.jar differ
diff --git a/repository/MOA/spss/tsl_lib/2.0.1/tsl_lib-2.0.1.jar b/repository/MOA/spss/tsl_lib/2.0.1/tsl_lib-2.0.1.jar
new file mode 100644
index 000000000..39e52dfee
Binary files /dev/null and b/repository/MOA/spss/tsl_lib/2.0.1/tsl_lib-2.0.1.jar differ
-- 
cgit v1.2.3


From cd5cef47db73c85cbb2defdec3b283655fdc859b Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 5 Jun 2018 10:46:41 +0200
Subject: update SL20 implementation

---
 .../VerifyXMLSignatureResponseValidator.java       |   7 +-
 .../moa/id/moduls/AuthenticationManager.java       |  18 +-
 .../pvp2x/utils/AssertionAttributeExtractor.java   |   1 -
 .../moa/id/auth/AuthenticationServer.java          |   6 +-
 .../bkamobileauthtests/BKAMobileAuthModule.java    |  19 +-
 .../tasks/FirstBKAMobileAuthTask.java              |   2 +-
 .../src/main/resources/BKAMobileAuth.process.xml   |  14 +-
 .../main/resources/moaid_bka_mobileauth.beans.xml  |   2 +-
 .../moa-id-module-sl20_authentication/pom.xml      |   5 +
 .../sl20_auth/SL20AuthenticationModulImpl.java     |  26 +-
 .../modules/sl20_auth/sl20/JsonSecurityUtils.java  |  15 +-
 .../auth/modules/sl20_auth/sl20/SL20Constants.java |   8 +-
 .../sl20_auth/sl20/SL20HttpBindingUtils.java       |   6 +-
 .../sl20_auth/sl20/SL20JSONBuilderUtils.java       |  15 +-
 .../sl20_auth/sl20/SL20JSONExtractorUtils.java     |  89 +++--
 .../sl20/verifier/QualifiedeIDVerifier.java        |  76 ++++-
 .../sl20_auth/tasks/CreateQualeIDRequestTask.java  |  79 +++--
 .../sl20_auth/tasks/ReceiveQualeIDTask.java        |  41 ++-
 .../sl20_auth/tasks/VerifyQualifiedeIDTask.java    |  62 +---
 .../modules/sl20_auth/EIDDataVerifier_ATrust.java  |  42 +++
 .../modules/sl20_auth/EIDDataVerifier_OwnTest.java |  41 +++
 .../sl20_auth/dummydata/DummyAuthConfig.java       | 376 +++++++++++++++++++++
 .../auth/modules/sl20_auth/dummydata/DummyOA.java  | 264 +++++++++++++++
 .../modules/sl20_auth/eIDDataVerifierTest.java     | 105 ++++++
 .../src/test/resources/SpringTest-context.xml      |  13 +
 .../src/test/resources/tests/eIDdata_atrust.json   |  14 +
 .../src/test/resources/tests/eIDdata_own_test.json |   8 +
 27 files changed, 1167 insertions(+), 187 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 832aa58c6..407454c2a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -57,12 +57,12 @@ import java.util.Set;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.ValidateException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import iaik.asn1.structures.Name;
 import iaik.security.ec.common.ECPublicKey;
@@ -113,7 +113,8 @@ public class VerifyXMLSignatureResponseValidator {
   public void validate(IVerifiyXMLSignatureResponse verifyXMLSignatureResponse,
                        List<String> identityLinkSignersSubjectDNNames, 
                        String whatToCheck,
-                       IOAAuthParameters oaParam)
+                       IOAAuthParameters oaParam,
+                       AuthConfiguration authConfig)
     throws ValidateException, ConfigurationException {
 
     if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0)
@@ -140,7 +141,7 @@ public class VerifyXMLSignatureResponseValidator {
     }
     
     //check QC 
-    if (AuthConfigurationProviderFactory.getInstance().isCertifiacteQCActive() &&
+    if (authConfig.isCertifiacteQCActive() &&
     		!whatToCheck.equals(CHECK_IDENTITY_LINK) &&
     		!verifyXMLSignatureResponse.isQualifiedCertificate()) {
     	    	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index a24683545..e093ce1e2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -317,9 +317,10 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 	 * @param httpReqParam http parameter name, but never null
 	 */
 	public void addParameterNameToWhiteList(String httpReqParam) {
-		if (MiscUtil.isNotEmpty(httpReqParam))
-			reqParameterWhiteListeForModules.add(httpReqParam);
-		
+		if (MiscUtil.isNotEmpty(httpReqParam)) {
+			if (!reqParameterWhiteListeForModules.contains(httpReqParam))
+				reqParameterWhiteListeForModules.add(httpReqParam);
+		}
 	}
 	
 	/**
@@ -328,8 +329,11 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 	 * @param httpReqParam http header name, but never null
 	 */
 	public void addHeaderNameToWhiteList(String httpReqParam) {
-		if (MiscUtil.isNotEmpty(httpReqParam))
-			reqHeaderWhiteListeForModules.add(httpReqParam.toLowerCase());
+		if (MiscUtil.isNotEmpty(httpReqParam)) {
+			if (!reqHeaderWhiteListeForModules.contains(httpReqParam.toLowerCase()))
+				reqHeaderWhiteListeForModules.add(httpReqParam.toLowerCase());
+			
+		}
 		
 	}
 	
@@ -439,8 +443,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 			while(reqHeaderNames.hasMoreElements()) { 
 				String paramName = reqHeaderNames.nextElement();
 				if (MiscUtil.isNotEmpty(paramName) && reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) ) {
-					executionContext.put(paramName, 
-							StringEscapeUtils.escapeHtml(httpReq.getHeader(paramName)));				
+					executionContext.put(paramName.toLowerCase(), 
+							StringEscapeUtils.escapeHtml(httpReq.getHeader(paramName.toLowerCase())));				
 				}
 			}			
 		}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index 5b1d952ff..4a0cec6e4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -309,7 +309,6 @@ public class AssertionAttributeExtractor {
 	}
 	
 	private void internalInitialize() {
-		internalInitialize();
 		if (assertion.getAttributeStatements() != null &&
 				assertion.getAttributeStatements().size() > 0) {
 			AttributeStatement attrStat = assertion.getAttributeStatements().get(0);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index a67b27315..7ea4ee436 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -311,7 +311,8 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 				verifyXMLSignatureResponse,
 				authConfig.getIdentityLinkX509SubjectNames(),
 				VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK,
-				oaParam);
+				oaParam,
+				authConfig);
 
 		session.setIdentityLink(identityLink);
 		// now validate the extended infoboxes
@@ -1001,7 +1002,8 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 		// validates the <VerifyXMLSignatureResponse>
 		VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp,
 				null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK,
-				oaParam);
+				oaParam,
+				authConfig);
 
 		// Compare AuthBlock Data with information stored in session, especially
 		// date and time
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
index 0cef4cb41..853d1b6a4 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
@@ -45,7 +45,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
  */
 public class BKAMobileAuthModule implements AuthModule {
 
-	private int priority = 1;
+	private int priority = 2;
 	
 	@Autowired(required=true) protected AuthConfiguration authConfig;
 	@Autowired(required=true) private AuthenticationManager authManager;
@@ -67,7 +67,6 @@ public class BKAMobileAuthModule implements AuthModule {
 	public void setPriority(int priority) {
 		this.priority = priority;
 	}
-
 	
 	@PostConstruct
 	public void initialDummyAuthWhiteList() {
@@ -84,6 +83,8 @@ public class BKAMobileAuthModule implements AuthModule {
 		
 		//parameter to whiteList
 		authManager.addParameterNameToWhiteList(FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW);
+//		authManager.addHeaderNameToWhiteList("SL2ClientType");
+//		authManager.addHeaderNameToWhiteList("X-MOA-VDA");
 	}
 	
 	/* (non-Javadoc)
@@ -92,12 +93,22 @@ public class BKAMobileAuthModule implements AuthModule {
 	@Override
 	public String selectProcess(ExecutionContext context) {		
 		String spEntityID = (String) context.get(MOAIDAuthConstants.PROCESSCONTEXT_UNIQUE_OA_IDENTFIER);
-		if (MiscUtil.isNotEmpty(spEntityID)) {				
-			if (uniqueIDsDummyAuthEnabled.contains(spEntityID)) {
+		String sl20ClientTypeHeader = (String) context.get("SL2ClientType".toLowerCase());
+		String sl20VDATypeHeader = (String)  context.get("X-MOA-VDA".toLowerCase());				
+		if (MiscUtil.isNotEmpty(spEntityID)) {
+			Logger.trace("Check dummy-auth for SP: " + spEntityID);
+			
+			
+			if ( (uniqueIDsDummyAuthEnabled.contains(spEntityID))) {
 				String eIDBlob = (String)context.get(FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW);
 				if (eIDBlob != null && MiscUtil.isNotEmpty(eIDBlob.trim())) {				
 					return "BKAMobileAuthentication";
 					
+				} else if (MiscUtil.isNotEmpty(sl20ClientTypeHeader) 
+						&& MiscUtil.isNotEmpty(sl20VDATypeHeader) && sl20VDATypeHeader.equals("0")) {
+					Logger.info("Find dummy-auth request for oe.gv.at demos ... ");
+					return "BKAMobileAuthentication";
+					
 				} else {
 					Logger.debug("Dummy-auth are enabled for " + spEntityID + " but no '"
 							+ FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW + "' req. parameter available.");
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
index 43043ddd6..15cf298f1 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
@@ -112,7 +112,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 			}
 								
 			parseDemoValuesIntoMOASession(pendingReq, pendingReq.getMOASession(), eIDBlobRawB64);
-			
+		
 		} catch (MOAIDException e) {
 			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
 			
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml
index 6f41f347a..07faeae88 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml
@@ -5,17 +5,17 @@
 	STORK authentication both with C-PEPS supporting xml signatures and with C-PEPS not supporting xml signatures.
 -->
 	<pd:Task id="firstStep"                            class="FirstBKAMobileAuthTask" />
-	<pd:Task id="secondStep"                           class="SecondBKAMobileAuthTask" async="true" />
-	<pd:Task id="finalizeAuthentication" 							 class="FinalizeAuthenticationTask" />
+	<pd:Task id="secondStep"                           class="SecondBKAMobileAuthTask" />
+	<pd:Task id="finalizeAuthentication" 			   class="FinalizeAuthenticationTask" />
 
 	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
 	<pd:StartEvent id="start" />
 	
-	<pd:Transition from="start" to="firstStep" />	
-	<!-- pd:Transition from="firstStep" to="secondStep"/>			
-	<pd:Transition from="secondStep" to="finalizeAuthentication" /-->
-	
-	<pd:Transition from="firstStep" to="finalizeAuthentication" />
+	<pd:Transition from="start" to="secondStep" />				
+	<pd:Transition from="secondStep" to="finalizeAuthentication" />
+
+<!-- 	<pd:Transition from="firstStep" to="secondStep"/> -->	
+	<!-- <pd:Transition from="firstStep" to="finalizeAuthentication" /> -->
 	
 	<pd:Transition from="finalizeAuthentication"    to="end" />
 	
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml
index ef13b0348..79f29e08c 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml
@@ -10,7 +10,7 @@
 		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
 
 	<bean id="BKAMobileAuthModule" class="at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.BKAMobileAuthModule">
-		<property name="priority" value="1" />
+		<property name="priority" value="4" />
 	</bean>
  						
 
diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml
index d08e0f0ec..5b682538c 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml
+++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml
@@ -58,6 +58,11 @@
   	</dependency>
   
   
+  	<dependency>
+		<groupId>org.springframework</groupId>
+		<artifactId>spring-test</artifactId>
+		<scope>test</scope>
+	</dependency>
     <dependency>
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
index a4044ce21..367e7b604 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
@@ -22,6 +22,9 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.sl20_auth;
 
+import java.util.Arrays;
+import java.util.List;
+
 import javax.annotation.PostConstruct;
 
 import org.apache.commons.lang3.StringUtils;
@@ -38,10 +41,10 @@ import at.gv.egovernment.moa.logging.Logger;
  * @author tlenz
  *
  */
-public class SL20AuthenticationModulImpl implements AuthModule {
-
+public class SL20AuthenticationModulImpl implements AuthModule {	
 	private int priority = 3;
-
+	public static final List<String> VDA_TYPE_IDS = Arrays.asList("1", "2", "3", "4");
+	
 	@Autowired(required=true) protected AuthConfiguration authConfig;
 	@Autowired(required=true) private AuthenticationManager authManager;
 	
@@ -62,6 +65,7 @@ public class SL20AuthenticationModulImpl implements AuthModule {
 	protected void initalSL20Authentication() {
 		//parameter to whiteList
 		authManager.addHeaderNameToWhiteList(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE);
+		authManager.addHeaderNameToWhiteList(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE);
 		
 	}
 	
@@ -71,17 +75,23 @@ public class SL20AuthenticationModulImpl implements AuthModule {
 	 */
 	@Override
 	public String selectProcess(ExecutionContext context) {
-		if (StringUtils.isNotBlank((String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase())) ||
-				StringUtils.isNotBlank((String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE))) { 
-			Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE +  "' header found");
+		String sl20ClientTypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase());
+		String sl20VDATypeHeader = (String)  context.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase());
+		
+		if ( StringUtils.isNotBlank(sl20ClientTypeHeader) 
+//				&& (
+//						StringUtils.isNotBlank(sl20VDATypeHeader) 
+//						//&& VDA_TYPE_IDS.contains(sl20VDATypeHeader.trim())
+//				   ) 
+				) {
+			Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE +  "' header found");			
 			return "SL20Authentication";
 			
 		} else {
 			Logger.trace("No '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE +  "' header found");
 			return null;
 			
-		}
-		
+		}		
 	}
 
 	/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
index 2563c7f7d..c95e0b731 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
@@ -1,9 +1,11 @@
 package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20;
 
+import java.io.IOException;
 import java.security.Key;
 import java.security.KeyStore;
 import java.security.PrivateKey;
 import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -36,6 +38,7 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoPars
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.utils.X509Utils;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.KeyStoreUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -143,8 +146,11 @@ public class JsonSecurityUtils implements IJOSETools{
 			//set signing information
 			jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
 			jws.setKey(signPrivKey);
-			jws.setCertificateChainHeaderValue(signCertChain);
-		
+			
+			//TODO:
+			//jws.setCertificateChainHeaderValue(signCertChain);
+			jws.setX509CertSha256ThumbprintHeaderValue(signCertChain[0]);
+						
 			return jws.getCompactSerialization();
 			
 		} catch (JoseException e) {
@@ -181,6 +187,11 @@ public class JsonSecurityUtils implements IJOSETools{
 				} else {
 					Logger.info("Can NOT find JOSE certificate in truststore.");
 					Logger.debug("JOSE certificate: " + sortedX5cCerts.get(0).toString());
+					try {
+						Logger.debug("Cert: " + Base64Utils.encode(sortedX5cCerts.get(0).getEncoded()));
+					} catch (CertificateEncodingException | IOException e) {
+						e.printStackTrace();
+					}
 					
 				}
 				
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java
index 33bb4fe36..658384578 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java
@@ -8,7 +8,7 @@ import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers;
 import org.jose4j.jws.AlgorithmIdentifiers;
 
 public class SL20Constants {
-	public static final String CURRENT_SL20_VERSION = "10";
+	public static final int CURRENT_SL20_VERSION = 10;
 	
 	//http binding parameters
 	public static final String PARAM_SL20_REQ_COMMAND_PARAM = "slcommand";
@@ -18,6 +18,7 @@ public class SL20Constants {
 	public static final String PARAM_SL20_REQ_TRANSACTIONID = "slTransactionID";
 	
 	public static final String HTTP_HEADER_SL20_CLIENT_TYPE = "SL2ClientType";
+	public static final String HTTP_HEADER_SL20_VDA_TYPE = "X-MOA-VDA";
 	public static final String HTTP_HEADER_VALUE_NATIVE = "nativeApp";
 	
 	
@@ -129,8 +130,9 @@ public class SL20Constants {
 	public static final String SL20_COMMAND_PARAM_EID_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; 
 	public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES = "attributes";
 	public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE = "MANDATE-REFERENCE-VALUE";
-	public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID = "SP-FRIENDLYNAME";
-	public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME = "SP-UNIQUEID";
+	public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID = "SP-UNIQUEID";
+	public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME = "SP-FRIENDLYNAME";
+	public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPCOUNTRYCODE = "SP-COUNTRYCODE";
 	public static final String SL20_COMMAND_PARAM_EID_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE;
 	public static final String SL20_COMMAND_PARAM_EID_RESULT_IDL = "EID-IDENTITY-LINK";
 	public static final String SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK = "EID-AUTH-BLOCK";
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java
index cc7137a0f..169cb8e73 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java
@@ -2,7 +2,6 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20;
 
 import java.io.IOException;
 import java.io.StringWriter;
-import java.io.UnsupportedEncodingException;
 import java.net.URISyntaxException;
 
 import javax.servlet.http.HttpServletRequest;
@@ -10,6 +9,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.apache.http.client.utils.URIBuilder;
 import org.apache.http.entity.ContentType;
+import org.jose4j.base64url.Base64Url;
 
 import com.google.gson.JsonObject;
 
@@ -33,7 +33,9 @@ public class SL20HttpBindingUtils {
 		} else {
 			Logger.debug("Client request containts is no native client ... ");
 			URIBuilder clientRedirectURI = new URIBuilder(redirectURL);
-			clientRedirectURI.addParameter(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, sl20Forward.toString());
+			clientRedirectURI.addParameter(
+					SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, 
+					Base64Url.encode(sl20Forward.toString().getBytes()));
 			response.setStatus(307);
 			response.setHeader("Location", clientRedirectURI.build().toString());
 			
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java
index 52d7e1e67..d5dec1fe1 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java
@@ -387,7 +387,7 @@ public class SL20JSONBuilderUtils {
 	 */
 	public static JsonObject createGenericRequest(String reqId, String transactionId, JsonElement payLoad, String signedPayload) throws SLCommandoBuildException {
 		JsonObject req = new JsonObject();
-		addSingleStringElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true);
+		addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true);
 		addSingleStringElement(req, SL20Constants.SL20_REQID, reqId, true);
 		addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false);		
 		addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, 
@@ -411,7 +411,7 @@ public class SL20JSONBuilderUtils {
 			JsonElement payLoad, String signedPayload) throws SLCommandoBuildException {
 		
 		JsonObject req = new JsonObject();
-		addSingleStringElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true);
+		addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true);
 		addSingleStringElement(req, SL20Constants.SL20_RESPID, respId, true);
 		addSingleStringElement(req, SL20Constants.SL20_INRESPTO, inResponseTo, true);
 		addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false);		
@@ -568,6 +568,17 @@ public class SL20JSONBuilderUtils {
 		
 	}
 	
+	private static void addSingleIntegerElement(JsonObject parent, String keyId, Integer value, boolean isRequired) throws SLCommandoBuildException {
+		validateParentAndKey(parent, keyId);
+		
+		if (isRequired && value == null)
+			throw new SLCommandoBuildException(keyId + " has an empty value");
+		
+		else if (value != null)
+			parent.addProperty(keyId, value);
+		
+	}
+	
 	private static void addSingleJSONElement(JsonObject parent, String keyId, JsonElement element, boolean isRequired) throws SLCommandoBuildException {
 		validateParentAndKey(parent, keyId);
 		
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
index 6949b7a18..2e81d9c64 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
@@ -1,7 +1,6 @@
 package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20;
 
 import java.io.InputStreamReader;
-import java.net.URLDecoder;
 import java.util.Base64;
 import java.util.HashMap;
 import java.util.Iterator;
@@ -13,6 +12,7 @@ import org.apache.http.HttpEntity;
 import org.apache.http.HttpResponse;
 import org.apache.http.client.utils.URIBuilder;
 import org.apache.log4j.Logger;
+import org.jose4j.base64url.Base64Url;
 
 import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
@@ -107,45 +107,64 @@ public class SL20JSONExtractorUtils {
 	}
 	
 	/**
-	 * Extract Map of Key/Value pairs from a JSON Array 
+	 * Extract Map of Key/Value pairs from a JSON Element
 	 * 
-	 * @param input
-	 * @param keyID
+	 * @param input parent JSON object
+	 * @param keyID KeyId of the child that should be parsed
 	 * @param isRequired
 	 * @return
 	 * @throws SLCommandoParserException
 	 */
 	public static Map<String, String> getMapOfStringElements(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException {
 		JsonElement internal = getAndCheck(input, keyID, isRequired);
+		return getMapOfStringElements(internal);
 		
+	}
+	
+	/**
+	 * Extract Map of Key/Value pairs from a JSON Element 
+	 * 
+	 * @param input
+	 * @return
+	 * @throws SLCommandoParserException
+	 */
+	public static Map<String, String> getMapOfStringElements(JsonElement input) throws SLCommandoParserException {		
 		Map<String, String> result = new HashMap<String, String>();
 				
-		if (internal != null) {
-			if (!internal.isJsonArray())
-				throw new SLCommandoParserException("JSON Element IS NOT a JSON array");
-
-			Iterator<JsonElement> arrayIterator = internal.getAsJsonArray().iterator();
-			while(arrayIterator.hasNext()) {
-				//JsonObject next = arrayIterator.next().getAsJsonObject();
-				//result.put(
-				//		next.get(SL20Constants.SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_KEY).getAsString(), 
-				//		next.get(SL20Constants.SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_VALUE).getAsString());
-				JsonElement next = arrayIterator.next();				
-				Iterator<Entry<String, JsonElement>> entry = next.getAsJsonObject().entrySet().iterator();
-				while (entry.hasNext()) {
-					Entry<String, JsonElement> el = entry.next();
-					if (result.containsKey(el.getKey()))
-						log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... ");
-						
-					result.put(el.getKey(), el.getValue().getAsString());
+		if (input != null) {
+			if (input.isJsonArray()) {			
+				Iterator<JsonElement> arrayIterator = input.getAsJsonArray().iterator();
+				while(arrayIterator.hasNext()) {
+					JsonElement next = arrayIterator.next();				
+					Iterator<Entry<String, JsonElement>> entry = next.getAsJsonObject().entrySet().iterator();
+					entitySetToMap(result, entry);
 					
-				}				
-			}						
+				}
+				
+			} else if (input.isJsonObject()) {
+				Iterator<Entry<String, JsonElement>> objectKeys = input.getAsJsonObject().entrySet().iterator();
+				entitySetToMap(result, objectKeys);
+				
+			} else
+				throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON object");
+			
 		}
 		
 		return result;
 	}
 	
+	private static void entitySetToMap(Map<String, String> result, Iterator<Entry<String, JsonElement>> entry) {
+		while (entry.hasNext()) {
+			Entry<String, JsonElement> el = entry.next();
+			if (result.containsKey(el.getKey()))
+				log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... ");
+			
+			result.put(el.getKey(), el.getValue().getAsString());
+		
+		}
+		
+	}
+	
 	
 	public static JsonElement extractSL20Result(JsonObject command, IJOSETools decrypter, boolean mustBeEncrypted) throws SL20Exception {
 		JsonElement result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT);
@@ -207,19 +226,21 @@ public class SL20JSONExtractorUtils {
 		if (sl20Payload == null && sl20SignedPayload == null)
 			throw new SLCommandoParserException("NO payLoad OR signedPayload FOUND.");		
 		
-		else if (sl20Payload == null && sl20SignedPayload == null) 
-			throw new SLCommandoParserException("payLoad AND signedPayload FOUND. Can not used twice");
-		
+		//TODO:
+		//else if (sl20Payload != null && sl20SignedPayload != null) { 
+		    //log.warn("Find 'signed' AND 'unsigned' SL2.0 payload");
+			//throw new SLCommandoParserException("payLoad AND signedPayload FOUND. Can not used twice");
+		//}
 		else if (sl20SignedPayload == null && mustBeSigned)
 			throw new SLCommandoParserException("payLoad MUST be signed.");
+
+		else if (joseTools != null && sl20SignedPayload != null && sl20SignedPayload.isJsonPrimitive()) {	
+			return joseTools.validateSignature(sl20SignedPayload.getAsString());
 		
-		else if (sl20Payload != null)
+		} else if (sl20Payload != null)
 			return new VerificationResult(sl20Payload.getAsJsonObject());
 		
-		else if (sl20SignedPayload != null && sl20SignedPayload.isJsonPrimitive()) {	
-			return joseTools.validateSignature(sl20SignedPayload.getAsString());
-						
-		} else
+		 else
 			throw new SLCommandoParserException("Internal build error");
 			
 		
@@ -242,10 +263,10 @@ public class SL20JSONExtractorUtils {
 					throw new SLCommandoParserException("Find Redirect statuscode but not Location header");
 			
 				String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue();
-				sl20Resp = new JsonParser().parse(URLDecoder.decode(sl20RespString)).getAsJsonObject();
+				sl20Resp = new JsonParser().parse(Base64Url.encode((sl20RespString.getBytes()))).getAsJsonObject();
 			
 			} else if (httpResp.getStatusLine().getStatusCode() == 200) {
-				if (!httpResp.getEntity().getContentType().getValue().equals("application/json;charset=UTF-8"))
+				if (!httpResp.getEntity().getContentType().getValue().startsWith("application/json"))
 					throw new SLCommandoParserException("SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue());					
 				sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity());
 		
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java
index d07d7a78a..a7253c2c6 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java
@@ -1,14 +1,22 @@
 package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier;
 
+import java.io.ByteArrayInputStream;
 import java.io.IOException;
+import java.util.Arrays;
 import java.util.Date;
 import java.util.List;
 
 import org.jaxen.SimpleNamespaceContext;
+import org.opensaml.Configuration;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
 import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
 
 import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils;
-import at.gv.egovernment.moa.id.auth.exception.ValidateException;
 import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20eIDDataValidationException;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
@@ -22,10 +30,12 @@ import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
 
 
 public class QualifiedeIDVerifier {
@@ -69,21 +79,22 @@ public class QualifiedeIDVerifier {
 			verifyXMLSignatureResponse,
 			authConfig.getIdentityLinkX509SubjectNames(),
 			VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK,
-			oaParam);
+			oaParam,
+			authConfig);
 
 				
 	}
 	
 	public static IVerifiyXMLSignatureResponse verifyAuthBlock(String authBlockB64, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException, IOException {
 		String trustProfileId = authConfig.getMoaSpAuthBlockTrustProfileID(oaParam.isUseAuthBlockTestTestStore());
-		List<String> verifyTransformsInfoProfileID = null;
+		List<String> verifyTransformsInfoProfileID = Arrays.asList("SL20Authblock_v1.0");
 		
 		SignatureVerificationUtils sigVerify = new SignatureVerificationUtils();
 		IVerifiyXMLSignatureResponse sigVerifyResult = sigVerify.verify(Base64Utils.decode(authBlockB64, false), trustProfileId , verifyTransformsInfoProfileID);
 						
 		// validates the <VerifyXMLSignatureResponse>
 		VerifyXMLSignatureResponseValidator.getInstance().validate(sigVerifyResult,
-					null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, oaParam);
+					null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, oaParam, authConfig);
 
 		return sigVerifyResult;
 				
@@ -120,7 +131,7 @@ public class QualifiedeIDVerifier {
 			// date and time
 			validateSigningDateTime(sigVerifyResult, authBlockExtractor);
 			
-		} catch ( ValidateException e) {
+		} catch ( Exception e) {
 			Logger.warn("Validation of eID information FAILED. ", e);
 			throw new SL20eIDDataValidationException(new Object[] {
 					SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL,
@@ -134,6 +145,59 @@ public class QualifiedeIDVerifier {
 		
 	}
 	
+	public static Assertion parseAuthBlockToSaml2Assertion(String authblockB64) throws SL20eIDDataValidationException {
+		try {
+			//parse authBlock into SAML2 Assertion
+			byte[] authBlockBytes = Base64Utils.decode(authblockB64, false);			
+			Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authBlockBytes));			
+				
+			//A-Trust workarounda
+//			Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authblockB64.getBytes()));
+//			Element authBlockDOM = DOMUtils.parseXmlNonValidating(new ByteArrayInputStream(authblockB64.getBytes()));
+			
+			DefaultBootstrap.bootstrap();
+			UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
+			Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDOM);			 
+			XMLObject samlAssertion = unmarshaller.unmarshall(authBlockDOM);
+			
+			//validate SAML2 Assertion
+			SAML2Utils.schemeValidation(samlAssertion);
+			
+			if (samlAssertion instanceof Assertion)			
+				return (Assertion) samlAssertion;			
+			else 
+				throw new SL20eIDDataValidationException(
+						new Object[] {
+							SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
+							"AuthBlock is NOT of type SAML2 Assertion"
+						});
+				
+		} catch (SL20eIDDataValidationException e) {
+			throw e;
+				
+		} catch (SAXException e) {
+			Logger.info("Scheme validation of SAML2 AuthBlock FAILED. Reason: " + e.getMessage());
+			throw new SL20eIDDataValidationException(
+					new Object[] {
+						SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
+						e.getMessage()
+					}, 
+					e);
+			
+		} catch (Exception e) {
+			Logger.info("Can not parse AuthBlock. Reason: " + e.getMessage());
+			Logger.trace("FullAuthBlock: " + authblockB64);
+			throw new SL20eIDDataValidationException(
+					new Object[] {
+						SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
+						e.getMessage()
+					}, 
+					e);
+		
+		}
+						
+	}
+	
 	private static void validateSigningDateTime( IVerifiyXMLSignatureResponse sigVerifyResult, AssertionAttributeExtractor authBlockExtractor) throws SL20eIDDataValidationException {
 		Date signingDate = sigVerifyResult.getSigningDateTime();
 		Date notBefore = authBlockExtractor.getAssertionNotBefore();
@@ -163,7 +227,7 @@ public class QualifiedeIDVerifier {
 				+ " NotBefore:" + notBefore.toString() 
 				+ " NotOrNotAfter:" + notOrNotAfter.toString());
 		
-		if (signingDate.after(notBefore) || signingDate.before(notOrNotAfter))
+		if (signingDate.after(notBefore) && signingDate.before(notOrNotAfter))
 			Logger.debug("Signing date validation successfull");
 		
 		else {
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
index 763454639..26283cab2 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
@@ -4,7 +4,6 @@ import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.Map.Entry;
 
 import javax.net.ssl.SSLSocketFactory;
 import javax.servlet.http.HttpServletRequest;
@@ -17,6 +16,7 @@ import org.apache.http.client.methods.HttpPost;
 import org.apache.http.client.utils.URIBuilder;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.message.BasicNameValuePair;
+import org.jose4j.base64url.Base64Url;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
@@ -39,7 +39,6 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.util.SSLUtils;
@@ -62,7 +61,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 				IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
 				
 				//get basic configuration parameters
-				String vdaQualeIDUrl = extractVDAURLForSpecificOA(oaConfig);				
+				String vdaQualeIDUrl = extractVDAURLForSpecificOA(oaConfig, executionContext);				
 				if (MiscUtil.isEmpty(vdaQualeIDUrl)) {
 					Logger.error("NO VDA URL for qualified eID (" + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + ")");
 					throw new SL20Exception("sl20.03", new Object[]{"NO VDA URL for qualified eID"});
@@ -83,17 +82,21 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 				//build qualifiedeID command
 				Map<String, String> qualifiedeIDParams = new HashMap<String, String>();
 				qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID, oaConfig.getPublicURLPrefix());
-				qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME, oaConfig.getFriendlyName());			
+				qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME, oaConfig.getFriendlyName());
+				qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPCOUNTRYCODE, "AT");
 				//qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE, UUID.randomUUID().toString());
 
+				//TODO:
 				JsonObject qualeIDCommandParams = SL20JSONBuilderUtils.createQualifiedeIDCommandParameters(
 						authBlockId, 
 						dataURL, 
 						qualifiedeIDParams, 
-						joseTools.getEncryptionCertificate());
+						//joseTools.getEncryptionCertificate());
+						null);
 								
 				//String qualeIDReqId = UUID.randomUUID().toString();
-				String qualeIDReqId = SAML2Utils.getSecureIdentifier();
+				//TODO: work-Around for A-trust
+				String qualeIDReqId = SAML2Utils.getSecureIdentifier().substring(0, 12);
 				String signedQualeIDCommand = SL20JSONBuilderUtils.createSignedCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID, qualeIDCommandParams, joseTools);
 				JsonObject sl20Req = SL20JSONBuilderUtils.createGenericRequest(qualeIDReqId, null, null, signedQualeIDCommand);
 								
@@ -105,19 +108,21 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 						sslFactory,
 						authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true));
 				
-				//build post request
+				//build http POST request
 				HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build());								
-				httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE);
 				List<NameValuePair> parameters = new ArrayList<NameValuePair>();;
-				
-				//correct one
-				//parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes())));
-				
-				//A-Trust current version
-				parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM_OLD, sl20Req.toString()));
+				parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes())));
 				httpReq.setEntity(new UrlEncodedFormEntity(parameters ));				
 				
+				//build http GET request
+//				URIBuilder sl20ReqUri = new URIBuilder(vdaQualeIDUrl);
+//				sl20ReqUri.addParameter(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes()));
+//				HttpGet httpReq = new HttpGet(sl20ReqUri.build());
 				
+				//set native client header
+				httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE);
+
+				Logger.trace("Request VDA via SL20 with: " + Base64Url.encode(sl20Req.toString().getBytes()));
 				
 				//request VDA
 				HttpResponse httpResp = httpClient.execute(httpReq);
@@ -190,26 +195,40 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 			
 	}
 	
-	private String extractVDAURLForSpecificOA(IOAAuthParameters oaConfig) {		
-		Map<String, String> listOfVDAs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
-		Map<String, String> listOfSPs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_SP_LIST);
+	private String extractVDAURLForSpecificOA(IOAAuthParameters oaConfig, ExecutionContext executionContext) {		
 		
-		for (Entry<String, String> el : listOfSPs.entrySet()) {
-			List<String> spEntityIds = KeyValueUtils.getListOfCSVValues(el.getValue());
-			if (spEntityIds.contains(oaConfig.getPublicURLPrefix())) {
-				Logger.trace("Select VDA endPoint with Id: " + el.getKey());
-				if (listOfVDAs.containsKey(el.getKey()))					
-					return listOfVDAs.get(el.getKey());
-				
-				else
-					Logger.info("No VDA endPoint with Id: " + el.getKey());
-				
-			} else
-				Logger.trace("SP list: " + el.getKey() + " does not contain OAIdentifier: " + oaConfig.getPublicURLPrefix());
+		//selection based on EntityID
+//		Map<String, String> listOfVDAs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
+//		Map<String, String> listOfSPs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_SP_LIST);
+//		
+//		for (Entry<String, String> el : listOfSPs.entrySet()) {
+//			List<String> spEntityIds = KeyValueUtils.getListOfCSVValues(el.getValue());
+//			if (spEntityIds.contains(oaConfig.getPublicURLPrefix())) {
+//				Logger.trace("Select VDA endPoint with Id: " + el.getKey());
+//				if (listOfVDAs.containsKey(el.getKey()))					
+//					return listOfVDAs.get(el.getKey());
+//				
+//				else
+//					Logger.info("No VDA endPoint with Id: " + el.getKey());
+//				
+//			} else
+//				Logger.trace("SP list: " + el.getKey() + " does not contain OAIdentifier: " + oaConfig.getPublicURLPrefix());
+//			
+//		}
+
+		//selection based on request Header
+		String sl20VDATypeHeader = (String)  executionContext.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase());
+		if (MiscUtil.isNotEmpty(sl20VDATypeHeader)) {
+			String vdaURL = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST + sl20VDATypeHeader);
+			if (MiscUtil.isNotEmpty(vdaURL))
+				return vdaURL.trim();
 			
+			else
+				Logger.info("Can NOT find VDA with Id: " + sl20VDATypeHeader + ". Use default VDA");
+						
 		}
 		
-		Logger.debug("NO SP specific VDA endpoint found. Use default VDA");
+		Logger.info("NO SP specific VDA endpoint found. Use default VDA");
 		return authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT);
 		
 	}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
index b7fe579a3..357ecb6ec 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -12,6 +12,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.http.entity.ContentType;
+import org.jose4j.base64url.Base64Url;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
@@ -37,6 +38,7 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.StreamUtils;
 import at.gv.egovernment.moaspss.logging.Logger;
 
 
@@ -55,17 +57,30 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 			try {
 				//get SL2.0 command or result from HTTP request
 				Map<String, String> reqParams = getParameters(request);
-				String sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM); 			
+				String sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM);
+				
 				if (MiscUtil.isEmpty(sl20Result)) {
-					Logger.info("NO SL2.0 commando or result FOUND.");
-					throw new SL20Exception("sl20.04", null);
+					
+					//TODO: remove
+					//Workaround for SIC Handy-Signature, because it sends result in InputStream
+					String test = StreamUtils.readStream(request.getInputStream(), "UTF-8");					
+					if (MiscUtil.isNotEmpty(test)) {
+						Logger.info("Use SIC Handy-Signature work-around!");
+						sl20Result = test.substring("slcommand=".length());
+						
+					} else {					
+						Logger.info("NO SL2.0 commando or result FOUND.");
+						throw new SL20Exception("sl20.04", null);
+					}
 					
 				}
-							
+
+				Logger.trace("Received SL2.0 result: " + sl20Result);
+				
 				//parse SL2.0 command/result into JSON			
 				try {
 					JsonParser jsonParser = new JsonParser();
-					JsonElement sl20Req = jsonParser.parse(sl20Result);
+					JsonElement sl20Req = jsonParser.parse(Base64Url.decodeToUtf8String(sl20Result));
 					sl20ReqObj = sl20Req.getAsJsonObject();
 					
 				} catch (JsonSyntaxException e) {
@@ -111,16 +126,13 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 					JsonElement qualeIDResult = SL20JSONExtractorUtils.extractSL20Result(
 							payLoad, joseTools, 
 							authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_ENCRYPTION, true));
-					
+
 					//extract attributes from result
-					String idlB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), 
-											SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, true);
-					String authBlockB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), 
-							SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, true);
-					String ccsURL = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), 
-							SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, true);
-					String LoA = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), 
-							SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, true);
+					Map<String, String> eIDData = SL20JSONExtractorUtils.getMapOfStringElements(qualeIDResult);
+					String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL);					
+					String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK);
+					String ccsURL  = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL);					
+					String LoA = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA);
 					
 					//cache qualified eID data into pending request
 					pendingReq.setGenericDataToSession(
@@ -233,6 +245,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				redirectTwoCommand, 
 				null); 
 		
+		//workaround for SIC VDA
 		if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && 
 				request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) {					
 			Logger.debug("Client request containts 'native client' header ... ");												
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
index b5c84d315..cc74bb11a 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
@@ -6,14 +6,8 @@ import java.util.Calendar;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.opensaml.Configuration;
 import org.opensaml.saml2.core.Assertion;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.io.Unmarshaller;
-import org.opensaml.xml.io.UnmarshallerFactory;
 import org.springframework.stereotype.Component;
-import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
 
 import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
@@ -28,9 +22,7 @@ import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.DateTimeUtils;
 import at.gv.egovernment.moaspss.logging.Logger;
 
@@ -75,7 +67,7 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
 			IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink();
 			IVerifiyXMLSignatureResponse authBlockVerificationResult = null;
 			try {				
-				Assertion authBlock = parseAuthBlockToSaml2Assertion(authBlockB64);
+				Assertion authBlock = QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(authBlockB64);
 				AssertionAttributeExtractor authBlockExtractor = new AssertionAttributeExtractor(authBlock);
 
 			
@@ -126,55 +118,5 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
 			TransactionIDUtils.removeSessionId();
 			
 		}
-	}
-
-	private Assertion parseAuthBlockToSaml2Assertion(String authblockB64) throws SL20eIDDataValidationException {
-		try {
-			//parse authBlock into SAML2 Assertion
-			byte[] authBlockBytes = Base64Utils.decode(authblockB64, false);			
-			Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authBlockBytes));
-			UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
-			Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDOM);			 
-			XMLObject samlAssertion = unmarshaller.unmarshall(authBlockDOM);
-			
-			//validate SAML2 Assertion
-			SAML2Utils.schemeValidation(samlAssertion);
-			
-			if (samlAssertion instanceof Assertion)			
-				return (Assertion) samlAssertion;			
-			else 
-				throw new SL20eIDDataValidationException(
-						new Object[] {
-							SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
-							"AuthBlock is NOT of type SAML2 Assertion"
-						});
-				
-		} catch (SL20eIDDataValidationException e) {
-			throw e;
-				
-		} catch (SAXException e) {
-			Logger.info("Scheme validation of SAML2 AuthBlock FAILED. Reason: " + e.getMessage());
-			throw new SL20eIDDataValidationException(
-					new Object[] {
-						SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
-						e.getMessage()
-					}, 
-					e);
-			
-		} catch (Exception e) {
-			Logger.info("Can not parse AuthBlock. Reason: " + e.getMessage());
-			Logger.trace("FullAuthBlock: " + authblockB64);
-			throw new SL20eIDDataValidationException(
-					new Object[] {
-						SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
-						e.getMessage()
-					}, 
-					e);
-		
-		}
-						
-	}
-
-	
-	
+	}	
 }
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java
new file mode 100644
index 000000000..49c11ea05
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java
@@ -0,0 +1,42 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth;
+
+import java.io.IOException;
+import java.io.InputStreamReader;
+
+import org.apache.commons.io.IOUtils;
+import org.junit.Before;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/SpringTest-context.xml")
+public class EIDDataVerifier_ATrust extends eIDDataVerifierTest {
+
+	@Before
+	public void init() throws SLCommandoParserException, IOException {
+		String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_atrust.json")));
+		JsonParser jsonParser = new JsonParser();		
+		JsonObject qualeIDResult = jsonParser.parse(eIDDataString).getAsJsonObject();
+		
+		JsonObject payLoad = SL20JSONExtractorUtils.getJSONObjectValue(qualeIDResult, "payload", true);
+		JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad, "result", true);
+		
+		
+		eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result);
+		if (eIDData == null || eIDData.isEmpty())
+			throw new SLCommandoParserException("Can not load eID data");
+			
+	}
+
+	@Override
+	protected String getSl20ReqId() {
+		return "_28ab8536d068a153e1a";
+	}
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java
new file mode 100644
index 000000000..65460439e
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth;
+
+import java.io.IOException;
+import java.io.InputStreamReader;
+
+import org.apache.commons.io.IOUtils;
+import org.junit.Before;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({	"/SpringTest-context.xml" })
+public class EIDDataVerifier_OwnTest extends eIDDataVerifierTest {
+
+	@Before
+	public void init() throws SLCommandoParserException, IOException {
+		String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_own_test.json")));
+		JsonParser jsonParser = new JsonParser();		
+		JsonElement payLoad = jsonParser.parse(eIDDataString).getAsJsonObject();	
+		JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad.getAsJsonObject(), "result", true);
+				
+		eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result);
+		if (eIDData == null || eIDData.isEmpty())
+			throw new SLCommandoParserException("Can not load eID data");
+			
+	}
+
+	@Override
+	protected String getSl20ReqId() {
+		return "_57010b7fcc93cc4cf3f2b764389137c2";
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java
new file mode 100644
index 000000000..93e046797
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java
@@ -0,0 +1,376 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata;
+
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IStorkConfig;
+import at.gv.egovernment.moa.id.commons.api.data.ProtocolAllowed;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.util.config.EgovUtilPropertiesConfiguration;
+
+public class DummyAuthConfig implements AuthConfiguration {
+
+	@Override
+	public String getRootConfigFileDir() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getDefaultChainingMode() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getTrustedCACertificates() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isTrustmanagerrevoationchecking() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public String[] getActiveProfiles() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Properties getGeneralPVP2ProperiesConfig() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Properties getGeneralOAuth20ProperiesConfig() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public ProtocolAllowed getAllowedProtocols() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Map<String, String> getConfigurationWithPrefix(String Prefix) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getConfigurationWithKey(String key) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getBasicMOAIDConfiguration(String key) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getBasicMOAIDConfiguration(String key, String defaultValue) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public int getTransactionTimeOut() {
+		// TODO Auto-generated method stub
+		return 0;
+	}
+
+	@Override
+	public int getSSOCreatedTimeOut() {
+		// TODO Auto-generated method stub
+		return 0;
+	}
+
+	@Override
+	public int getSSOUpdatedTimeOut() {
+		// TODO Auto-generated method stub
+		return 0;
+	}
+
+	@Override
+	public String getAlternativeSourceID() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getLegacyAllowedProtocols() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public IOAAuthParameters getOnlineApplicationParameter(String oaURL) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException {
+		if (useTestTrustStore)
+			return "MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten";
+		else
+			return "MOAIDBuergerkarteAuthentisierungsDaten";
+	}
+
+	@Override
+	public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public ConnectionParameterInterface getMoaSpConnectionParameter() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public ConnectionParameterInterface getForeignIDConnectionParameter(IOAAuthParameters oaParameters)
+			throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public ConnectionParameterInterface getOnlineMandatesConnectionParameter(IOAAuthParameters oaParameters)
+			throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore) throws ConfigurationException {
+		if (useTestTrustStore)			
+			return "MOAIDBuergerkartePersonenbindungMitTestkarten";
+		else
+			return "MOAIDBuergerkartePersonenbindung";
+	}
+
+	@Override
+	public List<String> getTransformsInfos() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getSLRequestTemplates() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getSLRequestTemplates(String type) throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getDefaultBKUURLs() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getDefaultBKUURL(String type) throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getSSOTagetIdentifier() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getSSOFriendlyName() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getSSOSpecialText() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getMOASessionEncryptionKey() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getMOAConfigurationEncryptionKey() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isIdentityLinkResigning() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public String getIdentityLinkResigningKey() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isMonitoringActive() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public String getMonitoringTestIdentityLinkURL() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getMonitoringMessageSuccess() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isAdvancedLoggingActive() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public List<String> getPublicURLPrefix() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isVirtualIDPsEnabled() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isPVP2AssertionEncryptionActive() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isCertifiacteQCActive() {
+		return true;
+	}
+
+	@Override
+	public IStorkConfig getStorkConfig() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public EgovUtilPropertiesConfiguration geteGovUtilsConfig() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getDocumentServiceUrl() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isStorkFakeIdLActive() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public List<String> getStorkFakeIdLCountries() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getStorkNoSignatureCountries() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getStorkFakeIdLResigningKey() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isPVPSchemaValidationActive() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public Map<String, String> getConfigurationWithWildCard(String key) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<Integer> getDefaultRevisionsLogEventCodes() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isHTTPAuthAllowed() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public String[] getRevocationMethodOrder() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java
new file mode 100644
index 000000000..2df20edb4
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java
@@ -0,0 +1,264 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata;
+
+import java.security.PrivateKey;
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
+import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+
+public class DummyOA implements IOAAuthParameters {
+
+	@Override
+	public Map<String, String> getFullConfiguration() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getConfigurationValue(String key) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getFriendlyName() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getPublicURLPrefix() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException {
+		return false;
+	}
+
+	@Override
+	public boolean hasBaseIdTransferRestriction() throws ConfigurationException {
+		return false;
+	}
+
+	@Override
+	public String getAreaSpecificTargetIdentifier() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isInderfederationIDP() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isSTORKPVPGateway() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isRemovePBKFromAuthBlock() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public String getKeyBoxIdentifier() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public SAML1ConfigurationParameters getSAML1Parameter() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getTemplateURL() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getAditionalAuthBlockText() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getBKUURL(String bkutype) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getBKUURL() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean useSSO() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean useSSOQuestion() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public List<String> getMandateProfiles() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isShowMandateCheckBox() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isOnlyMandateAllowed() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isShowStorkLogin() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public String getQaaLevel() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isRequireConsentForStorkAttributes() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public Collection<StorkAttribute> getRequestedSTORKAttributes() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public byte[] getBKUSelectionTemplate() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public byte[] getSendAssertionTemplate() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Collection<CPEPS> getPepsList() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getIDPAttributQueryServiceURL() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isInboundSSOInterfederationAllowed() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isInterfederationSSOStorageAllowed() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isOutboundSSOInterfederationAllowed() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isTestCredentialEnabled() {
+		return true;
+	}
+
+	@Override
+	public List<String> getTestCredentialOIDs() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isUseIDLTestTrustStore() {
+		return true;
+	}
+
+	@Override
+	public boolean isUseAuthBlockTestTestStore() {
+		return true;
+	}
+
+	@Override
+	public PrivateKey getBPKDecBpkDecryptionKey() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isPassivRequestUsedForInterfederation() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isPerformLocalAuthenticationOnInterfederationError() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public Collection<StorkAttributeProviderPlugin> getStorkAPs() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<Integer> getReversionsLoggingEventCodes() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
new file mode 100644
index 000000000..52743c9da
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
@@ -0,0 +1,105 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth;
+
+import java.io.ByteArrayInputStream;
+import java.util.Map;
+
+import org.junit.Test;
+import org.opensaml.saml2.core.Assertion;
+
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyAuthConfig;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyOA;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier.QualifiedeIDVerifier;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.Configurator;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moaspss.logging.LoggingContext;
+import at.gv.egovernment.moaspss.logging.LoggingContextManager;
+import iaik.security.ec.provider.ECCelerate;
+import iaik.security.provider.IAIK;
+
+public abstract class eIDDataVerifierTest {
+	 
+	protected Map<String, String> eIDData = null;
+		
+	@Test
+	public void dummyTest() throws Exception {
+		
+		
+	}
+	
+	@Test
+	public void parseIdl() throws Exception {
+		String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL);
+		if (MiscUtil.isEmpty(idlB64))
+			throw new Exception("NO IDL found");
+		
+		IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink();
+		
+		if (idl == null) 
+			throw new Exception("IDL parsing FAILED");
+		
+	}
+	
+	@Test
+	public void parseAuthBlock() throws Exception {
+		String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK);
+		if (MiscUtil.isEmpty(authBlockB64))
+			throw new Exception("NO AuthBlock found");
+		
+		Assertion authBlock = QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(authBlockB64);
+		new AssertionAttributeExtractor(authBlock);
+				
+	}
+	
+	@Test
+	public void checkIDLAgainstAuthblock() throws Exception {
+		String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK);
+		String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL);
+		if (MiscUtil.isEmpty(idlB64))
+			throw new Exception("NO IDL found");	
+		if (MiscUtil.isEmpty(authBlockB64))
+			throw new Exception("NO AuthBlock found");
+		
+		IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink();
+		Assertion authBlock = QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(authBlockB64);
+		AssertionAttributeExtractor authBlockExtractor = new AssertionAttributeExtractor(authBlock);
+				
+		IOAAuthParameters dummyOA = new DummyOA();
+		AuthConfiguration dummyAuthConfig = new DummyAuthConfig();
+		
+		Logger.info("Loading Java security providers.");
+		System.setProperty("moa.spss.server.configuration", "F:\\Projekte\\configs\\moa-spss\\MOASPSSConfiguration.xml");
+
+	    IAIK.addAsProvider();                
+	    ECCelerate.addAsProvider(); 
+        try {
+        	LoggingContextManager.getInstance().setLoggingContext(
+                    new LoggingContext("startup"));
+        	Logger.debug("Starting MOA-SPSS initialization process ... ");
+        	Configurator.getInstance().init();        	
+        	Logger.info("MOA-SPSS initialization complete ");
+        	                       
+         } catch (MOAException e) {
+        	 Logger.error("MOA-SP initialization FAILED!", e.getWrapped()); 
+             throw new ConfigurationException("config.10", new Object[] { e
+                      .toString() }, e);
+		}
+	    				
+		QualifiedeIDVerifier.verifyIdentityLink(idl, dummyOA , dummyAuthConfig);
+		IVerifiyXMLSignatureResponse authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock(authBlockB64, dummyOA , dummyAuthConfig);
+		QualifiedeIDVerifier.checkConsistencyOfeIDData(getSl20ReqId(), idl, authBlockExtractor, authBlockVerificationResult);
+		
+	}
+	
+	protected abstract String getSl20ReqId();
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml
new file mode 100644
index 000000000..011d1ed64
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xmlns:tx="http://www.springframework.org/schema/tx"
+	xmlns:aop="http://www.springframework.org/schema/aop"
+	xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+															
+</beans>
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json
new file mode 100644
index 000000000..09190574d
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json
@@ -0,0 +1,14 @@
+{
+  "v": 10,
+  "respID": "Cl6uQjZlOWFjUEbtyXb0",
+  "inResponseTo": "_28ab8536d068a153e1a",
+  "payload": {
+    "name": "qualifiedeID",
+    "result": {
+      "EID-IDENTITY-LINK": "PHNhbWw6QXNzZXJ0aW9uIEFzc2VydGlvbklEPSJzenIuYm1pLmd2LmF0LUFzc2VydGlvbklEMTUyNzY2OTEwMDU5MTI3NDQiIElzc3VlSW5zdGFudD0iMjAxOC0wNS0zMFQxMDozMTo0MCswMTowMCIgSXNzdWVyPSJodHRwOi8vcG9ydGFsLmJtaS5ndi5hdC9yZWYvc3pyL2lzc3VlciIgTWFqb3JWZXJzaW9uPSIxIiBNaW5vclZlcnNpb249IjAiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDphc3NlcnRpb24iIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJubWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOmVjZHNhPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSMiIHhtbG5zOnNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSI+Cgk8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+CgkJPHNhbWw6U3ViamVjdD4KCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KCQkJCTxzYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjA6Y206c2VuZGVyLXZvdWNoZXM8L3NhbWw6Q29uZmlybWF0aW9uTWV0aG9kPgoJCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE+CgkJCQkJPHByOlBlcnNvbiBzaTp0eXBlPSJwcjpQaHlzaWNhbFBlcnNvblR5cGUiPjxwcjpJZGVudGlmaWNhdGlvbj48cHI6VmFsdWU+dHFDUUVDNytBcUdFZWVMMzkwVjVKZz09PC9wcjpWYWx1ZT48cHI6VHlwZT51cm46cHVibGljaWQ6Z3YuYXQ6YmFzZWlkPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24+PHByOk5hbWU+PHByOkdpdmVuTmFtZT5NYXg8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPk11c3Rlcm1hbm48L3ByOkZhbWlseU5hbWU+PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4xOTQwLTAxLTAxPC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj4KCQkJCTwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KCQkJPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJPC9zYW1sOlN1YmplY3Q+Cgk8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXplblB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJ1cm46cHVibGljaWQ6Z3YuYXQ6bmFtZXNwYWNlczppZGVudGl0eWxpbms6MS4yIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT48ZHNpZzpSU0FLZXlWYWx1ZT48ZHNpZzpNb2R1bHVzPnMwWmhkR2E4REgwSW1iTlU3aTRxdDRtR25CUEFlTDk5Q0dkZmRCOEhWWE5CNWd3d2VMY1o5WE1TWUJvUHFHdFVqemh6S29zRkN5M0sNCmpsSEVrejB0L3JQemhOVGRsVjJRN0FGWEZlT2g3M3dPajQ3R1B2T2lVNzdwQjE3WnJaOHlObW1JTTEyUVE5MVN0RGFWRkUra0dxUEkNCmNFZHZiZk94blU4aGNpa3lYcWVheFZVV3oxbVdXTnRveUwyWG5wa1U0QkZVQnU1NWg5S2tYVEFQcnBUbEFMZjkvRDFKamZWb05tamwNCnBLWXh6Q3JBSmE4Sno4Ui9sNis0U0U3YXc3dGZuazNZUXkxcFVmNWZmellkeXZQS2ZxVTBUTUVKLzdpOW1ORHFCZlVwcVhBRWowdWUNCkpvRWs0UC9pa2Q5UnZuVUlsU0V1NzFHMyt1VEluSXBaaTd2UG93PT08L2RzaWc6TW9kdWx1cz48ZHNpZzpFeHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PjwvZHNpZzpSU0FLZXlWYWx1ZT48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJPGRzaWc6U2lnbmF0dXJlPgoJCTxkc2lnOlNpZ25lZEluZm8+CgkJCTxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+CgkJCTxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIgLz4KCQkJPGRzaWc6UmVmZXJlbmNlIFVSST0iIj4KCQkJCTxkc2lnOlRyYW5zZm9ybXM+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQk8ZHNpZzpYUGF0aD5ub3QoYW5jZXN0b3Itb3Itc2VsZjo6cHI6SWRlbnRpZmljYXRpb24pPC9kc2lnOlhQYXRoPgoJCQkJCTwvZHNpZzpUcmFuc2Zvcm0+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8+CgkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCTxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIiAvPgoJCQkJPGRzaWc6RGlnZXN0VmFsdWU+QmVIdUFyYXUzSFVQcXg5dHV3QTRGaDNOSDB3PTwvZHNpZzpEaWdlc3RWYWx1ZT4KCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPGRzaWc6UmVmZXJlbmNlIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNNYW5pZmVzdCIgVVJJPSIjbWFuaWZlc3QiPgoJCQkJPGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiIC8+CgkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5mVEUrMjRnRHlkUlgvd0p2QlAxOUlucU54Rkk9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQk8L2RzaWc6UmVmZXJlbmNlPgoJCTwvZHNpZzpTaWduZWRJbmZvPgoJCTxkc2lnOlNpZ25hdHVyZVZhbHVlPgogICAgUHpLMWR2N2JFMGhQcGxlc1ZaRFhHSWxhbTlUK0JxWkd4ZWs5RHVuYkhNK21GWWI3a1NaZTN2eEszUmhRZjNBV3djbXFtVWZPRlJObg0KWndxYnovNGRZd2hJRld6VGdMelVmMlZkR0JsN2szbS8wSmJXSkV1bEtobE5vV2ZSTkRrdTRZcmI2THVrWjdaQzJFcWd2UXYxa1BRTg0Kb1BvQ1I5d3hUc1RKWFNCaHdLc0lERG9vZHY3aUVpWGFCM0xmVHQrQWdYdEdvbWRRaktjby9WamJSSzRUUEkvQUVNVU1KWm9zZlJYMg0KdmE2U1BaUnV4QjBlWkwwVGVzYittRjlFaUlOVnNTSU9nbTVSRE95V1ZRZkJnVG9nYjNoWmlLVmh0a1IvaWlSNmhZNlA2b1cwTDh4ag0KMG5ZVldPRHAxSlJML3Z0ZDFhUklVYzNCQTJQaFkrRmdJR1FHTUE9PQogIDwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlGdXpDQ0JLT2dBd0lCQWdJREdTa2VNQTBHQ1NxR1NJYjNEUUVCQlFVQU1JR2ZNUXN3Q1FZRFZRUUdFd0pCDQpWREZJTUVZR0ExVUVDZ3cvUVMxVWNuVnpkQ0JIWlhNdUlHWXVJRk5wWTJobGNtaGxhWFJ6YzNsemRHVnRaU0JwDQpiU0JsYkdWcmRISXVJRVJoZEdWdWRtVnlhMlZvY2lCSGJXSklNU0l3SUFZRFZRUUxEQmxoTFhOcFoyNHRZMjl5DQpjRzl5WVhSbExXeHBaMmgwTFRBeU1TSXdJQVlEVlFRRERCbGhMWE5wWjI0dFkyOXljRzl5WVhSbExXeHBaMmgwDQpMVEF5TUI0WERURTFNRGN5T0RFMU5Ea3dOVm9YRFRJd01EY3lPREV6TkRrd05Wb3dnYll4Q3pBSkJnTlZCQVlUDQpBa0ZVTVI0d0hBWURWUVFLREJWRVlYUmxibk5qYUhWMGVtdHZiVzFwYzNOcGIyNHhJakFnQmdOVkJBc01HVk4wDQpZVzF0ZW1Gb2JISmxaMmx6ZEdWeVltVm9iMlZ5WkdVeExqQXNCZ05WQkFNTUpWTnBaMjVoZEhWeWMyVnlkbWxqDQpaU0JFWVhSbGJuTmphSFYwZW10dmJXMXBjM05wYjI0eEZUQVRCZ05WQkFVVERETXlOVGt5T0RNeU16azVPREVjDQpNQm9HQ1NxR1NJYjNEUUVKQVF3TlpITnJRR1J6YXk1bmRpNWhkRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEDQpnZ0VQQURDQ0FRb0NnZ0VCQU4rZEJTRUJHajJqVVhJSzFNcDNsVnhjL1phK3BKTWl5S3JYM0cxWnhnWC9pa3g3DQpEOXNjc1BZTXQ0NzNMbEFXbDljbUNiSGJKSytQVjJYTk5kVVJMTVVDSVgrNHZVTnMyTUhlRFRRdFg4QlhqSkZwDQp3SllTb2FSSlEzOUZWUy8xcjVzV2NyYTlIaGRtN3c1R3R4LzJ1a3lEWDBrZGt4YXdraFA0RVFFemkvU0krRnVnDQpuK1dxZ1ExbkFkbGJ4Yi9kY0J3NXcxaDliM2xtdXdVZjR6M29vUVdVRDJEZ0Eva0tkMUtlak5SNDNtTFVzbXZTDQp6ZXZQeFQ5enM3OHBPUjFPYWNCN0lzelRWSlBYZU9FYWFOWkhubkIvVWVPM2c4TEVWLzNPa1hjVWdjTWtiSUlpDQphQkhsbGw3MVBxMENPajlrcWpYb2U3T3JSakxZNWkzS3dPcGE2VE1DQXdFQUFhT0NBZVV3Z2dIaE1CRUdBMVVkDQpEZ1FLQkFoTUNBNmVHdlMxdWpBT0JnTlZIUThCQWY4RUJBTUNCTEF3RGdZSEtpZ0FDZ0VIQVFRREFRSC9NQk1HDQpBMVVkSXdRTU1BcUFDRWtjV0RwUDZBMERNQWtHQTFVZEV3UUNNQUF3RkFZSEtpZ0FDZ0VCQVFRSkRBZENVMEl0DQpSRk5MTUg4R0NDc0dBUVVGQndFQkJITXdjVEJHQmdnckJnRUZCUWN3QW9ZNmFIUjBjRG92TDNkM2R5NWhMWFJ5DQpkWE4wTG1GMEwyTmxjblJ6TDJFdGMybG5iaTFqYjNKd2IzSmhkR1V0YkdsbmFIUXRNREpoTG1OeWREQW5CZ2dyDQpCZ0VGQlFjd0FZWWJhSFIwY0RvdkwyOWpjM0F1WVMxMGNuVnpkQzVoZEM5dlkzTndNRlFHQTFVZElBUk5NRXN3DQpTUVlHS2lnQUVRRVNNRDh3UFFZSUt3WUJCUVVIQWdFV01XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrDQpiMk56TDJOd0wyRXRjMmxuYmkxQmJYUnpjMmxuYm1GMGRYSXdnWjRHQTFVZEh3U0JsakNCa3pDQmtLQ0JqYUNCDQppb2FCaDJ4a1lYQTZMeTlzWkdGd0xtRXRkSEoxYzNRdVlYUXZiM1U5WVMxemFXZHVMV052Y25CdmNtRjBaUzFzDQphV2RvZEMwd01peHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wDQpQMkpoYzJVL2IySnFaV04wWTJ4aGMzTTlaV2xrUTJWeWRHbG1hV05oZEdsdmJrRjFkR2h2Y21sMGVUQU5CZ2txDQpoa2lHOXcwQkFRVUZBQU9DQVFFQUhRM1pDTXRBYmF6ZU1IbVdBMnpoWWxIcUhnS1ZvY1ZYRURnbU5tV0xHcUZlDQo4RUFERklzOHVHcmt0Qm1XQ1VJWGJYczdUSGNmeHMySjQ3dkh1Y29wc2RrYWJObFhFanpuZFJmbmMrMVZJbmJvDQp6TXJZZDdqZUROVEsvdElqaU9FWWRyeUlwZWtWOUNmYXc3eXU2bWVmTXpldTFhQXdmN0JuSy9odWl3SlduZW5wDQpCN2lEL1B2WittenVDN1JOZkpmRisrU3RpQlR4aTNWWXhOR01qTTFjVThHdzlWV2MwUjNFdWpPYVhXZ0NDOGk1DQpGR2hWdk9ZaE5YZnN4SlhiTnhld0VDanBBTHZEbEZMTCtpQzQ5RytBRFNvUnYwU2s5MU9QdStjSW1DajNyczNRDQp0YXNJL3A5TFlhY0c2Yy9nSTN0RTBpaHFnOVJic0tIWFFsM1BPdkVSSkE9PTwvZHNpZzpYNTA5Q2VydGlmaWNhdGU+PC9kc2lnOlg1MDlEYXRhPjwvZHNpZzpLZXlJbmZvPgoJCTxkc2lnOk9iamVjdD4KCQkJPGRzaWc6TWFuaWZlc3QgSWQ9Im1hbmlmZXN0Ij4KCQkJCTxkc2lnOlJlZmVyZW5jZSBVUkk9IiI+CgkJCQkJPGRzaWc6VHJhbnNmb3Jtcz4KCQkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQkJPGRzaWc6WFBhdGg+bm90KGFuY2VzdG9yLW9yLXNlbGY6OmRzaWc6U2lnbmF0dXJlKTwvZHNpZzpYUGF0aD4KCQkJCQkJPC9kc2lnOlRyYW5zZm9ybT4KCQkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCQk8ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIgLz4KCQkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5wM1pwS1BvK0ZYT3ZXdEhidFJzR2VLWm9lSTQ9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPC9kc2lnOk1hbmlmZXN0PgoJCTwvZHNpZzpPYmplY3Q+Cgk8L2RzaWc6U2lnbmF0dXJlPgo8L3NhbWw6QXNzZXJ0aW9uPg==",
+      "EID-CITIZEN-QAA-LEVEL": "substantial",
+      "EID-CCS-URL": "https://www.a-trust.at/todo",
+      "EID-AUTH-BLOCK": "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"no\"?><saml2:Assertion xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_28ab8536d068a153e1a\" IssueInstant=\"2018-06-04T17:20:13+02:00\" Version=\"2.0\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\"><saml2:Issuer Format=\"urn:oasis:names:tc:SAML:2.0:nameid-format:entity\">https://www.a-trust.at/todo</saml2:Issuer><saml2:Conditions NotBefore=\"2018-06-04T17:20:13+02:00\" NotOnOrAfter=\"2018-06-04T17:35:13+02:00\"><saml2:AudienceRestriction><saml2:Audience>https://demo.egiz.gv.at/demoportal_moaid-2.0/sl20/dataUrl?pendingid=862482318004000902</saml2:Audience></saml2:AudienceRestriction></saml2:Conditions><dsig:Signature xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\" Id=\"signature-1-1\"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /><dsig:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\" /><dsig:Reference Id=\"reference-1-1\" URI=\"\"><dsig:Transforms><dsig:Transform Algorithm=\"http://www.w3.org/TR/1999/REC-xslt-19991116\"><xsl:stylesheet xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\" exclude-result-prefixes=\"saml2\" version=\"1.0\" xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\"><xsl:output method=\"xml\" xml:space=\"default\" /><xsl:template match=\"/\" xmlns=\"http://www.w3.org/1999/xhtml\"><html xmlns=\"http://www.w3.org/1999/xhtml\"><head><title>Signatur der Anmeldedaten</title><style media=\"screen\" type=\"text/css\">\n              \t\t\t\t\t.normalstyle { font-size: medium; } \n              \t\t\t\t\t.italicstyle { font-size: medium; font-style: italic; }\n\t\t\t\t\t\t\t\t.titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; } \n\t\t\t\t\t\t\t\t.h4style { font-size: large; }                                                                                      \n\t\t\t\t\t\t\t\t.hidden {display: none; } \n              \t\t\t\t</style></head><body><h4 class=\"h4style\">Anmeldedaten:</h4><p class=\"titlestyle\">Daten zur Person</p><table class=\"parameters\"><xsl:if test=\"string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)\"><tr><td class=\"italicstyle\">Vorname: </td><td class=\"normalstyle\"><xsl:value-of select=\"/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue\" /></td></tr></xsl:if><xsl:if test=\"string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)\"><tr><td class=\"italicstyle\">Nachname: </td><td class=\"normalstyle\"><xsl:value-of select=\"/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue\" /></td></tr></xsl:if><xsl:if test=\"string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)\"><tr><td class=\"italicstyle\">Geburtsdatum: </td><td class=\"normalstyle\"><xsl:value-of select=\"/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue\" /></td></tr></xsl:if><xsl:if test=\"/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue\"><tr><td class=\"italicstyle\">Vollmacht: </td><td class=\"normalstyle\"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class=\"titlestyle\">Daten zur Anwendung</p><table class=\"parameters\"><tr><td class=\"italicstyle\">Identifikator: </td><td class=\"normalstyle\"><xsl:value-of select=\"/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://securitylayer.vda.at/eID/authblock/attributes/ServiceProviderUniqueId']/saml2:AttributeValue\" /></td></tr><xsl:if test=\"string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://securitylayer.vda.at/eID/authblock/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)\"><tr><td class=\"italicstyle\">Name: </td><td class=\"normalstyle\"><xsl:value-of select=\"/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://securitylayer.vda.at/eID/authblock/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue\" /></td></tr></xsl:if><xsl:if test=\"string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://securitylayer.vda.at/eID/authblock/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)\"><tr><td class=\"italicstyle\">Staat: </td><td class=\"normalstyle\"><xsl:value-of select=\"/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://securitylayer.vda.at/eID/authblock/attributes/ServiceProviderCountryCode']/saml2:AttributeValue\" /></td></tr></xsl:if></table><p class=\"titlestyle\">Technische Parameter</p><table class=\"parameters\"><tr><td class=\"italicstyle\">Datum:</td><td class=\"normalstyle\"><xsl:value-of select=\"substring(/saml2:Assertion/@IssueInstant,9,2)\" /><xsl:text>.</xsl:text><xsl:value-of select=\"substring(/saml2:Assertion/@IssueInstant,6,2)\" /><xsl:text>.</xsl:text><xsl:value-of select=\"substring(/saml2:Assertion/@IssueInstant,1,4)\" /></td></tr><tr><td class=\"italicstyle\">Uhrzeit:</td><td class=\"normalstyle\"><xsl:value-of select=\"substring(/saml2:Assertion/@IssueInstant,12,2)\" /><xsl:text>:</xsl:text><xsl:value-of select=\"substring(/saml2:Assertion/@IssueInstant,15,2)\" /><xsl:text>:</xsl:text><xsl:value-of select=\"substring(/saml2:Assertion/@IssueInstant,18,2)\" /></td></tr><tr><td class=\"italicstyle\">TransaktionsTokken: </td><td class=\"normalstyle\"><xsl:value-of select=\"/saml2:Assertion/@ID\" /></td></tr><xsl:if test=\"/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue\"><tr><td class=\"italicstyle\">\n\t\t\t\t\t\t\t\t\t\t\tVollmachten-Referenz: </td><td class=\"normalstyle\"><xsl:value-of select=\"/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue\" /></td></tr></xsl:if><tr class=\"hidden\"><td class=\"italicstyle\">DataURL: </td><td class=\"normalstyle\"><xsl:value-of select=\"/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience\" /></td></tr><xsl:if test=\"/saml2:Assertion/saml2:Conditions/@NotOnOrAfter\"><tr class=\"hidden\"><td class=\"italicstyle\">AuthBlockValidTo: </td><td class=\"normalstyle\"><xsl:value-of select=\"/saml2:Assertion/saml2:Conditions/@NotOnOrAfter\" /></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments\" /></dsig:Transforms><dsig:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\" /><dsig:DigestValue>9YAYcxkIWv1Zzdhli5Mjk6Nz8ZJjVQTxU/u71fF5StA=</dsig:DigestValue></dsig:Reference><dsig:Reference Id=\"etsi-data-reference-1-1\" Type=\"http://uri.etsi.org/01903#SignedProperties\" URI=\"#etsi-signedproperties-1-1\"><dsig:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\" /><dsig:DigestValue>F7ye8qqVpognWOY8JAZVHk7X+AzH/5OStZWYSSbKgH4=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue Id=\"signaturevalue-1-1\">WVqZ8I9HaPIerCh1DIh6FnNQODSmWkxSecxTrcSL79ooWPYRB8DPbNoMT39rT+eRgYPjcAxjiNegbo0+lE51ZauWNr3jq2USaVY3nBpnmVDfBlnkFMdovaVVJPyegtGTYMMeN3+EQaZRSy13bvJS1U36bFUgv2i8KeXdftFzxeNheJqyXvrGzvmVuJV4dB8fOUm2VXgKepvelpRQZ+U6Jpyq1yVE9gz4frqVLetdUSGQhKJ0VRgYVVqa4FQ+YpyFgWwJQF/lOuUWli0jZ73HC7rIuVZ5Y0LEqaB+GUwthQk4qM3BsIfxPAxeh7a1Z915h0Ilzjkbk9kwt5Z2yZ8qXQ==</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIF1jCCBL6gAwIBAgIEfgS3/TANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBgwCQVQxSDBGBgNVBAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVByZW1pdW0tVGVzdC1TaWctMDIxIzAhBgNVBAMMGmEtc2lnbi1QcmVtaXVtLVRlc3QtU2lnLTAyMB4XDTE4MDUzMDA4MzIyOVoXDTIzMDUzMDA4MzIyOVowYDELMAkGA1UEBgwCQVQxFzAVBgNVBAMMDk1heCBNdXN0ZXJtYW5uMRMwEQYDVQQEDApNdXN0ZXJtYW5uMQwwCgYDVQQqDANNYXgxFTATBgNVBAUMDDUxNzY2MDcxODk5MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNGYXRmvAx9CJmzVO4uKreJhpwTwHi/fQhnX3QfB1VzQeYMMHi3GfVzEmAaD6hrVI84cyqLBQstyo5RxJM9Lf6z84TU3ZVdkOwBVxXjoe98Do+Oxj7zolO+6Qde2a2fMjZpiDNdkEPdUrQ2lRRPpBqjyHBHb23zsZ1PIXIpMl6nmsVVFs9ZlljbaMi9l56ZFOARVAbueYfSpF0wD66U5QC3/fw9SY31aDZo5aSmMcwqwCWvCc/Ef5evuEhO2sO7X55N2EMtaVH+X382Hcrzyn6lNEzBCf+4vZjQ6gX1KalwBI9LniaBJOD/4pHfUb51CJUhLu9Rt/rkyJyKWYu7z6MCAwEAAaOCAlQwggJQMIGDBggrBgEFBQcBAQR3MHUwRQYIKwYBBQUHMAKGOWh0dHA6Ly93d3cuYS10cnVzdC5hdC9jZXJ0cy9hLXNpZ24tcHJlbWl1bS1tb2JpbGUtMDNhLmNydDAsBggrBgEFBQcwAYYgaHR0cDovL29jc3AtdGVzdC5hLXRydXN0LmF0L29jc3AwEwYDVR0jBAwwCoAIRgafjkGOFb0wcgYIKwYBBQUHAQMEZjBkMAoGCCsGAQUFBwsCMAgGBgQAjkYBATAIBgYEAI5GAQQwEwYGBACORgEGMAkGBwQAjkYBBgEwLQYGBACORgEFMCMwIRYbaHR0cHM6Ly93d3cuYS10cnVzdC5hdC9wZHMvEwJFTjARBgNVHQ4ECgQIQWyS5dXk/tYwDgYDVR0PAQH/BAQDAgbAMAkGA1UdEwQCMAAwYAYDVR0gBFkwVzAIBgYEAIswAQEwSwYGKigAEQEUMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cuYS10cnVzdC5hdC9kb2NzL2NwL2Etc2lnbi1wcmVtaXVtLW1vYmlsZTCBrgYDVR0fBIGmMIGjMIGgoIGdoIGahoGXbGRhcDovL2xkYXAtdGVzdC5hLXRydXN0LmF0L291PWEtc2lnbi1QcmVtaXVtLVRlc3QtU2lnLTAyIChTSEEtMjU2KSxvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAQEAyEmgODt02xaxHb4E+O9XgImEC0AoH4Q97Pq7Bd4v+Pqqd6i5RodvwfTgIaW1J+fvH8KUTzI0XX9wpUWwImVEGMH63VAJcXVH0y9ifEWIHdhOLtRYVif0SQK9YRachvJDmF5hLwAQREeGsX2iNmP7dYe4xiNKAtQn0phvlPqgha6oKDGMQ8FNAfRz3kAtXJwPbFg6QE4kIhkTgd32uOiAJW7G2TaJZXWfK9TpV5LQ13+11FJ2S3KQc8ub/+1GdgirKSW4J1zhsfT+WCr/OayU2MzQXKv8OWb0SxWIJHiMTexH7r9muGk/ZLkaQQV2CtSOYqTAN8AweCiJ11uVFHeLpQ==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id=\"etsi-signed-1-1\"><etsi:QualifyingProperties xmlns:etsi=\"http://uri.etsi.org/01903/v1.3.2#\" Target=\"#signature-1-1\"><etsi:SignedProperties Id=\"etsi-signedproperties-1-1\"><etsi:SignedSignatureProperties><etsi:SigningTime>2018-06-04T15:20:13Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><dsig:DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\" /><dsig:DigestValue>6aTkha/Y9xYS4bQMZbwIX8TFsD2CezdhuqHpTtCI3f0=</dsig:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-Premium-Test-Sig-02,OU=a-sign-Premium-Test-Sig-02,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>2114238461</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied /></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference=\"#reference-1-1\"><etsi:MimeType>application/xhtml+xml</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature><saml2:AttributeStatement><saml2:Attribute FriendlyName=\"PVP-VERSION\" Name=\"urn:oid:1.2.40.0.10.2.1.1.261.10\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">2.1</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName=\"PRINCIPAL-NAME\" Name=\"urn:oid:1.2.40.0.10.2.1.1.261.20\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">Mustermann</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName=\"GIVEN-NAME\" Name=\"urn:oid:2.5.4.42\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">Max</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName=\"BIRTHDATE\" Name=\"urn:oid:1.2.40.0.10.2.1.1.55\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">1940-01-01</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName=\"ServiceProvider-UniqueId\" Name=\"http://securitylayer.vda.at/eID/authblock/attributes/ServiceProviderUniqueId\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">labda - Development</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName=\"ServiceProvider-FriendlyName\" Name=\"http://securitylayer.vda.at/eID/authblock/attributes/ServiceProviderFriendlyName\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">https://labda.iaik.tugraz.at:5553/demologin/</saml2:AttributeValue></saml2:Attribute><saml2:Attribute FriendlyName=\"ServiceProvider-CountryCode\" Name=\"http://securitylayer.vda.at/eID/authblock/attributes/ServiceProviderCountryCode\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:uri\"><saml2:AttributeValue xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"xs:string\">AT</saml2:AttributeValue></saml2:Attribute></saml2:AttributeStatement></saml2:Assertion>"
+    }
+  }
+}
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json
new file mode 100644
index 000000000..a75535da1
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json
@@ -0,0 +1,8 @@
+{"result": 
+	{
+      "EID-IDENTITY-LINK": "PHNhbWw6QXNzZXJ0aW9uIEFzc2VydGlvbklEPSJzenIuYm1pLmd2LmF0LUFzc2VydGlvbklEMTUyNzY2OTEwMDU5MTI3NDQiIElzc3VlSW5zdGFudD0iMjAxOC0wNS0zMFQxMDozMTo0MCswMTowMCIgSXNzdWVyPSJodHRwOi8vcG9ydGFsLmJtaS5ndi5hdC9yZWYvc3pyL2lzc3VlciIgTWFqb3JWZXJzaW9uPSIxIiBNaW5vclZlcnNpb249IjAiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDphc3NlcnRpb24iIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJubWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOmVjZHNhPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSMiIHhtbG5zOnNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSI+Cgk8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+CgkJPHNhbWw6U3ViamVjdD4KCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KCQkJCTxzYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjA6Y206c2VuZGVyLXZvdWNoZXM8L3NhbWw6Q29uZmlybWF0aW9uTWV0aG9kPgoJCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE+CgkJCQkJPHByOlBlcnNvbiBzaTp0eXBlPSJwcjpQaHlzaWNhbFBlcnNvblR5cGUiPjxwcjpJZGVudGlmaWNhdGlvbj48cHI6VmFsdWU+dHFDUUVDNytBcUdFZWVMMzkwVjVKZz09PC9wcjpWYWx1ZT48cHI6VHlwZT51cm46cHVibGljaWQ6Z3YuYXQ6YmFzZWlkPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24+PHByOk5hbWU+PHByOkdpdmVuTmFtZT5NYXg8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPk11c3Rlcm1hbm48L3ByOkZhbWlseU5hbWU+PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4xOTQwLTAxLTAxPC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj4KCQkJCTwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KCQkJPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJPC9zYW1sOlN1YmplY3Q+Cgk8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXplblB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJ1cm46cHVibGljaWQ6Z3YuYXQ6bmFtZXNwYWNlczppZGVudGl0eWxpbms6MS4yIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT48ZHNpZzpSU0FLZXlWYWx1ZT48ZHNpZzpNb2R1bHVzPnMwWmhkR2E4REgwSW1iTlU3aTRxdDRtR25CUEFlTDk5Q0dkZmRCOEhWWE5CNWd3d2VMY1o5WE1TWUJvUHFHdFVqemh6S29zRkN5M0sNCmpsSEVrejB0L3JQemhOVGRsVjJRN0FGWEZlT2g3M3dPajQ3R1B2T2lVNzdwQjE3WnJaOHlObW1JTTEyUVE5MVN0RGFWRkUra0dxUEkNCmNFZHZiZk94blU4aGNpa3lYcWVheFZVV3oxbVdXTnRveUwyWG5wa1U0QkZVQnU1NWg5S2tYVEFQcnBUbEFMZjkvRDFKamZWb05tamwNCnBLWXh6Q3JBSmE4Sno4Ui9sNis0U0U3YXc3dGZuazNZUXkxcFVmNWZmellkeXZQS2ZxVTBUTUVKLzdpOW1ORHFCZlVwcVhBRWowdWUNCkpvRWs0UC9pa2Q5UnZuVUlsU0V1NzFHMyt1VEluSXBaaTd2UG93PT08L2RzaWc6TW9kdWx1cz48ZHNpZzpFeHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PjwvZHNpZzpSU0FLZXlWYWx1ZT48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJPGRzaWc6U2lnbmF0dXJlPgoJCTxkc2lnOlNpZ25lZEluZm8+CgkJCTxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+CgkJCTxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIgLz4KCQkJPGRzaWc6UmVmZXJlbmNlIFVSST0iIj4KCQkJCTxkc2lnOlRyYW5zZm9ybXM+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQk8ZHNpZzpYUGF0aD5ub3QoYW5jZXN0b3Itb3Itc2VsZjo6cHI6SWRlbnRpZmljYXRpb24pPC9kc2lnOlhQYXRoPgoJCQkJCTwvZHNpZzpUcmFuc2Zvcm0+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8+CgkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCTxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIiAvPgoJCQkJPGRzaWc6RGlnZXN0VmFsdWU+QmVIdUFyYXUzSFVQcXg5dHV3QTRGaDNOSDB3PTwvZHNpZzpEaWdlc3RWYWx1ZT4KCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPGRzaWc6UmVmZXJlbmNlIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNNYW5pZmVzdCIgVVJJPSIjbWFuaWZlc3QiPgoJCQkJPGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiIC8+CgkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5mVEUrMjRnRHlkUlgvd0p2QlAxOUlucU54Rkk9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQk8L2RzaWc6UmVmZXJlbmNlPgoJCTwvZHNpZzpTaWduZWRJbmZvPgoJCTxkc2lnOlNpZ25hdHVyZVZhbHVlPgogICAgUHpLMWR2N2JFMGhQcGxlc1ZaRFhHSWxhbTlUK0JxWkd4ZWs5RHVuYkhNK21GWWI3a1NaZTN2eEszUmhRZjNBV3djbXFtVWZPRlJObg0KWndxYnovNGRZd2hJRld6VGdMelVmMlZkR0JsN2szbS8wSmJXSkV1bEtobE5vV2ZSTkRrdTRZcmI2THVrWjdaQzJFcWd2UXYxa1BRTg0Kb1BvQ1I5d3hUc1RKWFNCaHdLc0lERG9vZHY3aUVpWGFCM0xmVHQrQWdYdEdvbWRRaktjby9WamJSSzRUUEkvQUVNVU1KWm9zZlJYMg0KdmE2U1BaUnV4QjBlWkwwVGVzYittRjlFaUlOVnNTSU9nbTVSRE95V1ZRZkJnVG9nYjNoWmlLVmh0a1IvaWlSNmhZNlA2b1cwTDh4ag0KMG5ZVldPRHAxSlJML3Z0ZDFhUklVYzNCQTJQaFkrRmdJR1FHTUE9PQogIDwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlGdXpDQ0JLT2dBd0lCQWdJREdTa2VNQTBHQ1NxR1NJYjNEUUVCQlFVQU1JR2ZNUXN3Q1FZRFZRUUdFd0pCDQpWREZJTUVZR0ExVUVDZ3cvUVMxVWNuVnpkQ0JIWlhNdUlHWXVJRk5wWTJobGNtaGxhWFJ6YzNsemRHVnRaU0JwDQpiU0JsYkdWcmRISXVJRVJoZEdWdWRtVnlhMlZvY2lCSGJXSklNU0l3SUFZRFZRUUxEQmxoTFhOcFoyNHRZMjl5DQpjRzl5WVhSbExXeHBaMmgwTFRBeU1TSXdJQVlEVlFRRERCbGhMWE5wWjI0dFkyOXljRzl5WVhSbExXeHBaMmgwDQpMVEF5TUI0WERURTFNRGN5T0RFMU5Ea3dOVm9YRFRJd01EY3lPREV6TkRrd05Wb3dnYll4Q3pBSkJnTlZCQVlUDQpBa0ZVTVI0d0hBWURWUVFLREJWRVlYUmxibk5qYUhWMGVtdHZiVzFwYzNOcGIyNHhJakFnQmdOVkJBc01HVk4wDQpZVzF0ZW1Gb2JISmxaMmx6ZEdWeVltVm9iMlZ5WkdVeExqQXNCZ05WQkFNTUpWTnBaMjVoZEhWeWMyVnlkbWxqDQpaU0JFWVhSbGJuTmphSFYwZW10dmJXMXBjM05wYjI0eEZUQVRCZ05WQkFVVERETXlOVGt5T0RNeU16azVPREVjDQpNQm9HQ1NxR1NJYjNEUUVKQVF3TlpITnJRR1J6YXk1bmRpNWhkRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEDQpnZ0VQQURDQ0FRb0NnZ0VCQU4rZEJTRUJHajJqVVhJSzFNcDNsVnhjL1phK3BKTWl5S3JYM0cxWnhnWC9pa3g3DQpEOXNjc1BZTXQ0NzNMbEFXbDljbUNiSGJKSytQVjJYTk5kVVJMTVVDSVgrNHZVTnMyTUhlRFRRdFg4QlhqSkZwDQp3SllTb2FSSlEzOUZWUy8xcjVzV2NyYTlIaGRtN3c1R3R4LzJ1a3lEWDBrZGt4YXdraFA0RVFFemkvU0krRnVnDQpuK1dxZ1ExbkFkbGJ4Yi9kY0J3NXcxaDliM2xtdXdVZjR6M29vUVdVRDJEZ0Eva0tkMUtlak5SNDNtTFVzbXZTDQp6ZXZQeFQ5enM3OHBPUjFPYWNCN0lzelRWSlBYZU9FYWFOWkhubkIvVWVPM2c4TEVWLzNPa1hjVWdjTWtiSUlpDQphQkhsbGw3MVBxMENPajlrcWpYb2U3T3JSakxZNWkzS3dPcGE2VE1DQXdFQUFhT0NBZVV3Z2dIaE1CRUdBMVVkDQpEZ1FLQkFoTUNBNmVHdlMxdWpBT0JnTlZIUThCQWY4RUJBTUNCTEF3RGdZSEtpZ0FDZ0VIQVFRREFRSC9NQk1HDQpBMVVkSXdRTU1BcUFDRWtjV0RwUDZBMERNQWtHQTFVZEV3UUNNQUF3RkFZSEtpZ0FDZ0VCQVFRSkRBZENVMEl0DQpSRk5MTUg4R0NDc0dBUVVGQndFQkJITXdjVEJHQmdnckJnRUZCUWN3QW9ZNmFIUjBjRG92TDNkM2R5NWhMWFJ5DQpkWE4wTG1GMEwyTmxjblJ6TDJFdGMybG5iaTFqYjNKd2IzSmhkR1V0YkdsbmFIUXRNREpoTG1OeWREQW5CZ2dyDQpCZ0VGQlFjd0FZWWJhSFIwY0RvdkwyOWpjM0F1WVMxMGNuVnpkQzVoZEM5dlkzTndNRlFHQTFVZElBUk5NRXN3DQpTUVlHS2lnQUVRRVNNRDh3UFFZSUt3WUJCUVVIQWdFV01XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrDQpiMk56TDJOd0wyRXRjMmxuYmkxQmJYUnpjMmxuYm1GMGRYSXdnWjRHQTFVZEh3U0JsakNCa3pDQmtLQ0JqYUNCDQppb2FCaDJ4a1lYQTZMeTlzWkdGd0xtRXRkSEoxYzNRdVlYUXZiM1U5WVMxemFXZHVMV052Y25CdmNtRjBaUzFzDQphV2RvZEMwd01peHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wDQpQMkpoYzJVL2IySnFaV04wWTJ4aGMzTTlaV2xrUTJWeWRHbG1hV05oZEdsdmJrRjFkR2h2Y21sMGVUQU5CZ2txDQpoa2lHOXcwQkFRVUZBQU9DQVFFQUhRM1pDTXRBYmF6ZU1IbVdBMnpoWWxIcUhnS1ZvY1ZYRURnbU5tV0xHcUZlDQo4RUFERklzOHVHcmt0Qm1XQ1VJWGJYczdUSGNmeHMySjQ3dkh1Y29wc2RrYWJObFhFanpuZFJmbmMrMVZJbmJvDQp6TXJZZDdqZUROVEsvdElqaU9FWWRyeUlwZWtWOUNmYXc3eXU2bWVmTXpldTFhQXdmN0JuSy9odWl3SlduZW5wDQpCN2lEL1B2WittenVDN1JOZkpmRisrU3RpQlR4aTNWWXhOR01qTTFjVThHdzlWV2MwUjNFdWpPYVhXZ0NDOGk1DQpGR2hWdk9ZaE5YZnN4SlhiTnhld0VDanBBTHZEbEZMTCtpQzQ5RytBRFNvUnYwU2s5MU9QdStjSW1DajNyczNRDQp0YXNJL3A5TFlhY0c2Yy9nSTN0RTBpaHFnOVJic0tIWFFsM1BPdkVSSkE9PTwvZHNpZzpYNTA5Q2VydGlmaWNhdGU+PC9kc2lnOlg1MDlEYXRhPjwvZHNpZzpLZXlJbmZvPgoJCTxkc2lnOk9iamVjdD4KCQkJPGRzaWc6TWFuaWZlc3QgSWQ9Im1hbmlmZXN0Ij4KCQkJCTxkc2lnOlJlZmVyZW5jZSBVUkk9IiI+CgkJCQkJPGRzaWc6VHJhbnNmb3Jtcz4KCQkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQkJPGRzaWc6WFBhdGg+bm90KGFuY2VzdG9yLW9yLXNlbGY6OmRzaWc6U2lnbmF0dXJlKTwvZHNpZzpYUGF0aD4KCQkJCQkJPC9kc2lnOlRyYW5zZm9ybT4KCQkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCQk8ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIgLz4KCQkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5wM1pwS1BvK0ZYT3ZXdEhidFJzR2VLWm9lSTQ9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPC9kc2lnOk1hbmlmZXN0PgoJCTwvZHNpZzpPYmplY3Q+Cgk8L2RzaWc6U2lnbmF0dXJlPgo8L3NhbWw6QXNzZXJ0aW9uPg==",
+      "EID-CITIZEN-QAA-LEVEL": "substantial",
+      "EID-CCS-URL": "https://www.a-trust.at/todo",
+      "EID-AUTH-BLOCK": "PHNhbWwyOkFzc2VydGlvbiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9Il81NzAxMGI3ZmNjOTNjYzRjZjNmMmI3NjQzODkxMzdjMiIgSXNzdWVJbnN0YW50PSIyMDE2LTAzLTI5VDA4OjUwOjU2LjQ1MFoiIFZlcnNpb249IjIuMCIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIj4NCgk8c2FtbDI6SXNzdWVyIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5odHRwczovL2RlbW8tdmRhLmF0L3ZkYS1zZXJ2aWNlPC9zYW1sMjpJc3N1ZXI+PGRzaWc6U2lnbmF0dXJlIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIElkPSJzaWduYXR1cmUtMS0xIj48ZHNpZzpTaWduZWRJbmZvPjxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSIvPjxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI2VjZHNhLXNoYTI1NiIvPjxkc2lnOlJlZmVyZW5jZSBJZD0icmVmZXJlbmNlLTEtMSIgVVJJPSIiPjxkc2lnOlRyYW5zZm9ybXM+PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHNsdC0xOTk5MTExNiI+PHhzbDpzdHlsZXNoZWV0IHhtbG5zOnhzbD0iaHR0cDovL3d3dy53My5vcmcvMTk5OS9YU0wvVHJhbnNmb3JtIiBleGNsdWRlLXJlc3VsdC1wcmVmaXhlcz0ic2FtbDIiIHZlcnNpb249IjEuMCIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjx4c2w6b3V0cHV0IG1ldGhvZD0ieG1sIiB4bWw6c3BhY2U9ImRlZmF1bHQiLz48eHNsOnRlbXBsYXRlIG1hdGNoPSIvIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRtbCI+PGh0bWwgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiPjxoZWFkPjx0aXRsZT5TaWduYXR1ciBkZXIgQW5tZWxkZWRhdGVuPC90aXRsZT48c3R5bGUgbWVkaWE9InNjcmVlbiIgdHlwZT0idGV4dC9jc3MiPg0KICAgICAgICAgICAgICAJCQkJCS5ub3JtYWxzdHlsZSB7IGZvbnQtc2l6ZTogbWVkaXVtOyB9IA0KICAgICAgICAgICAgICAJCQkJCS5pdGFsaWNzdHlsZSB7IGZvbnQtc2l6ZTogbWVkaXVtOyBmb250LXN0eWxlOiBpdGFsaWM7IH0NCgkJCQkJCQkJLnRpdGxlc3R5bGUgeyB0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lOyBmb250LXdlaWdodDpib2xkOyBmb250LXNpemU6IG1lZGl1bTsgfSANCgkJCQkJCQkJLmg0c3R5bGUgeyBmb250LXNpemU6IGxhcmdlOyB9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCgkJCQkJCQkJLmhpZGRlbiB7ZGlzcGxheTogbm9uZTsgfSANCiAgICAgICAgICAgICAgCQkJCTwvc3R5bGU+PC9oZWFkPjxib2R5PjxoNCBjbGFzcz0iaDRzdHlsZSI+QW5tZWxkZWRhdGVuOjwvaDQ+PHAgY2xhc3M9InRpdGxlc3R5bGUiPkRhdGVuIHp1ciBQZXJzb248L3A+PHRhYmxlIGNsYXNzPSJwYXJhbWV0ZXJzIj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6Mi41LjQuNDInXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5Wb3JuYW1lOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6Mi41LjQuNDInXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjIwJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+TmFjaG5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuNTUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5HZWJ1cnRzZGF0dW06IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+Vm9sbG1hY2h0OiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dGV4dD5JY2ggbWVsZGUgbWljaCBpbiBWZXJ0cmV0dW5nIGFuLiBJbSBuw6RjaHN0ZW4gU2Nocml0dCB3aXJkIG1pciBlaW5lIExpc3RlIGRlciBmw7xyIG1pY2ggdmVyZsO8Z2JhcmVuIFZlcnRyZXR1bmdzdmVyaMOkbHRuaXNzZSBhbmdlemVpZ3QsIGF1cyBkZW5lbiBpY2ggZWluZXMgYXVzd8OkaGxlbiB3ZXJkZS48L3hzbDp0ZXh0PjwvdGQ+PC90cj48L3hzbDppZj48L3RhYmxlPjxwIGNsYXNzPSJ0aXRsZXN0eWxlIj5EYXRlbiB6dXIgQW53ZW5kdW5nPC9wPjx0YWJsZSBjbGFzcz0icGFyYW1ldGVycyI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPklkZW50aWZpa2F0b3I6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJVbmlxdWVJZCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5OYW1lOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J2h0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyRnJpZW5kbHlOYW1lJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+U3RhYXQ6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29kZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjwvdGFibGU+PHAgY2xhc3M9InRpdGxlc3R5bGUiPlRlY2huaXNjaGUgUGFyYW1ldGVyPC9wPjx0YWJsZSBjbGFzcz0icGFyYW1ldGVycyI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPkRhdHVtOjwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9InN1YnN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL0BJc3N1ZUluc3RhbnQsOSwyKSIvPjx4c2w6dGV4dD4uPC94c2w6dGV4dD48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCw2LDIpIi8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDEsNCkiLz48L3RkPjwvdHI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlVocnplaXQ6PC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCwxMiwyKSIvPjx4c2w6dGV4dD46PC94c2w6dGV4dD48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCwxNSwyKSIvPjx4c2w6dGV4dD46PC94c2w6dGV4dD48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCwxOCwyKSIvPjwvdGQ+PC90cj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+VHJhbnNha3Rpb25zVG9ra2VuOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL0BJRCIvPjwvdGQ+PC90cj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPg0KCQkJCQkJCQkJCQlWb2xsbWFjaHRlbi1SZWZlcmVuejogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx0ciBjbGFzcz0iaGlkZGVuIj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5EYXRhVVJMOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkNvbmRpdGlvbnMvc2FtbDI6QXVkaWVuY2VSZXN0cmljdGlvbi9zYW1sMjpBdWRpZW5jZSIvPjwvdGQ+PC90cj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9ATm90T25PckFmdGVyIj48dHIgY2xhc3M9ImhpZGRlbiI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+QXV0aEJsb2NrVmFsaWRUbzogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpDb25kaXRpb25zL0BOb3RPbk9yQWZ0ZXIiLz48L3RkPjwvdHI+PC94c2w6aWY+PC90YWJsZT48L2JvZHk+PC9odG1sPjwveHNsOnRlbXBsYXRlPjwveHNsOnN0eWxlc2hlZXQ+PC9kc2lnOlRyYW5zZm9ybT48ZHNpZzpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSNXaXRoQ29tbWVudHMiLz48L2RzaWc6VHJhbnNmb3Jtcz48ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48ZHNpZzpEaWdlc3RWYWx1ZT5tY0xFdXNpMmMySFZsZWJXZWJnK1VUVVVCVDRHSUxIVDdhN1ZGaDFNZ1YwPTwvZHNpZzpEaWdlc3RWYWx1ZT48L2RzaWc6UmVmZXJlbmNlPjxkc2lnOlJlZmVyZW5jZSBJZD0iZXRzaS1kYXRhLXJlZmVyZW5jZS0xLTEiIFR5cGU9Imh0dHA6Ly91cmkuZXRzaS5vcmcvMDE5MDMvdjEuMS4xI1NpZ25lZFByb3BlcnRpZXMiIFVSST0iIj48ZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDIvMDYveG1sZHNpZy1maWx0ZXIyIj48eHBmOlhQYXRoIHhtbG5zOnhwZj0iaHR0cDovL3d3dy53My5vcmcvMjAwMi8wNi94bWxkc2lnLWZpbHRlcjIiIEZpbHRlcj0iaW50ZXJzZWN0IiB4bWxuczpldHNpPSJodHRwOi8vdXJpLmV0c2kub3JnLzAxOTAzL3YxLjEuMSMiPi8vKltASWQ9J2V0c2ktc2lnbmVkLTEtMSddL2V0c2k6UXVhbGlmeWluZ1Byb3BlcnRpZXMvZXRzaTpTaWduZWRQcm9wZXJ0aWVzPC94cGY6WFBhdGg+PC9kc2lnOlRyYW5zZm9ybT48L2RzaWc6VHJhbnNmb3Jtcz48ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48ZHNpZzpEaWdlc3RWYWx1ZT5xMWdMWm9lTDZLOVZaZHkzM3lPdVRFaTJGVDFTaDBqRDJSZGMzRXJ0WmNvPTwvZHNpZzpEaWdlc3RWYWx1ZT48L2RzaWc6UmVmZXJlbmNlPjwvZHNpZzpTaWduZWRJbmZvPjxkc2lnOlNpZ25hdHVyZVZhbHVlPmpjV2YrejljckIvVU1COTVPR2ZlMys5U2pESXRrMUZWSGRFZWNGSnhnbVJndWRjMWxmc1V2Z21BTzhxYlBHcGpEMDJhMi9pNmowTlJFR1l4dU5aVGtBPT08L2RzaWc6U2lnbmF0dXJlVmFsdWU+PGRzaWc6S2V5SW5mbz48ZHNpZzpYNTA5RGF0YT48ZHNpZzpYNTA5Q2VydGlmaWNhdGU+TUlJRm1qQ0NBNEtnQXdJQkFnSUVPTkd1bWpBTkJna3Foa2lHOXcwQkFRc0ZBRENCblRFTE1Ba0dBMVVFQmhNQ1FWUXhTREJHQmdOVkJBb01QMEV0VkhKMWMzUWdSMlZ6TGlCbUxpQlRhV05vWlhKb1pXbDBjM041YzNSbGJXVWdhVzBnWld4bGEzUnlMaUJFWVhSbGJuWmxjbXRsYUhJZ1IyMWlTREVoTUI4R0ExVUVDd3dZWVMxemFXZHVMWEJ5WlcxcGRXMHRiVzlpYVd4bExUQTFNU0V3SHdZRFZRUUREQmhoTFhOcFoyNHRjSEpsYldsMWJTMXRiMkpwYkdVdE1EVXdIaGNOTVRnd05ERXlNRFl4T0RVd1doY05Nak13TkRFeU1EWXhPRFV3V2pCbU1Rc3dDUVlEVlFRR0V3SkJWREVhTUJnR0ExVUVBd3dSVkdodmJXRnpJRWRsYjNKbklFeGxibm94RFRBTEJnTlZCQVFNQkV4bGJub3hGVEFUQmdOVkJDb01ERlJvYjIxaGN5QkhaVzl5WnpFVk1CTUdBMVVFQlJNTU9ESXdNVGd3TnpjM01qZzNNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVmMmFZaTM5UlRPd3VHbHZqbWwwNms0eEdnSUZIOU8rajUrdms0bDdjbzVYRVNkYUYvK1FFQmJpcUIxQjlIcGZFOVJIZjdiYkc2WjdlZjh4VXhkdjMzYU9DQWVFd2dnSGRNSDBHQ0NzR0FRVUZCd0VCQkhFd2J6QkVCZ2dyQmdFRkJRY3dBb1k0YUhSMGNEb3ZMM2QzZHk1aExYUnlkWE4wTG1GMEwyTmxjblJ6TDJFdGMybG5iaTF3Y21WdGFYVnRMVzF2WW1sc1pTMHdOUzVqY25Rd0p3WUlLd1lCQlFVSE1BR0dHMmgwZEhBNkx5OXZZM053TG1FdGRISjFjM1F1WVhRdmIyTnpjREFUQmdOVkhTTUVEREFLZ0FoSTgvMmNJdzZIZHpCeUJnZ3JCZ0VGQlFjQkF3Um1NR1F3Q2dZSUt3WUJCUVVIQ3dJd0NBWUdCQUNPUmdFQk1BZ0dCZ1FBamtZQkJEQVRCZ1lFQUk1R0FRWXdDUVlIQkFDT1JnRUdBVEF0QmdZRUFJNUdBUVV3SXpBaEZodG9kSFJ3Y3pvdkwzZDNkeTVoTFhSeWRYTjBMbUYwTDNCa2N5OFRBa1ZPTUJFR0ExVWREZ1FLQkFoS1F2Z2VFZTdPaURBT0JnTlZIUThCQWY4RUJBTUNCc0F3Q1FZRFZSMFRCQUl3QURCZ0JnTlZIU0FFV1RCWE1BZ0dCZ1FBaXpBQkFUQkxCZ1lxS0FBUkFSUXdRVEEvQmdnckJnRUZCUWNDQVJZemFIUjBjRG92TDNkM2R5NWhMWFJ5ZFhOMExtRjBMMlJ2WTNNdlkzQXZZUzF6YVdkdUxYQnlaVzFwZFcwdGJXOWlhV3hsTUVNR0ExVWRId1E4TURvd09LQTJvRFNHTW1oMGRIQTZMeTlqY213dVlTMTBjblZ6ZEM1aGRDOWpjbXd2WVMxemFXZHVMWEJ5WlcxcGRXMHRiVzlpYVd4bExUQTFNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUFyL1Z0T3hVaU5aTVVjeHJISG9yM0FYWnlqcVVmdTRWTTFkbkt3Zjl1d1hRa3NVcnF2b1Jzc3AyakhDbnpIM2FaV2plQ3U5UFVDSmV3NXgxUnBNeEUwaFZZanEzNzVrdjM4d1ZXUjM4WmE3eVl5ME45cTBVbjBOSmlTUHpuaklUa3RweWZkcHNGSkluTDIrM1h5Z2FZZU51dGU5NjA0WTMwK3JGSCtKck85UjgzWmFwbTZjdGs4ai8xSHBxb0c0NXlJbTZtS3AvWGhndGJnVk13OHptUjBQWGpBaW5FaTYrUmEzL1Z0cUV4ZVlHaUt5WS9SdWU1TWZQRGhiMmRBQjByd1ozVWtRakU0TWFyMFRDVzR0cHZKR0hiakhuQkwyMVY4SVNMZkUxb1NYcGJZWVNqTFh4TENmcmJrZUdSbkhTUTVENUUwU1ZqTzdsU3NQazFtaVErcExGR1FTNTZKS3VFWTBoVzRKYzlkUGRRc29Qc2FEVCtQZW1WQXIzcVZGTEQ1QSt0cm5GMFpqQ3A2RHVhYVdnT0hQajFweE05V0tVRFpXa1hUQWdDZVZhN3RLMlFjMlZWUUUvc3ZGS1I1OWlGTWlSdGpZQXpjTS9OZ215bE9DYUc1a01UZmlXOWhnbGo5QjNSdVVackZHWFNhY0ptcGM4ZWppRTl4a3B5UTVadDlpK3FDVE40ajdIOWdpRHMydkNnMDFwYnp3b0txc05zWGlFc2JzM3NVeTVTUFYyRzg4a055Vm9DTkVKVVZka0ZBZXBqQkcwbDJ5SkxaVkRtdHBucjlFbzc2LzRWSGhGeWJIYU84aWxabXJaQTRqMitMaGRBSFg3a3ZhVE1YbHQxSVphaWdOZE9YYVAwT3d2d3BWUGtSTG9LOHJ1UDRObzE4VGRvQVc0MTVpUT09PC9kc2lnOlg1MDlDZXJ0aWZpY2F0ZT48L2RzaWc6WDUwOURhdGE+PC9kc2lnOktleUluZm8+PGRzaWc6T2JqZWN0IElkPSJldHNpLXNpZ25lZC0xLTEiPjxldHNpOlF1YWxpZnlpbmdQcm9wZXJ0aWVzIHhtbG5zOmV0c2k9Imh0dHA6Ly91cmkuZXRzaS5vcmcvMDE5MDMvdjEuMS4xIyIgVGFyZ2V0PSIjc2lnbmF0dXJlLTEtMSI+PGV0c2k6U2lnbmVkUHJvcGVydGllcz48ZXRzaTpTaWduZWRTaWduYXR1cmVQcm9wZXJ0aWVzPjxldHNpOlNpZ25pbmdUaW1lPjIwMTgtMDYtMDVUMDY6MzI6MjZaPC9ldHNpOlNpZ25pbmdUaW1lPjxldHNpOlNpZ25pbmdDZXJ0aWZpY2F0ZT48ZXRzaTpDZXJ0PjxldHNpOkNlcnREaWdlc3Q+PGV0c2k6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZXRzaTpEaWdlc3RWYWx1ZT5JZE1yc2VxMHNXczl5UStFRDN3UWpIOHcxeDg9PC9ldHNpOkRpZ2VzdFZhbHVlPjwvZXRzaTpDZXJ0RGlnZXN0PjxldHNpOklzc3VlclNlcmlhbD48ZHNpZzpYNTA5SXNzdWVyTmFtZT5DTj1hLXNpZ24tcHJlbWl1bS1tb2JpbGUtMDUsT1U9YS1zaWduLXByZW1pdW0tbW9iaWxlLTA1LE89QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJILEM9QVQ8L2RzaWc6WDUwOUlzc3Vlck5hbWU+PGRzaWc6WDUwOVNlcmlhbE51bWJlcj45NTMyNjU4MTg8L2RzaWc6WDUwOVNlcmlhbE51bWJlcj48L2V0c2k6SXNzdWVyU2VyaWFsPjwvZXRzaTpDZXJ0PjwvZXRzaTpTaWduaW5nQ2VydGlmaWNhdGU+PGV0c2k6U2lnbmF0dXJlUG9saWN5SWRlbnRpZmllcj48ZXRzaTpTaWduYXR1cmVQb2xpY3lJbXBsaWVkLz48L2V0c2k6U2lnbmF0dXJlUG9saWN5SWRlbnRpZmllcj48L2V0c2k6U2lnbmVkU2lnbmF0dXJlUHJvcGVydGllcz48ZXRzaTpTaWduZWREYXRhT2JqZWN0UHJvcGVydGllcz48ZXRzaTpEYXRhT2JqZWN0Rm9ybWF0IE9iamVjdFJlZmVyZW5jZT0iI3JlZmVyZW5jZS0xLTEiPjxldHNpOk1pbWVUeXBlPmFwcGxpY2F0aW9uL3hodG1sK3htbDwvZXRzaTpNaW1lVHlwZT48L2V0c2k6RGF0YU9iamVjdEZvcm1hdD48L2V0c2k6U2lnbmVkRGF0YU9iamVjdFByb3BlcnRpZXM+PC9ldHNpOlNpZ25lZFByb3BlcnRpZXM+PC9ldHNpOlF1YWxpZnlpbmdQcm9wZXJ0aWVzPjwvZHNpZzpPYmplY3Q+PC9kc2lnOlNpZ25hdHVyZT4NCgk8c2FtbDI6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTYtMDMtMjlUMDg6NTA6NTYuNDUwWiIgTm90T25PckFmdGVyPSIyMDE2LTAzLTI5VDA4OjU1OjU2LjQ1MFoiPg0KCQk8c2FtbDI6QXVkaWVuY2VSZXN0cmljdGlvbj4NCgkJCTxzYW1sMjpBdWRpZW5jZT5odHRwczovL2RlbW8uZWdpei5ndi5hdC9kZW1vLVNQL3B2cC9wb3N0PC9zYW1sMjpBdWRpZW5jZT4NCgkJPC9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KCTwvc2FtbDI6Q29uZGl0aW9ucz4NCgk8c2FtbDI6QXR0cmlidXRlU3RhdGVtZW50Pg0KCQk8c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iUFZQLVZFUlNJT04iIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjEwIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+DQoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+Mi4xPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJQUklOQ0lQQUwtTkFNRSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5NdXN0ZXJtYW5uPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJHSVZFTi1OQU1FIiBOYW1lPSJ1cm46b2lkOjIuNS40LjQyIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+DQoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+TWF4PC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJCSVJUSERBVEUiIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuNTUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4wMS4wMy4xOTk4PC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItVW5pcXVlSWQiIE5hbWU9Imh0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyVW5pcXVlSWQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5odHRwczovL2RlbW8uZWdpei5ndi5hdC9kZW1vLVNQL3B2cC9tZXRhZGF0YTwvc2FtbDI6QXR0cmlidXRlVmFsdWU+DQoJCTwvc2FtbDI6QXR0cmlidXRlPg0KCQk8c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iU2VydmljZVByb3ZpZGVyLUZyaWVuZGx5TmFtZSIgTmFtZT0iaHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5EZW1vbG9naW4gU2VydmljZSBwcm92aWRlZCBieSBFR0laPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItQ291bnRyeUNvZGUiIE5hbWU9Imh0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyQ291bnRyeUNvZGUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5BVDwvc2FtbDI6QXR0cmlidXRlVmFsdWU+DQoJCTwvc2FtbDI6QXR0cmlidXRlPg0KCQk8c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iTUFOREFURS1SRUZFUkVOQ0UtVkFMVUUiIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjkwIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+DQoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+X2FzZGZhZGZhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhczwvc2FtbDI6QXR0cmlidXRlVmFsdWU+DQoJCTwvc2FtbDI6QXR0cmlidXRlPg0KCTwvc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50Pg0KPC9zYW1sMjpBc3NlcnRpb24+"
+    }
+}
\ No newline at end of file
-- 
cgit v1.2.3


From a06f94c9da130af5cf755b7d6465c8905d37d75b Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 5 Jun 2018 15:05:50 +0200
Subject: add one method to AssertionAttributeExtractor and add some log
 messages

---
 .../pvp2x/utils/AssertionAttributeExtractor.java   | 57 +++++++++++++++++++---
 .../sl20_auth/tasks/ReceiveQualeIDTask.java        | 44 +++++++++++------
 .../modules/sl20_auth/eIDDataVerifierTest.java     |  4 +-
 3 files changed, 82 insertions(+), 23 deletions(-)

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index 4a0cec6e4..bdfb11d34 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -34,6 +34,8 @@ import java.util.Set;
 import org.opensaml.saml2.core.Assertion;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.core.AttributeStatement;
+import org.opensaml.saml2.core.Audience;
+import org.opensaml.saml2.core.AudienceRestriction;
 import org.opensaml.saml2.core.AuthnContextClassRef;
 import org.opensaml.saml2.core.AuthnStatement;
 import org.opensaml.saml2.core.Response;
@@ -191,17 +193,22 @@ public class AssertionAttributeExtractor {
 		
 	}
 	
-//	public PersonalAttributeList getSTORKAttributes() {
-//		return storkAttributes;
-//	}
-	
-	
+	/**
+	 * Get the Id attribute from SAML2 assertion
+	 * 
+	 * @return
+	 */
 	public String getAssertionID() {
 		return assertion.getID();
 		
 	}
 	
-	
+	/**
+	 * Get the subjectNameId from SAML2 Assertion
+	 * 
+	 * @return nameId but never null
+	 * @throws AssertionAttributeExtractorExeption
+	 */
 	public String getNameID() throws AssertionAttributeExtractorExeption {		
 		if (assertion.getSubject() != null) {
 			Subject subject = assertion.getSubject();
@@ -218,6 +225,12 @@ public class AssertionAttributeExtractor {
 		throw new AssertionAttributeExtractorExeption("nameID");
 	}
 	
+	/**
+	 * Get get SessionIndex from SAML2 assertion
+	 * 
+	 * @return sessionIndex but never null
+	 * @throws AssertionAttributeExtractorExeption
+	 */
 	public String getSessionIndex() throws AssertionAttributeExtractorExeption {		
 		AuthnStatement authn = getAuthnStatement();
 		
@@ -229,7 +242,9 @@ public class AssertionAttributeExtractor {
 	}
 
 	/**
-	 * @return
+	 * Get the LoA (QAA level) from assertion. This information is extracted from AuthnContext and AuthnContextClassRef
+	 * 
+	 * @return LoA but never null
 	 * @throws AssertionAttributeExtractorExeption 
 	 */
 	public String getQAALevel() throws AssertionAttributeExtractorExeption {
@@ -247,6 +262,11 @@ public class AssertionAttributeExtractor {
 		throw new AssertionAttributeExtractorExeption("AuthnContextClassRef");		
 	}
 	
+	/**
+	 * Get full SAML2 assertion
+	 * 
+	 * @return
+	 */
 	public Assertion getFullAssertion() {
 		return assertion;
 	}
@@ -297,6 +317,29 @@ public class AssertionAttributeExtractor {
 					
 	}
 	
+	/**
+	 * Get the AudienceRestriction from SAML2 Assertion
+	 * 
+	 * @return AudienceRestriction, but never null
+	 * @throws AssertionAttributeExtractorExeption 
+	 */
+	public List<Audience> getAudienceRestriction( ) throws AssertionAttributeExtractorExeption {
+		try {
+			List<AudienceRestriction> rest = getFullAssertion().getConditions().getAudienceRestrictions();
+			if (rest != null && rest.size() != 0) {
+				if (rest.size() == 1 && rest.get(0) != null)
+					return rest.get(0).getAudiences();
+				
+				else
+					Logger.warn("More than one 'AudienceRestriction'! Extraction currently NOT supported");
+			}
+			
+		} catch (NullPointerException e) { }
+		
+		throw new AssertionAttributeExtractorExeption("AudienceRestriction");
+		
+	}
+	
 	private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption {
 		List<AuthnStatement> authnList = assertion.getAuthnStatements();
 		if (authnList.size() == 0)
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
index 9262e43e9..03db52695 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -49,15 +49,16 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 	
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
-			throws TaskExecutionException {
+			throws TaskExecutionException {		
+		String sl20Result = null;
 		
 		try {
 			Logger.debug("Receiving SL2.0 response process .... ");
-			JsonObject sl20ReqObj = null;
+			JsonObject sl20ReqObj = null;			
 			try {
 				//get SL2.0 command or result from HTTP request
 				Map<String, String> reqParams = getParameters(request);
-				String sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM);
+				sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM);
 				
 				if (MiscUtil.isEmpty(sl20Result)) {
 					
@@ -103,10 +104,15 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20ReqObj, joseTools, 
 						authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true));
 				
-				if (payLoadContainer.isValidSigned() == null || 
-						!payLoadContainer.isValidSigned()) {
-					Logger.info("SL20 result from VDA was not valid signed");
-					throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."});
+				if ( (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned())) {
+					if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) {
+						Logger.info("SL20 result from VDA was not valid signed");
+						throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."});
+						
+					} else {
+						Logger.warn("SL20 result from VDA is NOT valid signed, but signatures-verification is DISABLED by configuration!");
+						
+					}
 					
 				}
 				
@@ -158,6 +164,8 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				
 			} catch (MOAIDException  e) {
 				Logger.warn("SL2.0 processing error:", e);
+				if (sl20Result != null)
+					Logger.debug("Received SL2.0 result: " + sl20Result);
 				pendingReq.setGenericDataToSession(
 						Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, 
 						new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e));
@@ -165,6 +173,8 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 			} catch (Exception e) {
 				Logger.warn("ERROR:", e);
 				Logger.warn("SL2.0 Authentication FAILED with a generic error.", e);
+				if (sl20Result != null)
+					Logger.debug("Received SL2.0 result: " + sl20Result);
 				pendingReq.setGenericDataToSession(
 						Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, 
 						new TaskExecutionException(pendingReq, e.getMessage(), e));
@@ -182,8 +192,10 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 			}
 		
 		} catch (Exception e) {
-			//write internal server errror 500 according to SL2.0 specification, chapter https transport binding
+			//write internal server errror 500 according to SL2.0 specification, chapter https transport binding			
 			Logger.warn("Can NOT build SL2.0 response. Reason: " + e.getMessage(), e);
+			if (sl20Result != null)
+				Logger.debug("Received SL2.0 result: " + sl20Result);
 			try {
 				response.sendError(500, "Internal Server Error.");
 				
@@ -207,7 +219,8 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				error , 
 				null);
 			
-		Logger.debug("Client request containts 'native client' header ... ");												
+		Logger.debug("Client request containts 'native client' header ... ");	
+		Logger.trace("SL20 response to VDA: " + respContainer);
 		StringWriter writer = new StringWriter();
 		writer.write(respContainer.toString());						
 		final byte[] content = writer.toString().getBytes("UTF-8");
@@ -230,13 +243,14 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 		JsonObject callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams);
 		
 		//build first redirect command for app
-		JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters("", callCommand, null, true);
+		JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters("", 
+				callCommand, null, true);
 		JsonObject redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams);
 						
 		//build second redirect command for IDP
 		JsonObject redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters(
 				new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null), 
-				redirectOneCommand, null, true);
+				redirectOneCommand, null, false);
 		JsonObject redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams);
 		
 		//build generic SL2.0 response container								
@@ -247,10 +261,12 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				redirectTwoCommand, 
 				null); 
 		
-		//workaround for SIC VDA
+		//workaround for A-Trust
 		if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && 
-				request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) {					
-			Logger.debug("Client request containts 'native client' header ... ");												
+				request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)
+					|| true) {					
+			Logger.debug("Client request containts 'native client' header ... ");
+			Logger.trace("SL20 response to VDA: " + respContainer);
 			StringWriter writer = new StringWriter();
 			writer.write(respContainer.toString());						
 			final byte[] content = writer.toString().getBytes("UTF-8");
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
index 52743c9da..365152f66 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
@@ -50,7 +50,7 @@ public abstract class eIDDataVerifierTest {
 		
 	}
 	
-	@Test
+	//@Test
 	public void parseAuthBlock() throws Exception {
 		String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK);
 		if (MiscUtil.isEmpty(authBlockB64))
@@ -61,7 +61,7 @@ public abstract class eIDDataVerifierTest {
 				
 	}
 	
-	@Test
+	//@Test
 	public void checkIDLAgainstAuthblock() throws Exception {
 		String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK);
 		String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL);
-- 
cgit v1.2.3


From ac21c6be50070c34dd20abe07e0f95ff33751804 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 6 Jun 2018 11:22:25 +0200
Subject: refactor user whitelist to allow list updates without restarting the
 IDP

---
 .../internal/tasks/UserRestrictionTask.java        |  2 +-
 .../id/config/auth/data/UserWhitelistStore.java    | 27 +++++++++++++++++++++-
 2 files changed, 27 insertions(+), 2 deletions(-)

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
index 4853a5ab6..5d0580464 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
@@ -58,7 +58,7 @@ public class UserRestrictionTask extends AbstractAuthServletTask {
 				
 				
 				//check if user's bPK is whitelisted 
-				if (!whitelist.isUserbPKInWhitelist(pseudonym.getFirst())) {
+				if (!whitelist.isUserbPKInWhitelistDynamic(pseudonym.getFirst())) {
 					Logger.info("User's bPK is not whitelisted. Authentication process stops ...");
 					Logger.trace("User's bPK: " + pseudonym.getFirst());
 					throw new MOAIDException("auth.35", null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
index a300739b3..71bd0f3c0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
@@ -30,6 +30,7 @@ public class UserWhitelistStore {
 	@Autowired(required=true) AuthConfiguration authConfig;
 	
 	private List<String> whitelist = new ArrayList<String>();
+	private String absWhiteListUrl = null;
 	
 	@PostConstruct
 	private void initialize() {
@@ -38,7 +39,7 @@ public class UserWhitelistStore {
 			Logger.debug("Do not initialize user whitelist. Reason: No configuration path to CSV file.");
 		
 		else {
-			String absWhiteListUrl = FileUtils.makeAbsoluteURL(whiteListUrl, authConfig.getRootConfigFileDir());
+			absWhiteListUrl = FileUtils.makeAbsoluteURL(whiteListUrl, authConfig.getRootConfigFileDir());
 			try {			
 				InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI()));
 				String whiteListString = IOUtils.toString(new InputStreamReader(is));
@@ -70,4 +71,28 @@ public class UserWhitelistStore {
 		return whitelist.contains(bPK);
 		
 	}
+	
+	public boolean isUserbPKInWhitelistDynamic(String bPK) {
+		try {
+			if (absWhiteListUrl != null) {
+				InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI()));
+				String whiteListString = IOUtils.toString(new InputStreamReader(is));
+				if (whiteListString != null && whiteListString.contains(bPK)) {
+					Logger.trace("Find user with dynamic whitelist check");
+					return true;
+							
+				} else {
+					Logger.debug("Can NOT find user in dynamic loaded user whitelist. Switch to static version ... ");
+					return isUserbPKInWhitelist(bPK);
+				}
+			
+			}
+		} catch (Exception e) {
+			Logger.warn("Dynamic user whitelist check FAILED. Switch to static version ... ", e);
+			
+		}
+		
+		return isUserbPKInWhitelist(bPK);
+	}
+	
 }
-- 
cgit v1.2.3


From ad02267b4f5c7e21cc929dd3d322771da087b0db Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 6 Jun 2018 14:13:38 +0200
Subject: return checkcode false if no whitelist was loaded

---
 .../moa/id/config/auth/data/UserWhitelistStore.java      |   7 +++++--
 .../77B99BB2BD7522E17EC099EA7177516F27787CAD             | Bin 0 -> 1279 bytes
 .../3A77E9B577661D99F9BBA5A352B29C7FF58A3D26             | Bin 0 -> 914 bytes
 .../BD78039E45BA4E4B13ADECC58124520ACE83B6A7             | Bin 0 -> 1614 bytes
 .../9766A5ED03482991DA91BB763ECDCD9417394100             | Bin 0 -> 1169 bytes
 .../BB97947C31BBF3364A2909F9876DBD3B87B5B62A             | Bin 0 -> 1169 bytes
 .../B1D0BC027906A3B7E7518C93ACB26D978233ED27             | Bin 0 -> 1171 bytes
 .../65EF37033859C2F709A64086D3A5BD1B8F1A85A4             | Bin 0 -> 1045 bytes
 .../7AC3EFA52DE27A930EC8754DB5E061476948E914             | Bin 0 -> 1028 bytes
 .../F306AACF386136CD5683F89B31904295F89313DE             | Bin 0 -> 1029 bytes
 .../D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D             | Bin 0 -> 914 bytes
 .../F5F2456D79490C268569970E900C68FD1C7DC8E5             | Bin 0 -> 1264 bytes
 .../07976A2A16EC182670161B46886B05E1FEAC16B1             | Bin 0 -> 1209 bytes
 .../23E594945195F2414803B4D564D2A3A3F5D88B8C             | Bin 0 -> 791 bytes
 .../59AF82799186C7B47507CBCF035746EB04DDB716             | Bin 0 -> 1486 bytes
 .../2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E             | Bin 0 -> 1506 bytes
 .../EAB040689A0D805B5D6FD654FC168CFF00B78BE3             | Bin 0 -> 1403 bytes
 .../42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA             | Bin 0 -> 975 bytes
 .../51C01567BCB22968EF5A297B7EA84E195594E0E8             | Bin 0 -> 975 bytes
 .../02A0E6456442E35198532ACFFB6FEE3B606D9FA3             | Bin 0 -> 1366 bytes
 .../51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4             | Bin 0 -> 1130 bytes
 .../CABD2A79A1076A31F21D253635CB039D4329A5E8             | Bin 0 -> 1391 bytes
 .../8AB0A3519AFA7F3C04074522678BAA1CB3DC734F             | Bin 0 -> 930 bytes
 .../DF47B3040E7632614464BD2EC4ECD1B8030F53E3             | Bin 0 -> 933 bytes
 .../E117479B4A41D7F3223FCAE50560B0D57B22217D             | Bin 0 -> 997 bytes
 .../14815586D6258BCE1E908346C9186146C812358E             | Bin 0 -> 1465 bytes
 .../5F06F65C714047E3B282AEC427C35AB703E49D8E             | Bin 0 -> 1169 bytes
 .../D45360060761812D33DE294EAC1573F6DE12A208             | Bin 0 -> 1169 bytes
 .../9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C             | Bin 0 -> 997 bytes
 .../9F0E0FBB25F66FF88C8E033EFF358923C84A2926             | Bin 0 -> 930 bytes
 .../C87D1855227D995C332C4C9072A2E2053F2CC623             | Bin 0 -> 1028 bytes
 .../9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2             | Bin 0 -> 1151 bytes
 .../474BC41135FB88BF58B5A8D976A1D5583378D85E             | Bin 0 -> 1133 bytes
 .../6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01             | Bin 0 -> 1171 bytes
 .../2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02             | Bin 0 -> 1485 bytes
 .../1FB86B1168EC743154062E8C9CC5B171A4B7CCB4             | Bin 0 -> 1176 bytes
 .../341EA32E448659125A67DD04177FD17468FCFCB1             | Bin 0 -> 1366 bytes
 .../38525C7140D285040E02DD2A7F3C7DBA21042E01             | Bin 0 -> 1533 bytes
 .../35202B14F69409EAA51CD8AB547AC0CD5E993F3F             | Bin 0 -> 1053 bytes
 .../620127A8E5886A4805403977C3EF7D5EAF881526             | Bin 0 -> 870 bytes
 .../FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830             | Bin 0 -> 1141 bytes
 .../0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8             | Bin 0 -> 1058 bytes
 .../20CAECDCA766243AAD6FA1327618FC81BA65DC0F             | Bin 0 -> 1057 bytes
 .../96D5D179016A5A6546973BA63733617EE1F1540D             | Bin 0 -> 1058 bytes
 .../CF236CF66379EA506F967D21F0E25E87529D9687             | Bin 0 -> 1058 bytes
 .../FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76             | Bin 0 -> 1057 bytes
 .../2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA             | Bin 0 -> 1103 bytes
 .../A9D28607928FA8615E2615CC9D71B535C5D0D419             | Bin 0 -> 734 bytes
 .../5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25             | Bin 0 -> 969 bytes
 .../7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E             | Bin 0 -> 1159 bytes
 .../A79681CBDD69EC741214136F128923A574E26F03             | Bin 0 -> 1159 bytes
 .../A78AABDE7F5B771540D333B505874C8204AAD206             | Bin 0 -> 1252 bytes
 .../FDC348410699803DE7D8276813BC2232EA99A878             | Bin 0 -> 835 bytes
 .../6DCD5118D1542E6C205C580775C5420B7509506B             | Bin 0 -> 1076 bytes
 .../84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E             | Bin 0 -> 1747 bytes
 .../C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E             | Bin 0 -> 1298 bytes
 .../35A40EF932B1F23980E2C672FC939E91EEBD0317             | Bin 0 -> 1262 bytes
 .../9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8             | Bin 0 -> 1049 bytes
 .../60B7181FD8BCA00B84961BF31DB08C50376CCF44             | Bin 0 -> 1068 bytes
 .../74801529B4E8E5764FFC4D8E6577E1F84E8101CE             | Bin 0 -> 1067 bytes
 .../7B7B60B748C82B34EE71A3CEA729C477083F0BDA             | Bin 0 -> 1068 bytes
 .../EBB80BE34C78814AE659BBA3A2394E4D9857123D             | Bin 0 -> 1068 bytes
 .../D4D1370FD1D9EAA46412008FF3E59E114BCF724A             | Bin 0 -> 1111 bytes
 .../DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A             | Bin 0 -> 1110 bytes
 .../E619D25B380B7B13FDA33E8A58CD82D8A88E0515             | Bin 0 -> 1111 bytes
 .../F825578F8F5484DFB40F81867C392D6CB0012B92             | Bin 0 -> 1110 bytes
 .../0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F             | Bin 0 -> 861 bytes
 .../51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE             | Bin 0 -> 865 bytes
 .../7E691392F741B7E4B4AA9A76D75851BDE18BE5A7             | Bin 0 -> 864 bytes
 .../9E0512DD61DA5949D1D8631C3F19D75F496C3733             | Bin 0 -> 864 bytes
 .../E6E6FC88719177C9B7421825757C5E47BCAC85F6             | Bin 0 -> 860 bytes
 .../53CB69CF933C2D28FB9DF91F2852A99EC3352EA0             | Bin 0 -> 1546 bytes
 .../7F95509243C231A6B1ABCFC661B6B818DB33622C             | Bin 0 -> 893 bytes
 .../F3AE9FEA4DECEE5330770A2520BD86909929E7BE             | Bin 0 -> 758 bytes
 .../4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9             | Bin 0 -> 984 bytes
 .../7A2CFA69FCA284D4627012A7A55662594C803B2A             | Bin 0 -> 901 bytes
 .../ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B             | Bin 0 -> 901 bytes
 .../0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38             | Bin 0 -> 704 bytes
 .../2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D             | Bin 0 -> 820 bytes
 .../A8D7FFE70E11850386A6C35185E5EEBA24F0EC02             | Bin 0 -> 1199 bytes
 .../D1474E7D99512D05B98DD37B3FE86496A03D088D             | Bin 0 -> 922 bytes
 .../3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F             | Bin 0 -> 1997 bytes
 .../A3F1333FE242BFCFC5D14E8F394298406810D1A0             | Bin 0 -> 1931 bytes
 .../6814C7316CEA7191C9CB3BE58199B4A957210D9C             | Bin 0 -> 704 bytes
 .../5AD9C840579905D085AAB60F9F5341463C5379A9             | Bin 0 -> 1959 bytes
 .../A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3             | Bin 0 -> 1416 bytes
 .../C2556DADDF68A9EEF7F5C14A24CA33BCA930B201             | Bin 0 -> 1385 bytes
 .../EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929             | Bin 0 -> 1867 bytes
 .../3B8484BF1370941BF03F206B5C4958DA4E1559BB             | Bin 0 -> 1065 bytes
 .../6DD653FB8FE2614249924274043E834664EBE980             | Bin 0 -> 1065 bytes
 .../C0EF3E7A54B4C501295F77974B1995E36B25C92B             | Bin 0 -> 1066 bytes
 .../D29172D3F501A2D7A47F702633044F519A3A5F0B             | Bin 0 -> 1066 bytes
 .../698563ECEE29232C5304487D972310F86650C3A6             | Bin 0 -> 1185 bytes
 .../1B23675354FCAD90119D88075015EA17ADD527D8             | Bin 0 -> 1425 bytes
 .../E6A3B45B062D509B3382282D196EFE97D5956CCB             | Bin 0 -> 1174 bytes
 .../66AB66128A44574873E54E6584E450C4EB3B9A1E             | Bin 0 -> 1170 bytes
 .../844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA             | Bin 0 -> 1159 bytes
 .../B38C775A18C1195D01658D75FBDA3258B6DF018B             | Bin 0 -> 1159 bytes
 .../FF406B3E55758E87A206FE2A1EE0C4D5A4575799             | Bin 0 -> 1505 bytes
 .../1382793A9F360E06D39CA9914912348C63F86357             | Bin 0 -> 1127 bytes
 .../28C0A6867A1E09715D9F502861B9911F054A0918             | Bin 0 -> 1127 bytes
 .../4AAE02BB85EB8CED9617662436A47AA2197B01D6             | Bin 0 -> 1127 bytes
 .../576F2022AF817412D8425AC8AAFF3CA033A422F1             | Bin 0 -> 1127 bytes
 .../5DD2591009E008D8E5507F2E297E81B501D5D120             | Bin 0 -> 1127 bytes
 .../82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2             | Bin 0 -> 1127 bytes
 .../87215C2D5EF094F894DFBD418D4D311608DEB3CE             | Bin 0 -> 1127 bytes
 .../95A0D456DABFA76AD295723C03582EF63B6F6D0A             | Bin 0 -> 1127 bytes
 .../CBEEDBBC939A98E4742D7BC8749538C51C0672D1             | Bin 0 -> 1127 bytes
 .../D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD             | Bin 0 -> 1127 bytes
 .../F3D8DAC954B27BE3065512A709EC0C28FE7E4099             | Bin 0 -> 1127 bytes
 .../E1201A308CC10323C27D9084B048996E44B8F710             | Bin 0 -> 806 bytes
 .../C23FC1895966021249B35412C0C8C56D107732DE             | Bin 0 -> 1563 bytes
 .../0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4             | Bin 0 -> 1501 bytes
 .../A536E6A90420437E645CBFC56AD2D79D758FB112             | Bin 0 -> 1605 bytes
 .../386C1663C6390BC288DC171522439210AF361958             | Bin 0 -> 1000 bytes
 .../6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B             | Bin 0 -> 1159 bytes
 .../18585FC53A283488E4BA84867980E9B1F2B28ADA             | Bin 0 -> 1313 bytes
 .../27337257493B86B9BFF78D569F938D692A430EAE             | Bin 0 -> 1218 bytes
 .../4832F0A28C3724A92F6CB3314F747D0E74FC7344             | Bin 0 -> 1217 bytes
 .../6352302A5072DBFB769D4FF4C70C86432C4C1683             | Bin 0 -> 1218 bytes
 .../EE886B907E31667D622677F665F25C54AF9A7F65             | Bin 0 -> 1218 bytes
 .../F86591A6D86718886A0234B8E54E21AAEA63E24B             | Bin 0 -> 1586 bytes
 .../BECE82B2F908174E2379652769C6942AF1F0CC5E             | Bin 0 -> 982 bytes
 .../342CD9D3062DA48C346965297F081EBC2EF68FDC             | Bin 0 -> 2050 bytes
 .../ED5608CE67EA5CB79AC024CEA7445F9BCBE48703             | Bin 0 -> 1067 bytes
 .../0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43             | Bin 0 -> 955 bytes
 .../69E7A6D2A78341041BF6816438CA9605A0FA356C             | Bin 0 -> 1337 bytes
 .../B4B77C83465979E3679E3A33F972F48EE3730A18             | Bin 0 -> 924 bytes
 .../CAF84A42305615AC2C582F6412BDA3E36DAC3D25             | Bin 0 -> 786 bytes
 .../75F792DE2CF544007F470F1B924961C2BD2EF517             | Bin 0 -> 802 bytes
 .../88D6151358A5E3C81D7AE1A536121DC03011BC03             | Bin 0 -> 1205 bytes
 .../0B289953453127C40B22FA953D11F79E052C0580             | Bin 0 -> 1594 bytes
 .../30E8B7F8F78FB74646C4B4689C74A2E1570D8E35             | Bin 0 -> 1546 bytes
 .../679A4F81FC705DDEC419778DD2EBD875F4C242C6             | Bin 0 -> 975 bytes
 .../82096E6D9B1248321625323D52858642CB0B748E             | Bin 0 -> 975 bytes
 .../41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA             | Bin 0 -> 1165 bytes
 .../79B21E2743A879AFF5403ECEA09EAC2084EF4799             | Bin 0 -> 1014 bytes
 .../4D523730501ADB80A76B0B473A4D21C7D86F8374             | Bin 0 -> 1167 bytes
 .../A21B7566A582DF7A1A85D7B799983C3C35551C14             | Bin 0 -> 1167 bytes
 .../C6658C25AFB8A9D738F2BC591775D167549FFD3A             | Bin 0 -> 1264 bytes
 .../09B5043D20EE62D83E3FA151AA878ADED25923D7             | Bin 0 -> 1943 bytes
 .../08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9             | Bin 0 -> 991 bytes
 .../A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25             | Bin 0 -> 991 bytes
 .../BF648929E7DAABD8D97B3202F48D6C4A19C78F6C             | Bin 0 -> 990 bytes
 .../A149EE01A250491C07D5A279D3B58A646288DA22             | Bin 0 -> 1185 bytes
 .../AD8ECBB67B9DC59406F92A296A38192297A4F169             | Bin 0 -> 1191 bytes
 .../6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A             | Bin 0 -> 1256 bytes
 .../DAC9024F54D8F6DF94935FB1732638CA6AD77C13             | Bin 0 -> 846 bytes
 .../16D8270DE51B034E77B7CDAF1DEE623916243DDC             | Bin 0 -> 1068 bytes
 .../3D3F25C5CD9F932037D91B7D102EDB58EC7C8239             | Bin 0 -> 1068 bytes
 .../40B51EEF4E709FBD47935DDD83A1F640D0CC378A             | Bin 0 -> 1067 bytes
 .../D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537             | Bin 0 -> 1068 bytes
 .../1BB6C5E44421EBF317B9F3D9049C1E137716B186             | Bin 0 -> 1442 bytes
 .../8784ED81F5A22779EB0B081945FD151992557FBE             | Bin 0 -> 1159 bytes
 .../88583DB03975127CB488CA7DDE303A1646CEA97B             | Bin 0 -> 1159 bytes
 .../93AE07BC15B1AB17BB09E3C400387CE69DADDFCC             | Bin 0 -> 1159 bytes
 .../45B43346251FDF9E95DCB7F36928785D46D63913             | Bin 0 -> 1136 bytes
 .../E33619C88426E4FE956041E6751ADDEC9C10F0BC             | Bin 0 -> 1136 bytes
 .../7BE0C8E441786C69A3CB35BDBEF235F8B5310E04             | Bin 0 -> 700 bytes
 159 files changed, 5 insertions(+), 2 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC
 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
index 71bd0f3c0..38bcfa2af 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
@@ -67,8 +67,11 @@ public class UserWhitelistStore {
 	 * @param bPK
 	 * @return true if bPK is in whitelist, otherwise false
 	 */
-	public boolean isUserbPKInWhitelist(String bPK) {		
-		return whitelist.contains(bPK);
+	public boolean isUserbPKInWhitelist(String bPK) {
+		if (whitelist != null)
+			return whitelist.contains(bPK);
+		else
+			return false;
 		
 	}
 	
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD
new file mode 100644
index 000000000..61bfd22bc
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26
new file mode 100644
index 000000000..55707d69f
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7
new file mode 100644
index 000000000..815f53d95
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100
new file mode 100644
index 000000000..882753986
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A
new file mode 100644
index 000000000..f28aa4b8e
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27
new file mode 100644
index 000000000..5171276f4
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4
new file mode 100644
index 000000000..6e17b9db5
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914
new file mode 100644
index 000000000..911640d0e
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE
new file mode 100644
index 000000000..1bb449441
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D
new file mode 100644
index 000000000..807fa786c
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5
new file mode 100644
index 000000000..b2a1e145f
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1
new file mode 100644
index 000000000..22d64fb5f
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C
new file mode 100644
index 000000000..8588ce58a
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716
new file mode 100644
index 000000000..7bbf658e9
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E
new file mode 100644
index 000000000..2fa45b280
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3
new file mode 100644
index 000000000..c79d3e6b0
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA
new file mode 100644
index 000000000..ab9e0cd7d
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8
new file mode 100644
index 000000000..01965769d
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3
new file mode 100644
index 000000000..5026d395f
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4
new file mode 100644
index 000000000..9b2ee0fc6
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8
new file mode 100644
index 000000000..9d2132e7f
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F
new file mode 100644
index 000000000..c34d0f380
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3
new file mode 100644
index 000000000..d894e92ca
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D
new file mode 100644
index 000000000..380486f65
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E
new file mode 100644
index 000000000..0f0db03b3
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E
new file mode 100644
index 000000000..39e377edf
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208
new file mode 100644
index 000000000..0a1fcff85
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C
new file mode 100644
index 000000000..61d346a8f
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926
new file mode 100644
index 000000000..9ae7ffa0c
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623
new file mode 100644
index 000000000..a68ae2db7
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2
new file mode 100644
index 000000000..28cb48bb0
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E
new file mode 100644
index 000000000..c9da41583
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01
new file mode 100644
index 000000000..28fbdf42f
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02
new file mode 100644
index 000000000..b9a0e5a61
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4
new file mode 100644
index 000000000..24d1795f5
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1
new file mode 100644
index 000000000..6da18c620
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01
new file mode 100644
index 000000000..3a274af3c
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F
new file mode 100644
index 000000000..3beb4529a
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526
new file mode 100644
index 000000000..da38ce028
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830
new file mode 100644
index 000000000..7e9fd5b0b
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8
new file mode 100644
index 000000000..41dc7c553
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F
new file mode 100644
index 000000000..b596d82e3
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D
new file mode 100644
index 000000000..4adc3b7ec
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687
new file mode 100644
index 000000000..1e4f22777
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76
new file mode 100644
index 000000000..fe561ad6a
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA
new file mode 100644
index 000000000..5205ec519
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419
new file mode 100644
index 000000000..10a1f7141
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
new file mode 100644
index 000000000..dae019650
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E
new file mode 100644
index 000000000..b9fe1280c
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03
new file mode 100644
index 000000000..ea1585a6e
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206
new file mode 100644
index 000000000..0c2494a4b
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878
new file mode 100644
index 000000000..424f849a1
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B
new file mode 100644
index 000000000..06b40aa67
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E
new file mode 100644
index 000000000..3be7b6a06
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E
new file mode 100644
index 000000000..b2beddaa5
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317
new file mode 100644
index 000000000..73553b996
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8
new file mode 100644
index 000000000..6368a6cc6
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44
new file mode 100644
index 000000000..08d7b28e2
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE
new file mode 100644
index 000000000..e47d2b8ba
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA
new file mode 100644
index 000000000..5168e1af0
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D
new file mode 100644
index 000000000..c5bcc42e2
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A
new file mode 100644
index 000000000..3c7775b6e
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A
new file mode 100644
index 000000000..b6f39e354
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515
new file mode 100644
index 000000000..f9fef65fc
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92
new file mode 100644
index 000000000..f9f27442b
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F
new file mode 100644
index 000000000..69de75609
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE
new file mode 100644
index 000000000..efa28178e
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7
new file mode 100644
index 000000000..8c434777e
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733
new file mode 100644
index 000000000..289fc2198
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6
new file mode 100644
index 000000000..b7d4b08a6
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0
new file mode 100644
index 000000000..89cfe44fd
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C
new file mode 100644
index 000000000..d9d633e32
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE
new file mode 100644
index 000000000..c3fc91352
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9
new file mode 100644
index 000000000..640918641
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A
new file mode 100644
index 000000000..ad13d7b28
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B
new file mode 100644
index 000000000..d361d919f
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38
new file mode 100644
index 000000000..69a8e4872
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D
new file mode 100644
index 000000000..1a3106742
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02
new file mode 100644
index 000000000..558ce15e3
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D
new file mode 100644
index 000000000..0bab77032
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
new file mode 100644
index 000000000..b60dea248
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0
new file mode 100644
index 000000000..ac2e3c2b4
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C
new file mode 100644
index 000000000..4dd2c49bf
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9
new file mode 100644
index 000000000..1bfd4d661
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3
new file mode 100644
index 000000000..09bd4626c
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201
new file mode 100644
index 000000000..592c96230
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929
new file mode 100644
index 000000000..c171b6d31
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB
new file mode 100644
index 000000000..6f97837a2
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980
new file mode 100644
index 000000000..d7799119f
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B
new file mode 100644
index 000000000..508f7f076
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B
new file mode 100644
index 000000000..c0feb0d0e
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6
new file mode 100644
index 000000000..ebfbce9a0
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8
new file mode 100644
index 000000000..5c75689fb
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB
new file mode 100644
index 000000000..e08466c5a
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E
new file mode 100644
index 000000000..ed5ba194c
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA
new file mode 100644
index 000000000..bc5ed1e62
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B
new file mode 100644
index 000000000..cb519b7eb
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799
new file mode 100644
index 000000000..f2bbe24c8
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357
new file mode 100644
index 000000000..a592bd280
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918
new file mode 100644
index 000000000..6114ab414
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6
new file mode 100644
index 000000000..beff53663
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1
new file mode 100644
index 000000000..60405d6be
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120
new file mode 100644
index 000000000..4132c67c9
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2
new file mode 100644
index 000000000..36c381da7
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE
new file mode 100644
index 000000000..e20156afc
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A
new file mode 100644
index 000000000..6f92cf716
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1
new file mode 100644
index 000000000..0cba97eec
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD
new file mode 100644
index 000000000..1de8f2cdf
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099
new file mode 100644
index 000000000..23d9533dc
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710
new file mode 100644
index 000000000..a7948e488
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE
new file mode 100644
index 000000000..c4d97cda3
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4
new file mode 100644
index 000000000..a63cd9ad4
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112
new file mode 100644
index 000000000..f5e70ea0f
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958
new file mode 100644
index 000000000..a5e651f86
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B
new file mode 100644
index 000000000..b15880c29
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA
new file mode 100644
index 000000000..d53dce92b
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE
new file mode 100644
index 000000000..5375c57c3
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344
new file mode 100644
index 000000000..7085c5ac9
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683
new file mode 100644
index 000000000..97dc187db
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65
new file mode 100644
index 000000000..ad5d7dea1
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B
new file mode 100644
index 000000000..2bf4ad712
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E
new file mode 100644
index 000000000..c3363a922
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC
new file mode 100644
index 000000000..750c08573
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703
new file mode 100644
index 000000000..069640ffc
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
new file mode 100644
index 000000000..391ffc14d
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C
new file mode 100644
index 000000000..255c513af
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18
new file mode 100644
index 000000000..6225c0ca7
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25
new file mode 100644
index 000000000..83aeb1fce
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517
new file mode 100644
index 000000000..f8a8957ac
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03
new file mode 100644
index 000000000..376d0753f
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580
new file mode 100644
index 000000000..6bbb4b5a3
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35
new file mode 100644
index 000000000..3536bd3cd
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6
new file mode 100644
index 000000000..36a442b89
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E
new file mode 100644
index 000000000..54f809962
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA
new file mode 100644
index 000000000..8ddc7d79b
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799
new file mode 100644
index 000000000..c9fd41f7f
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374
new file mode 100644
index 000000000..61a7ccb15
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14
new file mode 100644
index 000000000..e4bd48dac
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A
new file mode 100644
index 000000000..f6df0f4fd
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7
new file mode 100644
index 000000000..0668256a9
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9
new file mode 100644
index 000000000..cac44093a
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25
new file mode 100644
index 000000000..46d4477ab
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C
new file mode 100644
index 000000000..4989f3e73
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22
new file mode 100644
index 000000000..7c6adedf5
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169
new file mode 100644
index 000000000..70f5b7c91
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A
new file mode 100644
index 000000000..141b05ef4
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13
new file mode 100644
index 000000000..95500f6bd
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC
new file mode 100644
index 000000000..87d8b52d4
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239
new file mode 100644
index 000000000..91acd396a
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A
new file mode 100644
index 000000000..b5f5fa6ca
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537
new file mode 100644
index 000000000..abeb964dd
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186
new file mode 100644
index 000000000..34c8cf8a5
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE
new file mode 100644
index 000000000..cc35ba691
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B
new file mode 100644
index 000000000..783dd271a
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC
new file mode 100644
index 000000000..74c4ce3b8
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913
new file mode 100644
index 000000000..f3cf5e676
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913 differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC
new file mode 100644
index 000000000..fc5bd433b
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04
new file mode 100644
index 000000000..0a8de4bb9
Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 differ
-- 
cgit v1.2.3


From f807371b592e95511bb87c4a1ee2819e835663fc Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 7 Jun 2018 12:16:39 +0200
Subject: some more refactoring stuff

---
 .../id/auth/builder/AuthenticationDataBuilder.java |   7 +-
 .../builder/CreateXMLSignatureRequestBuilder.java  |   2 +-
 .../moa/id/data/AuthenticationData.java            | 820 ---------------------
 .../gv/egovernment/moa/id/moduls/SSOManager.java   |  21 +
 .../moa/id/protocols/pvp2x/PVP2XProtocol.java      |   5 +-
 .../egovernment/moa/id/commons/MOAIDConstants.java |   2 -
 .../commons/api/data/AuthProzessDataConstants.java |   7 +-
 .../gv/egovernment/moa/util/DateTimeUtilsTest.java |   3 +-
 .../moa/id/auth/AuthenticationServer.java          |   2 +-
 .../moa/id/protocols/eidas/EIDASProtocol.java      |   5 +-
 .../oauth20/protocol/OAuth20Protocol.java          |   3 +-
 .../sl20_auth/tasks/ReceiveQualeIDTask.java        |   2 +-
 .../moa/id/protocols/saml1/SAML1Protocol.java      |  11 +-
 13 files changed, 46 insertions(+), 844 deletions(-)
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index e72780cab..fdf806f78 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -47,9 +47,9 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
@@ -58,6 +58,7 @@ import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
@@ -100,7 +101,7 @@ import iaik.x509.X509Certificate;
  *
  */
 @Service("AuthenticationDataBuilder")
-public class AuthenticationDataBuilder extends MOAIDAuthConstants {
+public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAuthenticationDataBuilder{
 
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
 	@Autowired protected AuthConfiguration authConfig;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index a43e6a7fb..7f47d3dfe 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -51,13 +51,13 @@ import java.util.Calendar;
 import java.util.List;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DateTimeUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
deleted file mode 100644
index 14d78c88e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ /dev/null
@@ -1,820 +0,0 @@
-/**
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.data;
-
-import java.io.Serializable;
-import java.text.DateFormat;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.commons.collections4.map.HashedMap;
-import org.w3c.dom.Element;
-
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
-import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.DateTimeUtils;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-public class AuthenticationData  implements IAuthData, Serializable {
-
-	private static final long serialVersionUID = -1042697056735596866L;
-	public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
-	
-	  /**
-	   * URL of the MOA-ID Auth component issueing this assertion
-	   */
-	  private String issuer;
-	  /**
-	   * time instant of issue of this assertion
-	   */
-	  private Date issueInstant;
-	  /**
-	   * user identification value (Stammzahl); <code>null</code>, 
-	   * if the authentication module is configured not to return this data
-	   */
-	  private String identificationValue;
-		/**
-		 * user identification type
-		 */
-	  private String identificationType;
-		
-		/**
-		 * user identityLink specialized to OAParamter
-		 */
-	  private IIdentityLink identityLink;
-		
-	  /**
-	   * application specific user identifier (bPK/wbPK)
-	   */
-	  private String bPK;
-	  
-	  /**
-	   * application specific user identifier type
-	   */
-	  private String bPKType;
-	  
-	  /**
-	   * given name of the user
-	   */
-	  private String givenName;
-	  /**
-	   * family name of the user
-	   */
-	  private String familyName;
-	  /**
-	   * date of birth of the user
-	   */
-	  private Date dateOfBirth;
-	  /**
-	   * says whether the certificate is a qualified certificate or not
-	   */
-	  private boolean qualifiedCertificate;
-	  /**
-	   * says whether the certificate is a public authority or not
-	   */
-	  private boolean publicAuthority;
-	  /**
-	   * public authority code (Beh&ouml;rdenkennzeichen - BKZ)
-	   */
-	  private String publicAuthorityCode;
-
-	  /**
-	   * URL of the BKU
-	   */
-	  private String bkuURL;
-	  /**
-	   * the corresponding <code>lt;saml:Assertion&gt;</code>
-	   */
-
-	  private boolean isBaseIDTransferRestrication = true;
-	  
-	  
-	 /**
-	  * STORK attributes from response
-	  */
-	  private String ccc = null;
-	  
-	  private Map<String, Object> genericDataStorate = new HashedMap<String, Object>();
-	  
-	  private byte[] signerCertificate = null;
-	  	  
-	  private String authBlock = null; 
-	  private List<String> encbPKList = null;
-	  
-	  //ISA 1.18 attributes
-	  private List<AuthenticationRole> roles = null;
-	  private String pvpAttribute_OU = null;
-	  
-	  private boolean useMandate = false;
-	  private IMISMandate mandate = null;
-	  private String mandateReferenceValue = null;
-	  
-	  private boolean foreigner =false;
-	  private String QAALevel = null;
-	  
-	  private boolean ssoSession = false;
-	  private Date ssoSessionValidTo = null;
-
-//	  private boolean interfederatedSSOSession = false;
-//	  private String interfederatedIDP = null;
-	  
-	  private String sessionIndex = null;
-	  private String nameID = null;
-	  private String nameIDFormat = null;
-	  
-	  public AuthenticationData() {
-		  issueInstant = new Date();
-	  }
-	  	  
-	  /**
-	   * Returns the publicAuthority.
-	   * @return boolean
-	   */
-	  public boolean isPublicAuthority() {
-	    return publicAuthority;
-	  }
-
-	  /**
-	   * Returns the publicAuthorityCode.
-	   * @return String
-	   */
-	  public String getPublicAuthorityCode() {
-	    return publicAuthorityCode;
-	  }
-
-	  /**
-	   * Returns the qualifiedCertificate.
-	   * @return boolean
-	   */
-	  public boolean isQualifiedCertificate() {
-	    return qualifiedCertificate;
-	  }
-
-	  /**
-	   * Returns the bPK.
-	   * @return String
-	   */
-	  public String getBPK() {
-	    return bPK;
-	  }
-
-	  /**
-	   * Sets the publicAuthority.
-	   * @param publicAuthority The publicAuthority to set
-	   */
-	  public void setPublicAuthority(boolean publicAuthority) {
-	    this.publicAuthority = publicAuthority;
-	  }
-
-	  /**
-	   * Sets the publicAuthorityCode.
-	   * @param publicAuthorityIdentification The publicAuthorityCode to set
-	   */
-	  public void setPublicAuthorityCode(String publicAuthorityIdentification) {
-	    this.publicAuthorityCode = publicAuthorityIdentification;
-	  }
-
-	  /**
-	   * Sets the qualifiedCertificate.
-	   * @param qualifiedCertificate The qualifiedCertificate to set
-	   */
-	  public void setQualifiedCertificate(boolean qualifiedCertificate) {
-	    this.qualifiedCertificate = qualifiedCertificate;
-	  }
-
-	  /**
-	   * Sets the bPK.
-	   * @param bPK The bPK to set
-	   */
-	  public void setBPK(String bPK) {
-	    this.bPK = bPK;
-	  }
-
-	  /**
-	   * Returns the dateOfBirth.
-	   * @return String
-	   */
-	  public Date getDateOfBirth() {
-	    return dateOfBirth;
-	  }
-
-	  public String getFormatedDateOfBirth() {
-			DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
-			if (getDateOfBirth() != null)
-				return pvpDateFormat.format(getDateOfBirth());
-			else
-				return "2999-12-31";
-		}
-	  
-	  /**
-	   * Returns the familyName.
-	   * @return String
-	   */
-	  public String getFamilyName() {
-	    return familyName;
-	  }
-
-	  /**
-	   * Returns the givenName.
-	   * @return String
-	   */
-	  public String getGivenName() {
-	    return givenName;
-	  }
-
-	  /**
-	   * Holds the baseID of a citizen
-	   * 
-	   * @return baseID
-	   */
-	  public String getIdentificationValue() {
-	    return identificationValue;
-	  }
-
-		/**
-		 * Holds the type of the baseID
-		 * 
-		 * @return baseID-Type
-		 */
-		public String getIdentificationType() {
-			return identificationType;
-		}
-
-	  /**
-	   * Returns the issueInstant.
-	   * @return String
-	   */
-	  public String getIssueInstantString() {
-	    return DateTimeUtils.buildDateTimeUTC(issueInstant);
-	    
-	  }
-
-	  /**
-	   * Returns the issueInstant.
-	   * @return String
-	   */
-	  public Date getIssueInstant() {
-	    return issueInstant;
-	    
-	  }
-	  
-	  public void setIssueInstant(Date date) {
-		  this.issueInstant = date;
-	  }
-	  
-	  /**
-	   * Returns the issuer.
-	   * @return String
-	   */
-	  public String getIssuer() {
-	    return issuer;
-	  }
-	  
-	  /**
-	   * Returns the BKU URL.
-	   * @return String
-	   */
-	  public String getBkuURL() {
-	    return bkuURL;
-	  }
-
-	  /**
-	   * Sets the dateOfBirth.
-	   * @param dateOfBirth The dateOfBirth to set
-	   */
-	  public void setDateOfBirth(Date dateOfBirth) {
-	    this.dateOfBirth = dateOfBirth;
-	  }
-
-	  public void setDateOfBirth(String dateOfBirth) {		  
-		  try {		  
-			  if (MiscUtil.isNotEmpty(dateOfBirth)) {
-				  DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
-				  this.dateOfBirth = identityLinkFormat.parse(dateOfBirth);
-			  }
-			  
-		  } catch (ParseException e) {
-			  Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e);
-			  
-		  }		  
-	  }
-	  
-	  /**
-	   * Sets the familyName.
-	   * @param familyName The familyName to set
-	   */
-	  public void setFamilyName(String familyName) {
-	    this.familyName = familyName;
-	  }
-
-	  /**
-	   * Sets the givenName.
-	   * @param givenName The givenName to set
-	   */
-	  public void setGivenName(String givenName) {
-	    this.givenName = givenName;
-	  }
-
-	  /**
-	   * Sets the identificationValue.
-	   * @param identificationValue The identificationValue to set
-	   */
-	  public void setIdentificationValue(String identificationValue) {
-	    this.identificationValue = identificationValue;
-	  }
-
-		/**
-		 * Sets the identificationType.
-		 * @param identificationType The identificationType to set
-		 */
-		public void setIdentificationType(String identificationType) {
-			this.identificationType = identificationType;
-		}
-
-	  /**
-	   * Sets the issuer.
-	   * @param issuer The issuer to set
-	   */
-	  public void setIssuer(String issuer) {
-	    this.issuer = issuer;
-	  }
-	  
-	  /**
-	   * Sets the bkuURL
-	   * @param url The BKU URL to set
-	   */
-	  public void setBkuURL(String url) {
-	    this.bkuURL = url;
-	  }
-
-	public String getBPKType() {
-		return bPKType;
-	}
-
-	public void setBPKType(String bPKType) {
-		this.bPKType = bPKType;
-	}
-
-	/**
-	 * @return the identityLink
-	 */
-	public IIdentityLink getIdentityLink() {
-		return identityLink;
-	}
-
-	/**
-	 * @param identityLink the identityLink to set
-	 */
-	public void setIdentityLink(IIdentityLink identityLink) {
-		this.identityLink = identityLink;
-	}
-
-	/**
-	 * @return the signerCertificate
-	 */
-	public byte[] getSignerCertificate() {
-		return signerCertificate;
-	}
-
-
-	/**
-	 * @param signerCertificate the signerCertificate to set
-	 */
-	public void setSignerCertificate(byte[] signerCertificate) {
-		this.signerCertificate = signerCertificate;
-	}
-
-
-	/**
-	 * @return the authBlock
-	 */
-	public String getAuthBlock() {
-		return authBlock;
-	}
-
-
-	/**
-	 * @param authBlock the authBlock to set
-	 */
-	public void setAuthBlock(String authBlock) {
-		this.authBlock = authBlock;
-	}
-
-
-	/**
-	 * @return the mandate
-	 */
-	public IMISMandate getMISMandate() {
-		return mandate;
-	}
-
-	public Element getMandate() {
-		if (mandate == null)
-			return null;
-		
-		//parse Element from mandate XML
-		try {
-			byte[] byteMandate = mandate.getMandate();
-			String stringMandate = new String(byteMandate);
-			return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
-			
-		}
-		catch (Throwable e) {
-			Logger.warn("Mandate content could not be generated from MISMandate.");
-			return null;
-		}
-	}
-	
-
-	/**
-	 * @param mandate the mandate to set
-	 */
-	public void setMISMandate(IMISMandate mandate) {
-		this.mandate = mandate;
-	}
-
-
-	/**
-	 * @return the useMandate
-	 */
-	public boolean isUseMandate() {
-		return useMandate;
-	}
-
-
-	/**
-	 * @param useMandate the useMandate to set
-	 */
-	public void setUseMandate(boolean useMandate) {
-		this.useMandate = useMandate;
-	}
-
-
-	/**
-	 * @return
-	 */
-	public String getQAALevel() {
-		if (this.QAALevel != null && 
-				this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) {
-			String mappedQAA = PVPtoSTORKMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel);
-			if (MiscUtil.isNotEmpty(mappedQAA))
-				return mappedQAA;
-			
-			else {
-				Logger.error("eIDAS QAA-level:" + this.QAALevel 
-						+ " can not be mapped to STORK QAA-level! Use "
-						+ PVPConstants.STORK_QAA_1_1 + " as default value.");
-				return PVPConstants.STORK_QAA_1_1;
-				
-			}
-			
-			
-		} else
-			return this.QAALevel;
-	}
-
-	
-	public String getEIDASQAALevel() {
-		if (this.QAALevel != null && 
-				this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
-			String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel);
-			if (MiscUtil.isNotEmpty(mappedQAA))
-				return mappedQAA;
-			
-			else {
-				Logger.error("STORK QAA-level:" + this.QAALevel 
-						+ " can not be mapped to eIDAS QAA-level! Use "
-						+ PVPConstants.EIDAS_QAA_LOW + " as default value.");
-				return PVPConstants.EIDAS_QAA_LOW;
-				
-			}
-			
-			
-		} else
-			return this.QAALevel;
-		
-	}
-	
-
-	/**
-	 * @return
-	 */
-	public boolean isForeigner() {
-		return this.foreigner;
-	}
-
-
-	/**
-	 * @param foreigner the foreigner to set
-	 */
-	public void setForeigner(boolean foreigner) {
-		this.foreigner = foreigner;
-	}
-
-
-	/**
-	 * Store QAA level in eIDAS format to authentication Data
-	 * 
-	 * @param qAALevel the qAALevel to set
-	 * @throws AssertionAttributeExtractorExeption 
-	 */
-	public void setQAALevel(String qAALevel) {
-			QAALevel = qAALevel;
-			
-	}
-
-	/**
-	 * @return the ssoSession
-	 */
-	public boolean isSsoSession() {
-		return ssoSession;
-	}
-
-
-	/**
-	 * @param ssoSession the ssoSession to set
-	 */
-	public void setSsoSession(boolean ssoSession) {
-		this.ssoSession = ssoSession;
-	}
-
-	/**
-	 * @return the mandateReferenceValue
-	 */
-	public String getMandateReferenceValue() {
-		return mandateReferenceValue;
-	}
-
-	/**
-	 * @param mandateReferenceValue the mandateReferenceValue to set
-	 */
-	public void setMandateReferenceValue(String mandateReferenceValue) {
-		this.mandateReferenceValue = mandateReferenceValue;
-	}
-
-	/**
-	 * CountryCode of the citizen which is identified and authenticated
-	 * 
-	 * @return the CountryCode <pre>like. AT, SI, ...</pre>
-	 */
-	public String getCcc() {
-		return ccc;
-	}
-
-	/**
-	 * @param ccc the ccc to set
-	 */
-	public void setCcc(String ccc) {
-		this.ccc = ccc;
-	}
-
-	/**
-	 * @return the sessionIndex
-	 */
-	public String getSessionIndex() {
-		return sessionIndex;
-	}
-
-	/**
-	 * @param sessionIndex the sessionIndex to set
-	 */
-	public void setSessionIndex(String sessionIndex) {
-		this.sessionIndex = sessionIndex;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID()
-	 */
-	@Override
-	public String getNameID() {
-		return this.nameID;
-	}
-
-	/**
-	 * @param nameID the nameID to set
-	 */
-	public void setNameID(String nameID) {
-		this.nameID = nameID;
-	}
-
-	/**
-	 * @return the nameIDFormat
-	 */
-	public String getNameIDFormat() {
-		return nameIDFormat;
-	}
-
-	/**
-	 * @param nameIDFormat the nameIDFormat to set
-	 */
-	public void setNameIDFormat(String nameIDFormat) {
-		this.nameIDFormat = nameIDFormat;
-	}
-
-//	/**
-//	 * @return the interfederatedSSOSession
-//	 */
-//	public boolean isInterfederatedSSOSession() {
-//		return interfederatedSSOSession;
-//	}
-//
-//	/**
-//	 * @param interfederatedSSOSession the interfederatedSSOSession to set
-//	 */
-//	public void setInterfederatedSSOSession(boolean interfederatedSSOSession) {
-//		this.interfederatedSSOSession = interfederatedSSOSession;
-//	}
-//
-//	/**
-//	 * @return the interfederatedIDP
-//	 */
-//	public String getInterfederatedIDP() {
-//		return interfederatedIDP;
-//	}
-//
-//	/**
-//	 * @param interfederatedIDP the interfederatedIDP to set
-//	 */
-//	public void setInterfederatedIDP(String interfederatedIDP) {
-//		this.interfederatedIDP = interfederatedIDP;
-//	}
-
-	/**
-	 * @return the ssoSessionValidTo
-	 */
-	public Date getSsoSessionValidTo() {
-		return ssoSessionValidTo;
-	}
-
-	/**
-	 * @param ssoSessionValidTo the ssoSessionValidTo to set
-	 */
-	public void setSsoSessionValidTo(Date ssoSessionValidTo) {
-		this.ssoSessionValidTo = ssoSessionValidTo;
-	}
-
-	/**
-	 * @return the encbPKList
-	 */
-	public List<String> getEncbPKList() {
-		return encbPKList;
-	}
-
-	/**
-	 * @param encbPKList the encbPKList to set
-	 */
-	public void setEncbPKList(List<String> encbPKList) {
-		this.encbPKList = encbPKList;
-	}
-
-	/**
-	 * @return the roles
-	 */
-	public List<AuthenticationRole> getAuthenticationRoles() {
-//		if (this.roles == null) {
-//			this.roles = new ArrayList<AuthenticationRole>();
-//			this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole"));
-//			this.roles.add(new AuthenticationRole("yypvprole", "yypvprole"));
-//		}
-		
-		return roles;
-	}
-
-	//ISA 1.18 attributes
-	/**
-	 * @param roles the roles to set
-	 */
-	public void addAuthenticationRole(AuthenticationRole role) {
-		if (this.roles == null)
-			this.roles = new ArrayList<AuthenticationRole>();
-
-		this.roles.add(role);
-	}
-	
-	/**
-	 * @return the pvpAttribute_OU
-	 */
-	public String getPvpAttribute_OU() {
-		return pvpAttribute_OU;
-	}
-
-	/**
-	 * @param pvpAttribute_OU the pvpAttribute_OU to set
-	 */
-	public void setPvpAttribute_OU(String pvpAttribute_OU) {
-		this.pvpAttribute_OU = pvpAttribute_OU;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService()
-	 */
-	@Override
-	public boolean isBaseIDTransferRestrication() {
-		return isBaseIDTransferRestrication;
-	}
-
-	/**
-	 * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set
-	 */
-	public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) {
-		this.isBaseIDTransferRestrication = isBaseIDTransferRestrication;
-	}
-	
-	/**
-	 * Returns a generic data-object with is stored with a specific identifier 
-	 * 
-	 * @param key The specific identifier of the data object
-	 * @param clazz The class type which is stored with this key
-	 * @return The data object or null if no data is found with this key
-	 */
-	public <T> T getGenericData(String key, final Class<T> clazz) {
-		if (MiscUtil.isNotEmpty(key)) {
-			Object data = genericDataStorate.get(key);			
-			
-			if (data == null)
-				return null;
-			
-			try {
-				@SuppressWarnings("unchecked")
-				T test = (T) data;
-				return test;
-				
-			} catch (Exception e) {
-				Logger.warn("Generic authentication-data object can not be casted to requsted type", e);
-				return null;
-				
-			}
-			
-		} 
-		
-		Logger.warn("Can not load generic session-data with key='null'");
-		return null;
-				
-	}
-	
-	/**
-	 * Store a generic data-object to session with a specific identifier
-	 * 
-	 * @param key Identifier for this data-object
-	 * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
-	 * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
-	 */
-	public void setGenericData(String key, Object object) throws SessionDataStorageException {
-		if (MiscUtil.isEmpty(key)) {
-			Logger.warn("Generic session-data can not be stored with a 'null' key");
-			throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null);
-			
-		}
-		
-		if (object != null) {
-			if (!Serializable.class.isInstance(object)) {
-				Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface");
-				throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null);
-				
-			}						
-		}
-		
-		if (genericDataStorate.containsKey(key))
-			Logger.debug("Overwrite generic data with key:" + key);
-		else
-			Logger.trace("Add generic data with key:" + key + " to session.");
-		
-		genericDataStorate.put(key, object);
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index b36b5af30..718f730b0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -28,6 +28,7 @@ import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
@@ -38,6 +39,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
@@ -114,6 +116,25 @@ public class SSOManager {
 		
 	}
 	
+	protected String createNewSSOSessionCookie(HttpServletRequest req, HttpServletResponse resp, 
+	IRequest pendingReq, IAuthenticationSession moaSession) {
+		Logger.debug("Add SSO information to MOASession.");
+
+		//Store SSO information into database
+		String newSSOSessionId = createSSOSessionInformations(moaSession.getSessionID(), 
+				pendingReq.getSPEntityId());
+
+		//set SSO cookie to response
+		if (StringUtils.isNotEmpty(newSSOSessionId)) {
+			setSSOSessionID(req, resp, newSSOSessionId);
+
+		} else {
+			deleteSSOSessionID(req, resp);
+
+		}
+
+		return newSSOSessionId;
+	}
 	
 	public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException, SessionDataStorageException {
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index e6298527b..038e384f3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -55,8 +55,8 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
 import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
 import at.gv.egiz.eaaf.core.exceptions.NoPassivAuthenticationException;
@@ -67,6 +67,7 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityLogAdapter;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -100,7 +101,7 @@ import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 @Controller
-public class PVP2XProtocol extends AbstractAuthProtocolModulController  {
+public class PVP2XProtocol extends AbstractAuthProtocolModulController implements IModulInfo {
 
 	@Autowired IDPCredentialProvider pvpCredentials;
 	@Autowired SAMLVerificationEngineSP samlVerificationEngine;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
index 958fb25ce..c56116255 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
@@ -77,8 +77,6 @@ public class MOAIDConstants {
     public static final List<String> ALLOWED_eIDAS_LOA;
     public static final List<String> JDBC_DRIVER_NEEDS_WORKAROUND;
     
-    public static final String UNIQUESESSIONIDENTIFIER = "uniqueSessionIdentifier";
-    
     public static final String eIDAS_LOA_LOW = "http://eidas.europa.eu/LoA/low";
     public static final String eIDAS_LOA_SUBSTANTIAL = "http://eidas.europa.eu/LoA/substantial";
     public static final String eIDAS_LOA_HIGH = "http://eidas.europa.eu/LoA/high";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java
index db413b0f5..e816349c8 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java
@@ -26,7 +26,7 @@ package at.gv.egovernment.moa.id.commons.api.data;
  * @author tlenz
  *
  */
-public interface AuthProzessDataConstants {
+public interface AuthProzessDataConstants extends EAAFConstants {
 	
 	public static final String GENERIC_PREFIX 					= "generic_";
 	
@@ -37,10 +37,9 @@ public interface AuthProzessDataConstants {
 	public static final String FLAG_IS_AUTHENTICATED 			= "direct_flagIsAuth";
 	public static final String FLAG_SAMLATTRIBUTEGEBEORWBPK 	= "direct_SAMLAttributeGebeORwbpk";
 	
-	
-	public static final String VALUE_CREATED 					= "direct_created";
+
 	public static final String VALUE_ISSUEINSTANT 				= "direct_issueInstant";
-	public static final String VALUE_SESSIONID 					= "direct_sessionId";
+	
 	public static final String VALUE_SIGNER_CERT 				= "direct_signerCert";
 	public static final String VALUE_IDENTITYLINK 				= "direct_idl";	
 	public static final String VALUE_BKUURL 					= "direct_bkuUrl";
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java
index e3468b89f..aed2efff2 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java
@@ -31,10 +31,9 @@ import java.util.Date;
 import java.util.GregorianCalendar;
 import java.util.TimeZone;
 
+import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils;
 import junit.framework.TestCase;
 
-import at.gv.egovernment.moa.util.DateTimeUtils;
-
 /**
  * @author Patrick Peck
  * @version $Id$
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index f12ef1994..97f56c6f4 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -28,6 +28,7 @@ import org.xml.sax.SAXException;
 import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
@@ -71,7 +72,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.DateTimeUtils;
 import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 019a61b7c..8ed9e1f2e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -43,8 +43,8 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
@@ -59,6 +59,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -81,7 +82,7 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
  * @author tlenz
  */
 @Controller
-public class EIDASProtocol extends AbstractAuthProtocolModulController {
+public class EIDASProtocol extends AbstractAuthProtocolModulController implements IModulInfo {
 
     public static final String NAME = EIDASProtocol.class.getName();
     public static final String PATH = "eidas";	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 55348b5f8..5acb1c547 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -18,6 +18,7 @@ import org.springframework.web.bind.annotation.RequestMethod;
 import com.google.gson.JsonObject;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
 import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
@@ -34,7 +35,7 @@ import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 @Controller
-public class OAuth20Protocol extends AbstractAuthProtocolModulController {
+public class OAuth20Protocol extends AbstractAuthProtocolModulController implements IModulInfo {
 	
 	public static final String NAME = OAuth20Protocol.class.getName();
 	public static final String PATH = "id_oauth20";
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
index add6d78e4..2ad19e088 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -26,6 +26,7 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
 import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils;
 import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult;
@@ -41,7 +42,6 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.DateTimeUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moaspss.logging.Logger;
 import iaik.esi.sva.util.X509Utils;
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 19fadb318..8dfe10268 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -35,18 +35,19 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -62,7 +63,7 @@ import at.gv.egovernment.moa.util.URLEncoder;
  */
 
 @Controller
-public class SAML1Protocol extends AbstractAuthProtocolModulController {
+public class SAML1Protocol extends AbstractAuthProtocolModulController implements IModulInfo {
 
 	@Autowired private SAML1AuthenticationServer saml1AuthServer;
 	
-- 
cgit v1.2.3


From e441bcf4eb1a53e1bb17df34997f17206796af72 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 7 Jun 2018 12:17:40 +0200
Subject: add one file

---
 .../moa/id/data/AuthenticationData.java            | 820 +++++++++++++++++++++
 1 file changed, 820 insertions(+)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
new file mode 100644
index 000000000..4b29fef3b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -0,0 +1,820 @@
+/**
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.data;
+
+import java.io.Serializable;
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.commons.collections4.map.HashedMap;
+import org.w3c.dom.Element;
+
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
+import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class AuthenticationData  implements IAuthData, Serializable {
+
+	private static final long serialVersionUID = -1042697056735596866L;
+	public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
+	
+	  /**
+	   * URL of the MOA-ID Auth component issueing this assertion
+	   */
+	  private String issuer;
+	  /**
+	   * time instant of issue of this assertion
+	   */
+	  private Date issueInstant;
+	  /**
+	   * user identification value (Stammzahl); <code>null</code>, 
+	   * if the authentication module is configured not to return this data
+	   */
+	  private String identificationValue;
+		/**
+		 * user identification type
+		 */
+	  private String identificationType;
+		
+		/**
+		 * user identityLink specialized to OAParamter
+		 */
+	  private IIdentityLink identityLink;
+		
+	  /**
+	   * application specific user identifier (bPK/wbPK)
+	   */
+	  private String bPK;
+	  
+	  /**
+	   * application specific user identifier type
+	   */
+	  private String bPKType;
+	  
+	  /**
+	   * given name of the user
+	   */
+	  private String givenName;
+	  /**
+	   * family name of the user
+	   */
+	  private String familyName;
+	  /**
+	   * date of birth of the user
+	   */
+	  private Date dateOfBirth;
+	  /**
+	   * says whether the certificate is a qualified certificate or not
+	   */
+	  private boolean qualifiedCertificate;
+	  /**
+	   * says whether the certificate is a public authority or not
+	   */
+	  private boolean publicAuthority;
+	  /**
+	   * public authority code (Beh&ouml;rdenkennzeichen - BKZ)
+	   */
+	  private String publicAuthorityCode;
+
+	  /**
+	   * URL of the BKU
+	   */
+	  private String bkuURL;
+	  /**
+	   * the corresponding <code>lt;saml:Assertion&gt;</code>
+	   */
+
+	  private boolean isBaseIDTransferRestrication = true;
+	  
+	  
+	 /**
+	  * STORK attributes from response
+	  */
+	  private String ccc = null;
+	  
+	  private Map<String, Object> genericDataStorate = new HashedMap<String, Object>();
+	  
+	  private byte[] signerCertificate = null;
+	  	  
+	  private String authBlock = null; 
+	  private List<String> encbPKList = null;
+	  
+	  //ISA 1.18 attributes
+	  private List<AuthenticationRole> roles = null;
+	  private String pvpAttribute_OU = null;
+	  
+	  private boolean useMandate = false;
+	  private IMISMandate mandate = null;
+	  private String mandateReferenceValue = null;
+	  
+	  private boolean foreigner =false;
+	  private String QAALevel = null;
+	  
+	  private boolean ssoSession = false;
+	  private Date ssoSessionValidTo = null;
+
+//	  private boolean interfederatedSSOSession = false;
+//	  private String interfederatedIDP = null;
+	  
+	  private String sessionIndex = null;
+	  private String nameID = null;
+	  private String nameIDFormat = null;
+	  
+	  public AuthenticationData() {
+		  issueInstant = new Date();
+	  }
+	  	  
+	  /**
+	   * Returns the publicAuthority.
+	   * @return boolean
+	   */
+	  public boolean isPublicAuthority() {
+	    return publicAuthority;
+	  }
+
+	  /**
+	   * Returns the publicAuthorityCode.
+	   * @return String
+	   */
+	  public String getPublicAuthorityCode() {
+	    return publicAuthorityCode;
+	  }
+
+	  /**
+	   * Returns the qualifiedCertificate.
+	   * @return boolean
+	   */
+	  public boolean isQualifiedCertificate() {
+	    return qualifiedCertificate;
+	  }
+
+	  /**
+	   * Returns the bPK.
+	   * @return String
+	   */
+	  public String getBPK() {
+	    return bPK;
+	  }
+
+	  /**
+	   * Sets the publicAuthority.
+	   * @param publicAuthority The publicAuthority to set
+	   */
+	  public void setPublicAuthority(boolean publicAuthority) {
+	    this.publicAuthority = publicAuthority;
+	  }
+
+	  /**
+	   * Sets the publicAuthorityCode.
+	   * @param publicAuthorityIdentification The publicAuthorityCode to set
+	   */
+	  public void setPublicAuthorityCode(String publicAuthorityIdentification) {
+	    this.publicAuthorityCode = publicAuthorityIdentification;
+	  }
+
+	  /**
+	   * Sets the qualifiedCertificate.
+	   * @param qualifiedCertificate The qualifiedCertificate to set
+	   */
+	  public void setQualifiedCertificate(boolean qualifiedCertificate) {
+	    this.qualifiedCertificate = qualifiedCertificate;
+	  }
+
+	  /**
+	   * Sets the bPK.
+	   * @param bPK The bPK to set
+	   */
+	  public void setBPK(String bPK) {
+	    this.bPK = bPK;
+	  }
+
+	  /**
+	   * Returns the dateOfBirth.
+	   * @return String
+	   */
+	  public Date getDateOfBirth() {
+	    return dateOfBirth;
+	  }
+
+	  public String getFormatedDateOfBirth() {
+			DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
+			if (getDateOfBirth() != null)
+				return pvpDateFormat.format(getDateOfBirth());
+			else
+				return "2999-12-31";
+		}
+	  
+	  /**
+	   * Returns the familyName.
+	   * @return String
+	   */
+	  public String getFamilyName() {
+	    return familyName;
+	  }
+
+	  /**
+	   * Returns the givenName.
+	   * @return String
+	   */
+	  public String getGivenName() {
+	    return givenName;
+	  }
+
+	  /**
+	   * Holds the baseID of a citizen
+	   * 
+	   * @return baseID
+	   */
+	  public String getIdentificationValue() {
+	    return identificationValue;
+	  }
+
+		/**
+		 * Holds the type of the baseID
+		 * 
+		 * @return baseID-Type
+		 */
+		public String getIdentificationType() {
+			return identificationType;
+		}
+
+	  /**
+	   * Returns the issueInstant.
+	   * @return String
+	   */
+	  public String getIssueInstantString() {
+	    return DateTimeUtils.buildDateTimeUTC(issueInstant);
+	    
+	  }
+
+	  /**
+	   * Returns the issueInstant.
+	   * @return String
+	   */
+	  public Date getIssueInstant() {
+	    return issueInstant;
+	    
+	  }
+	  
+	  public void setIssueInstant(Date date) {
+		  this.issueInstant = date;
+	  }
+	  
+	  /**
+	   * Returns the issuer.
+	   * @return String
+	   */
+	  public String getIssuer() {
+	    return issuer;
+	  }
+	  
+	  /**
+	   * Returns the BKU URL.
+	   * @return String
+	   */
+	  public String getBkuURL() {
+	    return bkuURL;
+	  }
+
+	  /**
+	   * Sets the dateOfBirth.
+	   * @param dateOfBirth The dateOfBirth to set
+	   */
+	  public void setDateOfBirth(Date dateOfBirth) {
+	    this.dateOfBirth = dateOfBirth;
+	  }
+
+	  public void setDateOfBirth(String dateOfBirth) {		  
+		  try {		  
+			  if (MiscUtil.isNotEmpty(dateOfBirth)) {
+				  DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
+				  this.dateOfBirth = identityLinkFormat.parse(dateOfBirth);
+			  }
+			  
+		  } catch (ParseException e) {
+			  Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e);
+			  
+		  }		  
+	  }
+	  
+	  /**
+	   * Sets the familyName.
+	   * @param familyName The familyName to set
+	   */
+	  public void setFamilyName(String familyName) {
+	    this.familyName = familyName;
+	  }
+
+	  /**
+	   * Sets the givenName.
+	   * @param givenName The givenName to set
+	   */
+	  public void setGivenName(String givenName) {
+	    this.givenName = givenName;
+	  }
+
+	  /**
+	   * Sets the identificationValue.
+	   * @param identificationValue The identificationValue to set
+	   */
+	  public void setIdentificationValue(String identificationValue) {
+	    this.identificationValue = identificationValue;
+	  }
+
+		/**
+		 * Sets the identificationType.
+		 * @param identificationType The identificationType to set
+		 */
+		public void setIdentificationType(String identificationType) {
+			this.identificationType = identificationType;
+		}
+
+	  /**
+	   * Sets the issuer.
+	   * @param issuer The issuer to set
+	   */
+	  public void setIssuer(String issuer) {
+	    this.issuer = issuer;
+	  }
+	  
+	  /**
+	   * Sets the bkuURL
+	   * @param url The BKU URL to set
+	   */
+	  public void setBkuURL(String url) {
+	    this.bkuURL = url;
+	  }
+
+	public String getBPKType() {
+		return bPKType;
+	}
+
+	public void setBPKType(String bPKType) {
+		this.bPKType = bPKType;
+	}
+
+	/**
+	 * @return the identityLink
+	 */
+	public IIdentityLink getIdentityLink() {
+		return identityLink;
+	}
+
+	/**
+	 * @param identityLink the identityLink to set
+	 */
+	public void setIdentityLink(IIdentityLink identityLink) {
+		this.identityLink = identityLink;
+	}
+
+	/**
+	 * @return the signerCertificate
+	 */
+	public byte[] getSignerCertificate() {
+		return signerCertificate;
+	}
+
+
+	/**
+	 * @param signerCertificate the signerCertificate to set
+	 */
+	public void setSignerCertificate(byte[] signerCertificate) {
+		this.signerCertificate = signerCertificate;
+	}
+
+
+	/**
+	 * @return the authBlock
+	 */
+	public String getAuthBlock() {
+		return authBlock;
+	}
+
+
+	/**
+	 * @param authBlock the authBlock to set
+	 */
+	public void setAuthBlock(String authBlock) {
+		this.authBlock = authBlock;
+	}
+
+
+	/**
+	 * @return the mandate
+	 */
+	public IMISMandate getMISMandate() {
+		return mandate;
+	}
+
+	public Element getMandate() {
+		if (mandate == null)
+			return null;
+		
+		//parse Element from mandate XML
+		try {
+			byte[] byteMandate = mandate.getMandate();
+			String stringMandate = new String(byteMandate);
+			return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
+			
+		}
+		catch (Throwable e) {
+			Logger.warn("Mandate content could not be generated from MISMandate.");
+			return null;
+		}
+	}
+	
+
+	/**
+	 * @param mandate the mandate to set
+	 */
+	public void setMISMandate(IMISMandate mandate) {
+		this.mandate = mandate;
+	}
+
+
+	/**
+	 * @return the useMandate
+	 */
+	public boolean isUseMandate() {
+		return useMandate;
+	}
+
+
+	/**
+	 * @param useMandate the useMandate to set
+	 */
+	public void setUseMandate(boolean useMandate) {
+		this.useMandate = useMandate;
+	}
+
+
+	/**
+	 * @return
+	 */
+	public String getQAALevel() {
+		if (this.QAALevel != null && 
+				this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) {
+			String mappedQAA = PVPtoSTORKMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel);
+			if (MiscUtil.isNotEmpty(mappedQAA))
+				return mappedQAA;
+			
+			else {
+				Logger.error("eIDAS QAA-level:" + this.QAALevel 
+						+ " can not be mapped to STORK QAA-level! Use "
+						+ PVPConstants.STORK_QAA_1_1 + " as default value.");
+				return PVPConstants.STORK_QAA_1_1;
+				
+			}
+			
+			
+		} else
+			return this.QAALevel;
+	}
+
+	
+	public String getEIDASQAALevel() {
+		if (this.QAALevel != null && 
+				this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
+			String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel);
+			if (MiscUtil.isNotEmpty(mappedQAA))
+				return mappedQAA;
+			
+			else {
+				Logger.error("STORK QAA-level:" + this.QAALevel 
+						+ " can not be mapped to eIDAS QAA-level! Use "
+						+ PVPConstants.EIDAS_QAA_LOW + " as default value.");
+				return PVPConstants.EIDAS_QAA_LOW;
+				
+			}
+			
+			
+		} else
+			return this.QAALevel;
+		
+	}
+	
+
+	/**
+	 * @return
+	 */
+	public boolean isForeigner() {
+		return this.foreigner;
+	}
+
+
+	/**
+	 * @param foreigner the foreigner to set
+	 */
+	public void setForeigner(boolean foreigner) {
+		this.foreigner = foreigner;
+	}
+
+
+	/**
+	 * Store QAA level in eIDAS format to authentication Data
+	 * 
+	 * @param qAALevel the qAALevel to set
+	 * @throws AssertionAttributeExtractorExeption 
+	 */
+	public void setQAALevel(String qAALevel) {
+			QAALevel = qAALevel;
+			
+	}
+
+	/**
+	 * @return the ssoSession
+	 */
+	public boolean isSsoSession() {
+		return ssoSession;
+	}
+
+
+	/**
+	 * @param ssoSession the ssoSession to set
+	 */
+	public void setSsoSession(boolean ssoSession) {
+		this.ssoSession = ssoSession;
+	}
+
+	/**
+	 * @return the mandateReferenceValue
+	 */
+	public String getMandateReferenceValue() {
+		return mandateReferenceValue;
+	}
+
+	/**
+	 * @param mandateReferenceValue the mandateReferenceValue to set
+	 */
+	public void setMandateReferenceValue(String mandateReferenceValue) {
+		this.mandateReferenceValue = mandateReferenceValue;
+	}
+
+	/**
+	 * CountryCode of the citizen which is identified and authenticated
+	 * 
+	 * @return the CountryCode <pre>like. AT, SI, ...</pre>
+	 */
+	public String getCcc() {
+		return ccc;
+	}
+
+	/**
+	 * @param ccc the ccc to set
+	 */
+	public void setCcc(String ccc) {
+		this.ccc = ccc;
+	}
+
+	/**
+	 * @return the sessionIndex
+	 */
+	public String getSessionIndex() {
+		return sessionIndex;
+	}
+
+	/**
+	 * @param sessionIndex the sessionIndex to set
+	 */
+	public void setSessionIndex(String sessionIndex) {
+		this.sessionIndex = sessionIndex;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID()
+	 */
+	@Override
+	public String getNameID() {
+		return this.nameID;
+	}
+
+	/**
+	 * @param nameID the nameID to set
+	 */
+	public void setNameID(String nameID) {
+		this.nameID = nameID;
+	}
+
+	/**
+	 * @return the nameIDFormat
+	 */
+	public String getNameIDFormat() {
+		return nameIDFormat;
+	}
+
+	/**
+	 * @param nameIDFormat the nameIDFormat to set
+	 */
+	public void setNameIDFormat(String nameIDFormat) {
+		this.nameIDFormat = nameIDFormat;
+	}
+
+//	/**
+//	 * @return the interfederatedSSOSession
+//	 */
+//	public boolean isInterfederatedSSOSession() {
+//		return interfederatedSSOSession;
+//	}
+//
+//	/**
+//	 * @param interfederatedSSOSession the interfederatedSSOSession to set
+//	 */
+//	public void setInterfederatedSSOSession(boolean interfederatedSSOSession) {
+//		this.interfederatedSSOSession = interfederatedSSOSession;
+//	}
+//
+//	/**
+//	 * @return the interfederatedIDP
+//	 */
+//	public String getInterfederatedIDP() {
+//		return interfederatedIDP;
+//	}
+//
+//	/**
+//	 * @param interfederatedIDP the interfederatedIDP to set
+//	 */
+//	public void setInterfederatedIDP(String interfederatedIDP) {
+//		this.interfederatedIDP = interfederatedIDP;
+//	}
+
+	/**
+	 * @return the ssoSessionValidTo
+	 */
+	public Date getSsoSessionValidTo() {
+		return ssoSessionValidTo;
+	}
+
+	/**
+	 * @param ssoSessionValidTo the ssoSessionValidTo to set
+	 */
+	public void setSsoSessionValidTo(Date ssoSessionValidTo) {
+		this.ssoSessionValidTo = ssoSessionValidTo;
+	}
+
+	/**
+	 * @return the encbPKList
+	 */
+	public List<String> getEncbPKList() {
+		return encbPKList;
+	}
+
+	/**
+	 * @param encbPKList the encbPKList to set
+	 */
+	public void setEncbPKList(List<String> encbPKList) {
+		this.encbPKList = encbPKList;
+	}
+
+	/**
+	 * @return the roles
+	 */
+	public List<AuthenticationRole> getAuthenticationRoles() {
+//		if (this.roles == null) {
+//			this.roles = new ArrayList<AuthenticationRole>();
+//			this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole"));
+//			this.roles.add(new AuthenticationRole("yypvprole", "yypvprole"));
+//		}
+		
+		return roles;
+	}
+
+	//ISA 1.18 attributes
+	/**
+	 * @param roles the roles to set
+	 */
+	public void addAuthenticationRole(AuthenticationRole role) {
+		if (this.roles == null)
+			this.roles = new ArrayList<AuthenticationRole>();
+
+		this.roles.add(role);
+	}
+	
+	/**
+	 * @return the pvpAttribute_OU
+	 */
+	public String getPvpAttribute_OU() {
+		return pvpAttribute_OU;
+	}
+
+	/**
+	 * @param pvpAttribute_OU the pvpAttribute_OU to set
+	 */
+	public void setPvpAttribute_OU(String pvpAttribute_OU) {
+		this.pvpAttribute_OU = pvpAttribute_OU;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService()
+	 */
+	@Override
+	public boolean isBaseIDTransferRestrication() {
+		return isBaseIDTransferRestrication;
+	}
+
+	/**
+	 * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set
+	 */
+	public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) {
+		this.isBaseIDTransferRestrication = isBaseIDTransferRestrication;
+	}
+	
+	/**
+	 * Returns a generic data-object with is stored with a specific identifier 
+	 * 
+	 * @param key The specific identifier of the data object
+	 * @param clazz The class type which is stored with this key
+	 * @return The data object or null if no data is found with this key
+	 */
+	public <T> T getGenericData(String key, final Class<T> clazz) {
+		if (MiscUtil.isNotEmpty(key)) {
+			Object data = genericDataStorate.get(key);			
+			
+			if (data == null)
+				return null;
+			
+			try {
+				@SuppressWarnings("unchecked")
+				T test = (T) data;
+				return test;
+				
+			} catch (Exception e) {
+				Logger.warn("Generic authentication-data object can not be casted to requsted type", e);
+				return null;
+				
+			}
+			
+		} 
+		
+		Logger.warn("Can not load generic session-data with key='null'");
+		return null;
+				
+	}
+	
+	/**
+	 * Store a generic data-object to session with a specific identifier
+	 * 
+	 * @param key Identifier for this data-object
+	 * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
+	 * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
+	 */
+	public void setGenericData(String key, Object object) throws SessionDataStorageException {
+		if (MiscUtil.isEmpty(key)) {
+			Logger.warn("Generic session-data can not be stored with a 'null' key");
+			throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null);
+			
+		}
+		
+		if (object != null) {
+			if (!Serializable.class.isInstance(object)) {
+				Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface");
+				throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null);
+				
+			}						
+		}
+		
+		if (genericDataStorate.containsKey(key))
+			Logger.debug("Overwrite generic data with key:" + key);
+		else
+			Logger.trace("Add generic data with key:" + key + " to session.");
+		
+		genericDataStorate.put(key, object);
+	}
+	
+}
-- 
cgit v1.2.3


From ea49cd41d7ae571f8156f7b2ac02c9e2a6f86ca6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Mon, 11 Jun 2018 20:08:41 +0200
Subject: add jUnit for user-restrication whitelist-store

---
 .../id/config/auth/data/UserWhitelistStore.java    |  40 ++-
 .../moa/id/config/auth/data/DummyAuthConfig.java   | 387 +++++++++++++++++++++
 .../auth/data/UserRestrictionWhiteListTest.java    | 136 ++++++++
 .../src/test/resources/BPK-Whitelist_20180607.csv  |  10 +
 .../SpringTest-context_basic_user_whitelist.xml    |  18 +
 .../modules/sl20_auth/eIDDataVerifierTest.java     |   2 +-
 6 files changed, 589 insertions(+), 4 deletions(-)
 create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java
 create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java
 create mode 100644 id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv
 create mode 100644 id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
index 38bcfa2af..a90d71a18 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
@@ -43,8 +43,24 @@ public class UserWhitelistStore {
 			try {			
 				InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI()));
 				String whiteListString = IOUtils.toString(new InputStreamReader(is));
-				whitelist = KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(whiteListString));
+				List<String> preWhitelist = KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(whiteListString));
+				
+				//remove prefix if required
+				for (String bPK : preWhitelist) {
+					String[] bPKSplit = bPK.split(":");
+					if (bPKSplit.length == 1)
+						whitelist.add(bPK);
+					
+					else if (bPKSplit.length ==2 )
+						whitelist.add(bPKSplit[1]);
+					
+					else
+						Logger.info("Whitelist entry: " + bPK + " has an unsupported format. Entry will be removed ...");
+						
+				}
+				
 				Logger.info("User whitelist is initialized with " + whitelist.size() + " entries.");
+					
 				 
 			} catch (FileNotFoundException e) {
 				Logger.warn("Do not initialize user whitelist. Reason: CSV file with bPKs NOT found", e);
@@ -61,6 +77,15 @@ public class UserWhitelistStore {
 		
 	}
 	
+	/**
+	 * Get the number of entries of the static whitelist
+	 * 
+	 * @return
+	 */
+	public int getNumberOfEntries() {
+		return whitelist.size();
+	}
+	
 	/**
 	 * Check if bPK is in whitelist
 	 * 
@@ -76,6 +101,11 @@ public class UserWhitelistStore {
 	}
 	
 	public boolean isUserbPKInWhitelistDynamic(String bPK) {
+		return isUserbPKInWhitelistDynamic(bPK, false);
+		
+	}
+	
+	public boolean isUserbPKInWhitelistDynamic(String bPK, boolean onlyDynamic) {
 		try {
 			if (absWhiteListUrl != null) {
 				InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI()));
@@ -86,7 +116,8 @@ public class UserWhitelistStore {
 							
 				} else {
 					Logger.debug("Can NOT find user in dynamic loaded user whitelist. Switch to static version ... ");
-					return isUserbPKInWhitelist(bPK);
+					if (!onlyDynamic)
+						return isUserbPKInWhitelist(bPK);
 				}
 			
 			}
@@ -94,8 +125,11 @@ public class UserWhitelistStore {
 			Logger.warn("Dynamic user whitelist check FAILED. Switch to static version ... ", e);
 			
 		}
+		if (!onlyDynamic)
+			return isUserbPKInWhitelist(bPK);
 		
-		return isUserbPKInWhitelist(bPK);
+
+		return false;
 	}
 	
 }
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java
new file mode 100644
index 000000000..d72e2f28c
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java
@@ -0,0 +1,387 @@
+package at.gv.egovernment.moa.id.config.auth.data;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IStorkConfig;
+import at.gv.egovernment.moa.id.commons.api.data.ProtocolAllowed;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.util.config.EgovUtilPropertiesConfiguration;
+
+public class DummyAuthConfig implements AuthConfiguration {
+
+	@Override
+	public String getRootConfigFileDir() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getDefaultChainingMode() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getTrustedCACertificates() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isTrustmanagerrevoationchecking() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public String[] getActiveProfiles() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Properties getGeneralPVP2ProperiesConfig() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Properties getGeneralOAuth20ProperiesConfig() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public ProtocolAllowed getAllowedProtocols() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Map<String, String> getConfigurationWithPrefix(String Prefix) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getConfigurationWithKey(String key) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getBasicMOAIDConfiguration(String key) {
+		if (UserRestrictionTask.CONFIG_PROPS_CSV_USER_FILE.equals(key)) {
+			String current;
+			try {
+				current = new java.io.File( "." ).getCanonicalPath();
+				return "file:" + current + "/src/test/resources/BPK-Whitelist_20180607.csv";
+			} catch (IOException e) {
+				e.printStackTrace();
+			}
+		} 
+		
+		return null;
+	}
+
+	@Override
+	public String getBasicMOAIDConfiguration(String key, String defaultValue) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public int getTransactionTimeOut() {
+		// TODO Auto-generated method stub
+		return 0;
+	}
+
+	@Override
+	public int getSSOCreatedTimeOut() {
+		// TODO Auto-generated method stub
+		return 0;
+	}
+
+	@Override
+	public int getSSOUpdatedTimeOut() {
+		// TODO Auto-generated method stub
+		return 0;
+	}
+
+	@Override
+	public String getAlternativeSourceID() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getLegacyAllowedProtocols() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public IOAAuthParameters getOnlineApplicationParameter(String oaURL) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException {
+		if (useTestTrustStore)
+			return "MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten";
+		else
+			return "MOAIDBuergerkarteAuthentisierungsDaten";
+	}
+
+	@Override
+	public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public ConnectionParameterInterface getMoaSpConnectionParameter() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public ConnectionParameterInterface getForeignIDConnectionParameter(IOAAuthParameters oaParameters)
+			throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public ConnectionParameterInterface getOnlineMandatesConnectionParameter(IOAAuthParameters oaParameters)
+			throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore) throws ConfigurationException {
+		if (useTestTrustStore)			
+			return "MOAIDBuergerkartePersonenbindungMitTestkarten";
+		else
+			return "MOAIDBuergerkartePersonenbindung";
+	}
+
+	@Override
+	public List<String> getTransformsInfos() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getSLRequestTemplates() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getSLRequestTemplates(String type) throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getDefaultBKUURLs() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getDefaultBKUURL(String type) throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getSSOTagetIdentifier() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getSSOFriendlyName() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getSSOSpecialText() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getMOASessionEncryptionKey() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getMOAConfigurationEncryptionKey() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isIdentityLinkResigning() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public String getIdentityLinkResigningKey() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isMonitoringActive() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public String getMonitoringTestIdentityLinkURL() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getMonitoringMessageSuccess() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isAdvancedLoggingActive() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public List<String> getPublicURLPrefix() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isVirtualIDPsEnabled() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isPVP2AssertionEncryptionActive() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isCertifiacteQCActive() {
+		return true;
+	}
+
+	@Override
+	public IStorkConfig getStorkConfig() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public EgovUtilPropertiesConfiguration geteGovUtilsConfig() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getDocumentServiceUrl() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isStorkFakeIdLActive() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public List<String> getStorkFakeIdLCountries() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getStorkNoSignatureCountries() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getStorkFakeIdLResigningKey() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isPVPSchemaValidationActive() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public Map<String, String> getConfigurationWithWildCard(String key) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<Integer> getDefaultRevisionsLogEventCodes() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isHTTPAuthAllowed() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public String[] getRevocationMethodOrder() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java
new file mode 100644
index 000000000..71956990e
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java
@@ -0,0 +1,136 @@
+package at.gv.egovernment.moa.id.config.auth.data;
+
+import java.io.IOException;
+import java.io.InputStreamReader;
+
+import org.apache.commons.io.IOUtils;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.xml.ConfigurationException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/SpringTest-context_basic_user_whitelist.xml")
+public class UserRestrictionWhiteListTest {
+
+	@Autowired(required=true) UserWhitelistStore whitelistStore;
+	
+	private static String bPK_1 = "/7eNkLgqP71U8dBwa0lSI8/2EFY=";
+	private static String bPK_2 = "gr88V4oH5KLlurBCcCAbKJNMF18=";
+	private static String bPK_3 = "0Fq3KqgYTbK8MsxymLe7tbuXhpA=";
+	private static String bPK_4 = "JWiLzwktCITGg+ztRKEAwWloSNM=";
+	
+	private static String bPK_5 = "JWiLzwktCIXXX+ztRKEAwWloSNM=";
+	private static String bPK_6 = "WtHxBxLqOThNU9YF8fzXXXcZLBs=";
+	
+	@Test
+	public void checkNumberOfEntries() throws Exception {
+		if (whitelistStore.getNumberOfEntries() != 12)
+			throw new Exception("Number of entries not valid");
+			
+	}
+	
+	
+	@Test
+	public void checkEntry_1() throws Exception {
+		String bPK = bPK_1;
+		if (!whitelistStore.isUserbPKInWhitelist(bPK))
+			throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+			
+	}
+	
+	@Test
+	public void checkEntryDynamic_1() throws Exception {
+		String bPK = bPK_1;
+		if (!whitelistStore.isUserbPKInWhitelistDynamic(bPK, true))
+			throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+			
+	}
+
+	@Test
+	public void checkEntry_2() throws Exception {
+		String bPK = bPK_2;
+		if (!whitelistStore.isUserbPKInWhitelist(bPK))
+			throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+			
+	}
+	
+	@Test
+	public void checkEntryDynamic_2() throws Exception {
+		String bPK = bPK_2;
+		if (!whitelistStore.isUserbPKInWhitelistDynamic(bPK, true))
+			throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+			
+	}
+	
+	
+	@Test
+	public void checkEntry_3() throws Exception {
+		String bPK = bPK_3;
+		if (!whitelistStore.isUserbPKInWhitelist(bPK))
+			throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+			
+	}
+	
+	@Test
+	public void checkEntryDynamic_3() throws Exception {
+		String bPK = bPK_3;
+		if (!whitelistStore.isUserbPKInWhitelistDynamic(bPK, true))
+			throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+			
+	}
+	
+	@Test
+	public void checkEntry_4() throws Exception {
+		String bPK = bPK_4;
+		if (!whitelistStore.isUserbPKInWhitelist(bPK))
+			throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+			
+	}
+	
+	@Test
+	public void checkEntryDynamic_4() throws Exception {
+		String bPK = bPK_4;
+		if (!whitelistStore.isUserbPKInWhitelistDynamic(bPK, true))
+			throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+			
+	}
+	
+	@Test
+	public void checkEntry_5() throws Exception {
+		String bPK = bPK_5;
+		if (whitelistStore.isUserbPKInWhitelist(bPK))
+			throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+			
+	}
+	
+	@Test
+	public void checkEntryDynamic_5() throws Exception {
+		String bPK = bPK_5;
+		if (whitelistStore.isUserbPKInWhitelistDynamic(bPK, true))
+			throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+			
+	}
+	
+	@Test
+	public void checkEntry_6() throws Exception {
+		String bPK = bPK_6;
+		if (whitelistStore.isUserbPKInWhitelist(bPK))
+			throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+			
+	}
+	
+	@Test
+	public void checkEntryDynamic_6() throws Exception {
+		String bPK = bPK_6;
+		if (whitelistStore.isUserbPKInWhitelistDynamic(bPK, true))
+			throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+			
+	}
+	
+	
+}
diff --git a/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv b/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv
new file mode 100644
index 000000000..099fc0f7e
--- /dev/null
+++ b/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv
@@ -0,0 +1,10 @@
+/7eNkLgqP71U8dBwa0lSI8/2EFY=,ZP-MH:xm1zT43aGLfTRLnDsxYoFk3XwDU=,ZP-MH:gr88V4oH5KLlurBCcCAbKJNMF18=,
+ZP-MH:LvrdIGoL4MXTjy7EJgPhoz3koL4=,
+ZP-MH:EcILNYQIZ4qfhLlZFzHivCu0Hfc=,
+ZP-MH:WtHxBxLqOThNU9YF8fzyvXcZLBs=,
+ZP-MH:0Fq3KqgYTbK8MsxymLe7tbuXhpA=,
+ZP-MH:DJ6nGg2JgcPH768BhqTNXVsGhOY=,
+JWiLzwktCITGg+ztRKEAwWloSNM=,
+ZP-MH:+cyQbhr1fQ8hLhazL62tFRq47iY=,
+ZP-MH:AFmfywfYPHcl2Lxp138upielmrs=,
+ZP-MH:yPAOTsc9LY5/jnbkWn2MWY6hjg0=
diff --git a/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml b/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml
new file mode 100644
index 000000000..85788714a
--- /dev/null
+++ b/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xmlns:tx="http://www.springframework.org/schema/tx"
+	xmlns:aop="http://www.springframework.org/schema/aop"
+	xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+			
+	<bean id="UserWhiteList_Store" 
+				class="at.gv.egovernment.moa.id.config.auth.data.UserWhitelistStore"/>
+				
+	<bean id="DummyAuthConfig" 
+				class="at.gv.egovernment.moa.id.config.auth.data.DummyAuthConfig"/>
+</beans>
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
index 32d623b88..35a8fd9c6 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
@@ -41,7 +41,7 @@ public abstract class eIDDataVerifierTest {
 		Logger.info("Loading Java security providers.");
 		//System.setProperty("moa.spss.server.configuration", "F:\\Projekte\\configs\\moa-spss\\MOASPSSConfiguration.xml");
 		String current = new java.io.File( "." ).getCanonicalPath();
-		System.setProperty("moa.spss.server.configuration", current + "\\src\\test\\resources\\moaspss_config\\MOASPSSConfiguration.xml");
+		System.setProperty("moa.spss.server.configuration", current + "/src/test/resources/moaspss_config/MOASPSSConfiguration.xml");
 		
 	    IAIK.addAsProvider();                
 	    ECCelerate.addAsProvider();
-- 
cgit v1.2.3


From b53d2f387282b731ea72806ec7d410a1c27a878d Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 12 Jun 2018 06:25:41 +0200
Subject: add foreign bPK generation into AuthenticationDataBuilder

---
 .../data/oa/OATargetConfiguration.java             | 40 ++++++++++
 .../validation/oa/OATargetConfigValidation.java    |  4 +
 .../resources/applicationResources_de.properties   |  3 +
 .../resources/applicationResources_en.properties   |  2 +
 .../webapp/jsp/snippets/OA/targetConfiguration.jsp | 15 ++++
 .../validation/task/impl/ServicesTargetTask.java   | 10 ++-
 .../id/auth/builder/AuthenticationDataBuilder.java | 87 +++++++++++++++++++++-
 .../moa/id/auth/builder/BPKBuilder.java            | 26 +++++--
 .../parser/VerifyXMLSignatureResponseParser.java   |  2 +-
 .../moa/id/config/auth/OAAuthParameter.java        | 14 +++-
 .../config/auth/data/DynamicOAAuthParameters.java  |  6 ++
 .../moa/id/data/AuthenticationData.java            |  2 +
 .../attributes/EncryptedBPKAttributeBuilder.java   |  2 +-
 .../moa/id/commons/api/IOAAuthParameters.java      |  7 ++
 .../config/ConfigurationMigrationUtils.java        |  6 ++
 .../config/MOAIDConfigurationConstants.java        |  2 +
 .../dao/config/deprecated/OnlineApplication.java   | 14 +++-
 17 files changed, 228 insertions(+), 14 deletions(-)

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
index b4b3aaf13..f67d4fa27 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
@@ -30,6 +30,7 @@ import javax.servlet.http.HttpServletRequest;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.IdentificationNumber;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.validation.TargetValidator;
 import at.gv.egovernment.moa.id.configuration.Constants;
 import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
@@ -56,6 +57,8 @@ public class OATargetConfiguration implements IOnlineApplicationData {
 	private String identificationNumber = null;
 	private String identificationType = null;
 	private static List<String> identificationTypeList = null;
+
+	private String foreignbPKTargets = null;
 	
 	public OATargetConfiguration() {
 		 targetList = TargetValidator.getListOfTargets();
@@ -145,6 +148,24 @@ public class OATargetConfiguration implements IOnlineApplicationData {
 			}						 
 		}
 		
+		
+		//parse foreign bPK sector list
+		if (KeyValueUtils.isCSVValueString(dbOA.getForeignbPKTargetList()))
+			foreignbPKTargets = KeyValueUtils.normalizeCSVValueString(dbOA.getForeignbPKTargetList());
+		
+		else {
+			if (dbOA.getForeignbPKTargetList().contains(KeyValueUtils.CSV_DELIMITER)) {
+				//remove trailing comma if exist
+				foreignbPKTargets = dbOA.getForeignbPKTargetList().substring(0, 
+						dbOA.getForeignbPKTargetList().indexOf(KeyValueUtils.CSV_DELIMITER));
+											
+			} else
+				foreignbPKTargets = dbOA.getForeignbPKTargetList();
+			
+		}
+			
+		
+		
 		return null;
 	}
 
@@ -253,6 +274,9 @@ public class OATargetConfiguration implements IOnlineApplicationData {
                 }
             }
         }
+        
+        dbOA.setForeignbPKTargetList(getForeignbPKTargets());
+        
 		return null;
 	}
 
@@ -401,6 +425,22 @@ public class OATargetConfiguration implements IOnlineApplicationData {
 	public void setSubTargetSet(boolean subTargetSet) {
 		this.subTargetSet = subTargetSet;
 	}
+
+
+	public String getForeignbPKTargets() {
+		return foreignbPKTargets;
+	}
+
+
+	public void setForeignbPKTargets(String foreignbPKTargets) {
+		if (MiscUtil.isNotEmpty(foreignbPKTargets))
+			this.foreignbPKTargets = 
+				KeyValueUtils.removeAllNewlineFromString(foreignbPKTargets);
+		else
+			this.foreignbPKTargets = foreignbPKTargets;
+	}
+	
+	
     
     
 }
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java
index ca0231577..4807d479e 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java
@@ -161,6 +161,10 @@ public class OATargetConfigValidation {
 			}
 		}
 		
+        
+        //foreign bPK configuration
+        
+        
 		return errors;
 	}
 }
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index 4b29f901a..2006625ff 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -243,6 +243,7 @@ webpages.oaconfig.general.friendlyname=Name der Online-Applikation
 webpages.oaconfig.general.isbusinessservice=Privatwirtschaftliche Applikation
 webpages.oaconfig.general.isstorkservice=Stork Applikation
 webpages.oaconfig.general.public.header=&Ouml;ffentlicher Bereich
+webpages.oaconfig.general.foreignbpk.header=Fremd-bPK Konfiguration 
 webpages.oaconfig.general.stork.header=STORK Bereich
 webpages.oaconfig.general.stork.countrycode=Landesvorwahl
 webpages.oaconfig.general.target.friendlyname=Bezeichnung des Bereichs (Frei w\u00E4hlbar)
@@ -262,6 +263,8 @@ webpages.oaconfig.general.aditional.iframe=B\u00FCrgerkartenauswahl im IFrame
 webpages.oaconfig.general.aditional.useUTC=UTC Zeit verwenden
 webpages.oaconfig.general.aditional.calculateHPI="TODO!"
 webpages.oaconfig.general.isHideBPKAuthBlock=bPK/wbPK im AuthBlock ausblenden
+webpages.oaconfig.general.foreign.sectors=Sektoren f\u00FCr Fremd-bPKs (CSV)
+
 
 webpages.oaconfig.general.szrgw.header=SZR-Gateway Service
 webpages.oaconfig.general.szrgw.selected=SZR-Gateway Service URL
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index d642994de..694294df7 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -249,6 +249,7 @@ webpages.oaconfig.general.friendlyname=Name of the Online-Application
 webpages.oaconfig.general.isbusinessservice=Private sector application
 webpages.oaconfig.general.isstorkservice=Stork application
 webpages.oaconfig.general.public.header=Public sector
+webpages.oaconfig.general.foreignbpk.header=Foreign sectors configuration
 webpages.oaconfig.general.stork.header=STORK sector
 webpages.oaconfig.general.stork.countrycode=Country code
 webpages.oaconfig.general.target.friendlyname=Name of the sector (arbitrary defined)
@@ -268,6 +269,7 @@ webpages.oaconfig.general.aditional.iframe=Selection of citizen card in IFrame
 webpages.oaconfig.general.aditional.useUTC=Use UTC time
 webpages.oaconfig.general.aditional.calculateHPI="TODO!"
 webpages.oaconfig.general.isHideBPKAuthBlock=Hide bPK/wbPK from AuthBlock
+webpages.oaconfig.general.foreign.sectors=Sectors for foreign pseudonyms (CSV)
 
 webpages.oaconfig.general.szrgw.header=SZR-Gateway Service
 webpages.oaconfig.general.szrgw.selected=SZR-Gateway Service URL
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
index b8bd1dc02..a61ce3053 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp
@@ -111,5 +111,20 @@
 	 						</s:else>
 						</div>
 					</s:if>
+					
+					<div id="oa_config_foreignbPKArea" class="oa_config_block">
+						<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.foreignbpk.header", request) %></h3>
+						<s:textarea name="targetConfig.foreignbPKTargets" 
+									value="%{targetConfig.foreignbPKTargets}" 
+									labelposition="left"
+									key="webpages.oaconfig.general.foreign.sectors"
+									cssClass="textfield_long"
+									rows="6"								
+									requiredLabel="true"
+									style="height:120px;">								
+						</s:textarea>
+					
+					</div>
+					
 
 </html>
\ No newline at end of file
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java
index e8d49a391..27b45fa78 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java
@@ -206,7 +206,15 @@ public class ServicesTargetTask extends AbstractTaskValidator implements ITaskVa
 				}												
 			}
 		}
-				
+			
+		
+		//validate foreign bPK targets
+		check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN);
+		if (MiscUtil.isNotEmpty(check)) {
+			log.debug("Find foreign bPK targets, but no validation is required");
+			
+		}
+		
 		if (!errors.isEmpty())
 			throw new ConfigurationTaskValidationException(errors);
 				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index b93de5119..91159ad4e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -30,9 +30,13 @@ import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Date;
+import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
 
+import javax.annotation.PostConstruct;
 import javax.naming.ldap.LdapName;
 import javax.naming.ldap.Rdn;
 
@@ -102,12 +106,32 @@ import iaik.x509.X509Certificate;
 @Service("AuthenticationDataBuilder")
 public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 
+	private static final String CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS = "configuration.foreignsectors.pubkey";
+	
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
 	@Autowired protected AuthConfiguration authConfig;
 	@Autowired private AttributQueryBuilder attributQueryBuilder;
 	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
 	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
 	
+	private Map<String, X509Certificate> encKeyMap = new HashMap<String, X509Certificate>();
+	
+	@PostConstruct
+	private void initialize() {
+		 Map<String, String> pubKeyMap = authConfig.getBasicMOAIDConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS);
+		 for (Entry<String, String> el : pubKeyMap.entrySet()) {
+			 try {
+				encKeyMap.put(el.getKey(), new X509Certificate(Base64Utils.decode(el.getValue(), false)));
+				Logger.info("Load foreign bPK encryption certificate for sector: " + el.getKey()); 
+				
+			 } catch (Exception e) {
+				Logger.warn("Can NOT load foreign bPK encryption certificate for sector: \" + el.getKey()", e); 
+				 
+			 }
+			 			 
+		 }		
+	}
+	
 	
 	public IAuthData buildAuthenticationData(IRequest pendingReq, 
             IAuthenticationSession session) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
@@ -648,7 +672,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 					Logger.info("Can NOT set Organwalter IdentityLink. Msg: No IdentityLink found");				
 
 				
-				//set bPK and IdenityLink for all other
+				//set bPK and IdentityLink for all other
 			} else {
 				//build bPK
 				String pvpbPKValue = getbPKValueFromPVPAttribute(session);
@@ -724,7 +748,11 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 						
 					}					
 				}
-								
+				
+				//build foreign bPKs
+				generateForeignbPK(authData, oaParam.foreignbPKSectorsRequested()); 
+				
+				
 				//build IdentityLink
 				if (identityLink != null)
 					authData.setIdentityLink(buildOAspecificIdentityLink(oaParam, identityLink, authData.getBPK(), authData.getBPKType()));
@@ -810,6 +838,61 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 		
 	}
 
+	private void generateForeignbPK(AuthenticationData authData, List<String> foreignSectors) {
+		if (foreignSectors != null && !foreignSectors.isEmpty()) {
+			Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... ");					
+			for (String foreignSector : foreignSectors) {
+				Logger.trace("Process sector: " + foreignSector + " ... ");
+				if (encKeyMap.containsKey(foreignSector)) {
+					try {
+						String sector = null;
+						//splitt sector into VKZ and target
+						if (foreignSector.startsWith("wbpk")) {
+							Logger.trace("Find foreign private sector " + foreignSector);
+							sector = Constants.URN_PREFIX + ":" + foreignSector;
+							
+						} else {
+							String[] split = foreignSector.split("+");
+							if (split.length != 2)  {
+								Logger.warn("Foreign sector: " + foreignSector + " looks WRONG. IGNORE IT!");
+								
+							} else {
+								Logger.trace("Find foreign public sector. VKZ: " + split[0] + " Target: " + split[1]);	
+								sector = Constants.URN_PREFIX_CDID + "+" + split[1];
+								
+							}
+															
+						}
+						
+						if (sector != null) {								
+							Pair<String, String> bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier(
+									authData.getIdentificationValue(), 
+									authData.getIdentificationType(), 										
+									sector);								
+							String foreignbPK = BPKBuilder.encryptBPK(bpk.getFirst(), bpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey());																		
+							authData.getEncbPKList().add("(" + foreignSector + "|" +  foreignbPK + ")");
+							Logger.debug("Foreign bPK for sector: " + foreignSector + " created.");
+							
+						}
+														
+					} catch (Exception e) {
+						Logger.warn("Foreign bPK generation FAILED for sector: " + foreignSector, e);
+						
+					}
+																		
+				} else { 
+					Logger.info("NO encryption cerfificate FOUND in configuration for sector: " + foreignSector);
+					Logger.info("Foreign bPK for sector: " + foreignSector + " is NOT possible");
+					
+				}				
+			}
+			
+		} else
+			Logger.debug("No foreign bPKs required for this service provider");
+		
+	}
+	
+	
 	/**
 	 * Check a bPK-Type against a Service-Provider configuration <br>
 	 * If bPK-Type is <code>null</code> the result is <code>false</code>.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
index a7f6e873f..04df32309 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -266,16 +266,21 @@ public class BPKBuilder {
     
 	public static String encryptBPK(String bpk, String target, PublicKey publicKey) throws BuildException {
 		MiscUtil.assertNotNull(bpk, "BPK");
+		MiscUtil.assertNotNull(target, "sector");
 		MiscUtil.assertNotNull(publicKey, "publicKey");
-		
+			
 		SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
-		if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
-			target = target.substring((Constants.URN_PREFIX_CDID + "+").length());
 		
-		String input = "V1::urn:publicid:gv.at:cdid+" + target + "::"
+		if (!target.startsWith(Constants.URN_PREFIX)) {
+			throw new BuildException("bPK encryption FAILED. bPK target does NOT starts with a valid prefix", null);
+			
+		}
+		
+		String input = "V1::" 
+			+ target + "::"
 		    + bpk + "::"
 		    + sdf.format(new Date());
-		System.out.println(input);
+		Logger.trace("Foreign bPK: " + input);
 		byte[] result;
 		try {
 			byte[] inputBytes = input.getBytes("ISO-8859-1");
@@ -287,6 +292,17 @@ public class BPKBuilder {
 		}		
 	}
 
+	
+	/**
+	 * Currently only works for bPKs!!!!
+	 * 
+	 * 
+	 * @param encryptedBpk
+	 * @param target
+	 * @param privateKey
+	 * @return
+	 * @throws BuildException
+	 */
 	public static String decryptBPK(String encryptedBpk, String target, PrivateKey privateKey) throws BuildException {
 		MiscUtil.assertNotEmpty(encryptedBpk, "Encrypted BPK");
 		MiscUtil.assertNotNull(privateKey, "Private key");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
index 0fba2d3f6..3a0a002e8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
@@ -209,7 +209,7 @@ public class VerifyXMLSignatureResponseParser {
       
       String signingTimeElement = XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNING_TIME_XPATH,"");
       if (MiscUtil.isNotEmpty(signingTimeElement)) {
-    	  DateTime datetime = ISODateTimeFormat.dateTimeNoMillis().parseDateTime(signingTimeElement);
+    	  DateTime datetime = ISODateTimeFormat.dateOptionalTimeParser().parseDateTime(signingTimeElement);
     	  respData.setSigningDateTime(datetime.toDate());
     	  
       }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index 59bd3893d..140ebcfc8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -54,10 +54,8 @@ import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
-import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
-import java.util.Map.Entry;
 import java.util.Set;
 
 import org.apache.commons.lang.SerializationUtils;
@@ -935,4 +933,16 @@ public String toString() {
 	return "Object not initialized";
 }
 
+
+@Override
+public List<String> foreignbPKSectorsRequested() {
+	String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN);
+	if (MiscUtil.isNotEmpty(value))
+		return KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(value));
+		
+	else
+		return null;
+	
+}
+
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index f3db82315..31b894604 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -531,5 +531,11 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 		return false;
 	}
 
+	@Override
+	public List<String> foreignbPKSectorsRequested() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index 7f56f519b..4cd9ecd6a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -691,6 +691,8 @@ public class AuthenticationData  implements IAuthData, Serializable {
 	 * @return the encbPKList
 	 */
 	public List<String> getEncbPKList() {
+		if (encbPKList == null)
+			encbPKList = new ArrayList<String>();
 		return encbPKList;
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
index 9dfbe00b2..f5c48b826 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
@@ -41,7 +41,7 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
 
 		if (authData.getEncbPKList() != null &&
 				authData.getEncbPKList().size() > 0) {
-			String value = authData.getEncbPKList().get(0);
+			String value = "(" + authData.getEncbPKList().get(0) + ")";
 			for (int i=1; i<authData.getEncbPKList().size(); i++)
 				value += ";"+authData.getEncbPKList().get(i);			
 			
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
index 1e1bfa94b..332764edf 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
@@ -254,4 +254,11 @@ public interface IOAAuthParameters {
 	
 	public List<Integer> getReversionsLoggingEventCodes();
 	
+	/**
+	 * Get a List of sectors for that this service provider requires foreign bPKs
+	 * 
+	 * @return list of sectors, or null if no sectors are defined
+	 */
+	public List<String> foreignbPKSectorsRequested();
+	
 }
\ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
index 93f26051c..b49278947 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
@@ -174,6 +174,9 @@ public class ConfigurationMigrationUtils {
 				}
 			}
 			
+			if (MiscUtil.isNotEmpty(oa.getForeignbPKTargetList()))
+				result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, oa.getForeignbPKTargetList());
+			
 			//convert selected SZR-GW service
 			if (MiscUtil.isNotEmpty(oa.getSelectedSZRGWServiceURL()))
 				result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL, oa.getSelectedSZRGWServiceURL());
@@ -826,6 +829,9 @@ public class ConfigurationMigrationUtils {
 	            }
 	        }
 
+	        if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN)))
+	        		dbOA.setForeignbPKTargetList(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN));
+	        
             //store BKU-URLs
             BKUURLS bkuruls = new BKUURLS();
             authoa.setBKUURLS(bkuruls);
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
index 695df3123..8b52e4e0c 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
@@ -61,6 +61,8 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants {
 	private static final String SERVICE_AUTH_TARGET_BUSINESS = SERVICE_AUTH_TARGET + ".business";	
 	public static final String SERVICE_AUTH_TARGET_BUSINESS_TYPE = SERVICE_AUTH_TARGET_BUSINESS + ".type";
 	public static final String SERVICE_AUTH_TARGET_BUSINESS_VALUE = SERVICE_AUTH_TARGET_BUSINESS + ".value";
+	public static final String SERVICE_AUTH_TARGET_FOREIGN = SERVICE_AUTH_TARGET + ".foreign";
+	
 	
 	public static final String SERVICE_AUTH_TARGET_PUBLIC_TARGET = SERVICE_AUTH_TARGET_PUBLIC + ".target"; 
 	public static final String SERVICE_AUTH_TARGET_PUBLIC_TARGET_SUB = SERVICE_AUTH_TARGET_PUBLIC + ".target.sub";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
index 196923ce6..e37873a72 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java
@@ -115,10 +115,20 @@ public class OnlineApplication
     @XmlTransient
     protected String mandateServiceSelectionTemplateURL = null;
     
+    @XmlTransient
+    protected String foreignbPKTargetList = null;
     
+
     
-    
-    /**
+    public String getForeignbPKTargetList() {
+		return foreignbPKTargetList;
+	}
+
+	public void setForeignbPKTargetList(String foreignbPKTargetList) {
+		this.foreignbPKTargetList = foreignbPKTargetList;
+	}
+
+	/**
 	 * @return the saml2PostBindingTemplateURL
 	 */
 	public String getSaml2PostBindingTemplateURL() {
-- 
cgit v1.2.3


From 721d4261b72a12dc6147687d72b81738014be20b Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 12 Jun 2018 09:20:52 +0200
Subject: add jUnit simple test for AuthDataBuilder and foreign bPK generation

---
 .../id/auth/builder/AuthenticationDataBuilder.java |  13 +-
 .../moa/id/auth/builder/BPKBuilder.java            | 158 +++--------
 .../id/config/auth/data/UserWhitelistStore.java    |  39 ++-
 .../auth/data/AuthenticationDataBuilderTest.java   |  85 ++++++
 .../moa/id/config/auth/data/DummyAuthConfig.java   |  49 +++-
 .../moa/id/config/auth/data/DummyAuthSession.java  | 287 ++++++++++++++++++++
 .../moa/id/config/auth/data/DummyAuthStorage.java  | 186 +++++++++++++
 .../moa/id/config/auth/data/DummyOAConfig.java     | 289 +++++++++++++++++++++
 .../auth/data/UserRestrictionWhiteListTest.java    |   8 +-
 .../moa/id/module/test/TestRequestImpl.java        |   5 +-
 .../src/test/resources/BPK-Whitelist_20180607.csv  |   4 +-
 .../SpringTest-context_basic_user_whitelist.xml    |  11 +
 .../moa/id/commons/validation/IPKIXValidator.java  |   6 +
 .../commons/validation/MOASPPKIXCertValidator.java |   9 +
 .../validation/PKIXValidatorConfiguration.java     |  21 ++
 .../modules/sl20_auth/eIDDataVerifierTest.java     |   8 +-
 .../data/SSOTransferOnlineApplication.java         |   6 +
 17 files changed, 1037 insertions(+), 147 deletions(-)
 create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
 create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthSession.java
 create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthStorage.java
 create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/IPKIXValidator.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASPPKIXCertValidator.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/PKIXValidatorConfiguration.java

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 91159ad4e..afac80df9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -106,13 +106,14 @@ import iaik.x509.X509Certificate;
 @Service("AuthenticationDataBuilder")
 public class AuthenticationDataBuilder extends MOAIDAuthConstants {
 
-	private static final String CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS = "configuration.foreignsectors.pubkey";
+	public static final String CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS = "configuration.foreignsectors.pubkey";
+	
+	@Autowired(required=true) private IAuthenticationSessionStoreage authenticatedSessionStorage;
+	@Autowired(required=true) protected AuthConfiguration authConfig;
+	@Autowired(required=false) private MOAMetadataProvider metadataProvider;
+	@Autowired(required=false) private AttributQueryBuilder attributQueryBuilder;
+	@Autowired(required=false) private SAMLVerificationEngineSP samlVerificationEngine;
 	
-	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
-	@Autowired protected AuthConfiguration authConfig;
-	@Autowired private AttributQueryBuilder attributQueryBuilder;
-	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
-	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
 	
 	private Map<String, X509Certificate> encKeyMap = new HashMap<String, X509Certificate>();
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
index 04df32309..14de65e36 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -149,121 +149,7 @@ public class BPKBuilder {
 			}			
 		}						
 	}
-	
-	
-    /**
-     * Builds the storkeid from the given parameters.
-     *
-     * @param baseID baseID of the citizen
-     * @param baseIDType Type of the baseID
-     * @param sourceCountry CountryCode of that country, which build the eIDAs ID
-     * @param destinationCountry CountryCode of that country, which receives the eIDAs ID
-     * 
-     * @return Pair<eIDAs, bPKType> in a BASE64 encoding
-     * @throws BuildException if an error occurs on building the wbPK
-     */
-    private Pair<String, String> buildeIDASIdentifer(String baseID, String baseIDType, String sourceCountry, String destinationCountry)
-            throws BuildException {        
-        String bPK = null;
-        String bPKType = null;
-        
-        // check if we have been called by public sector application
-        if (baseIDType.startsWith(Constants.URN_PREFIX_BASEID)) {
-        	bPKType = Constants.URN_PREFIX_EIDAS + "+" + sourceCountry + "+" + destinationCountry;
-            Logger.debug("Building eIDAS identification from: [identValue]+" + bPKType);         
-            bPK = calculatebPKwbPK(baseID + "+"  + bPKType);
-            
-        } else { // if not, sector identification value is already calculated by BKU
-            Logger.debug("eIDAS eIdentifier already provided by BKU");
-            bPK = baseID;
-        }
-
-        if ((MiscUtil.isEmpty(bPK) ||
-                MiscUtil.isEmpty(sourceCountry) ||
-                	MiscUtil.isEmpty(destinationCountry))) {
-            throw new BuildException("builder.00",
-                    new Object[]{"eIDAS-ID", "Unvollständige Parameterangaben: identificationValue=" +
-                            bPK + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry});
-        }
-        
-        Logger.debug("Building eIDAS identification from: " + sourceCountry+"/"+destinationCountry+"/" + "[identValue]");
-        String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bPK;
-        
-        return Pair.newInstance(eIdentifier, bPKType);
-    }
-	
-//    /**
-//     * Builds the bPK from the given parameters.
-//     *
-//     * @param identificationValue Base64 encoded "Stammzahl"
-//     * @param target              "Bereich lt. Verordnung des BKA"
-//     * @return bPK in a BASE64 encoding
-//     * @throws BuildException if an error occurs on building the bPK
-//     */
-//    private String buildBPK(String identificationValue, String target)
-//            throws BuildException {
-//
-//        if ((identificationValue == null ||
-//                identificationValue.length() == 0 ||
-//                target == null ||
-//                target.length() == 0)) {
-//            throw new BuildException("builder.00",
-//                    new Object[]{"BPK", "Unvollständige Parameterangaben: identificationValue=" +
-//                            identificationValue + ",target=" + target});
-//        }
-//        String basisbegriff;
-//        if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
-//            basisbegriff = identificationValue + "+" + target;
-//        else
-//            basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target;
-//
-//        return calculatebPKwbPK(basisbegriff);
-//    }
-//
-//    /**
-//     * Builds the wbPK from the given parameters.
-//     *
-//     * @param identificationValue Base64 encoded "Stammzahl"
-//     * @param registerAndOrdNr    type of register + "+" + number in register.
-//     * @return wbPK in a BASE64 encoding
-//     * @throws BuildException if an error occurs on building the wbPK
-//     */
-//    private String buildWBPK(String identificationValue, String registerAndOrdNr)
-//            throws BuildException {
-//
-//        if ((identificationValue == null ||
-//                identificationValue.length() == 0 ||
-//                registerAndOrdNr == null ||
-//                registerAndOrdNr.length() == 0)) {
-//            throw new BuildException("builder.00",
-//                    new Object[]{"wbPK", "Unvollständige Parameterangaben: identificationValue=" +
-//                            identificationValue + ",Register+Registernummer=" + registerAndOrdNr});
-//        }
-//
-//        String basisbegriff;
-//        if (registerAndOrdNr.startsWith(Constants.URN_PREFIX_WBPK + "+"))
-//            basisbegriff = identificationValue + "+" + registerAndOrdNr;
-//        else
-//            basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr;
-//
-//        return calculatebPKwbPK(basisbegriff);
-//    }
-//
-//    private String buildbPKorwbPK(String baseID, String bPKorwbPKTarget) throws BuildException {
-//    	if (MiscUtil.isEmpty(baseID) || 
-//    			!(bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_CDID + "+") || 
-//    					bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_WBPK + "+") || 
-//    					bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_STORK + "+")) ) {
-//    		throw new BuildException("builder.00",
-//                    new Object[]{"bPK/wbPK", "bPK or wbPK target " + bPKorwbPKTarget 
-//    					+ " has an unkown prefix."});
-//    		
-//    	}
-//    	
-//    	return calculatebPKwbPK(baseID + "+" + bPKorwbPKTarget);
-//    	
-//    }
-    
+		    
 	public static String encryptBPK(String bpk, String target, PublicKey publicKey) throws BuildException {
 		MiscUtil.assertNotNull(bpk, "BPK");
 		MiscUtil.assertNotNull(target, "sector");
@@ -332,6 +218,48 @@ public class BPKBuilder {
 		}		
 	}
         
+	
+    /**
+     * Builds the storkeid from the given parameters.
+     *
+     * @param baseID baseID of the citizen
+     * @param baseIDType Type of the baseID
+     * @param sourceCountry CountryCode of that country, which build the eIDAs ID
+     * @param destinationCountry CountryCode of that country, which receives the eIDAs ID
+     * 
+     * @return Pair<eIDAs, bPKType> in a BASE64 encoding
+     * @throws BuildException if an error occurs on building the wbPK
+     */
+    private Pair<String, String> buildeIDASIdentifer(String baseID, String baseIDType, String sourceCountry, String destinationCountry)
+            throws BuildException {        
+        String bPK = null;
+        String bPKType = null;
+        
+        // check if we have been called by public sector application
+        if (baseIDType.startsWith(Constants.URN_PREFIX_BASEID)) {
+        	bPKType = Constants.URN_PREFIX_EIDAS + "+" + sourceCountry + "+" + destinationCountry;
+            Logger.debug("Building eIDAS identification from: [identValue]+" + bPKType);         
+            bPK = calculatebPKwbPK(baseID + "+"  + bPKType);
+            
+        } else { // if not, sector identification value is already calculated by BKU
+            Logger.debug("eIDAS eIdentifier already provided by BKU");
+            bPK = baseID;
+        }
+
+        if ((MiscUtil.isEmpty(bPK) ||
+                MiscUtil.isEmpty(sourceCountry) ||
+                	MiscUtil.isEmpty(destinationCountry))) {
+            throw new BuildException("builder.00",
+                    new Object[]{"eIDAS-ID", "Unvollständige Parameterangaben: identificationValue=" +
+                            bPK + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry});
+        }
+        
+        Logger.debug("Building eIDAS identification from: " + sourceCountry+"/"+destinationCountry+"/" + "[identValue]");
+        String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bPK;
+        
+        return Pair.newInstance(eIdentifier, bPKType);
+    }
+	
     private String calculatebPKwbPK(String basisbegriff) throws BuildException {
     	try {
             MessageDigest md = MessageDigest.getInstance("SHA-1");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
index a90d71a18..a32159dd0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
@@ -18,6 +18,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.util.FileUtils;
@@ -35,26 +36,44 @@ public class UserWhitelistStore {
 	@PostConstruct
 	private void initialize() {
 		String whiteListUrl = authConfig.getBasicMOAIDConfiguration(UserRestrictionTask.CONFIG_PROPS_CSV_USER_FILE);
-		if (MiscUtil.isEmpty(whiteListUrl)) 
-			Logger.debug("Do not initialize user whitelist. Reason: No configuration path to CSV file.");
+		String internalTarget = authConfig.getBasicMOAIDConfiguration(UserRestrictionTask.CONFIG_PROPS_CSV_USER_SECTOR);		
+		if (MiscUtil.isEmpty(whiteListUrl) || MiscUtil.isEmpty(internalTarget)) 
+			Logger.debug("Do not initialize user whitelist. Reason: NO configuration path to CSV file or NO internal bPK target for whitelist");
 		
 		else {
-			absWhiteListUrl = FileUtils.makeAbsoluteURL(whiteListUrl, authConfig.getRootConfigFileDir());
-			try {			
-				InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI()));
+			if (internalTarget.startsWith(MOAIDAuthConstants.PREFIX_CDID))
+				internalTarget = internalTarget.substring(MOAIDAuthConstants.PREFIX_CDID.length());			
+			else if (internalTarget.startsWith(MOAIDAuthConstants.PREFIX_WPBK))
+				internalTarget = internalTarget.substring(MOAIDAuthConstants.PREFIX_WPBK.length());
+			else if (internalTarget.startsWith(MOAIDAuthConstants.PREFIX_EIDAS))
+				internalTarget = internalTarget.substring(MOAIDAuthConstants.PREFIX_EIDAS.length());
+			else {
+				Logger.warn("Sector: " + internalTarget + " is NOT supported for user whitelist.");
+				Logger.info("User whitelist-store MAY NOT contains all user from whitelist");
+			}
+			
+			try {				
+				absWhiteListUrl = new URL(FileUtils.makeAbsoluteURL(whiteListUrl, authConfig.getRootConfigFileDir()))
+											.toURI().toString().substring("file:".length());						
+				InputStream is = new FileInputStream(new File(absWhiteListUrl));
 				String whiteListString = IOUtils.toString(new InputStreamReader(is));
 				List<String> preWhitelist = KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(whiteListString));
 				
+				
+				
 				//remove prefix if required
 				for (String bPK : preWhitelist) {
 					String[] bPKSplit = bPK.split(":");
 					if (bPKSplit.length == 1)
 						whitelist.add(bPK);
 					
-					else if (bPKSplit.length ==2 )
-						whitelist.add(bPKSplit[1]);
-					
-					else
+					else if (bPKSplit.length ==2 ) {
+						if (internalTarget.equals(bPKSplit[0]))
+							whitelist.add(bPKSplit[1]);
+						else
+							Logger.info("Whitelist entry: " + bPK + " has an unsupported target. Entry will be removed ...");
+						
+					} else
 						Logger.info("Whitelist entry: " + bPK + " has an unsupported format. Entry will be removed ...");
 						
 				}
@@ -108,7 +127,7 @@ public class UserWhitelistStore {
 	public boolean isUserbPKInWhitelistDynamic(String bPK, boolean onlyDynamic) {
 		try {
 			if (absWhiteListUrl != null) {
-				InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI()));
+				InputStream is = new FileInputStream(new File(absWhiteListUrl));
 				String whiteListString = IOUtils.toString(new InputStreamReader(is));
 				if (whiteListString != null && whiteListString.contains(bPK)) {
 					Logger.trace("Find user with dynamic whitelist check");
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
new file mode 100644
index 000000000..e300c8ec8
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
@@ -0,0 +1,85 @@
+package at.gv.egovernment.moa.id.config.auth.data;
+
+import java.io.ByteArrayInputStream;
+import java.util.Arrays;
+import java.util.List;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.module.test.TestRequestImpl;
+import at.gv.egovernment.moa.util.Base64Utils;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/SpringTest-context_basic_user_whitelist.xml")
+public class AuthenticationDataBuilderTest {
+
+	@Autowired private AuthenticationDataBuilder authBuilder;
+	
+	private static final String DUMMY_IDL = "PHNhbWw6QXNzZXJ0aW9uIEFzc2VydGlvbklEPSJzenIuYm1pLmd2LmF0LUFzc2VydGlvbklEMTUyNzY2OTEwMDU5MTI3NDQiIElzc3VlSW5zdGFudD0iMjAxOC0wNS0zMFQxMDozMTo0MCswMTowMCIgSXNzdWVyPSJodHRwOi8vcG9ydGFsLmJtaS5ndi5hdC9yZWYvc3pyL2lzc3VlciIgTWFqb3JWZXJzaW9uPSIxIiBNaW5vclZlcnNpb249IjAiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDphc3NlcnRpb24iIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJubWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOmVjZHNhPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSMiIHhtbG5zOnNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSI+Cgk8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+CgkJPHNhbWw6U3ViamVjdD4KCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KCQkJCTxzYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjA6Y206c2VuZGVyLXZvdWNoZXM8L3NhbWw6Q29uZmlybWF0aW9uTWV0aG9kPgoJCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE+CgkJCQkJPHByOlBlcnNvbiBzaTp0eXBlPSJwcjpQaHlzaWNhbFBlcnNvblR5cGUiPjxwcjpJZGVudGlmaWNhdGlvbj48cHI6VmFsdWU+dHFDUUVDNytBcUdFZWVMMzkwVjVKZz09PC9wcjpWYWx1ZT48cHI6VHlwZT51cm46cHVibGljaWQ6Z3YuYXQ6YmFzZWlkPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24+PHByOk5hbWU+PHByOkdpdmVuTmFtZT5NYXg8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPk11c3Rlcm1hbm48L3ByOkZhbWlseU5hbWU+PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4xOTQwLTAxLTAxPC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj4KCQkJCTwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KCQkJPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJPC9zYW1sOlN1YmplY3Q+Cgk8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXplblB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJ1cm46cHVibGljaWQ6Z3YuYXQ6bmFtZXNwYWNlczppZGVudGl0eWxpbms6MS4yIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT48ZHNpZzpSU0FLZXlWYWx1ZT48ZHNpZzpNb2R1bHVzPnMwWmhkR2E4REgwSW1iTlU3aTRxdDRtR25CUEFlTDk5Q0dkZmRCOEhWWE5CNWd3d2VMY1o5WE1TWUJvUHFHdFVqemh6S29zRkN5M0sNCmpsSEVrejB0L3JQemhOVGRsVjJRN0FGWEZlT2g3M3dPajQ3R1B2T2lVNzdwQjE3WnJaOHlObW1JTTEyUVE5MVN0RGFWRkUra0dxUEkNCmNFZHZiZk94blU4aGNpa3lYcWVheFZVV3oxbVdXTnRveUwyWG5wa1U0QkZVQnU1NWg5S2tYVEFQcnBUbEFMZjkvRDFKamZWb05tamwNCnBLWXh6Q3JBSmE4Sno4Ui9sNis0U0U3YXc3dGZuazNZUXkxcFVmNWZmellkeXZQS2ZxVTBUTUVKLzdpOW1ORHFCZlVwcVhBRWowdWUNCkpvRWs0UC9pa2Q5UnZuVUlsU0V1NzFHMyt1VEluSXBaaTd2UG93PT08L2RzaWc6TW9kdWx1cz48ZHNpZzpFeHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PjwvZHNpZzpSU0FLZXlWYWx1ZT48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJPGRzaWc6U2lnbmF0dXJlPgoJCTxkc2lnOlNpZ25lZEluZm8+CgkJCTxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+CgkJCTxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIgLz4KCQkJPGRzaWc6UmVmZXJlbmNlIFVSST0iIj4KCQkJCTxkc2lnOlRyYW5zZm9ybXM+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQk8ZHNpZzpYUGF0aD5ub3QoYW5jZXN0b3Itb3Itc2VsZjo6cHI6SWRlbnRpZmljYXRpb24pPC9kc2lnOlhQYXRoPgoJCQkJCTwvZHNpZzpUcmFuc2Zvcm0+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8+CgkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCTxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIiAvPgoJCQkJPGRzaWc6RGlnZXN0VmFsdWU+QmVIdUFyYXUzSFVQcXg5dHV3QTRGaDNOSDB3PTwvZHNpZzpEaWdlc3RWYWx1ZT4KCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPGRzaWc6UmVmZXJlbmNlIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNNYW5pZmVzdCIgVVJJPSIjbWFuaWZlc3QiPgoJCQkJPGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiIC8+CgkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5mVEUrMjRnRHlkUlgvd0p2QlAxOUlucU54Rkk9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQk8L2RzaWc6UmVmZXJlbmNlPgoJCTwvZHNpZzpTaWduZWRJbmZvPgoJCTxkc2lnOlNpZ25hdHVyZVZhbHVlPgogICAgUHpLMWR2N2JFMGhQcGxlc1ZaRFhHSWxhbTlUK0JxWkd4ZWs5RHVuYkhNK21GWWI3a1NaZTN2eEszUmhRZjNBV3djbXFtVWZPRlJObg0KWndxYnovNGRZd2hJRld6VGdMelVmMlZkR0JsN2szbS8wSmJXSkV1bEtobE5vV2ZSTkRrdTRZcmI2THVrWjdaQzJFcWd2UXYxa1BRTg0Kb1BvQ1I5d3hUc1RKWFNCaHdLc0lERG9vZHY3aUVpWGFCM0xmVHQrQWdYdEdvbWRRaktjby9WamJSSzRUUEkvQUVNVU1KWm9zZlJYMg0KdmE2U1BaUnV4QjBlWkwwVGVzYittRjlFaUlOVnNTSU9nbTVSRE95V1ZRZkJnVG9nYjNoWmlLVmh0a1IvaWlSNmhZNlA2b1cwTDh4ag0KMG5ZVldPRHAxSlJML3Z0ZDFhUklVYzNCQTJQaFkrRmdJR1FHTUE9PQogIDwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlGdXpDQ0JLT2dBd0lCQWdJREdTa2VNQTBHQ1NxR1NJYjNEUUVCQlFVQU1JR2ZNUXN3Q1FZRFZRUUdFd0pCDQpWREZJTUVZR0ExVUVDZ3cvUVMxVWNuVnpkQ0JIWlhNdUlHWXVJRk5wWTJobGNtaGxhWFJ6YzNsemRHVnRaU0JwDQpiU0JsYkdWcmRISXVJRVJoZEdWdWRtVnlhMlZvY2lCSGJXSklNU0l3SUFZRFZRUUxEQmxoTFhOcFoyNHRZMjl5DQpjRzl5WVhSbExXeHBaMmgwTFRBeU1TSXdJQVlEVlFRRERCbGhMWE5wWjI0dFkyOXljRzl5WVhSbExXeHBaMmgwDQpMVEF5TUI0WERURTFNRGN5T0RFMU5Ea3dOVm9YRFRJd01EY3lPREV6TkRrd05Wb3dnYll4Q3pBSkJnTlZCQVlUDQpBa0ZVTVI0d0hBWURWUVFLREJWRVlYUmxibk5qYUhWMGVtdHZiVzFwYzNOcGIyNHhJakFnQmdOVkJBc01HVk4wDQpZVzF0ZW1Gb2JISmxaMmx6ZEdWeVltVm9iMlZ5WkdVeExqQXNCZ05WQkFNTUpWTnBaMjVoZEhWeWMyVnlkbWxqDQpaU0JFWVhSbGJuTmphSFYwZW10dmJXMXBjM05wYjI0eEZUQVRCZ05WQkFVVERETXlOVGt5T0RNeU16azVPREVjDQpNQm9HQ1NxR1NJYjNEUUVKQVF3TlpITnJRR1J6YXk1bmRpNWhkRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEDQpnZ0VQQURDQ0FRb0NnZ0VCQU4rZEJTRUJHajJqVVhJSzFNcDNsVnhjL1phK3BKTWl5S3JYM0cxWnhnWC9pa3g3DQpEOXNjc1BZTXQ0NzNMbEFXbDljbUNiSGJKSytQVjJYTk5kVVJMTVVDSVgrNHZVTnMyTUhlRFRRdFg4QlhqSkZwDQp3SllTb2FSSlEzOUZWUy8xcjVzV2NyYTlIaGRtN3c1R3R4LzJ1a3lEWDBrZGt4YXdraFA0RVFFemkvU0krRnVnDQpuK1dxZ1ExbkFkbGJ4Yi9kY0J3NXcxaDliM2xtdXdVZjR6M29vUVdVRDJEZ0Eva0tkMUtlak5SNDNtTFVzbXZTDQp6ZXZQeFQ5enM3OHBPUjFPYWNCN0lzelRWSlBYZU9FYWFOWkhubkIvVWVPM2c4TEVWLzNPa1hjVWdjTWtiSUlpDQphQkhsbGw3MVBxMENPajlrcWpYb2U3T3JSakxZNWkzS3dPcGE2VE1DQXdFQUFhT0NBZVV3Z2dIaE1CRUdBMVVkDQpEZ1FLQkFoTUNBNmVHdlMxdWpBT0JnTlZIUThCQWY4RUJBTUNCTEF3RGdZSEtpZ0FDZ0VIQVFRREFRSC9NQk1HDQpBMVVkSXdRTU1BcUFDRWtjV0RwUDZBMERNQWtHQTFVZEV3UUNNQUF3RkFZSEtpZ0FDZ0VCQVFRSkRBZENVMEl0DQpSRk5MTUg4R0NDc0dBUVVGQndFQkJITXdjVEJHQmdnckJnRUZCUWN3QW9ZNmFIUjBjRG92TDNkM2R5NWhMWFJ5DQpkWE4wTG1GMEwyTmxjblJ6TDJFdGMybG5iaTFqYjNKd2IzSmhkR1V0YkdsbmFIUXRNREpoTG1OeWREQW5CZ2dyDQpCZ0VGQlFjd0FZWWJhSFIwY0RvdkwyOWpjM0F1WVMxMGNuVnpkQzVoZEM5dlkzTndNRlFHQTFVZElBUk5NRXN3DQpTUVlHS2lnQUVRRVNNRDh3UFFZSUt3WUJCUVVIQWdFV01XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrDQpiMk56TDJOd0wyRXRjMmxuYmkxQmJYUnpjMmxuYm1GMGRYSXdnWjRHQTFVZEh3U0JsakNCa3pDQmtLQ0JqYUNCDQppb2FCaDJ4a1lYQTZMeTlzWkdGd0xtRXRkSEoxYzNRdVlYUXZiM1U5WVMxemFXZHVMV052Y25CdmNtRjBaUzFzDQphV2RvZEMwd01peHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wDQpQMkpoYzJVL2IySnFaV04wWTJ4aGMzTTlaV2xrUTJWeWRHbG1hV05oZEdsdmJrRjFkR2h2Y21sMGVUQU5CZ2txDQpoa2lHOXcwQkFRVUZBQU9DQVFFQUhRM1pDTXRBYmF6ZU1IbVdBMnpoWWxIcUhnS1ZvY1ZYRURnbU5tV0xHcUZlDQo4RUFERklzOHVHcmt0Qm1XQ1VJWGJYczdUSGNmeHMySjQ3dkh1Y29wc2RrYWJObFhFanpuZFJmbmMrMVZJbmJvDQp6TXJZZDdqZUROVEsvdElqaU9FWWRyeUlwZWtWOUNmYXc3eXU2bWVmTXpldTFhQXdmN0JuSy9odWl3SlduZW5wDQpCN2lEL1B2WittenVDN1JOZkpmRisrU3RpQlR4aTNWWXhOR01qTTFjVThHdzlWV2MwUjNFdWpPYVhXZ0NDOGk1DQpGR2hWdk9ZaE5YZnN4SlhiTnhld0VDanBBTHZEbEZMTCtpQzQ5RytBRFNvUnYwU2s5MU9QdStjSW1DajNyczNRDQp0YXNJL3A5TFlhY0c2Yy9nSTN0RTBpaHFnOVJic0tIWFFsM1BPdkVSSkE9PTwvZHNpZzpYNTA5Q2VydGlmaWNhdGU+PC9kc2lnOlg1MDlEYXRhPjwvZHNpZzpLZXlJbmZvPgoJCTxkc2lnOk9iamVjdD4KCQkJPGRzaWc6TWFuaWZlc3QgSWQ9Im1hbmlmZXN0Ij4KCQkJCTxkc2lnOlJlZmVyZW5jZSBVUkk9IiI+CgkJCQkJPGRzaWc6VHJhbnNmb3Jtcz4KCQkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQkJPGRzaWc6WFBhdGg+bm90KGFuY2VzdG9yLW9yLXNlbGY6OmRzaWc6U2lnbmF0dXJlKTwvZHNpZzpYUGF0aD4KCQkJCQkJPC9kc2lnOlRyYW5zZm9ybT4KCQkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCQk8ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIgLz4KCQkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5wM1pwS1BvK0ZYT3ZXdEhidFJzR2VLWm9lSTQ9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPC9kc2lnOk1hbmlmZXN0PgoJCTwvZHNpZzpPYmplY3Q+Cgk8L2RzaWc6U2lnbmF0dXJlPgo8L3NhbWw6QXNzZXJ0aW9uPg==";
+	
+	@Test
+	public void dummyTest() throws Exception {
+		
+		
+	}
+	
+	
+	@Test
+	public void buildAuthDataWithIDLOnly() throws Exception {
+		IRequest pendingReq = new TestRequestImpl();
+		DummyOAConfig oaParam = new DummyOAConfig();
+		oaParam.setHasBaseIdTransferRestriction(false);
+		oaParam.setTarget("urn:publicid:gv.at:cdid+ZP-MH");
+		oaParam.setForeignbPKSectors(Arrays.asList("wbpk+FN+195738a"));
+		
+		IAuthenticationSession session = new DummyAuthSession();
+		session.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL, false))).parseIdentityLink());
+	
+		IAuthData authData = authBuilder.buildAuthenticationData(pendingReq, session, oaParam);
+		
+		if (!authData.getFamilyName().equals("Mustermann"))
+			throw new Exception("Familyname wrong");
+		
+		if (!authData.getGivenName().equals("Max"))
+			throw new Exception("GivenName wrong");
+						
+		if (!authData.getFormatedDateOfBirth().equals("1940-01-01"))
+			throw new Exception("DateOfBirth wrong");
+		 
+		
+		if (!authData.getIdentificationValue().equals("tqCQEC7+AqGEeeL390V5Jg=="))
+			throw new Exception("baseId wrong");
+		
+		if (!authData.getIdentificationType().equals("urn:publicid:gv.at:baseid"))
+			throw new Exception("baseIdType wrong");
+		
+	
+		if (!authData.getBPK().equals("DJ6nGg2JgcPH768BhqTNXVsGhOY="))
+			throw new Exception("bPK wrong");
+		
+		if (!authData.getBPKType().equals("urn:publicid:gv.at:cdid+ZP-MH"))
+			throw new Exception("bPKType wrong");
+		
+		
+		List<String> foreignbPKs = authData.getEncbPKList();
+		if (foreignbPKs.isEmpty())
+			throw new Exception("NO foreign bPK list is null");
+		
+		if (foreignbPKs.size() != 1)
+			throw new Exception("NO or MORE THAN ONE foreign bPK");
+		
+		if (!foreignbPKs.get(0).startsWith("(wbpk+FN+195738a|") && !(foreignbPKs.get(0).endsWith(")")))
+			throw new Exception("foreign bPK has wrong prefix");
+				
+	}
+	
+}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java
index d72e2f28c..2c31d82f9 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java
@@ -1,10 +1,12 @@
 package at.gv.egovernment.moa.id.config.auth.data;
 
 import java.io.IOException;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
 
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
 import at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
@@ -86,8 +88,13 @@ public class DummyAuthConfig implements AuthConfiguration {
 			} catch (IOException e) {
 				e.printStackTrace();
 			}
+			 
+		} else if (UserRestrictionTask.CONFIG_PROPS_CSV_USER_SECTOR.equals(key)) {
+			return "urn:publicid:gv.at:cdid+ZP-MH";
+			
 		} 
 		
+		
 		return null;
 	}
 
@@ -99,8 +106,46 @@ public class DummyAuthConfig implements AuthConfiguration {
 
 	@Override
 	public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) {
-		// TODO Auto-generated method stub
-		return null;
+		Map<String, String> result = new HashMap<String, String>();
+		if (AuthenticationDataBuilder.CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS.equals(prefix)) {
+			result.put("BMI+T1", "MIICuTCCAaGgAwIBAgIEWQMr6TANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARyb290MB4XDTE3MDQyODExNDgyN1oXDTE4MDQyODExNDgyN1owDzENMAsGA1UEAwwEcm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKavdekY9h6te6UoCvahSKqhlNk+ZMGq1aBvj129J10wJoz3BsO86cK/ounvzrE9g6FOOeEtlb/lRRTwhO601o9/dXhIvSalpKgAF4owTuhxKUEhEUNJr4pUxFSm8OkPHEXqSXsn6W7tg/G0r12z246RAApw5jpzDDdYYY8gEZFXURf1xYnbKFPoNlPIyFj0vN7Afe+Fo8v3Brb05iQkC3wBxMnL2LZ7XLK8uu93VG/mOrUrEtZkFzOWg0c3WBKQgxCD/F5BMouXBSsNu7lzV2qEyX0uIiEQrv75Fk32DjQqx41S31lByFnL8YbYWX4lsCv0O9Smhjrn6+k91JsvcDECAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAb4wDQYJKoZIhvcNAQELBQADggEBAAFQVd6PHrpBDTw+YUYj3yOgjFlKiSTEb4s59O74CZGbgElE2k36bqEJwki8W2ZiK+L3aeA1XCYF9cuI8QBWHJXg3UQFtDMF2zieOy/BBEA0HN6q4IjQKbt9cNR3w7nMp+lJ/BUlX6AIqfmSgJ6bKVlUsu4yuhstDBXy7QOAuQ8q76qkk7j6uiahWCyBRb5R9TDj7mQn0nM/tbeUUZa7Mxje/W4YhdatNYasTnExCyEE4S6lpSiJQdrkFGlRWp6Ia41/r6GZsAZ6pss+xyxDbJySqbVn2ro6WV4kMbrh/gX1HbmrF5UGIO/qvM+5yM6+wUfLtqPCK0PtLkI940E3WfM=");
+			result.put("wbpk+FN+468924i", "MIIDCzCCAfMCBFr9aB4wDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxEzARBgNVBAsMCnZpZHAuZ3YuYXQxFzAVBgNVBAMMDlNBTUwyIG1ldGFkYXRhMB4XDTE4MDUxNzExMzE0MloXDTE5MDUxNzExMzE0MlowSjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxEzARBgNVBAsMCnZpZHAuZ3YuYXQxFzAVBgNVBAMMDlNBTUwyIG1ldGFkYXRhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi5yyZCJCW2MLQKmupDZTQBNItpIqMlLNAUMF5U8vwJ0uoAWqetOyJ65Q9Wx9TixcIIxXa+0qA/7xVr44LoE4sRXZtZvkS5TGXUgD81FLXU5WJdeJQeUa63TdKjpdcL6wCbMIDs+2fDClIB7gKUV7S56NMhdiQzfW6OLFFQyfu6aXzpLcAOqq+FVo5paPjvGNgmVGwMS/4W0c8FeaPceno98rjslYslKUu3gCMezhYmvson7fEsgRf6s/Ko4pZev4rK7N+ib25g0x0L+gJkq6gb46wH4TBemXr/WTi5II1pxdG0CuLLKewDgMCymeneXPFIewiIPF9ydSPdq2XsHlTwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBbNeQGGDB0RjWRtCoMPQ1tF4pTMOy1QXd362Qx6kbuScEsG/9fGLE3mgpyLx3zyjX/pP0hkVtygDu/5684KEj0aJ65dx6kgFkmvLNq4YUpvQUBjylQHmpO4fsL57q8ZMnoWow8rX4g18sP8lHvW1g+tfWa3r+RRN/NlHm0RYb559xq7NgfPu11gxp9O6RsSkrf0IkWnJ1dit4bx7RR8PY+ZZjPAfg8/eAZ98DSP8FPdlLkKQvRV5NCIjG4tU5tIV4z5yvZ/npdKMdqjiQxmA002U+inOzCcciRRZSdXhYgqvkuMEHYsaoGlLwj+wJbEviobPpWxcEeQoqEwIj6QpwX");
+			result.put("wbpk+FN+195738a", "MIIF2TCCA8GgAwIBAgIEL2AV4zANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMC\r\n" + 
+					"QVQxSDBGBgNVBAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUg\r\n" + 
+					"aW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSDEYMBYGA1UECwwPYS1zaWduLWxp\r\n" + 
+					"Z2h0LTA1MRgwFgYDVQQDDA9hLXNpZ24tbGlnaHQtMDUwHhcNMTgwNjA4MTA0MzEy\r\n" + 
+					"WhcNMjMwNjA4MDg0MzEyWjBoMQswCQYDVQQGEwJBVDEbMBkGA1UEAwwSZS1UcmVz\r\n" + 
+					"b3IgRnJlbWQtYlBLMRIwEAYDVQQEDAlGcmVtZC1iUEsxETAPBgNVBCoMCGUtVHJl\r\n" + 
+					"c29yMRUwEwYDVQQFEwwxMTc3MDQwMzU4MjUwggEgMA0GCSqGSIb3DQEBAQUAA4IB\r\n" + 
+					"DQAwggEIAoIBAQC9jQHCrCK4r8bKsist/h53yP7RzqDZhDGy3j6BLiGMGeQ8Qekf\r\n" + 
+					"k+Onmy6k7PfOfBZgiOd/Zs8JXZMISycz5/G9WJp0d1iFjmRDNWmM4MEN8k+mAnW+\r\n" + 
+					"Omn7sTJStaL5hRME/YdJpI/k08MasQuc13M6i6szpKA0eMfLf0nTWgEWt5e/x3Gj\r\n" + 
+					"+Br7dxYtv8RDeHHVhk5EkXwbhuVi9fO/UCNEAEsKCkiTGCwVRek/c+LQ42cnuLKN\r\n" + 
+					"Kg4LKJaIrr9uyMkibYpDZi1nXwQR9Jxsg4lzfpyAvSJIZtqMN0C66cwnzflLt9M8\r\n" + 
+					"GwO08KzvONEo4oiodKx7IcMGGbjukHX2NY7BAgERo4IBZzCCAWMwdAYIKwYBBQUH\r\n" + 
+					"AQEEaDBmMDsGCCsGAQUFBzAChi9odHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMv\r\n" + 
+					"YS1zaWduLWxpZ2h0LTA1LmNydDAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AuYS10\r\n" + 
+					"cnVzdC5hdC9vY3NwMBMGA1UdIwQMMAqACEhCh7VWr5ysMB0GA1UdEQQWMBSBEnRl\r\n" + 
+					"Y2huaWtAYS10cnVzdC5hdDARBgNVHQ4ECgQIRnNIDj8iCQcwDgYDVR0PAQH/BAQD\r\n" + 
+					"AgSwMAkGA1UdEwQCMAAwTQYDVR0gBEYwRDBCBgYqKAARAQkwODA2BggrBgEFBQcC\r\n" + 
+					"ARYqaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3MvY3AvYS1zaWduLWxpZ2h0MDoG\r\n" + 
+					"A1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwuYS10cnVzdC5hdC9jcmwvYS1zaWdu\r\n" + 
+					"LWxpZ2h0LTA1MA0GCSqGSIb3DQEBCwUAA4ICAQAh7plfW9U3hh5brYS0OmWhKJrM\r\n" + 
+					"jBDn9TyKsdetZ3AU3/GJONSq1GrZbTv6dq6vAH0G20cNQaLSNl2/9U3WBqX2T2Ik\r\n" + 
+					"vek8925+9HAFRVZiwnNX5CT0dQGNkqkagVzfd8dj8n+KiQZZZN9WroR9MoRXNlw1\r\n" + 
+					"DERzlXLlYFtK+F4323LtbolSLnN793p/6al4k8RheKG0Jy+pEtpCy6KNohkl34ZE\r\n" + 
+					"xtGrQLrJDtRtbCJcJ1t2fsM8iP9vi+K+0hOolIM7qwELRftwhvLyB+Gtlke2zLod\r\n" + 
+					"SR0AA6fLoNISdKpSEIu1OJ88R70T3q3sEYWLHc8GHPO6WjaF/tq8iI/lPeUc0c2u\r\n" + 
+					"gZOpH6Q3jWZo9UmhAbcyIwQTtVg9lS35EM3xPt+GC9DTsyNkTJObICZXUGsUswCp\r\n" + 
+					"Vj76888biAR/ey9pr6fctj11w4jEwOP5pIcKdv1vX6KZl58O8kIUV3IUbvFY/M1n\r\n" + 
+					"bfCrmm8uT4780NAIv3v8jgB/wK6EjntXoACPyGwB3lbdWJ2lZ4y5QCYEbW/8LLzJ\r\n" + 
+					"6kGERNrFGBn4pK8GhZg8Tq1GigOyUrGteHeYUylKqLRoIvby53tYHnMx5fS/N/OU\r\n" + 
+					"uKuAqGNHDTNkYI2jWhS6gFjUdTiaVVdKo/GSS4eDU5hsKOBRHTKWLT9E1DryCUkD\r\n" + 
+					"u4SwB63SrCEshSczfA==\r\n");
+			
+		}
+		
+		return result;
 	}
 
 	@Override
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthSession.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthSession.java
new file mode 100644
index 000000000..e340d4c86
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthSession.java
@@ -0,0 +1,287 @@
+package at.gv.egovernment.moa.id.config.auth.data;
+
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
+import iaik.x509.X509Certificate;
+
+public class DummyAuthSession implements IAuthenticationSession {
+
+	private IIdentityLink idl;
+
+	@Override
+	public boolean isAuthenticated() {
+		return true;
+	}
+
+	@Override
+	public void setAuthenticated(boolean authenticated) {
+		// TODO Auto-generated method stub
+		
+	}
+
+	@Override
+	public X509Certificate getSignerCertificate() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public byte[] getEncodedSignerCertificate() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public void setSignerCertificate(X509Certificate signerCertificate) {
+		// TODO Auto-generated method stub
+		
+	}
+
+	@Override
+	public IIdentityLink getIdentityLink() {
+		return this.idl;
+	}
+
+	@Override
+	public String getSessionID() {
+		return "123456789abcd";
+	}
+
+	@Override
+	public void setIdentityLink(IIdentityLink identityLink) {
+		this.idl = identityLink;
+		
+	}
+
+	@Override
+	public void setSessionID(String sessionId) {
+		// TODO Auto-generated method stub
+		
+	}
+
+	@Override
+	public String getBkuURL() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public void setBkuURL(String bkuURL) {
+		// TODO Auto-generated method stub
+		
+	}
+
+	@Override
+	public String getAuthBlock() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public void setAuthBlock(String authBlock) {
+		// TODO Auto-generated method stub
+		
+	}
+
+	@Override
+	public List<ExtendedSAMLAttribute> getExtendedSAMLAttributesAUTH() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public void setExtendedSAMLAttributesAUTH(List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH) {
+		// TODO Auto-generated method stub
+		
+	}
+
+	@Override
+	public List<ExtendedSAMLAttribute> getExtendedSAMLAttributesOA() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public void setExtendedSAMLAttributesOA(List<ExtendedSAMLAttribute> extendedSAMLAttributesOA) {
+		// TODO Auto-generated method stub
+		
+	}
+
+	@Override
+	public boolean getSAMLAttributeGebeORwbpk() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) {
+		// TODO Auto-generated method stub
+		
+	}
+
+	@Override
+	public String getIssueInstant() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public void setIssueInstant(String issueInstant) {
+		// TODO Auto-generated method stub
+		
+	}
+
+	@Override
+	public void setUseMandate(String useMandate) {
+		// TODO Auto-generated method stub
+		
+	}
+
+	@Override
+	public void setUseMandates(boolean useMandates) {
+		// TODO Auto-generated method stub
+		
+	}
+
+	@Override
+	public boolean isMandateUsed() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public void setMISSessionID(String misSessionID) {
+		// TODO Auto-generated method stub
+		
+	}
+
+	@Override
+	public String getMISSessionID() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getMandateReferenceValue() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public void setMandateReferenceValue(String mandateReferenceValue) {
+		// TODO Auto-generated method stub
+		
+	}
+
+	@Override
+	public boolean isForeigner() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public void setForeigner(boolean isForeigner) {
+		// TODO Auto-generated method stub
+		
+	}
+
+	@Override
+	public IVerifiyXMLSignatureResponse getXMLVerifySignatureResponse() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public void setXMLVerifySignatureResponse(IVerifiyXMLSignatureResponse xMLVerifySignatureResponse) {
+		// TODO Auto-generated method stub
+		
+	}
+
+	@Override
+	public IMISMandate getMISMandate() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public void setMISMandate(IMISMandate mandate) {
+		// TODO Auto-generated method stub
+		
+	}
+
+	@Override
+	public boolean isOW() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public void setOW(boolean isOW) {
+		// TODO Auto-generated method stub
+		
+	}
+
+	@Override
+	public String getAuthBlockTokken() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public void setAuthBlockTokken(String authBlockTokken) {
+		// TODO Auto-generated method stub
+		
+	}
+
+	@Override
+	public String getQAALevel() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public void setQAALevel(String qAALevel) {
+		// TODO Auto-generated method stub
+		
+	}
+
+	@Override
+	public Date getSessionCreated() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Map<String, Object> getGenericSessionDataStorage() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Object getGenericDataFromSession(String key) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public <T> T getGenericDataFromSession(String key, Class<T> clazz) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException {
+		// TODO Auto-generated method stub
+		
+	}
+
+	
+}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthStorage.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthStorage.java
new file mode 100644
index 000000000..76e0a83c6
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthStorage.java
@@ -0,0 +1,186 @@
+package at.gv.egovernment.moa.id.config.auth.data;
+
+import java.util.Date;
+import java.util.List;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.data.SLOInformationInterface;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
+
+public class DummyAuthStorage implements IAuthenticationSessionStoreage {
+
+	@Override
+	public boolean isAuthenticated(String internalSsoSessionID) {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public AuthenticationSession createInternalSSOSession(IRequest target) throws MOADatabaseException, BuildException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public AuthenticationSession getInternalSSOSession(String internalSsoSessionID) throws MOADatabaseException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public AuthenticationSessionExtensions getAuthenticationSessionExtensions(String internalSsoSessionID)
+			throws MOADatabaseException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public void setAuthenticationSessionExtensions(String internalSsoSessionID,
+			AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void destroyInternalSSOSession(String internalSsoSessionID) throws MOADatabaseException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void setAuthenticated(String internalSsoSessionID, boolean isAuthenticated) {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public AuthenticationSession getInternalMOASessionWithSSOID(String SSOSessionID) throws MOADatabaseException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isSSOSession(String sessionID) throws MOADatabaseException {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public void addSSOInformation(String moaSessionID, String SSOSessionID, SLOInformationInterface SLOInfo,
+			IRequest protocolRequest) throws AuthenticationException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public List<OASessionStore> getAllActiveOAFromMOASession(IAuthenticationSession moaSession) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(IAuthenticationSession moaSession) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public IAuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public OASessionStore searchActiveOASSOSession(IAuthenticationSession moaSession, String oaID,
+			String protocolType) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public IAuthenticationSession getSessionWithUserNameID(String nameID) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASessionIDPID(String sessionID,
+			String idpID) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor)
+			throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(String moaSessionID) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean removeInterfederetedSession(String entityID, String pedingRequestID) {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public void clean(Date now, long authDataTimeOutCreated, long authDataTimeOutUpdated) {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void markOAWithAttributeQueryUsedFlag(IAuthenticationSession session, String oaurl, String requestedModule) {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void deleteIdpInformation(InterfederationSessionStore nextIDPInformation) {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public void persistIdpInformation(InterfederationSessionStore nextIDPInformation) {
+		// TODO Auto-generated method stub
+
+	}
+
+	@Override
+	public OldSSOSessionIDStore checkSSOTokenAlreadyUsed(String ssoId) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java
new file mode 100644
index 000000000..44e3d5e2a
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java
@@ -0,0 +1,289 @@
+package at.gv.egovernment.moa.id.config.auth.data;
+
+import java.security.PrivateKey;
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
+import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+
+public class DummyOAConfig implements IOAAuthParameters {
+
+	private List<String> foreignbPKSectors;
+	private String target;
+	private boolean hasBaseIdTransferRestriction;
+	
+	@Override
+	public Map<String, String> getFullConfiguration() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getConfigurationValue(String key) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getFriendlyName() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getPublicURLPrefix() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException {
+		return false;
+	}
+
+	@Override
+	public boolean hasBaseIdTransferRestriction() throws ConfigurationException {
+		return hasBaseIdTransferRestriction;
+	}
+
+	@Override
+	public String getAreaSpecificTargetIdentifier() throws ConfigurationException {
+		return target;
+	}
+
+	@Override
+	public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isInderfederationIDP() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isSTORKPVPGateway() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isRemovePBKFromAuthBlock() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public String getKeyBoxIdentifier() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public SAML1ConfigurationParameters getSAML1Parameter() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getTemplateURL() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getAditionalAuthBlockText() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getBKUURL(String bkutype) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getBKUURL() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean useSSO() {
+		return false;
+	}
+
+	@Override
+	public boolean useSSOQuestion() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public List<String> getMandateProfiles() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isShowMandateCheckBox() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isOnlyMandateAllowed() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isShowStorkLogin() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public String getQaaLevel() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isRequireConsentForStorkAttributes() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public Collection<StorkAttribute> getRequestedSTORKAttributes() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public byte[] getBKUSelectionTemplate() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public byte[] getSendAssertionTemplate() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Collection<CPEPS> getPepsList() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getIDPAttributQueryServiceURL() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isInboundSSOInterfederationAllowed() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isInterfederationSSOStorageAllowed() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isOutboundSSOInterfederationAllowed() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isTestCredentialEnabled() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public List<String> getTestCredentialOIDs() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isUseIDLTestTrustStore() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isUseAuthBlockTestTestStore() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public PrivateKey getBPKDecBpkDecryptionKey() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isPassivRequestUsedForInterfederation() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isPerformLocalAuthenticationOnInterfederationError() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public Collection<StorkAttributeProviderPlugin> getStorkAPs() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<Integer> getReversionsLoggingEventCodes() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> foreignbPKSectorsRequested() {
+		return foreignbPKSectors;
+		
+	}
+
+	public void setForeignbPKSectors(List<String> foreignSectors) {
+		this.foreignbPKSectors = foreignSectors;
+		
+	}
+
+	public void setTarget(String target) {
+		this.target = target;
+	}
+
+	public void setHasBaseIdTransferRestriction(boolean hasBaseIdTransferRestriction) {
+		this.hasBaseIdTransferRestriction = hasBaseIdTransferRestriction;
+	}
+	
+	
+}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java
index 71956990e..3cd9d9476 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java
@@ -1,16 +1,10 @@
 package at.gv.egovernment.moa.id.config.auth.data;
 
-import java.io.IOException;
-import java.io.InputStreamReader;
-
-import org.apache.commons.io.IOUtils;
-import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.opensaml.xml.ConfigurationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; 
 
 
 @RunWith(SpringJUnit4ClassRunner.class)
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
index 3ecbb84a2..ebed519f1 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
@@ -38,6 +38,8 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageExcepti
 public class TestRequestImpl implements IRequest {
 
 	private String processInstanceID = null; 
+
+	public static final String DUMMY_AUTH_URL = "http://dummyIDP/";
 	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedModule()
@@ -152,8 +154,7 @@ public class TestRequestImpl implements IRequest {
 	 */
 	@Override
 	public String getAuthURL() {
-		// TODO Auto-generated method stub
-		return null;
+		return DUMMY_AUTH_URL;
 	}
 
 	/* (non-Javadoc)
diff --git a/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv b/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv
index 099fc0f7e..c33de9970 100644
--- a/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv
+++ b/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv
@@ -7,4 +7,6 @@ ZP-MH:DJ6nGg2JgcPH768BhqTNXVsGhOY=,
 JWiLzwktCITGg+ztRKEAwWloSNM=,
 ZP-MH:+cyQbhr1fQ8hLhazL62tFRq47iY=,
 ZP-MH:AFmfywfYPHcl2Lxp138upielmrs=,
-ZP-MH:yPAOTsc9LY5/jnbkWn2MWY6hjg0=
+ZP-MH:yPAOTsc9LY5/jnbkWn2MWY6hjg0=,
+ZP-MH:yPAOTsc9LY5/jnbkWn2MWY6hjg0=:asdfadsfasdf,
+ZP-AT:yPAOTsc9LY5/jnbkWn2MWY6hjg0=
diff --git a/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml b/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml
index 85788714a..65e48987a 100644
--- a/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml
+++ b/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml
@@ -9,10 +9,21 @@
 		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
 		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
 
+	<!-- Prod. classes from MOA-ID lib -->
 			
 	<bean id="UserWhiteList_Store" 
 				class="at.gv.egovernment.moa.id.config.auth.data.UserWhitelistStore"/>
+								
+	<bean id="AuthenticationDataBuilder" 
+				class="at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder"/>
+				
+				
+				
+	<!-- Dummy test classes -->				
 				
 	<bean id="DummyAuthConfig" 
 				class="at.gv.egovernment.moa.id.config.auth.data.DummyAuthConfig"/>
+				
+	<bean id="DummyAuthStorage" 
+				class="at.gv.egovernment.moa.id.config.auth.data.DummyAuthStorage"/>								
 </beans>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/IPKIXValidator.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/IPKIXValidator.java
new file mode 100644
index 000000000..ce32cbd0d
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/IPKIXValidator.java
@@ -0,0 +1,6 @@
+package at.gv.egovernment.moa.id.commons.validation;
+
+public interface IPKIXValidator {
+	
+	
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASPPKIXCertValidator.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASPPKIXCertValidator.java
new file mode 100644
index 000000000..fda567452
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASPPKIXCertValidator.java
@@ -0,0 +1,9 @@
+package at.gv.egovernment.moa.id.commons.validation;
+
+import org.springframework.stereotype.Service;
+
+@Service
+public class MOASPPKIXCertValidator implements IPKIXValidator {
+
+	
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/PKIXValidatorConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/PKIXValidatorConfiguration.java
new file mode 100644
index 000000000..20235c4b6
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/PKIXValidatorConfiguration.java
@@ -0,0 +1,21 @@
+package at.gv.egovernment.moa.id.commons.validation;
+
+public class PKIXValidatorConfiguration {
+	
+	public enum CHAININGMODE {
+		pkix, chaining
+	}
+	
+	public enum REVOCATIONCHECKMETHODES {
+		crl, ocsp
+	}
+	
+	private String trustStorePath = null;
+	private String certStorePath = null;
+	private boolean revocationChecking = true;
+	private REVOCATIONCHECKMETHODES[] revocationCheckMode = {REVOCATIONCHECKMETHODES.ocsp, REVOCATIONCHECKMETHODES.crl};
+	private CHAININGMODE chaining = CHAININGMODE.pkix;
+	
+	
+	
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
index a131e5e29..da0b7ac90 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
@@ -4,7 +4,6 @@ import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.util.Map;
 
-import org.jose4j.base64url.Base64Url;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.opensaml.DefaultBootstrap;
@@ -75,8 +74,8 @@ public abstract class eIDDataVerifierTest {
 		if (MiscUtil.isEmpty(idlB64))
 			throw new Exception("NO IDL found");
 		
-		//IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink();
-		IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Url.decode(idlB64))).parseIdentityLink();
+		IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink();
+		//IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Url.decode(idlB64))).parseIdentityLink();
 		if (idl == null) 
 			throw new Exception("IDL parsing FAILED");
 			
@@ -88,7 +87,8 @@ public abstract class eIDDataVerifierTest {
 		if (MiscUtil.isEmpty(idlB64))
 			throw new Exception("NO IDL found");
 		
-		IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Url.decode(idlB64))).parseIdentityLink();
+		IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink();
+//		IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Url.decode(idlB64))).parseIdentityLink();
 		
 		if (idl == null) 
 			throw new Exception("IDL parsing FAILED");
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
index c2132c1f9..a97e5944a 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
@@ -424,4 +424,10 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters {
 		return null;
 	}
 
+	@Override
+	public List<String> foreignbPKSectorsRequested() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
 }
-- 
cgit v1.2.3


From 92982d1ee7f13e5206ea192776b0a042d2ddea2f Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 12 Jun 2018 12:08:12 +0200
Subject: fix wrong encoding in EncryptedBPKAttributeBuilder

---
 .../egovernment/moa/id/auth/builder/BPKBuilder.java   |  3 ++-
 .../attributes/EncryptedBPKAttributeBuilder.java      | 19 +++++++++++++------
 2 files changed, 15 insertions(+), 7 deletions(-)

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
index 14de65e36..865f7e6b4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -171,7 +171,8 @@ public class BPKBuilder {
 		try {
 			byte[] inputBytes = input.getBytes("ISO-8859-1");
 			result = encrypt(inputBytes, publicKey);
-			return new String(Base64Utils.encode(result, "ISO-8859-1")).replaceAll("\r\n", "");
+			
+			return new String(java.util.Base64.getEncoder().encode(result), "ISO-8859-1").replaceAll("\r\n", "");
 			
 		} catch (Exception e) {
 			throw new BuildException("bPK encryption FAILED", null, e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
index f5c48b826..d15f545ae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
@@ -23,12 +23,9 @@
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Constants;
 
 public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
 	
@@ -40,10 +37,10 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
 			IAttributeGenerator<ATT> g) throws AttributeException {
 
 		if (authData.getEncbPKList() != null &&
-				authData.getEncbPKList().size() > 0) {
-			String value = "(" + authData.getEncbPKList().get(0) + ")";
+				authData.getEncbPKList().size() > 0) {						
+			String value = addPreAndSufix(authData.getEncbPKList().get(0));						
 			for (int i=1; i<authData.getEncbPKList().size(); i++)
-				value += ";"+authData.getEncbPKList().get(i);			
+				value += ";"+addPreAndSufix(authData.getEncbPKList().get(i));			
 			
 			return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, 
 					value);
@@ -68,4 +65,14 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
 		return g.buildEmptyAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME);
 	}
 	
+	private String addPreAndSufix(String value) {
+		if (!value.startsWith("("))
+			value = "(" + value;
+		
+		if (!value.endsWith(""))
+			value = value + ")";
+		
+		return value;
+	}
+	
 }
-- 
cgit v1.2.3


From 2a073c6727d704271e17d9b682be28410f23aae7 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 14 Jun 2018 06:18:47 +0200
Subject: more refactoring staff

---
 .../moa/id/advancedlogging/StatisticLogger.java    | 143 +--
 .../moa/id/auth/AuthenticationSessionCleaner.java  |   2 +-
 .../moa/id/auth/MOAIDAuthInitializer.java          |   2 +-
 .../id/auth/builder/AuthenticationDataBuilder.java |  53 +-
 .../builder/CreateXMLSignatureRequestBuilder.java  |   2 +-
 .../moa/id/auth/data/AuthenticationSession.java    |  38 +-
 .../id/auth/data/AuthenticationSessionWrapper.java |  21 +-
 .../moa/id/auth/exception/BKUException.java        |  59 --
 .../auth/exception/MISSimpleClientException.java   |  94 --
 .../id/auth/modules/BKUSelectionModuleImpl.java    |   4 +-
 .../modules/SingleSignOnConsentsModuleImpl.java    |   4 +-
 .../internal/tasks/EvaluateBKUSelectionTask.java   |   5 +-
 .../tasks/EvaluateSSOConsentsTaskImpl.java         |  13 +-
 .../internal/tasks/FinalizeAuthenticationTask.java |  79 --
 .../tasks/GenerateBKUSelectionFrameTask.java       |  11 +-
 .../GenerateSSOConsentEvaluatorFrameTask.java      |  10 +-
 .../tasks/RestartAuthProzessManagement.java        |  12 +-
 .../StartAuthentificationParameterParser.java      |   2 +-
 .../AbstractProcessEngineSignalController.java     |  87 --
 .../id/auth/servlet/GUILayoutBuilderServlet.java   |   4 +-
 .../GeneralProcessEngineSignalController.java      |   2 +
 .../id/auth/servlet/IDPSingleLogOutServlet.java    |   2 +-
 .../moa/id/auth/servlet/LogOutServlet.java         |  33 +-
 .../WebFrontEndSecurityInterceptor.java            |   2 +-
 .../moa/id/client/utils/SZRGWClientUtils.java      |   2 +-
 .../PropertyBasedAuthConfigurationProvider.java    |   7 +
 .../moa/id/data/AuthenticationData.java            | 820 -----------------
 .../gv/egovernment/moa/id/data/IMOAAuthData.java   |  40 +
 .../moa/id/data/MOAAuthenticationData.java         | 968 +++++++++++++++++++++
 .../moa/id/moduls/AuthenticationManager.java       | 458 ++--------
 .../gv/egovernment/moa/id/moduls/SSOManager.java   | 192 +++-
 .../protocols/builder/attributes/EIDAuthBlock.java |  15 +-
 .../id/protocols/builder/attributes/EIDCcsURL.java |  16 +-
 .../EIDCitizenQAALevelAttributeBuilder.java        |  23 +-
 .../pvp2x/builder/SingleLogOutBuilder.java         |   2 +-
 .../moa/id/util/MOAIDMessageProvider.java          | 144 ---
 .../moa/id/commons/MOAIDAuthConstants.java         |   6 +-
 .../commons/api/data/AuthProzessDataConstants.java |   2 +-
 .../commons/api/data/IAuthenticationSession.java   |  13 +-
 .../id/commons/api/exceptions/BKUException.java    |  57 ++
 .../api/exceptions/MISSimpleClientException.java   |  90 ++
 .../id/commons/api/exceptions/MOAIDException.java  |   2 +-
 .../moa/id/commons/utils/MOAIDMessageProvider.java | 147 ++++
 .../gv/egovernment/moa/util/DateTimeUtilsTest.java |   4 +-
 .../moa/id/auth/MOAIDAuthSpringInitializer.java    |   2 +-
 .../moa/id/auth/AuthenticationServer.java          |   2 +-
 .../internal/tasks/PrepareGetMISMandateTask.java   |   2 +-
 .../parser/CreateXMLSignatureResponseParser.java   |   2 +-
 .../id/auth/parser/InfoboxReadResponseParser.java  |   2 +-
 ...tizenCardAuthProcessEngineSignalController.java |   2 +
 .../VerifyXMLSignatureResponseValidator.java       |   2 +-
 .../id/util/client/mis/simple/MISSimpleClient.java |   2 +-
 .../auth/modules/eidas_v2/eIDASSignalServlet.java  |   2 +-
 .../id/auth/modules/eidas/eIDASSignalServlet.java  |   2 +-
 .../controller/ELGAMandateSignalController.java    |   2 +-
 .../auth/modules/sl20_auth/SL20SignalServlet.java  |   2 +-
 .../servlet/SSOTransferSignalServlet.java          |   2 +-
 .../controller/FederatedAuthSignalController.java  |   2 +-
 .../protocols/saml1/SAML1AuthenticationData.java   |   8 +-
 59 files changed, 1853 insertions(+), 1875 deletions(-)
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/BKUException.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MISSimpleClientException.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
index b0c232ba2..e12b1372e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
@@ -46,20 +46,21 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBod
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger;
-import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egovernment.moa.id.auth.exception.BKUException;
-import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
 import at.gv.egovernment.moa.id.auth.exception.ServiceException;
 import at.gv.egovernment.moa.id.client.SZRGWClientException;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MISSimpleClientException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -92,7 +93,9 @@ public class StatisticLogger implements IStatisticLogger{
 	private EntityManager entityManager;
 		
 	
-	public void testConnection() throws Exception {
+	@Override
+	//TODO: update tests!!!!
+	public void internalTesting() throws Exception {
 		Date expioredate = new Date(new Date().getTime() - 120);
 		Query query = entityManager.createNamedQuery("getAllEntriesNotBeforeTimeStamp");
 		query.setParameter("timeout", expioredate);			
@@ -129,88 +132,92 @@ public class StatisticLogger implements IStatisticLogger{
 				Logger.warn("Can not extract some information for StatisticLogger.", e);
 			}
 			
-			dblog.setOatarget(authData.getBPKType());
-
-
-			boolean isFederatedAuthentication = protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE) != null;
-			dblog.setInterfederatedSSOSession(isFederatedAuthentication);
-			
-			if (isFederatedAuthentication) {
-				dblog.setBkutype(IOAAuthParameters.INDERFEDERATEDIDP);
-				dblog.setBkuurl(protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_ENTITYID, String.class));
-				
-			} else {
-				dblog.setBkuurl(authData.getBkuURL());
-				dblog.setBkutype(findBKUType(authData.getBkuURL(), dbOA));
-				
-			}
-			
 			dblog.setProtocoltype(protocolRequest.requestedModule());
 			dblog.setProtocolsubtype(protocolRequest.requestedAction());
 			dblog.setSsosession(isSSOSession);
 			
 			
-			//log MandateInforamtion
-			if (authData.isUseMandate()) {
-				dblog.setMandatelogin(authData.isUseMandate());
+			if (authData instanceof IMOAAuthData) {
+				IMOAAuthData moaAuthData = (IMOAAuthData) authData;
+				dblog.setOatarget(moaAuthData.getBPKType());	
+
+				boolean isFederatedAuthentication = protocolRequest.getGenericData(AuthenticationManager.DATAID_INTERFEDERATIOIDP_RESPONSE) != null;
+				dblog.setInterfederatedSSOSession(isFederatedAuthentication);
 				
-				IMISMandate mandate = authData.getMISMandate();
-				if (mandate != null) {
+				if (isFederatedAuthentication) {
+					dblog.setBkutype(IOAAuthParameters.INDERFEDERATEDIDP);
+					dblog.setBkuurl(protocolRequest.getGenericData(AuthenticationManager.DATAID_INTERFEDERATIOIDP_ENTITYID, String.class));
 					
-					if (MiscUtil.isNotEmpty(mandate.getProfRep())) {
-						dblog.setMandatetype(mandate.getProfRep());
-						dblog.setPv(true);
-						dblog.setPvOID(mandate.getProfRep());
-						
-					} else {
-						dblog.setPv(false);
-					}
+				} else {
+					dblog.setBkuurl(moaAuthData.getBkuURL());
+					dblog.setBkutype(findBKUType(moaAuthData.getBkuURL(), dbOA));
 					
-					InputStream is = null;
-					try {
-						is = new ByteArrayInputStream(mandate.getMandate());
+				}
+				
+				//log MandateInforamtion
+				if (moaAuthData.isUseMandate()) {
+					dblog.setMandatelogin(moaAuthData.isUseMandate());
+					
+					IMISMandate mandate = moaAuthData.getMISMandate();
+					if (mandate != null) {
 						
-						JAXBContext jc = JAXBContext.newInstance(Mandate.class);
-						Unmarshaller u = jc.createUnmarshaller();
-						Object mismandateobj = u.unmarshal(is);
+						if (MiscUtil.isNotEmpty(mandate.getProfRep())) {
+							dblog.setMandatetype(mandate.getProfRep());
+							dblog.setPv(true);
+							dblog.setPvOID(mandate.getProfRep());
+							
+						} else {
+							dblog.setPv(false);
+						}
 						
-						if (mismandateobj != null && mismandateobj instanceof Mandate) {
-							Mandate mismandate = (Mandate) mismandateobj;
+						InputStream is = null;
+						try {
+							is = new ByteArrayInputStream(mandate.getMandate());
 							
-							if (MiscUtil.isEmpty(mandate.getProfRep()))
-								dblog.setMandatetype(mismandate.getAnnotation());
+							JAXBContext jc = JAXBContext.newInstance(Mandate.class);
+							Unmarshaller u = jc.createUnmarshaller();
+							Object mismandateobj = u.unmarshal(is);
 							
-							Mandator mandator = mismandate.getMandator();
-							CorporateBodyType corp = mandator.getCorporateBody();
-							if (corp != null) {
-								dblog.setMandatortype(MANTATORTYPE_JUR);
+							if (mismandateobj != null && mismandateobj instanceof Mandate) {
+								Mandate mismandate = (Mandate) mismandateobj;
+								
+								if (MiscUtil.isEmpty(mandate.getProfRep()))
+									dblog.setMandatetype(mismandate.getAnnotation());
+								
+								Mandator mandator = mismandate.getMandator();
+								CorporateBodyType corp = mandator.getCorporateBody();
+								if (corp != null) {
+									dblog.setMandatortype(MANTATORTYPE_JUR);
+									
+								} else {
+									dblog.setMandatortype(MANTATORTYPE_NAT);
+								}
+								
 								
 							} else {
-								dblog.setMandatortype(MANTATORTYPE_NAT);
+								Logger.warn("Advancted logging can not unmarshall MISMandate");
 							}
-							
-							
-						} else {
-							Logger.warn("Advancted logging can not unmarshall MISMandate");
-						}
 
-					} catch (JAXBException e) {
-						Logger.warn("Advancted logging can not parse mandate.", e);
-						
-					} finally {
-						if (is!=null) {
-							try {
-								is.close();
-								
-							} catch (IOException e) {
-								Logger.warn("Close InputStream failed." , e);
-								
+						} catch (JAXBException e) {
+							Logger.warn("Advancted logging can not parse mandate.", e);
+							
+						} finally {
+							if (is!=null) {
+								try {
+									is.close();
+									
+								} catch (IOException e) {
+									Logger.warn("Close InputStream failed." , e);
+									
+								}
 							}
 						}
-					}
-				}		
-			}
-			
+					}		
+				}
+				
+			} else
+				Logger.info("'AuthData' is NOT of type 'IMOAAuthData'. StatisticLogger logs only basic infos");
+						
 			try {
 				entityManager.persist(dblog);
 				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
index 5f2dd6582..c684e1ac2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
@@ -18,8 +18,8 @@ import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
 import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index eaec781e3..de67e36ef 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -35,8 +35,8 @@ import org.springframework.web.context.support.GenericWebApplicationContext;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.spss.MOAException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index fdf806f78..efe28c900 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -43,6 +43,7 @@ import org.opensaml.ws.soap.common.SOAPException;
 import org.opensaml.xml.XMLObject;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
+import org.w3c.dom.DOMException;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
@@ -50,7 +51,11 @@ import org.w3c.dom.NodeList;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
@@ -68,9 +73,10 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
 import at.gv.egovernment.moa.id.data.MISMandate;
+import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
@@ -89,6 +95,7 @@ import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.XPathException;
 import at.gv.egovernment.moa.util.XPathUtils;
 import at.gv.util.client.szr.SZRClient;
 import at.gv.util.config.EgovUtilPropertiesConfiguration;
@@ -109,16 +116,24 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
 	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
 	
-	
-	public IAuthData buildAuthenticationData(IRequest pendingReq, 
-            IAuthenticationSession session) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {
-		return buildAuthenticationData(pendingReq, session, pendingReq.getOnlineApplicationConfiguration());
+	@Override
+	public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
+		try {
+			return buildAuthenticationData(pendingReq, 
+					new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()),
+					pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class));
+			
+		} catch (ConfigurationException | BuildException | WrongParametersException | DynamicOABuildException e) {
+			Logger.warn("Can not build authentication data from session information");
+			throw new EAAFAuthenticationException("TODO", new Object[]{},					
+					"Can not build authentication data from session information", e);
+		}
 		
 	}
-	
-	public IAuthData buildAuthenticationData(IRequest pendingReq, 
+		
+	private IAuthData buildAuthenticationData(IRequest pendingReq, 
             IAuthenticationSession session,  IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {		
-		AuthenticationData authdata = null;		
+		MOAAuthenticationData authdata = null;		
 		
 		//only needed for SAML1 legacy support
 		try {
@@ -135,19 +150,19 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 					saml1authdata.getClass().getMethod("setExtendedSAMLAttributesOA", List.class).invoke(saml1authdata, session.getExtendedSAMLAttributesOA());
 				}
 				
-				authdata = (AuthenticationData) saml1authdata;
+				authdata = (MOAAuthenticationData) saml1authdata;
 							
 			} else {			
-				authdata = new AuthenticationData();
+				authdata = new MOAAuthenticationData();
 							
 			}
 						
 		} catch (ClassNotFoundException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) {			
-			authdata = new AuthenticationData();
+			authdata = new MOAAuthenticationData();
 			
 		}
 				
-		OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, pendingReq.getOAURL(), pendingReq.requestedModule());
+		OASessionStore activeOA = authenticatedSessionStorage.searchActiveOASSOSession(session, pendingReq.getSPEntityId(), pendingReq.requestedModule());
 		//reuse authentication information in case of service-provider reauthentication
 		if (activeOA != null) {
 			authdata.setSessionIndex(activeOA.getAssertionSessionID());
@@ -254,7 +269,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 		}
 	}
 		
-	private void buildAuthDataFormMOASession(AuthenticationData authData, IAuthenticationSession session, 
+	private void buildAuthDataFormMOASession(MOAAuthenticationData authData, IAuthenticationSession session, 
 			IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException {
 
 		Collection<String> includedToGenericAuthData = null;
@@ -267,7 +282,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 		try {		
 			//####################################################
 			//set general authData info's
-			authData.setIssuer(protocolRequest.getAuthURL());
+			authData.setAuthenticationIssuer(protocolRequest.getAuthURL());
 			authData.setSsoSession(protocolRequest.needSingleSignOnFunctionality());			
 			authData.setBaseIDTransferRestrication(oaParam.hasBaseIdTransferRestriction());
 			
@@ -454,7 +469,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 			includedToGenericAuthData.remove(PVPConstants.EID_ISSUING_NATION_NAME);
 			String pvpCCCAttr = session.getGenericDataFromSession(PVPConstants.EID_ISSUING_NATION_NAME, String.class);
 			if (MiscUtil.isNotEmpty(pvpCCCAttr)) {
-				authData.setCcc(pvpCCCAttr);
+				authData.setCiticenCountryCode(pvpCCCAttr);
 				Logger.debug("Find PVP-Attr: " + PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME);
 				
 			} else {
@@ -469,7 +484,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 								for (Rdn rdn : ln.getRdns()) {
 									if (rdn.getType().equalsIgnoreCase("C")) {
 										Logger.info("C is: " + rdn.getValue());
-										authData.setCcc(rdn.getValue().toString());
+										authData.setCiticenCountryCode(rdn.getValue().toString());
 										break;
 									}
 								}
@@ -487,7 +502,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 					}
 									
 				} else {
-					authData.setCcc(COUNTRYCODE_AUSTRIA);
+					authData.setCiticenCountryCode(COUNTRYCODE_AUSTRIA);
 					
 				}			
 			}
@@ -913,7 +928,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 	 * @throws ConfigurationException 
 	 */
 	private Pair<String, String> getEncryptedbPKFromPVPAttribute(IAuthenticationSession session,
-			AuthenticationData authData, IOAAuthParameters spConfig) throws ConfigurationException {
+			MOAAuthenticationData authData, IOAAuthParameters spConfig) throws ConfigurationException {
 		//set List of encrypted bPKs to authData DAO		
 		String pvpEncbPKListAttr = session.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class);
 		if (MiscUtil.isNotEmpty(pvpEncbPKListAttr)) {
@@ -1067,7 +1082,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 		
 	}
 
-	private IIdentityLink buildOAspecificIdentityLink(IOAAuthParameters oaParam, IIdentityLink idl, String bPK, String bPKType) throws MOAIDException {
+	private IIdentityLink buildOAspecificIdentityLink(IOAAuthParameters oaParam, IIdentityLink idl, String bPK, String bPKType) throws MOAIDException, EAAFConfigurationException, XPathException, DOMException {
 		if (oaParam.hasBaseIdTransferRestriction()) {
             Element idlassertion = idl.getSamlAssertion();
             //set bpk/wpbk;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index 7f47d3dfe..a43e6a7fb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -51,13 +51,13 @@ import java.util.Calendar;
 import java.util.List;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DateTimeUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 94651915e..d23e32c81 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -40,12 +40,15 @@ import java.io.Serializable;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.Date;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
 import org.apache.commons.collections4.map.HashedMap;
 
+import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
@@ -65,7 +68,7 @@ import iaik.x509.X509Certificate;
  * @author Thomas Lenz
  * 
  */
-public class AuthenticationSession implements Serializable, IAuthenticationSession {
+public class AuthenticationSession implements Serializable, IAuthenticationSession, AuthProzessDataConstants {
 	
 	/**
 	 * 
@@ -274,7 +277,7 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi
 	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionID()
 	 */
 	@Override
-	public String getSessionID() {
+	public String getSSOSessionID() {
 		return sessionID;
 	}
 	
@@ -290,7 +293,7 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi
 	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSessionID(java.lang.String)
 	 */
 	@Override
-	public void setSessionID(String sessionId) {
+	public void setSSOSessionID(String sessionId) {
 		this.sessionID = sessionId;
 	}
 	
@@ -636,5 +639,34 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi
 			Logger.trace("Add generic session-data with key:" + key + " to session.");
 		
 		genericSessionDataStorate.put(key, object);
+	}
+
+	@Override
+	public Map<String, Object> getKeyValueRepresentationFromAuthSession() {	
+		Map<String, Object> result = new HashMap<String, Object>();
+		result.put(FLAG_IS_AUTHENTICATED, isAuthenticated());
+		
+		result.put(FLAG_IS_FOREIGNER, isForeigner());
+		result.put(FLAG_IS_ORGANWALTER, isOW());		
+		result.put(FLAG_SAMLATTRIBUTEGEBEORWBPK, samlAttributeGebeORwbpk);		
+		result.put(FLAG_USE_MANDATE, isMandateUsed());
+		
+		result.put(VALUE_AUTHBLOCK, getAuthBlock());
+		result.put(VALUE_AUTNBLOCKTOKKEN, getAuthBlockTokken());
+		result.put(VALUE_BKUURL, getBkuURL());
+		result.put(VALUE_EXTENTEDSAMLATTRAUTH, getExtendedSAMLAttributesAUTH());
+		result.put(VALUE_EXTENTEDSAMLATTROA, getExtendedSAMLAttributesOA());
+		result.put(VALUE_IDENTITYLINK, getIdentityLink());
+		result.put(VALUE_ISSUEINSTANT, getIssueInstant());
+		result.put(VALUE_MISMANDATE, getMISMandate());
+		result.put(VALUE_MISREFVALUE, getMandateReferenceValue());
+		result.put(VALUE_MISSESSIONID, getMISSessionID());
+		result.put(VALUE_QAALEVEL, getQAALevel());
+		result.put(VALUE_SIGNER_CERT, getSignerCertificate());
+		result.put(VALUE_VERIFYSIGRESP, getXMLVerifySignatureResponse());
+		
+		result.putAll(genericSessionDataStorate);
+		
+		return Collections.unmodifiableMap(result);
 	}	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java
index 5419e8ae0..fb584047e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java
@@ -25,11 +25,14 @@ package at.gv.egovernment.moa.id.auth.data;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager;
 import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
@@ -56,7 +59,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	public AuthenticationSessionWrapper(Map<String, Object> genericDataStorage) {
 		this.sessionData = genericDataStorage;
 	}
-
+	
 	private <T> T wrapStringObject(String key, Object defaultValue, Class<T> clazz) {		
 		if (MiscUtil.isNotEmpty(key)) {
 			Object obj = sessionData.get(key);
@@ -151,8 +154,8 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionID()
 	 */
 	@Override
-	public String getSessionID() {
-		return wrapStringObject(VALUE_SESSIONID, null, String.class);
+	public String getSSOSessionID() {
+		return wrapStringObject(ISSOManager.AUTH_DATA_SSO_SESSIONID, null, String.class);
 				
 	}
 
@@ -169,8 +172,8 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSessionID(java.lang.String)
 	 */
 	@Override
-	public void setSessionID(String sessionId) {
-		sessionData.put(VALUE_SESSIONID, sessionId);
+	public void setSSOSessionID(String sessionId) {
+		sessionData.put(ISSOManager.AUTH_DATA_SSO_SESSIONID, sessionId);
 
 	}
 
@@ -446,7 +449,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public Date getSessionCreated() {
-		return wrapStringObject(VALUE_CREATED, null, Date.class);
+		return wrapStringObject(EAAFConstants.AUTH_DATA_CREATED, null, Date.class);
 	}
 
 	/* (non-Javadoc)
@@ -489,4 +492,10 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 
 	}
 
+	@Override
+	public Map<String, Object> getKeyValueRepresentationFromAuthSession() {
+		return Collections.unmodifiableMap(sessionData);
+		
+	}
+
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java
deleted file mode 100644
index ffbb6a19e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java
+++ /dev/null
@@ -1,59 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-package at.gv.egovernment.moa.id.auth.exception;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-public class BKUException extends MOAIDException {
-
-	private static final long serialVersionUID = -4646544256490397419L;
-
-	private String bkuErrorCode;
-	private String bkuErrorMessage;
-	
-	public BKUException(String messageId, Object[] parameters,
-			String bkuErrorCode, String bkuErrorMessage) {
-		super(messageId, parameters);
-		
-		this.bkuErrorCode = bkuErrorCode;
-		this.bkuErrorMessage = bkuErrorMessage;
-	}
-
-
-	/**
-	 * @return the bkuErrorCode
-	 */
-	public String getBkuErrorCode() {
-		return bkuErrorCode;
-	}
-
-
-	/**
-	 * @return the bkuErrorMessage
-	 */
-	public String getBkuErrorMessage() {
-		return bkuErrorMessage;
-	}
-
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
deleted file mode 100644
index ab3d2cae2..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
+++ /dev/null
@@ -1,94 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.exception;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-public class MISSimpleClientException extends MOAIDException {
-
-	private static final long serialVersionUID = 1L;
-
-	private String misErrorCode;
-	private String misErrorMessage;
-	
-	public MISSimpleClientException() {
-		super("UNDEFINED ERROR", null);
-	}
-
-	public MISSimpleClientException(String message) {
-		super(message, null);
-	}
-	
-	public MISSimpleClientException(String message, String code, String text) {
-		super(message, new Object[] { code , text });
-		this.misErrorMessage = text;
-		this.misErrorCode = code;
-	}
-
-	public MISSimpleClientException(String message, Throwable cause) {
-		super(message, null, cause);
-	}
-
-	public MISSimpleClientException(String message, Object[] params, Throwable cause) {
-		super(message, params, cause);
-	}
-	
-	/**
-	 * @return the bkuErrorCode
-	 */
-	public String getMISErrorCode() {
-		return misErrorCode;
-	}
-
-
-	/**
-	 * @return the bkuErrorMessage
-	 */
-	public String getMISErrorMessage() {
-		return misErrorMessage;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
index 841613cba..48d652671 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
@@ -22,9 +22,9 @@
  */
 package at.gv.egovernment.moa.id.auth.modules;
 
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 
 /**
  * @author tlenz
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java
index 86acc5fdd..b624e13ef 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/SingleSignOnConsentsModuleImpl.java
@@ -22,8 +22,8 @@
  */
 package at.gv.egovernment.moa.id.auth.modules;
 
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 
 /**
  * @author tlenz
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
index 09d42e49f..0336cb370 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
@@ -30,10 +30,11 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.lang.StringEscapeUtils;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -56,7 +57,7 @@ public class EvaluateBKUSelectionTask extends AbstractAuthServletTask {
 			while(reqParamNames.hasMoreElements()) {
 				String paramName = reqParamNames.nextElement();
 				if (MiscUtil.isNotEmpty(paramName) && 
-						!MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID.equalsIgnoreCase(paramName))
+						!EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID.equalsIgnoreCase(paramName))
 					executionContext.put(paramName, 
 							StringEscapeUtils.escapeHtml(request.getParameter(paramName)));
 				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
index 242b565ab..6e374995f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
@@ -29,6 +29,7 @@ import org.apache.commons.lang.StringEscapeUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
@@ -37,7 +38,6 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -82,7 +82,7 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
 			boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq);
 
 			//load MOA SSO-session from database
-			AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier());
+			AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getSSOSessionIdentifier());
 			
 			if (!(isValidSSOSession && ssoMOSSession.isAuthenticated() )) {
 				Logger.info("Single Sign-On consents evaluator found NO valid SSO session. Stopping authentication process ...");
@@ -92,14 +92,13 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
 			
 			//Log consents evaluator event to revisionslog
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED, String.valueOf(ssoConsents));
-			
-			//Populate this pending request with SSO session information
-			pendingReq.populateMOASessionWithSSOInformation(ssoMOSSession);
-
-			
+						
 			//user allow single sign-on authentication
 			if (ssoConsents) {
 								
+				//Populate this pending request with SSO session information
+				pendingReq.setGenericDataToSession(ssoMOSSession.getKeyValueRepresentationFromAuthSession());;
+				
 				//authenticate pending-request
 				pendingReq.setAuthenticated(true);
 				pendingReq.setAbortedByUser(false);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
deleted file mode 100644
index 91c1f999c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.stereotype.Component;
-
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-@Component("FinalizeAuthenticationTask")
-public class FinalizeAuthenticationTask extends AbstractAuthServletTask {
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
-	 */
-	@Override
-	public void execute(ExecutionContext executionContext,
-			HttpServletRequest request, HttpServletResponse response)
-			throws TaskExecutionException {
-		
-		try {
-			defaultTaskInitialization(request, executionContext);
-								
-			//set MOASession to authenticated
-			moasession.setAuthenticated(true);
-
-			//set pending request to authenticated 
-			pendingReq.setAuthenticated(true);
-			requestStoreage.storePendingRequest(pendingReq);
-		
-			Logger.info("AuthProcess finished. Redirect to Protocol Dispatcher.");			
-			performRedirectToProtocolFinialization(pendingReq, response);
-						
-		} catch (MOAIDException e) {
-			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
-			
-		} catch (Exception e) {
-			Logger.warn("FinalizeAuthenticationTask has an internal error", e);
-			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
-			
-		} finally {
-			executionContext.remove(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID);
-			
-		}
-	
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
index cbd8d2aa6..98e632bd8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
@@ -28,9 +28,10 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
 import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
@@ -39,7 +40,6 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad;
 import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -58,14 +58,13 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask {
 	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
 			throws TaskExecutionException {
 		try {			
-			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
-					pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT);
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT);
 							
 			//load Parameters from OnlineApplicationConfiguration
-			IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+			ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
 			
 			if (oaParam == null) {
-				throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() });
+				throw new AuthenticationException("auth.00", new Object[] { pendingReq.getSPEntityId() });
 				
 			}
 												 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
index 1efd9cc13..3c364e924 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
@@ -30,6 +30,7 @@ import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
 import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
@@ -37,8 +38,6 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad;
 import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -58,9 +57,7 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
 			throws TaskExecutionException {
-		try {
-			//perform default task initialization 
-			defaultTaskInitialization(request, executionContext);
+		try { 
 									
 			//set authenticated flag to false, because user consents is required
 			pendingReq.setAuthenticated(false);
@@ -77,8 +74,7 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas
 			guiBuilder.build(response, config, "SendAssertion-Evaluation");
 
 			//Log consents evaluator event to revisionslog
-			revisionsLogger.logEvent(pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class), 
-					pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START);
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START);
 		
 		} catch (GUIBuildException e) {	
 			Logger.warn("Can not build GUI:'SendAssertion-Evaluation'. Msg:" + e.getMessage());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
index 04d43d79b..8def0f860 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
@@ -30,14 +30,14 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.ModuleRegistration;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
-import at.gv.egovernment.moa.id.process.ProcessEngine;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -69,8 +69,8 @@ public class RestartAuthProzessManagement  extends AbstractAuthServletTask {
 			// select and create new process instance
 			String processDefinitionId = ModuleRegistration.getInstance().selectProcess(newec);
 			if (processDefinitionId == null) {
-				Logger.warn("No suitable authentication process found for SessionID " + pendingReq.getRequestID());
-				throw new MOAIDException("process.02", new Object[] { pendingReq.getRequestID() });
+				Logger.warn("No suitable authentication process found for SessionID " + pendingReq.getPendingRequestId());
+				throw new MOAIDException("process.02", new Object[] { pendingReq.getPendingRequestId() });
 			}			
 			
 			String processInstanceId = processEngine.createProcessInstance(processDefinitionId, newec);
@@ -84,7 +84,7 @@ public class RestartAuthProzessManagement  extends AbstractAuthServletTask {
 				
 			} catch (MOAIDException e) {
 				Logger.error("Database Error! MOASession is not stored!");
-				throw new MOAIDException("init.04", new Object[] { pendingReq.getRequestID() });
+				throw new MOAIDException("init.04", new Object[] { pendingReq.getPendingRequestId() });
 				
 			}
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 4e5ef7533..e0d65e103 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -31,6 +31,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
@@ -40,7 +41,6 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.FileUtils;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
deleted file mode 100644
index 3b12418fa..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
+++ /dev/null
@@ -1,87 +0,0 @@
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
-import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
-import at.gv.egovernment.moa.id.auth.exception.MOAIllegalStateException;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.ProcessEngine;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Servlet that resumes a suspended process (in case of asynchronous tasks).
- * 
- * @author tknall
- * 
- */
-public abstract class AbstractProcessEngineSignalController extends AbstractController {
-		
-	@Autowired protected ProcessEngine processEngine;
-	
-	protected void signalProcessManagement(HttpServletRequest req, HttpServletResponse resp) throws IOException {
-		String pendingRequestID = StringEscapeUtils.escapeHtml(getPendingRequestId(req));
-		IRequest pendingReq = null;
-		try {	
-			if (pendingRequestID == null) {
-				throw new MOAIllegalStateException("process.03", new Object[]{"Unable to determine MOA pending-request id."});
-				
-			}
-			
-			pendingReq = requestStorage.getPendingRequest(pendingRequestID);
-			if (pendingReq == null) {
-				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
-				throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
-				
-			}
-			
-			//change pending-request ID
-			requestStorage.changePendingRequestID(pendingReq);
-			pendingRequestID = pendingReq.getRequestID();
-						
-			// process instance is mandatory
-			if (pendingReq.getProcessInstanceId() == null) {
-				throw new MOAIllegalStateException("process.03", new Object[]{"MOA session does not provide process instance id."});
-				
-			}
-
-			// wake up next task
-			processEngine.signal(pendingReq);
-			
-		} catch (Exception ex) {		
-			handleError(null, ex, req, resp, pendingReq);
-			
-		} finally {
-			//MOASessionDBUtils.closeSession();
-			TransactionIDUtils.removeAllLoggingVariables();
-			
-		}
-		
-		
-	}
-	
-	/**
-	 * Retrieves the current pending-request id from the HttpServletRequest parameter
-	 * {@link MOAIDAuthConstants#PARAM_TARGET_PENDINGREQUESTID}.
-	 * <p/>
-	 * Note that this class/method can be overwritten by modules providing their own strategy of retrieving the
-	 * respective pending-request id.
-	 * 
-	 * @param request
-	 *            The unterlying HttpServletRequest.
-	 * @return The current pending-request id.
-	 */
-	public String getPendingRequestId(HttpServletRequest request) {
-		return StringEscapeUtils.escapeHtml(request.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));
-		
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
index cfeca88b7..18aa93cc9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
@@ -35,12 +35,12 @@ import org.springframework.web.bind.annotation.RequestMethod;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.IRequestStorage;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egovernment.moa.id.auth.frontend.builder.AbstractServiceProviderSpecificGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithDBLoad;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
@@ -165,7 +165,7 @@ public class GUILayoutBuilderServlet extends AbstractController {
 	private IRequest extractPendingRequest(HttpServletRequest req) {
 		try {		
 			String pendingReqID = StringEscapeUtils.escapeHtml(
-					req.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));
+					req.getParameter(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID));
 		
 			if (MiscUtil.isNotEmpty(pendingReqID)) {		
 				IRequest pendingReq = requestStorage.getPendingRequest(pendingReqID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java
index dfa923558..87325989a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java
@@ -31,6 +31,8 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
+
 /**
  * @author tlenz
  *
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index 9282db3b1..0e9db3964 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -46,6 +46,7 @@ import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfi
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
@@ -53,7 +54,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.URLEncoder;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index beacf1552..21d329145 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -56,12 +56,10 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
-import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager;
+import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -71,8 +69,8 @@ import at.gv.egovernment.moa.util.MiscUtil;
 public class LogOutServlet {
 	private static final String REDIRECT_URL = "redirect";
 	
-	@Autowired(required=true) private SSOManager ssomanager;
-	@Autowired(required=true) private AuthenticationManager authmanager;
+	@Autowired(required=true) private ISSOManager ssomanager;
+	//@Autowired(required=true) private IAuthenticationManager authmanager;
 	@Autowired(required=true) private IAuthenticationSessionStoreage authenticatedSessionStorage;
 	@Autowired(required=true) private AuthConfiguration authConfig;
 	
@@ -83,10 +81,7 @@ public class LogOutServlet {
 
 		String redirectUrl = (String) req.getParameter(REDIRECT_URL);
 				
-		try {
-			//get SSO token from request
-			String ssoid = ssomanager.getSSOSessionID(req);
-			
+		try {			
 			if (MiscUtil.isEmpty(redirectUrl)) {
 				//set default redirect Target
 				Logger.debug("Set default RedirectURL back to MOA-ID-Auth");
@@ -103,23 +98,11 @@ public class LogOutServlet {
 				
 			}
 			
-			if (ssomanager.isValidSSOSession(ssoid, null)) {
-		
-				//TODO: Single LogOut Implementation
-		
-				//delete SSO session and MOA session
-				AuthenticationSession moasessionid = authenticatedSessionStorage.getInternalMOASessionWithSSOID(ssoid);
-				authmanager.performOnlyIDPLogOut(moasessionid);
-				
-				Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
-			} else {
+			if (ssomanager.destroySSOSessionOnIDPOnly(req, resp))
+				Logger.info("User with SSO is logged out and get redirect to "+ redirectUrl);				
+			else
 				Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
-				
-			}
-			
-			//Remove SSO token
-			ssomanager.deleteSSOSessionID(req, resp);
-			
+		
 		} catch (Exception e) {
 			resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed.");
 			return;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
index 979b8f4e4..ee69b082b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
@@ -33,7 +33,7 @@ import org.springframework.web.servlet.ModelAndView;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java
index 6f3c02411..ee5cb2395 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java
@@ -36,8 +36,8 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.util.xsd.mis.MandateIdentifiers;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index 1abbeb789..db2499ad5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -1252,4 +1252,11 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 		
 	}
 
+
+	@Override
+	public String validateIDPURL(URL arg0) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
deleted file mode 100644
index 4b29fef3b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ /dev/null
@@ -1,820 +0,0 @@
-/**
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.data;
-
-import java.io.Serializable;
-import java.text.DateFormat;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.commons.collections4.map.HashedMap;
-import org.w3c.dom.Element;
-
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
-import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-public class AuthenticationData  implements IAuthData, Serializable {
-
-	private static final long serialVersionUID = -1042697056735596866L;
-	public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
-	
-	  /**
-	   * URL of the MOA-ID Auth component issueing this assertion
-	   */
-	  private String issuer;
-	  /**
-	   * time instant of issue of this assertion
-	   */
-	  private Date issueInstant;
-	  /**
-	   * user identification value (Stammzahl); <code>null</code>, 
-	   * if the authentication module is configured not to return this data
-	   */
-	  private String identificationValue;
-		/**
-		 * user identification type
-		 */
-	  private String identificationType;
-		
-		/**
-		 * user identityLink specialized to OAParamter
-		 */
-	  private IIdentityLink identityLink;
-		
-	  /**
-	   * application specific user identifier (bPK/wbPK)
-	   */
-	  private String bPK;
-	  
-	  /**
-	   * application specific user identifier type
-	   */
-	  private String bPKType;
-	  
-	  /**
-	   * given name of the user
-	   */
-	  private String givenName;
-	  /**
-	   * family name of the user
-	   */
-	  private String familyName;
-	  /**
-	   * date of birth of the user
-	   */
-	  private Date dateOfBirth;
-	  /**
-	   * says whether the certificate is a qualified certificate or not
-	   */
-	  private boolean qualifiedCertificate;
-	  /**
-	   * says whether the certificate is a public authority or not
-	   */
-	  private boolean publicAuthority;
-	  /**
-	   * public authority code (Beh&ouml;rdenkennzeichen - BKZ)
-	   */
-	  private String publicAuthorityCode;
-
-	  /**
-	   * URL of the BKU
-	   */
-	  private String bkuURL;
-	  /**
-	   * the corresponding <code>lt;saml:Assertion&gt;</code>
-	   */
-
-	  private boolean isBaseIDTransferRestrication = true;
-	  
-	  
-	 /**
-	  * STORK attributes from response
-	  */
-	  private String ccc = null;
-	  
-	  private Map<String, Object> genericDataStorate = new HashedMap<String, Object>();
-	  
-	  private byte[] signerCertificate = null;
-	  	  
-	  private String authBlock = null; 
-	  private List<String> encbPKList = null;
-	  
-	  //ISA 1.18 attributes
-	  private List<AuthenticationRole> roles = null;
-	  private String pvpAttribute_OU = null;
-	  
-	  private boolean useMandate = false;
-	  private IMISMandate mandate = null;
-	  private String mandateReferenceValue = null;
-	  
-	  private boolean foreigner =false;
-	  private String QAALevel = null;
-	  
-	  private boolean ssoSession = false;
-	  private Date ssoSessionValidTo = null;
-
-//	  private boolean interfederatedSSOSession = false;
-//	  private String interfederatedIDP = null;
-	  
-	  private String sessionIndex = null;
-	  private String nameID = null;
-	  private String nameIDFormat = null;
-	  
-	  public AuthenticationData() {
-		  issueInstant = new Date();
-	  }
-	  	  
-	  /**
-	   * Returns the publicAuthority.
-	   * @return boolean
-	   */
-	  public boolean isPublicAuthority() {
-	    return publicAuthority;
-	  }
-
-	  /**
-	   * Returns the publicAuthorityCode.
-	   * @return String
-	   */
-	  public String getPublicAuthorityCode() {
-	    return publicAuthorityCode;
-	  }
-
-	  /**
-	   * Returns the qualifiedCertificate.
-	   * @return boolean
-	   */
-	  public boolean isQualifiedCertificate() {
-	    return qualifiedCertificate;
-	  }
-
-	  /**
-	   * Returns the bPK.
-	   * @return String
-	   */
-	  public String getBPK() {
-	    return bPK;
-	  }
-
-	  /**
-	   * Sets the publicAuthority.
-	   * @param publicAuthority The publicAuthority to set
-	   */
-	  public void setPublicAuthority(boolean publicAuthority) {
-	    this.publicAuthority = publicAuthority;
-	  }
-
-	  /**
-	   * Sets the publicAuthorityCode.
-	   * @param publicAuthorityIdentification The publicAuthorityCode to set
-	   */
-	  public void setPublicAuthorityCode(String publicAuthorityIdentification) {
-	    this.publicAuthorityCode = publicAuthorityIdentification;
-	  }
-
-	  /**
-	   * Sets the qualifiedCertificate.
-	   * @param qualifiedCertificate The qualifiedCertificate to set
-	   */
-	  public void setQualifiedCertificate(boolean qualifiedCertificate) {
-	    this.qualifiedCertificate = qualifiedCertificate;
-	  }
-
-	  /**
-	   * Sets the bPK.
-	   * @param bPK The bPK to set
-	   */
-	  public void setBPK(String bPK) {
-	    this.bPK = bPK;
-	  }
-
-	  /**
-	   * Returns the dateOfBirth.
-	   * @return String
-	   */
-	  public Date getDateOfBirth() {
-	    return dateOfBirth;
-	  }
-
-	  public String getFormatedDateOfBirth() {
-			DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
-			if (getDateOfBirth() != null)
-				return pvpDateFormat.format(getDateOfBirth());
-			else
-				return "2999-12-31";
-		}
-	  
-	  /**
-	   * Returns the familyName.
-	   * @return String
-	   */
-	  public String getFamilyName() {
-	    return familyName;
-	  }
-
-	  /**
-	   * Returns the givenName.
-	   * @return String
-	   */
-	  public String getGivenName() {
-	    return givenName;
-	  }
-
-	  /**
-	   * Holds the baseID of a citizen
-	   * 
-	   * @return baseID
-	   */
-	  public String getIdentificationValue() {
-	    return identificationValue;
-	  }
-
-		/**
-		 * Holds the type of the baseID
-		 * 
-		 * @return baseID-Type
-		 */
-		public String getIdentificationType() {
-			return identificationType;
-		}
-
-	  /**
-	   * Returns the issueInstant.
-	   * @return String
-	   */
-	  public String getIssueInstantString() {
-	    return DateTimeUtils.buildDateTimeUTC(issueInstant);
-	    
-	  }
-
-	  /**
-	   * Returns the issueInstant.
-	   * @return String
-	   */
-	  public Date getIssueInstant() {
-	    return issueInstant;
-	    
-	  }
-	  
-	  public void setIssueInstant(Date date) {
-		  this.issueInstant = date;
-	  }
-	  
-	  /**
-	   * Returns the issuer.
-	   * @return String
-	   */
-	  public String getIssuer() {
-	    return issuer;
-	  }
-	  
-	  /**
-	   * Returns the BKU URL.
-	   * @return String
-	   */
-	  public String getBkuURL() {
-	    return bkuURL;
-	  }
-
-	  /**
-	   * Sets the dateOfBirth.
-	   * @param dateOfBirth The dateOfBirth to set
-	   */
-	  public void setDateOfBirth(Date dateOfBirth) {
-	    this.dateOfBirth = dateOfBirth;
-	  }
-
-	  public void setDateOfBirth(String dateOfBirth) {		  
-		  try {		  
-			  if (MiscUtil.isNotEmpty(dateOfBirth)) {
-				  DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
-				  this.dateOfBirth = identityLinkFormat.parse(dateOfBirth);
-			  }
-			  
-		  } catch (ParseException e) {
-			  Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e);
-			  
-		  }		  
-	  }
-	  
-	  /**
-	   * Sets the familyName.
-	   * @param familyName The familyName to set
-	   */
-	  public void setFamilyName(String familyName) {
-	    this.familyName = familyName;
-	  }
-
-	  /**
-	   * Sets the givenName.
-	   * @param givenName The givenName to set
-	   */
-	  public void setGivenName(String givenName) {
-	    this.givenName = givenName;
-	  }
-
-	  /**
-	   * Sets the identificationValue.
-	   * @param identificationValue The identificationValue to set
-	   */
-	  public void setIdentificationValue(String identificationValue) {
-	    this.identificationValue = identificationValue;
-	  }
-
-		/**
-		 * Sets the identificationType.
-		 * @param identificationType The identificationType to set
-		 */
-		public void setIdentificationType(String identificationType) {
-			this.identificationType = identificationType;
-		}
-
-	  /**
-	   * Sets the issuer.
-	   * @param issuer The issuer to set
-	   */
-	  public void setIssuer(String issuer) {
-	    this.issuer = issuer;
-	  }
-	  
-	  /**
-	   * Sets the bkuURL
-	   * @param url The BKU URL to set
-	   */
-	  public void setBkuURL(String url) {
-	    this.bkuURL = url;
-	  }
-
-	public String getBPKType() {
-		return bPKType;
-	}
-
-	public void setBPKType(String bPKType) {
-		this.bPKType = bPKType;
-	}
-
-	/**
-	 * @return the identityLink
-	 */
-	public IIdentityLink getIdentityLink() {
-		return identityLink;
-	}
-
-	/**
-	 * @param identityLink the identityLink to set
-	 */
-	public void setIdentityLink(IIdentityLink identityLink) {
-		this.identityLink = identityLink;
-	}
-
-	/**
-	 * @return the signerCertificate
-	 */
-	public byte[] getSignerCertificate() {
-		return signerCertificate;
-	}
-
-
-	/**
-	 * @param signerCertificate the signerCertificate to set
-	 */
-	public void setSignerCertificate(byte[] signerCertificate) {
-		this.signerCertificate = signerCertificate;
-	}
-
-
-	/**
-	 * @return the authBlock
-	 */
-	public String getAuthBlock() {
-		return authBlock;
-	}
-
-
-	/**
-	 * @param authBlock the authBlock to set
-	 */
-	public void setAuthBlock(String authBlock) {
-		this.authBlock = authBlock;
-	}
-
-
-	/**
-	 * @return the mandate
-	 */
-	public IMISMandate getMISMandate() {
-		return mandate;
-	}
-
-	public Element getMandate() {
-		if (mandate == null)
-			return null;
-		
-		//parse Element from mandate XML
-		try {
-			byte[] byteMandate = mandate.getMandate();
-			String stringMandate = new String(byteMandate);
-			return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
-			
-		}
-		catch (Throwable e) {
-			Logger.warn("Mandate content could not be generated from MISMandate.");
-			return null;
-		}
-	}
-	
-
-	/**
-	 * @param mandate the mandate to set
-	 */
-	public void setMISMandate(IMISMandate mandate) {
-		this.mandate = mandate;
-	}
-
-
-	/**
-	 * @return the useMandate
-	 */
-	public boolean isUseMandate() {
-		return useMandate;
-	}
-
-
-	/**
-	 * @param useMandate the useMandate to set
-	 */
-	public void setUseMandate(boolean useMandate) {
-		this.useMandate = useMandate;
-	}
-
-
-	/**
-	 * @return
-	 */
-	public String getQAALevel() {
-		if (this.QAALevel != null && 
-				this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) {
-			String mappedQAA = PVPtoSTORKMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel);
-			if (MiscUtil.isNotEmpty(mappedQAA))
-				return mappedQAA;
-			
-			else {
-				Logger.error("eIDAS QAA-level:" + this.QAALevel 
-						+ " can not be mapped to STORK QAA-level! Use "
-						+ PVPConstants.STORK_QAA_1_1 + " as default value.");
-				return PVPConstants.STORK_QAA_1_1;
-				
-			}
-			
-			
-		} else
-			return this.QAALevel;
-	}
-
-	
-	public String getEIDASQAALevel() {
-		if (this.QAALevel != null && 
-				this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
-			String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel);
-			if (MiscUtil.isNotEmpty(mappedQAA))
-				return mappedQAA;
-			
-			else {
-				Logger.error("STORK QAA-level:" + this.QAALevel 
-						+ " can not be mapped to eIDAS QAA-level! Use "
-						+ PVPConstants.EIDAS_QAA_LOW + " as default value.");
-				return PVPConstants.EIDAS_QAA_LOW;
-				
-			}
-			
-			
-		} else
-			return this.QAALevel;
-		
-	}
-	
-
-	/**
-	 * @return
-	 */
-	public boolean isForeigner() {
-		return this.foreigner;
-	}
-
-
-	/**
-	 * @param foreigner the foreigner to set
-	 */
-	public void setForeigner(boolean foreigner) {
-		this.foreigner = foreigner;
-	}
-
-
-	/**
-	 * Store QAA level in eIDAS format to authentication Data
-	 * 
-	 * @param qAALevel the qAALevel to set
-	 * @throws AssertionAttributeExtractorExeption 
-	 */
-	public void setQAALevel(String qAALevel) {
-			QAALevel = qAALevel;
-			
-	}
-
-	/**
-	 * @return the ssoSession
-	 */
-	public boolean isSsoSession() {
-		return ssoSession;
-	}
-
-
-	/**
-	 * @param ssoSession the ssoSession to set
-	 */
-	public void setSsoSession(boolean ssoSession) {
-		this.ssoSession = ssoSession;
-	}
-
-	/**
-	 * @return the mandateReferenceValue
-	 */
-	public String getMandateReferenceValue() {
-		return mandateReferenceValue;
-	}
-
-	/**
-	 * @param mandateReferenceValue the mandateReferenceValue to set
-	 */
-	public void setMandateReferenceValue(String mandateReferenceValue) {
-		this.mandateReferenceValue = mandateReferenceValue;
-	}
-
-	/**
-	 * CountryCode of the citizen which is identified and authenticated
-	 * 
-	 * @return the CountryCode <pre>like. AT, SI, ...</pre>
-	 */
-	public String getCcc() {
-		return ccc;
-	}
-
-	/**
-	 * @param ccc the ccc to set
-	 */
-	public void setCcc(String ccc) {
-		this.ccc = ccc;
-	}
-
-	/**
-	 * @return the sessionIndex
-	 */
-	public String getSessionIndex() {
-		return sessionIndex;
-	}
-
-	/**
-	 * @param sessionIndex the sessionIndex to set
-	 */
-	public void setSessionIndex(String sessionIndex) {
-		this.sessionIndex = sessionIndex;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID()
-	 */
-	@Override
-	public String getNameID() {
-		return this.nameID;
-	}
-
-	/**
-	 * @param nameID the nameID to set
-	 */
-	public void setNameID(String nameID) {
-		this.nameID = nameID;
-	}
-
-	/**
-	 * @return the nameIDFormat
-	 */
-	public String getNameIDFormat() {
-		return nameIDFormat;
-	}
-
-	/**
-	 * @param nameIDFormat the nameIDFormat to set
-	 */
-	public void setNameIDFormat(String nameIDFormat) {
-		this.nameIDFormat = nameIDFormat;
-	}
-
-//	/**
-//	 * @return the interfederatedSSOSession
-//	 */
-//	public boolean isInterfederatedSSOSession() {
-//		return interfederatedSSOSession;
-//	}
-//
-//	/**
-//	 * @param interfederatedSSOSession the interfederatedSSOSession to set
-//	 */
-//	public void setInterfederatedSSOSession(boolean interfederatedSSOSession) {
-//		this.interfederatedSSOSession = interfederatedSSOSession;
-//	}
-//
-//	/**
-//	 * @return the interfederatedIDP
-//	 */
-//	public String getInterfederatedIDP() {
-//		return interfederatedIDP;
-//	}
-//
-//	/**
-//	 * @param interfederatedIDP the interfederatedIDP to set
-//	 */
-//	public void setInterfederatedIDP(String interfederatedIDP) {
-//		this.interfederatedIDP = interfederatedIDP;
-//	}
-
-	/**
-	 * @return the ssoSessionValidTo
-	 */
-	public Date getSsoSessionValidTo() {
-		return ssoSessionValidTo;
-	}
-
-	/**
-	 * @param ssoSessionValidTo the ssoSessionValidTo to set
-	 */
-	public void setSsoSessionValidTo(Date ssoSessionValidTo) {
-		this.ssoSessionValidTo = ssoSessionValidTo;
-	}
-
-	/**
-	 * @return the encbPKList
-	 */
-	public List<String> getEncbPKList() {
-		return encbPKList;
-	}
-
-	/**
-	 * @param encbPKList the encbPKList to set
-	 */
-	public void setEncbPKList(List<String> encbPKList) {
-		this.encbPKList = encbPKList;
-	}
-
-	/**
-	 * @return the roles
-	 */
-	public List<AuthenticationRole> getAuthenticationRoles() {
-//		if (this.roles == null) {
-//			this.roles = new ArrayList<AuthenticationRole>();
-//			this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole"));
-//			this.roles.add(new AuthenticationRole("yypvprole", "yypvprole"));
-//		}
-		
-		return roles;
-	}
-
-	//ISA 1.18 attributes
-	/**
-	 * @param roles the roles to set
-	 */
-	public void addAuthenticationRole(AuthenticationRole role) {
-		if (this.roles == null)
-			this.roles = new ArrayList<AuthenticationRole>();
-
-		this.roles.add(role);
-	}
-	
-	/**
-	 * @return the pvpAttribute_OU
-	 */
-	public String getPvpAttribute_OU() {
-		return pvpAttribute_OU;
-	}
-
-	/**
-	 * @param pvpAttribute_OU the pvpAttribute_OU to set
-	 */
-	public void setPvpAttribute_OU(String pvpAttribute_OU) {
-		this.pvpAttribute_OU = pvpAttribute_OU;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService()
-	 */
-	@Override
-	public boolean isBaseIDTransferRestrication() {
-		return isBaseIDTransferRestrication;
-	}
-
-	/**
-	 * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set
-	 */
-	public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) {
-		this.isBaseIDTransferRestrication = isBaseIDTransferRestrication;
-	}
-	
-	/**
-	 * Returns a generic data-object with is stored with a specific identifier 
-	 * 
-	 * @param key The specific identifier of the data object
-	 * @param clazz The class type which is stored with this key
-	 * @return The data object or null if no data is found with this key
-	 */
-	public <T> T getGenericData(String key, final Class<T> clazz) {
-		if (MiscUtil.isNotEmpty(key)) {
-			Object data = genericDataStorate.get(key);			
-			
-			if (data == null)
-				return null;
-			
-			try {
-				@SuppressWarnings("unchecked")
-				T test = (T) data;
-				return test;
-				
-			} catch (Exception e) {
-				Logger.warn("Generic authentication-data object can not be casted to requsted type", e);
-				return null;
-				
-			}
-			
-		} 
-		
-		Logger.warn("Can not load generic session-data with key='null'");
-		return null;
-				
-	}
-	
-	/**
-	 * Store a generic data-object to session with a specific identifier
-	 * 
-	 * @param key Identifier for this data-object
-	 * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
-	 * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
-	 */
-	public void setGenericData(String key, Object object) throws SessionDataStorageException {
-		if (MiscUtil.isEmpty(key)) {
-			Logger.warn("Generic session-data can not be stored with a 'null' key");
-			throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null);
-			
-		}
-		
-		if (object != null) {
-			if (!Serializable.class.isInstance(object)) {
-				Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface");
-				throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null);
-				
-			}						
-		}
-		
-		if (genericDataStorate.containsKey(key))
-			Logger.debug("Overwrite generic data with key:" + key);
-		else
-			Logger.trace("Add generic data with key:" + key + " to session.");
-		
-		genericDataStorate.put(key, object);
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
new file mode 100644
index 000000000..b8dccfa65
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
@@ -0,0 +1,40 @@
+package at.gv.egovernment.moa.id.data;
+
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+
+public interface IMOAAuthData extends IAuthData{
+
+	 @Deprecated
+	 /**
+	  * Return STORK QAA level
+	  * 
+	  * @return
+	  */
+	 String getQAALevel();
+	 
+	 List<String> getEncbPKList();	 
+	 IIdentityLink getIdentityLink();	 
+     byte[] getSignerCertificate();
+	 String getAuthBlock();	 
+	 boolean isPublicAuthority();
+	 String getPublicAuthorityCode();
+	 boolean isQualifiedCertificate();
+	 String getBkuURL();
+	 String getInterfederatedIDP();
+	 boolean isInterfederatedSSOSession();
+	 boolean isUseMandate();
+	 IMISMandate getMISMandate();	 
+	 Element getMandate();
+	 String getMandateReferenceValue();
+
+	 //ISA 1.18 attributes
+	 String getPvpAttribute_OU();
+	 List<AuthenticationRole> getAuthenticationRoles();
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
new file mode 100644
index 000000000..0e8a988ce
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
@@ -0,0 +1,968 @@
+/**
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.data;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
+import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAAuthenticationData extends AuthenticationData implements IMOAAuthData, Serializable {
+
+	private static final long serialVersionUID = 1L;
+	private IIdentityLink identityLink;
+	private boolean qualifiedCertificate;
+	private boolean publicAuthority;
+	private String publicAuthorityCode;
+	private String bkuURL;
+	private byte[] signerCertificate = null;
+	private String authBlock = null;	
+	private String QAALevel = null;
+	private List<String> encbPKList;
+
+	//ISA 1.18 attributes
+	private List<AuthenticationRole> roles = null;
+	private String pvpAttribute_OU = null;
+	  
+	private boolean useMandate = false;
+	private IMISMandate mandate = null;
+	private String mandateReferenceValue = null;
+	
+	private boolean interfederatedSSOSession;
+	private String interfederatedIDP;
+
+	
+	/**
+	 * @return
+	 */
+	@Override
+	public String getQAALevel() {
+		if (this.QAALevel != null && 
+				this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) {
+			String mappedQAA = PVPtoSTORKMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel);
+			if (MiscUtil.isNotEmpty(mappedQAA))
+				return mappedQAA;
+			
+			else {
+				Logger.error("eIDAS QAA-level:" + this.QAALevel 
+						+ " can not be mapped to STORK QAA-level! Use "
+						+ PVPConstants.STORK_QAA_1_1 + " as default value.");
+				return PVPConstants.STORK_QAA_1_1;
+				
+			}
+			
+			
+		} else
+			return this.QAALevel;
+		
+	}
+
+	@Override
+	public List<String> getEncbPKList() {
+		return this.encbPKList;
+	}
+
+	
+	@Override
+	public IIdentityLink getIdentityLink() {
+		return identityLink;
+	}
+
+	/**
+	 * @param identityLink the identityLink to set
+	 */
+	public void setIdentityLink(IIdentityLink identityLink) {
+		this.identityLink = identityLink;
+	}
+
+	@Override
+	public byte[] getSignerCertificate() {
+		return signerCertificate;
+	}
+
+
+	/**
+	 * @param signerCertificate the signerCertificate to set
+	 */
+	public void setSignerCertificate(byte[] signerCertificate) {
+		this.signerCertificate = signerCertificate;
+	}
+
+
+	@Override
+	public String getAuthBlock() {
+		return authBlock;
+	}
+
+
+	/**
+	 * @param authBlock the authBlock to set
+	 */
+	public void setAuthBlock(String authBlock) {
+		this.authBlock = authBlock;
+	}
+
+
+	@Override
+	public IMISMandate getMISMandate() {
+		return mandate;
+	}
+
+	@Override
+	public Element getMandate() {
+		if (mandate == null)
+			return null;
+		
+		//parse Element from mandate XML
+		try {
+			byte[] byteMandate = mandate.getMandate();
+			String stringMandate = new String(byteMandate);
+			return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
+			
+		}
+		catch (Throwable e) {
+			Logger.warn("Mandate content could not be generated from MISMandate.");
+			return null;
+		}
+	}
+	
+
+	/**
+	 * @param mandate the mandate to set
+	 */
+	public void setMISMandate(IMISMandate mandate) {
+		this.mandate = mandate;
+	}
+
+
+	@Override
+	public boolean isUseMandate() {
+		return useMandate;
+	}
+
+
+	public void setUseMandate(boolean useMandate) {
+		this.useMandate = useMandate;
+	}
+	
+
+	@Override
+	  public boolean isPublicAuthority() {
+	    return publicAuthority;
+	  }
+
+	@Override
+	  public String getPublicAuthorityCode() {
+	    return publicAuthorityCode;
+	  }
+
+	@Override
+	  public boolean isQualifiedCertificate() {
+	    return qualifiedCertificate;
+	  }
+	
+
+	@Override
+	public String getBkuURL() {
+		return bkuURL;
+		
+	}
+
+	  /**
+	   * Sets the bkuURL
+	   * @param url The BKU URL to set
+	   */
+	  public void setBkuURL(String url) {
+	    this.bkuURL = url;
+	  }
+	
+	  @Override
+	public boolean isInterfederatedSSOSession() {
+		return this.interfederatedSSOSession;
+	}
+
+	/**
+	 * @param interfederatedSSOSession the interfederatedSSOSession to set
+	 */
+	public void setInterfederatedSSOSession(boolean interfederatedSSOSession) {
+		this.interfederatedSSOSession = interfederatedSSOSession;
+	}
+
+	@Override
+	public String getInterfederatedIDP() {
+		return this.interfederatedIDP;
+	}
+
+	/**
+	 * @param interfederatedIDP the interfederatedIDP to set
+	 */
+	public void setInterfederatedIDP(String interfederatedIDP) {
+		this.interfederatedIDP = interfederatedIDP;
+	}	  
+	  
+
+	@Override
+	public String getMandateReferenceValue() {
+		return mandateReferenceValue;
+	}
+
+	/**
+	 * @param mandateReferenceValue the mandateReferenceValue to set
+	 */
+	public void setMandateReferenceValue(String mandateReferenceValue) {
+		this.mandateReferenceValue = mandateReferenceValue;
+	}
+	
+
+	@Override
+	public List<AuthenticationRole> getAuthenticationRoles() {		
+		return roles;
+	}
+
+	//ISA 1.18 attributes
+	/**
+	 * @param roles the roles to set
+	 */
+	public void addAuthenticationRole(AuthenticationRole role) {
+		if (this.roles == null)
+			this.roles = new ArrayList<AuthenticationRole>();
+
+		this.roles.add(role);
+	}
+	
+	@Override
+	public String getPvpAttribute_OU() {
+		return pvpAttribute_OU;
+	}
+
+	/**
+	 * @param pvpAttribute_OU the pvpAttribute_OU to set
+	 */
+	public void setPvpAttribute_OU(String pvpAttribute_OU) {
+		this.pvpAttribute_OU = pvpAttribute_OU;
+	}
+	
+	/**
+	 * Store QAA level in eIDAS format to authentication Data
+	 * 
+	 * @param qAALevel the qAALevel to set
+	 * @throws AssertionAttributeExtractorExeption 
+	 */
+	public void setQAALevel(String qAALevel) {
+			this.QAALevel = qAALevel;
+			
+	}
+	
+	/**
+	 * @param encbPKList the encbPKList to set
+	 */
+	public void setEncbPKList(List<String> encbPKList) {
+		this.encbPKList = encbPKList;
+	}
+	
+	
+	  /**
+	   * Sets the publicAuthority.
+	   * @param publicAuthority The publicAuthority to set
+	   */
+	  public void setPublicAuthority(boolean publicAuthority) {
+	    this.publicAuthority = publicAuthority;
+	  }
+
+	  /**
+	   * Sets the publicAuthorityCode.
+	   * @param publicAuthorityIdentification The publicAuthorityCode to set
+	   */
+	  public void setPublicAuthorityCode(String publicAuthorityIdentification) {
+	    this.publicAuthorityCode = publicAuthorityIdentification;
+	  }
+
+	  /**
+	   * Sets the qualifiedCertificate.
+	   * @param qualifiedCertificate The qualifiedCertificate to set
+	   */
+	  public void setQualifiedCertificate(boolean qualifiedCertificate) {
+	    this.qualifiedCertificate = qualifiedCertificate;
+	  }
+	
+	
+//	private static final long serialVersionUID = -1042697056735596866L;
+//	public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
+//	
+//	  /**
+//	   * URL of the MOA-ID Auth component issueing this assertion
+//	   */
+//	  private String issuer;
+//	  /**
+//	   * time instant of issue of this assertion
+//	   */
+//	  private Date issueInstant;
+//	  /**
+//	   * user identification value (Stammzahl); <code>null</code>, 
+//	   * if the authentication module is configured not to return this data
+//	   */
+//	  private String identificationValue;
+//		/**
+//		 * user identification type
+//		 */
+//	  private String identificationType;
+//		
+//		/**
+//		 * user identityLink specialized to OAParamter
+//		 */
+//	  private IIdentityLink identityLink;
+//		
+//	  /**
+//	   * application specific user identifier (bPK/wbPK)
+//	   */
+//	  private String bPK;
+//	  
+//	  /**
+//	   * application specific user identifier type
+//	   */
+//	  private String bPKType;
+//	  
+//	  /**
+//	   * given name of the user
+//	   */
+//	  private String givenName;
+//	  /**
+//	   * family name of the user
+//	   */
+//	  private String familyName;
+//	  /**
+//	   * date of birth of the user
+//	   */
+//	  private Date dateOfBirth;
+//	  /**
+//	   * says whether the certificate is a qualified certificate or not
+//	   */
+//	  
+//	  /**
+//	   * says whether the certificate is a public authority or not
+//	   */
+//	  /**
+//	   * public authority code (Beh&ouml;rdenkennzeichen - BKZ)
+//	   */
+//	  
+//
+//	  /**
+//	   * URL of the BKU
+//	   */
+//	  
+//	  /**
+//	   * the corresponding <code>lt;saml:Assertion&gt;</code>
+//	   */
+//
+//	  private boolean isBaseIDTransferRestrication = true;
+//	  
+//	  
+//	 /**
+//	  * STORK attributes from response
+//	  */
+//	  private String ccc = null;
+//	  
+//	  private Map<String, Object> genericDataStorate = new HashedMap<String, Object>();
+//	  
+//	  
+//	  	  
+//	  private String authBlock = null; 
+//	  private List<String> encbPKList = null;
+//	  
+//	  //ISA 1.18 attributes
+//	  private List<AuthenticationRole> roles = null;
+//	  private String pvpAttribute_OU = null;
+//	  
+//	  private boolean useMandate = false;
+//	  private IMISMandate mandate = null;
+//	  private String mandateReferenceValue = null;
+//	  
+//	  private boolean foreigner =false;
+//	  private String QAALevel = null;
+//	  
+//	  private boolean ssoSession = false;
+//	  private Date ssoSessionValidTo = null;
+//
+////	  private boolean interfederatedSSOSession = false;
+////	  private String interfederatedIDP = null;
+//	  
+//	  private String sessionIndex = null;
+//	  private String nameID = null;
+//	  private String nameIDFormat = null;
+//	  
+//	  public AuthenticationData() {
+//		  issueInstant = new Date();
+//	  }
+//	  	  
+//	  /**
+//	   * Returns the publicAuthority.
+//	   * @return boolean
+//	   */
+//	  public boolean isPublicAuthority() {
+//	    return publicAuthority;
+//	  }
+//
+//	  /**
+//	   * Returns the publicAuthorityCode.
+//	   * @return String
+//	   */
+//	  public String getPublicAuthorityCode() {
+//	    return publicAuthorityCode;
+//	  }
+//
+//	  /**
+//	   * Returns the qualifiedCertificate.
+//	   * @return boolean
+//	   */
+//	  public boolean isQualifiedCertificate() {
+//	    return qualifiedCertificate;
+//	  }
+//
+//	  /**
+//	   * Returns the bPK.
+//	   * @return String
+//	   */
+//	  public String getBPK() {
+//	    return bPK;
+//	  }
+//
+//	  /**
+//	   * Sets the publicAuthority.
+//	   * @param publicAuthority The publicAuthority to set
+//	   */
+//	  public void setPublicAuthority(boolean publicAuthority) {
+//	    this.publicAuthority = publicAuthority;
+//	  }
+//
+//	  /**
+//	   * Sets the publicAuthorityCode.
+//	   * @param publicAuthorityIdentification The publicAuthorityCode to set
+//	   */
+//	  public void setPublicAuthorityCode(String publicAuthorityIdentification) {
+//	    this.publicAuthorityCode = publicAuthorityIdentification;
+//	  }
+//
+//	  /**
+//	   * Sets the qualifiedCertificate.
+//	   * @param qualifiedCertificate The qualifiedCertificate to set
+//	   */
+//	  public void setQualifiedCertificate(boolean qualifiedCertificate) {
+//	    this.qualifiedCertificate = qualifiedCertificate;
+//	  }
+//
+//	  /**
+//	   * Sets the bPK.
+//	   * @param bPK The bPK to set
+//	   */
+//	  public void setBPK(String bPK) {
+//	    this.bPK = bPK;
+//	  }
+//
+//	  /**
+//	   * Returns the dateOfBirth.
+//	   * @return String
+//	   */
+//	  public Date getDateOfBirth() {
+//	    return dateOfBirth;
+//	  }
+//
+//	  public String getFormatedDateOfBirth() {
+//			DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
+//			if (getDateOfBirth() != null)
+//				return pvpDateFormat.format(getDateOfBirth());
+//			else
+//				return "2999-12-31";
+//		}
+//	  
+//	  /**
+//	   * Returns the familyName.
+//	   * @return String
+//	   */
+//	  public String getFamilyName() {
+//	    return familyName;
+//	  }
+//
+//	  /**
+//	   * Returns the givenName.
+//	   * @return String
+//	   */
+//	  public String getGivenName() {
+//	    return givenName;
+//	  }
+//
+//	  /**
+//	   * Holds the baseID of a citizen
+//	   * 
+//	   * @return baseID
+//	   */
+//	  public String getIdentificationValue() {
+//	    return identificationValue;
+//	  }
+//
+//		/**
+//		 * Holds the type of the baseID
+//		 * 
+//		 * @return baseID-Type
+//		 */
+//		public String getIdentificationType() {
+//			return identificationType;
+//		}
+//
+//	  /**
+//	   * Returns the issueInstant.
+//	   * @return String
+//	   */
+//	  public String getIssueInstantString() {
+//	    return DateTimeUtils.buildDateTimeUTC(issueInstant);
+//	    
+//	  }
+//
+//	  /**
+//	   * Returns the issueInstant.
+//	   * @return String
+//	   */
+//	  public Date getIssueInstant() {
+//	    return issueInstant;
+//	    
+//	  }
+//	  
+//	  public void setIssueInstant(Date date) {
+//		  this.issueInstant = date;
+//	  }
+//	  
+//	  /**
+//	   * Returns the issuer.
+//	   * @return String
+//	   */
+//	  public String getIssuer() {
+//	    return issuer;
+//	  }
+//	  
+//	  /**
+//	   * Returns the BKU URL.
+//	   * @return String
+//	   */
+//	  public String getBkuURL() {
+//	    return bkuURL;
+//	  }
+//
+//	  /**
+//	   * Sets the dateOfBirth.
+//	   * @param dateOfBirth The dateOfBirth to set
+//	   */
+//	  public void setDateOfBirth(Date dateOfBirth) {
+//	    this.dateOfBirth = dateOfBirth;
+//	  }
+//
+//	  public void setDateOfBirth(String dateOfBirth) {		  
+//		  try {		  
+//			  if (MiscUtil.isNotEmpty(dateOfBirth)) {
+//				  DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
+//				  this.dateOfBirth = identityLinkFormat.parse(dateOfBirth);
+//			  }
+//			  
+//		  } catch (ParseException e) {
+//			  Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e);
+//			  
+//		  }		  
+//	  }
+//	  
+//	  /**
+//	   * Sets the familyName.
+//	   * @param familyName The familyName to set
+//	   */
+//	  public void setFamilyName(String familyName) {
+//	    this.familyName = familyName;
+//	  }
+//
+//	  /**
+//	   * Sets the givenName.
+//	   * @param givenName The givenName to set
+//	   */
+//	  public void setGivenName(String givenName) {
+//	    this.givenName = givenName;
+//	  }
+//
+//	  /**
+//	   * Sets the identificationValue.
+//	   * @param identificationValue The identificationValue to set
+//	   */
+//	  public void setIdentificationValue(String identificationValue) {
+//	    this.identificationValue = identificationValue;
+//	  }
+//
+//		/**
+//		 * Sets the identificationType.
+//		 * @param identificationType The identificationType to set
+//		 */
+//		public void setIdentificationType(String identificationType) {
+//			this.identificationType = identificationType;
+//		}
+//
+//	  /**
+//	   * Sets the issuer.
+//	   * @param issuer The issuer to set
+//	   */
+//	  public void setIssuer(String issuer) {
+//	    this.issuer = issuer;
+//	  }
+//	  
+//	  /**
+//	   * Sets the bkuURL
+//	   * @param url The BKU URL to set
+//	   */
+//	  public void setBkuURL(String url) {
+//	    this.bkuURL = url;
+//	  }
+//
+//	public String getBPKType() {
+//		return bPKType;
+//	}
+//
+//	public void setBPKType(String bPKType) {
+//		this.bPKType = bPKType;
+//	}
+//
+
+//
+//
+
+//
+//	
+//	public String getEIDASQAALevel() {
+//		if (this.QAALevel != null && 
+//				this.QAALevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
+//			String mappedQAA = PVPtoSTORKMapper.getInstance().mapSTORKQAAToeIDASQAA(this.QAALevel);
+//			if (MiscUtil.isNotEmpty(mappedQAA))
+//				return mappedQAA;
+//			
+//			else {
+//				Logger.error("STORK QAA-level:" + this.QAALevel 
+//						+ " can not be mapped to eIDAS QAA-level! Use "
+//						+ PVPConstants.EIDAS_QAA_LOW + " as default value.");
+//				return PVPConstants.EIDAS_QAA_LOW;
+//				
+//			}
+//			
+//			
+//		} else
+//			return this.QAALevel;
+//		
+//	}
+//	
+//
+//	/**
+//	 * @return
+//	 */
+//	public boolean isForeigner() {
+//		return this.foreigner;
+//	}
+//
+//
+//	/**
+//	 * @param foreigner the foreigner to set
+//	 */
+//	public void setForeigner(boolean foreigner) {
+//		this.foreigner = foreigner;
+//	}
+//
+//
+
+//
+//	/**
+//	 * @return the ssoSession
+//	 */
+//	public boolean isSsoSession() {
+//		return ssoSession;
+//	}
+//
+//
+//	/**
+//	 * @param ssoSession the ssoSession to set
+//	 */
+//	public void setSsoSession(boolean ssoSession) {
+//		this.ssoSession = ssoSession;
+//	}
+//
+//	/**
+//	 * @return the mandateReferenceValue
+//	 */
+//	public String getMandateReferenceValue() {
+//		return mandateReferenceValue;
+//	}
+//
+//	/**
+//	 * @param mandateReferenceValue the mandateReferenceValue to set
+//	 */
+//	public void setMandateReferenceValue(String mandateReferenceValue) {
+//		this.mandateReferenceValue = mandateReferenceValue;
+//	}
+//
+//	/**
+//	 * CountryCode of the citizen which is identified and authenticated
+//	 * 
+//	 * @return the CountryCode <pre>like. AT, SI, ...</pre>
+//	 */
+//	public String getCcc() {
+//		return ccc;
+//	}
+//
+//	/**
+//	 * @param ccc the ccc to set
+//	 */
+//	public void setCcc(String ccc) {
+//		this.ccc = ccc;
+//	}
+//
+//	/**
+//	 * @return the sessionIndex
+//	 */
+//	public String getSessionIndex() {
+//		return sessionIndex;
+//	}
+//
+//	/**
+//	 * @param sessionIndex the sessionIndex to set
+//	 */
+//	public void setSessionIndex(String sessionIndex) {
+//		this.sessionIndex = sessionIndex;
+//	}
+//
+//	/* (non-Javadoc)
+//	 * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID()
+//	 */
+//	@Override
+//	public String getNameID() {
+//		return this.nameID;
+//	}
+//
+//	/**
+//	 * @param nameID the nameID to set
+//	 */
+//	public void setNameID(String nameID) {
+//		this.nameID = nameID;
+//	}
+//
+//	/**
+//	 * @return the nameIDFormat
+//	 */
+//	public String getNameIDFormat() {
+//		return nameIDFormat;
+//	}
+//
+//	/**
+//	 * @param nameIDFormat the nameIDFormat to set
+//	 */
+//	public void setNameIDFormat(String nameIDFormat) {
+//		this.nameIDFormat = nameIDFormat;
+//	}
+//
+////	/**
+////	 * @return the interfederatedSSOSession
+////	 */
+////	public boolean isInterfederatedSSOSession() {
+////		return interfederatedSSOSession;
+////	}
+////
+////	/**
+////	 * @param interfederatedSSOSession the interfederatedSSOSession to set
+////	 */
+////	public void setInterfederatedSSOSession(boolean interfederatedSSOSession) {
+////		this.interfederatedSSOSession = interfederatedSSOSession;
+////	}
+////
+////	/**
+////	 * @return the interfederatedIDP
+////	 */
+////	public String getInterfederatedIDP() {
+////		return interfederatedIDP;
+////	}
+////
+////	/**
+////	 * @param interfederatedIDP the interfederatedIDP to set
+////	 */
+////	public void setInterfederatedIDP(String interfederatedIDP) {
+////		this.interfederatedIDP = interfederatedIDP;
+////	}
+//
+//	/**
+//	 * @return the ssoSessionValidTo
+//	 */
+//	public Date getSsoSessionValidTo() {
+//		return ssoSessionValidTo;
+//	}
+//
+//	/**
+//	 * @param ssoSessionValidTo the ssoSessionValidTo to set
+//	 */
+//	public void setSsoSessionValidTo(Date ssoSessionValidTo) {
+//		this.ssoSessionValidTo = ssoSessionValidTo;
+//	}
+//
+//	/**
+//	 * @return the encbPKList
+//	 */
+//	public List<String> getEncbPKList() {
+//		return encbPKList;
+//	}
+//
+//	/**
+//	 * @param encbPKList the encbPKList to set
+//	 */
+//	public void setEncbPKList(List<String> encbPKList) {
+//		this.encbPKList = encbPKList;
+//	}
+//
+//	/**
+//	 * @return the roles
+//	 */
+//	public List<AuthenticationRole> getAuthenticationRoles() {
+////		if (this.roles == null) {
+////			this.roles = new ArrayList<AuthenticationRole>();
+////			this.roles.add(new AuthenticationRole("xxpvprole", "xxpvprole"));
+////			this.roles.add(new AuthenticationRole("yypvprole", "yypvprole"));
+////		}
+//		
+//		return roles;
+//	}
+//
+//	//ISA 1.18 attributes
+//	/**
+//	 * @param roles the roles to set
+//	 */
+//	public void addAuthenticationRole(AuthenticationRole role) {
+//		if (this.roles == null)
+//			this.roles = new ArrayList<AuthenticationRole>();
+//
+//		this.roles.add(role);
+//	}
+//	
+//	/**
+//	 * @return the pvpAttribute_OU
+//	 */
+//	public String getPvpAttribute_OU() {
+//		return pvpAttribute_OU;
+//	}
+//
+//	/**
+//	 * @param pvpAttribute_OU the pvpAttribute_OU to set
+//	 */
+//	public void setPvpAttribute_OU(String pvpAttribute_OU) {
+//		this.pvpAttribute_OU = pvpAttribute_OU;
+//	}
+//
+//	/* (non-Javadoc)
+//	 * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService()
+//	 */
+//	@Override
+//	public boolean isBaseIDTransferRestrication() {
+//		return isBaseIDTransferRestrication;
+//	}
+//
+//	/**
+//	 * @param isBaseIDTransmittionAllowed the isBaseIDTransmittionAllowed to set
+//	 */
+//	public void setBaseIDTransferRestrication(boolean isBaseIDTransferRestrication) {
+//		this.isBaseIDTransferRestrication = isBaseIDTransferRestrication;
+//	}
+//	
+//	/**
+//	 * Returns a generic data-object with is stored with a specific identifier 
+//	 * 
+//	 * @param key The specific identifier of the data object
+//	 * @param clazz The class type which is stored with this key
+//	 * @return The data object or null if no data is found with this key
+//	 */
+//	public <T> T getGenericData(String key, final Class<T> clazz) {
+//		if (MiscUtil.isNotEmpty(key)) {
+//			Object data = genericDataStorate.get(key);			
+//			
+//			if (data == null)
+//				return null;
+//			
+//			try {
+//				@SuppressWarnings("unchecked")
+//				T test = (T) data;
+//				return test;
+//				
+//			} catch (Exception e) {
+//				Logger.warn("Generic authentication-data object can not be casted to requsted type", e);
+//				return null;
+//				
+//			}
+//			
+//		} 
+//		
+//		Logger.warn("Can not load generic session-data with key='null'");
+//		return null;
+//				
+//	}
+//	
+//	/**
+//	 * Store a generic data-object to session with a specific identifier
+//	 * 
+//	 * @param key Identifier for this data-object
+//	 * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
+//	 * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
+//	 */
+//	public void setGenericData(String key, Object object) throws SessionDataStorageException {
+//		if (MiscUtil.isEmpty(key)) {
+//			Logger.warn("Generic session-data can not be stored with a 'null' key");
+//			throw new SessionDataStorageException("Generic data can not be stored with a 'null' key", null);
+//			
+//		}
+//		
+//		if (object != null) {
+//			if (!Serializable.class.isInstance(object)) {
+//				Logger.warn("Generic data can only store objects which implements the 'Seralizable' interface");
+//				throw new SessionDataStorageException("Generic data can only store objects which implements the 'Seralizable' interface", null);
+//				
+//			}						
+//		}
+//		
+//		if (genericDataStorate.containsKey(key))
+//			Logger.debug("Overwrite generic data with key:" + key);
+//		else
+//			Logger.trace("Add generic data with key:" + key + " to session.");
+//		
+//		genericDataStorate.put(key, object);
+//	}
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index a24683545..2e1af43e4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -22,8 +22,6 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.moduls;
 
-import java.io.IOException;
-import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Enumeration;
@@ -31,11 +29,11 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Map.Entry;
 
-import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.opensaml.saml2.core.LogoutRequest;
 import org.opensaml.saml2.core.LogoutResponse;
 import org.opensaml.saml2.core.StatusCode;
@@ -46,21 +44,22 @@ import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
-import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
 import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
-import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
-import at.gv.egovernment.moa.id.auth.modules.SingleSignOnConsentsModuleImpl;
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
@@ -69,10 +68,6 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
-import at.gv.egovernment.moa.id.process.ProcessEngine;
-import at.gv.egovernment.moa.id.process.ProcessExecutionException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
@@ -81,36 +76,50 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.storage.ITransactionStorage;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 @Service("MOAID_AuthenticationManager")
-public class AuthenticationManager extends MOAIDAuthConstants {
+public class AuthenticationManager extends AbstractAuthenticationManager {
 
-	private static List<String> reqParameterWhiteListeForModules = new ArrayList<String>();
-	private static List<String> reqHeaderWhiteListeForModules = new ArrayList<String>();
-	
+	public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL";
+	public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse";
+	public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes";
+	public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "interIDPEntityID";	
+	public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_LoA";
+		
 	public static final String MOA_SESSION = "MoaAuthenticationSession";
 	public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
 
 	public static final int SLOTIMEOUT = 30 * 1000; //30 sec
 	
-	@Autowired private ProcessEngine processEngine;	
-	@Autowired private SSOManager ssoManager;
-	@Autowired private IRequestStorage requestStoreage;
+
 	@Autowired private ITransactionStorage transactionStorage;
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
-	@Autowired private MOAReversionLogger revisionsLogger;
-	@Autowired protected AuthConfiguration authConfig;
+	
 	@Autowired private SingleLogOutBuilder sloBuilder;
 	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
 	@Autowired private IGUIFormBuilder guiBuilder;
 	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
 	
+	
+	@Override
+	public void performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq)
+			throws EAAFException {
+		// TODO Auto-generated method stub
+		
+	}
+
+	@Override
+	public void performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq, String arg3)
+			throws EAAFException {
+		// TODO Auto-generated method stub
+		
+	}
+	
+	
+	
 	public void performSingleLogOut(HttpServletRequest httpReq,
 	HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException {
 		performSingleLogOut(httpReq, httpResp, session, pvpReq, null);
@@ -123,39 +132,6 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 		
 	}
 	
-	/**
-	 * @param req
-	 * @param resp
-	 * @param moasessionid
-	 */
-	public void performOnlyIDPLogOut(AuthenticationSession authSession) {
-		
-		if (authSession == null) {
-			Logger.info("No internal MOA SSO-Session found. Nothing to destroy");
-			return;
-			
-		}
-		
-		try {
-									
-			authSession.setAuthenticated(false);
-			//HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session
-
-			//log Session_Destroy to reversionslog
-			AuthenticationSessionExtensions sessionExtensions = authenticatedSessionStore.getAuthenticationSessionExtensions(authSession.getSessionID());
-			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
-			
-			authenticatedSessionStore.destroyInternalSSOSession(authSession.getSessionID());
-			
-			//session.invalidate();
-		
-		} catch (MOADatabaseException e) {
-			Logger.info("NO MOA Authentication data for ID " + authSession.getSessionID());
-			return;
-		}
-		
-	}
-	
 	
 	public void performOnlyIDPLogOut(HttpServletRequest request,
 			HttpServletResponse response, String internalMOASsoSessionID) {
@@ -187,327 +163,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 		}
 
 	}
-
-
-	/**
-	 * Authenticates the authentication request {pendingReq}, which is actually processed
-	 * 
-	 * @param httpReq HttpServletRequest	
-	 * @param httpResp HttpServletResponse
-	 * @param protocolRequest Authentication request which is actually in process
-	 * 
-	 * @return Return already authenticated MOASession if exists, otherwise return null 
-	 * @throws MOADatabaseException 
-	 * @throws MOAIDException 
-	 * @throws IOException 
-	 * @throws ServletException 
-	 * 
-	 */
-	public AuthenticationSession doAuthentication(HttpServletRequest httpReq,
-			HttpServletResponse httpResp, RequestImpl pendingReq) throws MOADatabaseException, ServletException, IOException, MOAIDException {
-	
-		//load OA configuration from pending request
-		IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
-				
-		//set logging context and log unique OA identifier to revision log 
-		TransactionIDUtils.setServiceProviderId(pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix());
-		revisionsLogger.logEvent(oaParam, 
-				pendingReq, MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER, pendingReq.getOAURL());
-			
-		//generic authentication request validation 
-		if (pendingReq.isPassiv()
-				&& pendingReq.forceAuth()) {
-			// conflict!
-			throw new NoPassivAuthenticationException();
-		}
-				
-		//get SSO cookie from http request
-		String ssoId = ssoManager.getSSOSessionID(httpReq);
-		
-		//check if interfederation IDP is requested
-		ssoManager.checkInterfederationIsRequested(httpReq, httpResp, pendingReq);
-		
-		//check if SSO session cookie is already used
-		if (ssoId != null) {
-			String correspondingMOASession = ssoManager.existsOldSSOSession(ssoId);
-			
-			if (correspondingMOASession != null) {
-				Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " +
-						"Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
-				
-				revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
-						pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_INVALID);
-				
-				//destroy internal SSO-session object and SSO-session cooky
-				authenticatedSessionStore.destroyInternalSSOSession(correspondingMOASession);
-				ssoManager.deleteSSOSessionID(httpReq, httpResp);
-			}
-		}
-
-		//check if SSO Session is valid
-		boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq);
-		
-		// check if Service-Provider allows SSO sessions
-		boolean useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP();		
-				
-		//if a legacy request is used SSO should not be allowed in case of mandate authentication
-		boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(httpReq);
-			
-		//check if SSO is allowed for the actually executed request
-		//INFO: Actually, useMandate disables SSO functionality!!!!!
-		boolean isSSOAllowed = (useSSOOA  && !isUseMandateRequested);
-		pendingReq.setNeedSingleSignOnFunctionality(isSSOAllowed);
-						
-		//get MOASession from SSO-Cookie if SSO is allowed
-		AuthenticationSession ssoMOASession = null;
-		if (isValidSSOSession && isSSOAllowed) {
-			ssoMOASession = ssoManager.getInternalMOASession(ssoId);
-			
-			if (ssoMOASession == null)
-				Logger.info("No MOASession FOUND with provided SSO-Cookie.");
-			
-			else {
-				Logger.debug("Found authenticated MOASession with provided SSO-Cookie.");
-				revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO);
-				
-			}			
-		}
-						
-		//check if session is already authenticated
-		boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, ssoMOASession);
-
-		//force new authentication authentication process
-		if (pendingReq.forceAuth()) {	
-			startAuthenticationProcess(httpReq, httpResp, pendingReq);
-			return null;
-				
-		//perform SSO-Consents evaluation if it it required			
-		} else if (isSessionAuthenticated && oaParam.useSSOQuestion()) {
-			sendSingleSignOnConsentsEvaluation(httpReq, httpResp, pendingReq);
-			return null;
-		
-		} else if (pendingReq.isPassiv()) {
-			if (isSessionAuthenticated) {
-				// Passive authentication ok!
-				revisionsLogger.logEvent(oaParam, pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED);
-				return ssoMOASession;
-				
-			} else {				
-				throw new NoPassivAuthenticationException();
-				
-			}
-		} else {
-			if (isSessionAuthenticated) {
-				// Is authenticated .. proceed
-				revisionsLogger.logEvent(oaParam, 
-						pendingReq, MOAIDEventConstants.AUTHPROCESS_FINISHED);
-				return ssoMOASession;
-				
-			} else {
-				// Start authentication!
-				startAuthenticationProcess(httpReq, httpResp, pendingReq);
-				return null;
-			}
-		}		
-	}
-	
-	/**
-	 * Add a request parameter to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext} 
-	 * 
-	 * @param httpReqParam http parameter name, but never null
-	 */
-	public void addParameterNameToWhiteList(String httpReqParam) {
-		if (MiscUtil.isNotEmpty(httpReqParam))
-			reqParameterWhiteListeForModules.add(httpReqParam);
-		
-	}
-	
-	/**
-	 * Add a request header to whitelist. All parameters that are part of the white list are added into {@link ExecutionContext} 
-	 * 
-	 * @param httpReqParam http header name, but never null
-	 */
-	public void addHeaderNameToWhiteList(String httpReqParam) {
-		if (MiscUtil.isNotEmpty(httpReqParam))
-			reqHeaderWhiteListeForModules.add(httpReqParam.toLowerCase());
 		
-	}
-	
-	/**
-	 * Checks if a authenticated MOASession already exists and if {protocolRequest} is authenticated
-	 * 
-	 * @param protocolRequest Authentication request which is actually in process
-	 * @param moaSession MOASession with authentication information or null if no active MOASession exists
-	 * 
-	 * @return true if session is already authenticated, otherwise false
-	 * @throws MOAIDException 
-	 */
-	private boolean tryPerformAuthentication(RequestImpl protocolRequest, AuthenticationSession ssoMOASession) {
-
-		//if no MOASession exist -> authentication is required
-		if (ssoMOASession == null) {
-			return false;
-			
-		} else {
-			//if MOA SSO-Session is found but not authenticated --> authentication is required
-			if (!ssoMOASession.isAuthenticated()) {
-				return false;
-			}
-			
-			//if MOASession is already authenticated and protocol-request is authenticated 
-			//  --> no authentication is required any more
-			else if (ssoMOASession.isAuthenticated() && protocolRequest.isAuthenticated()) {
-				protocolRequest.setInternalSSOSessionIdentifier(ssoMOASession.getSessionID());
-				return true;
-
-			// if MOASession is authenticated and SSO is allowed --> authenticate pendingRequest
-			} else if (!protocolRequest.isAuthenticated() 
-					&& ssoMOASession.isAuthenticated() && protocolRequest.needSingleSignOnFunctionality()) {
-				Logger.debug("Found active MOASession and SSO is allowed --> pendingRequest is authenticted");
-				protocolRequest.setAuthenticated(true);
-				protocolRequest.setInternalSSOSessionIdentifier(ssoMOASession.getSessionID());
-				return true;
-				
-			}
-			
-			// force authentication as backup solution
-			else {
-				Logger.warn("Authentication-required check find an unsuspected state --> force authentication");
-				return false;
-				
-			}					
-		}
-	}
-	
-	private void startAuthenticationProcess(HttpServletRequest httpReq,
-			HttpServletResponse httpResp, RequestImpl pendingReq)
-			throws ServletException, IOException, MOAIDException {
-				
-		Logger.info("Starting authentication ...");		
-		revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
-				pendingReq, MOAIDEventConstants.AUTHPROCESS_START);
-		
-		//is legacy allowed		
-		List<String> legacyallowed_prot = authConfig.getLegacyAllowedProtocols();
-		boolean legacyallowed = legacyallowed_prot.contains(pendingReq.requestedModule());
-
-		//check legacy request parameter 
-		boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(httpReq);
-				
-		//create authentication process execution context
-		ExecutionContext executionContext = new ExecutionContextImpl();
-
-		//set oaIdentifeir
-		executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_UNIQUE_OA_IDENTFIER, 
-				pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix());
-		
-		//set interfederation authentication flag
-		executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH, 
-				MiscUtil.isNotEmpty(
-						pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class)));
-		
-		//set legacy mode or BKU-selection flags
-		boolean leagacyMode = (legacyallowed && legacyparamavail);			
-		executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_ISLEGACYREQUEST, leagacyMode);
-		executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, !leagacyMode 
-				&& MiscUtil.isEmpty(pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class)));
-		
-		//add X509 SSL client certificate if exist
-		if (httpReq.getAttribute("javax.servlet.request.X509Certificate") != null) {
-			Logger.debug("Find SSL-client-certificate on request --> Add it to context");
-			executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_SSL_CLIENT_CERTIFICATE, 
-					((X509Certificate[])httpReq.getAttribute("javax.servlet.request.X509Certificate")));
-			
-		}
-						
-		//add additional http request parameter to context
-		if (!reqParameterWhiteListeForModules.isEmpty() || leagacyMode) {
-			Enumeration<String> reqParamNames = httpReq.getParameterNames();
-			while(reqParamNames.hasMoreElements()) {
-				String paramName = reqParamNames.nextElement();
-				if (MiscUtil.isNotEmpty(paramName) && 
-						( MOAIDAuthConstants.LEGACYPARAMETERWHITELIST.contains(paramName) 
-								|| reqParameterWhiteListeForModules.contains(paramName) ))
-					executionContext.put(paramName, 
-							StringEscapeUtils.escapeHtml(httpReq.getParameter(paramName)));				
-			}			
-		}
-		
-		//add additional http request parameter to context
-		if (!reqHeaderWhiteListeForModules.isEmpty()) {
-			Enumeration<String> reqHeaderNames = httpReq.getHeaderNames();
-			while(reqHeaderNames.hasMoreElements()) { 
-				String paramName = reqHeaderNames.nextElement();
-				if (MiscUtil.isNotEmpty(paramName) && reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) ) {
-					executionContext.put(paramName, 
-							StringEscapeUtils.escapeHtml(httpReq.getHeader(paramName)));				
-				}
-			}			
-		}
-		
-		//start process engine
-		startProcessEngine(pendingReq, executionContext);
-		
-	}
-			
-	private void sendSingleSignOnConsentsEvaluation(HttpServletRequest request,
-			HttpServletResponse response, RequestImpl pendingReq)
-			throws ServletException, IOException, MOAIDException { 
-			
-			Logger.info("Start SSO user-consents evaluation ...");
-		
-			//set authenticated flag to false, because user consents is required
-			pendingReq.setAuthenticated(false);
-			
-			//create execution context
-			ExecutionContext executionContext = new ExecutionContextImpl();
-			executionContext.put(SingleSignOnConsentsModuleImpl.PARAM_SSO_CONSENTS_EVALUATION, true);
-			
-			//start process engine
-			startProcessEngine(pendingReq, executionContext);
-		 
-	}
-	
-	private void startProcessEngine(RequestImpl pendingReq, ExecutionContext executionContext) throws MOAIDException {
-		try {
-			//put pending-request ID on execurtionContext
-			executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID());			
-						
-			// create process instance
-			String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext);
-
-			if (processDefinitionId == null) {
-				Logger.warn("No suitable process found for SessionID " + pendingReq.getRequestID() );
-				throw new MOAIDException("process.02",new Object[] {
-						pendingReq.getRequestID()});
-			}
-
-			String processInstanceId = processEngine.createProcessInstance(processDefinitionId, executionContext);
-
-			// keep process instance id in protocol pending-request
-			pendingReq.setProcessInstanceId(processInstanceId);
-
-			//store pending-request			
-			requestStoreage.storePendingRequest(pendingReq);
-									
-	    	// start process
-			processEngine.start(pendingReq);
-			
-		} catch (ProcessExecutionException e) {
-			Throwable cause = e.getCause();
-			if (cause != null && cause instanceof TaskExecutionException) {
-				Throwable taskCause = cause.getCause();
-				if (taskCause != null && taskCause instanceof MOAIDException) {
-					MOAIDException moaTaskCause = (MOAIDException) taskCause;
-					Logger.warn(taskCause);
-					throw moaTaskCause;
-				
-				}									
-			}
-			
-			throw new MOAIDException("process.01", new Object[] { pendingReq.getProcessInstanceId(), pendingReq.getRequestID() }, e);
-		}		
-	}
 	
 	private void performSingleLogOut(HttpServletRequest httpReq,
 	HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException {		
@@ -732,5 +388,45 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 			e.printStackTrace();
 		}				
 	}
+	
+	@Override
+	protected void populateExecutionContext(ExecutionContext executionContext, RequestImpl pendingReq, HttpServletRequest httpReq)
+			throws EAAFException {
+		//is legacy allowed
+		boolean legacyallowed = false;
+		if (authConfig instanceof  AuthConfiguration) {
+			List<String> legacyallowed_prot = ((AuthConfiguration)authConfig).getLegacyAllowedProtocols();
+			legacyallowed = legacyallowed_prot.contains(pendingReq.requestedModule());
+			
+		} else
+			Logger.info("Base configuration is NOT of type 'AuthConfiguration'. LegacyMode is disabled");
+		
+
+		//check legacy request parameter 
+		boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(httpReq);
+				
+		
+		//set interfederation authentication flag
+		executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH, 
+				MiscUtil.isNotEmpty(
+						pendingReq.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class)));
+		
+		//set legacy mode or BKU-selection flags
+		boolean leagacyMode = (legacyallowed && legacyparamavail);			
+		executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_ISLEGACYREQUEST, leagacyMode);
+		executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, !leagacyMode 
+				&& MiscUtil.isEmpty(pendingReq.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class)));
+				
+		//add additional http request parameter to context
+		if (leagacyMode) {
+			Enumeration<String> reqParamNames = httpReq.getParameterNames();
+			while(reqParamNames.hasMoreElements()) {
+				String paramName = reqParamNames.nextElement();
+				if (StringUtils.isNotEmpty(paramName) && MOAIDAuthConstants.LEGACYPARAMETERWHITELIST.contains(paramName) )
+					executionContext.put(paramName, StringEscapeUtils.escapeHtml(httpReq.getParameter(paramName)));				
+			}			
+		}
+		
+	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 718f730b0..bded1943b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -33,12 +33,20 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
+import at.gv.egiz.eaaf.core.exceptions.EAAFSSOException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
@@ -46,12 +54,15 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 @Service("MOAID_SSOManager")
-public class SSOManager {	
+public class SSOManager implements ISSOManager {	
+	
 	private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
 	private static final String HTMLTEMPLATEFULL = "slo_template.html";
 	public static String CONTEXTPATH = "contextPath";
@@ -62,9 +73,160 @@ public class SSOManager {
 	private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec
 
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
-	@Autowired protected AuthConfiguration authConfig;
+	@Autowired private AuthConfiguration authConfig;
+	@Autowired private IRevisionLogger revisionsLogger;
+	
+	
 	//@Autowired private MOASessionDBUtils moaSessionDBUtils;
 	
+	
+	public boolean checkAndValidateSSOSession(IRequest pendingReq, HttpServletRequest httpReq, HttpServletResponse httpResp) throws EAAFSSOException {
+		try {
+			//get SSO cookie from http request
+			String ssoId = getSSOSessionID(httpReq);
+		
+			//check if interfederation IDP is requested
+			checkInterfederationIsRequested(httpReq, httpResp, pendingReq);
+			
+			//check if SSO session cookie is already used
+			if (ssoId != null) {
+				String correspondingMOASession = existsOldSSOSession(ssoId);
+				
+				if (correspondingMOASession != null) {
+					Logger.warn("Request sends an old SSO Session ID("+ssoId+")! " +
+							"Invalidate the corresponding MOASession with ID="+ correspondingMOASession);
+					
+					revisionsLogger.logEvent(pendingReq, EVENT_SSO_SESSION_INVALID);
+					
+					//destroy internal SSO-session object and SSO-session cooky
+					authenticatedSessionStore.destroyInternalSSOSession(correspondingMOASession);
+					deleteSSOSessionID(httpReq, httpResp);
+				}
+			}
+
+			//check if SSO Session is valid
+			boolean isSSOValid = isValidSSOSession(ssoId, pendingReq);
+						
+			if (isSSOValid)
+				pendingReq.setSSOSessionIdentifier(ssoId);
+			
+			return isSSOValid;
+						
+			
+		} catch (SessionDataStorageException | ConfigurationException | MOADatabaseException e) {
+			Logger.warn("Cann not process SSO session. Reason: " + e.getMessage(), e);
+			Logger.info("All SSO session will be ignored.");
+			
+		}
+		
+		return false;
+				
+	}
+	
+	
+	
+	public void isSSOAllowedForSP(IRequest pendingReq, HttpServletRequest httpReq) {
+		// check if Service-Provider allows SSO sessions
+		IOAAuthParameters oaConfig = pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class);
+		boolean useSSOOA = oaConfig.useSSO() || oaConfig.isInderfederationIDP();		
+				
+		//if a legacy request is used SSO should not be allowed in case of mandate authentication
+		boolean isUseMandateRequested = false;
+		try {
+			isUseMandateRequested = LegacyHelper.isUseMandateRequested(httpReq);
+
+			//check if SSO is allowed for the actually executed request
+			//INFO: Actually, useMandate disables SSO functionality!!!!!
+			pendingReq.setNeedSingleSignOnFunctionality((useSSOOA  && !isUseMandateRequested));
+			
+			//check if current service provider needs user consent for SSO
+			pendingReq.setNeedUserConsent(oaConfig.useSSOQuestion());
+						
+		} catch (WrongParametersException e) {
+			Logger.warn("Find suspect http parameter for mandates! Reason: " + e.getMessage());
+			
+		}
+		
+	}
+	
+	public void populatePendingRequestWithSSOInformation(IRequest pendingReq) throws EAAFSSOException {				
+		//populate pending request with eID data from SSO session if no userConsent is required
+		try {
+			AuthenticationSession ssoMOASession = getInternalMOASession(pendingReq.getSSOSessionIdentifier());
+			
+			if (ssoMOASession == null)
+				Logger.info("No MOASession FOUND with provided SSO-Cookie.");
+			
+			else {
+				Logger.debug("Found authenticated MOASession with provided SSO-Cookie.");
+				revisionsLogger.logEvent(pendingReq, EVENT_SSO_SESSION_VALID);
+				
+				Logger.trace("Populatint pending request with SSO session information .... ");						
+				pendingReq.setGenericDataToSession(ssoMOASession.getKeyValueRepresentationFromAuthSession());
+				pendingReq.setAuthenticated(true);
+							
+			}
+			
+		} catch (EAAFStorageException e) {
+			Logger.warn("Can NOT populate pending request from SSO session.", e);
+			throw new EAAFSSOException("", new Object[] {},
+					"Can NOT populate pending request from SSO session", e);
+			
+		}
+
+	}
+	
+	
+	@Override
+	public boolean destroySSOSessionOnIDPOnly(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq) throws EAAFSSOException {
+		//get SSO token from request
+		String ssoid = null;
+		if (pendingReq != null && MiscUtil.isNotEmpty(pendingReq.getSSOSessionIdentifier())) {
+			ssoid = pendingReq.getSSOSessionIdentifier();
+			
+		} else {
+			ssoid = getSSOSessionID(httpReq);
+			
+		}
+		try {
+			if (isValidSSOSession(ssoid, null)) {
+		
+				//delete SSO session and MOA session
+				AuthenticationSession ssoSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoid);
+		
+				if (ssoSession == null) {
+					Logger.info("No internal MOA SSO-Session found. Nothing to destroy");
+					return false;
+				
+				}
+			
+													
+				ssoSession.setAuthenticated(false);
+
+				//log Session_Destroy to reversionslog
+				AuthenticationSessionExtensions sessionExtensions = 
+						authenticatedSessionStore.getAuthenticationSessionExtensions(ssoSession.getSSOSessionID());
+				revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
+				authenticatedSessionStore.destroyInternalSSOSession(ssoSession.getSSOSessionID());
+			}
+			
+		} catch (MOADatabaseException | ConfigurationException | SessionDataStorageException e) {
+			Logger.info("NO MOA Authentication data for ID " + ssoid);
+			return false;
+			
+		}
+
+
+		//Remove SSO token
+		deleteSSOSessionID(httpReq, httpResp);
+				
+		return true;
+		
+	}
+	
+	
+	//*********************************** old **************************************
+	
 	/**
 	 * Check if interfederation IDP is requested via HTTP GET parameter or if interfederation cookie exists.
 	 * Set the requested interfederation IDP as attribte of the {protocolRequest}
@@ -209,7 +371,7 @@ public class SSOManager {
 			if (MiscUtil.isNotEmpty(ssoSessionID)) {			
 				AuthenticationSession moaSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID);
 				if (moaSession != null) {
-					AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSession.getSessionID());
+					AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSession.getSSOSessionID());
 						return extSessionInformation.getUniqueSessionId();
 			
 				}
@@ -336,4 +498,28 @@ public class SSOManager {
 		setCookie(httpReq, httpResp, cookieName, "", 0);
 	}
 
+
+
+	@Override
+	public void createNewSSOSession(IRequest arg0, String arg1, SLOInformationInterface arg2) throws EAAFSSOException {
+		// TODO Auto-generated method stub
+		
+	}
+
+
+
+	@Override
+	public String createNewSSOSessionCookie(HttpServletRequest arg0, HttpServletResponse arg1, IRequest arg2)
+			throws EAAFSSOException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+
+	@Override
+	public void updateSSOSession(IRequest arg0, String arg1, SLOInformationInterface arg2) throws EAAFSSOException {
+		// TODO Auto-generated method stub
+		
+	}
+
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
index d3b2a5c38..1168773dc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
@@ -32,6 +32,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -45,11 +46,15 @@ public class EIDAuthBlock implements IPVPAttributeBuilder {
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		
 		try {
-			String authblock = authData.getAuthBlock();
-			if (MiscUtil.isNotEmpty(authblock)) {
-				return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME,
-						Base64Utils.encodeToString(authblock.getBytes("UTF-8")));
-			}
+			if (authData instanceof IMOAAuthData) {
+				String authblock = ((IMOAAuthData)authData).getAuthBlock();
+				if (MiscUtil.isNotEmpty(authblock)) {
+					return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME,
+							Base64Utils.encodeToString(authblock.getBytes("UTF-8")));
+				}
+				
+			} else
+				Logger.info(EID_AUTH_BLOCK_FRIENDLY_NAME + " is only available in MOA-ID context");
 			
 		}
 		catch (IOException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java
index f87a9b673..5e14e598f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java
@@ -28,6 +28,8 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class EIDCcsURL implements IPVPAttributeBuilder {
@@ -38,12 +40,16 @@ public class EIDCcsURL implements IPVPAttributeBuilder {
 
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+		if (authData instanceof IMOAAuthData) {
+			String bkuurl = ((IMOAAuthData)authData).getBkuURL();
+			if (MiscUtil.isNotEmpty(bkuurl))
+				return g.buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl);
+			
+				
+		} else
+			Logger.info(EID_CCS_URL_FRIENDLY_NAME + " is only available in MOA-ID context");
 		
-		String bkuurl = authData.getBkuURL();
-		if (MiscUtil.isNotEmpty(bkuurl))
-			return g.buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl);
-		else
-			throw new UnavailableAttributeException(EID_CCS_URL_NAME);
+		throw new UnavailableAttributeException(EID_CCS_URL_NAME);
 	}
 
 	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
index 715bc376e..76b1a1cda 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
@@ -27,7 +27,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.logging.Logger;
 
 
 @Deprecated
@@ -39,15 +42,21 @@ public class EIDCitizenQAALevelAttributeBuilder implements IPVPAttributeBuilder
 
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+		if (authData instanceof IMOAAuthData) {
+			String qaaLevel = null;
+			if (((IMOAAuthData)authData).getQAALevel().startsWith(PVPConstants.STORK_QAA_PREFIX))
+				qaaLevel = ((IMOAAuthData)authData).getQAALevel().substring(PVPConstants.STORK_QAA_PREFIX.length());
+			else
+				qaaLevel = ((IMOAAuthData)authData).getQAALevel();
+
+			return g.buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, 
+					EID_CITIZEN_QAA_LEVEL_NAME, Integer.valueOf(qaaLevel));
+			
+		} else
+			Logger.info(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + " is only available in MOA-ID context");
 		
-		String qaaLevel = null;
-		if (authData.getQAALevel().startsWith(PVPConstants.STORK_QAA_PREFIX))
-			qaaLevel = authData.getQAALevel().substring(PVPConstants.STORK_QAA_PREFIX.length());
-		else
-			qaaLevel = authData.getQAALevel();
+		throw new UnavailableAttributeException(EID_CITIZEN_QAA_LEVEL_NAME);
 		
-		return g.buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, 
-				EID_CITIZEN_QAA_LEVEL_NAME, Integer.valueOf(qaaLevel));
 	}
 	
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index cc916ef73..d11d57ab8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -69,6 +69,7 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.opemsaml.MOAStringRedirectDeflateEncoder;
@@ -85,7 +86,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java
deleted file mode 100644
index 335cf55ce..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java
+++ /dev/null
@@ -1,144 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.util;
-
-import java.util.Locale;
-
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IStatusMessager;
-import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
-import at.gv.egovernment.moa.id.auth.exception.BKUException;
-import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.util.Messages;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * A singleton wrapper around a <code>Message</code> object, providing the messages used in MOA-ID.
- * 
- * @author Paul Ivancsics
- * @version $Id$
- */
-@Service("MOAIDMessageProvider")
-public class MOAIDMessageProvider implements IStatusMessager {
-  
-  //internal messanges
-  private static final String[] DEFAULT_MESSAGE_RESOURCES = { "resources/properties/id_messages" };  
-  private static final Locale[] DEFAULT_MESSAGE_LOCALES = new Locale[] { new Locale("de", "AT") };
-  private Messages messages;
-  
-  //external error codes
-  private static final String[] DEFAULT_EXTERNALERROR_RESOURCES = { "resources/properties/protocol_response_statuscodes" };  
-  private static final Locale[] DEFAULT_EXTERNALERROR_LOCALES = new Locale[] { new Locale("de", "AT") };
-  private Messages externalError = null;
-  
-  
-  public MOAIDMessageProvider() {
-	  this.messages = new Messages(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES);
-	  this.externalError = new Messages(DEFAULT_EXTERNALERROR_RESOURCES, DEFAULT_EXTERNALERROR_LOCALES);
-	  
-  }	
-  
-  /**
-   * Get the message corresponding to a given message ID.
-   *
-   * @param messageId The ID of the message.
-   * @param parameters The parameters to fill in into the message arguments.
-   * @return The formatted message. 
-   */
-  @Override
-  public String getMessage(String messageId, Object[] parameters) {
-    return messages.getMessage(messageId, parameters);
-  }
-
-
-@Override
-public String getResponseErrorCode(Throwable throwable) {
-	String errorCode = null;
-	
-	if (throwable instanceof BKUException) {
-		BKUException error = (BKUException) throwable;			
-		errorCode = mapInternalErrorToExternalError(error.getMessageId()) + 
-				error.getBkuErrorCode();			
-		
-	} else if (throwable instanceof MISSimpleClientException) {
-		MISSimpleClientException error = (MISSimpleClientException) throwable;
-		
-		if (MiscUtil.isNotEmpty(error.getMISErrorCode()))
-			errorCode = mapInternalErrorToExternalError(error.getMessageId()) + 
-					error.getMISErrorCode();							
-		else
-			errorCode = mapInternalErrorToExternalError(error.getMessageId());
-					
-	} else if (throwable instanceof MOAIDException) {
-		MOAIDException error = (MOAIDException) throwable;
-		errorCode = mapInternalErrorToExternalError(error.getMessageId());
-	
-	} else if (throwable instanceof ProcessExecutionException) {
-		errorCode = IStatusMessager.CODES_EXTERNAL_ERROR_PROCESSENGINE;
-		
-	} else {
-		errorCode = IStatusMessager.CODES_EXTERNAL_ERROR_GENERIC;
-					
-	}
-			
-	return errorCode;
-}
-
-
-@Override
-public String mapInternalErrorToExternalError(String intErrorCode) {
-	String extErrorCode = messages.getMessage(intErrorCode, null);
-	
-	if (MiscUtil.isEmpty(extErrorCode))
-		extErrorCode = IStatusMessager.CODES_EXTERNAL_ERROR_GENERIC;
-			
-	return extErrorCode;
-}
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
index 5b3379ae7..3f6227402 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
@@ -176,15 +176,15 @@ public class MOAIDAuthConstants extends MOAIDConstants{
   public static final int TIME_JITTER = 5;  //all 5 minutes time jitter 
 
   //General MOASession data-store keys
-  public static final String MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE = "holderofkey_cert";
+  //public static final String MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE = "holderofkey_cert";
 
   //Process context keys
   public static final String PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH = "interfederationAuthentication";
   public static final String PROCESSCONTEXT_REQUIRELOCALAUTHENTICATION = "requireLocalAuthentication";
   public static final String PROCESSCONTEXT_PERFORM_BKUSELECTION = "performBKUSelection";
   public static final String PROCESSCONTEXT_ISLEGACYREQUEST = "isLegacyRequest";
-  public static final String PROCESSCONTEXT_UNIQUE_OA_IDENTFIER = "uniqueSPId";
-  public static final String PROCESSCONTEXT_SSL_CLIENT_CERTIFICATE = MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE;
+  //public static final String PROCESSCONTEXT_UNIQUE_OA_IDENTFIER = "uniqueSPId";
+  //public static final String PROCESSCONTEXT_SSL_CLIENT_CERTIFICATE = MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE;
   
   //General protocol-request data-store keys
   public static final String AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE = "authProces_SecurityLayerTemplate";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java
index e816349c8..439138645 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java
@@ -26,7 +26,7 @@ package at.gv.egovernment.moa.id.commons.api.data;
  * @author tlenz
  *
  */
-public interface AuthProzessDataConstants extends EAAFConstants {
+public interface AuthProzessDataConstants {
 	
 	public static final String GENERIC_PREFIX 					= "generic_";
 	
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java
index 8bffceaed..8cb2b31bc 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java
@@ -57,7 +57,7 @@ public interface IAuthenticationSession {
 	 * 
 	 * @return String
 	 */
-	String getSessionID();
+	String getSSOSessionID();
 
 	/**
 	 * Sets the identityLink.
@@ -73,7 +73,7 @@ public interface IAuthenticationSession {
 	 * @param sessionId
 	 *            The sessionID to set
 	 */
-	void setSessionID(String sessionId);
+	void setSSOSessionID(String sessionId);
 
 	/**
 	 * Returns the BKU URL.
@@ -292,5 +292,12 @@ public interface IAuthenticationSession {
 	 * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
 	 */
 	void setGenericDataToSession(String key, Object object) throws SessionDataStorageException;
-
+	
+	/**
+	 * Generates a Key / Value representation from Authenticated session
+	 * 
+	 * @return A read-only version of all session information
+	 */
+	public Map<String, Object> getKeyValueRepresentationFromAuthSession();
+	
 }
\ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/BKUException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/BKUException.java
new file mode 100644
index 000000000..73617fb35
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/BKUException.java
@@ -0,0 +1,57 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+package at.gv.egovernment.moa.id.commons.api.exceptions;
+
+public class BKUException extends MOAIDException {
+
+	private static final long serialVersionUID = -4646544256490397419L;
+
+	private String bkuErrorCode;
+	private String bkuErrorMessage;
+	
+	public BKUException(String messageId, Object[] parameters,
+			String bkuErrorCode, String bkuErrorMessage) {
+		super(messageId, parameters);
+		
+		this.bkuErrorCode = bkuErrorCode;
+		this.bkuErrorMessage = bkuErrorMessage;
+	}
+
+
+	/**
+	 * @return the bkuErrorCode
+	 */
+	public String getBkuErrorCode() {
+		return bkuErrorCode;
+	}
+
+
+	/**
+	 * @return the bkuErrorMessage
+	 */
+	public String getBkuErrorMessage() {
+		return bkuErrorMessage;
+	}
+
+	
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MISSimpleClientException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MISSimpleClientException.java
new file mode 100644
index 000000000..b8c78ab5c
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MISSimpleClientException.java
@@ -0,0 +1,90 @@
+package at.gv.egovernment.moa.id.commons.api.exceptions;
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+public class MISSimpleClientException extends MOAIDException {
+
+	private static final long serialVersionUID = 1L;
+
+	private String misErrorCode;
+	private String misErrorMessage;
+	
+	public MISSimpleClientException() {
+		super("UNDEFINED ERROR", null);
+	}
+
+	public MISSimpleClientException(String message) {
+		super(message, null);
+	}
+	
+	public MISSimpleClientException(String message, String code, String text) {
+		super(message, new Object[] { code , text });
+		this.misErrorMessage = text;
+		this.misErrorCode = code;
+	}
+
+	public MISSimpleClientException(String message, Throwable cause) {
+		super(message, null, cause);
+	}
+
+	public MISSimpleClientException(String message, Object[] params, Throwable cause) {
+		super(message, params, cause);
+	}
+	
+	/**
+	 * @return the bkuErrorCode
+	 */
+	public String getMISErrorCode() {
+		return misErrorCode;
+	}
+
+
+	/**
+	 * @return the bkuErrorMessage
+	 */
+	public String getMISErrorMessage() {
+		return misErrorMessage;
+	}
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java
index 75f466f0a..388e6d229 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java
@@ -50,7 +50,7 @@ import java.io.PrintStream;
 import java.io.PrintWriter;
 
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 
 /**
  * Base class of technical MOA exceptions.
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java
new file mode 100644
index 000000000..bc1e2dcdb
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java
@@ -0,0 +1,147 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.commons.utils;
+
+import java.util.Locale;
+
+import at.gv.egiz.eaaf.core.api.IStatusMessager;
+import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MISSimpleClientException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.util.Messages;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+
+//@Service("MOAIDMessageProvider")
+public class MOAIDMessageProvider implements IStatusMessager {
+  
+  //internal messanges
+  private static final String[] DEFAULT_MESSAGE_RESOURCES = { "resources/properties/id_messages" };  
+  private static final Locale[] DEFAULT_MESSAGE_LOCALES = new Locale[] { new Locale("de", "AT") };
+  private Messages messages;
+  
+  //external error codes
+  private static final String[] DEFAULT_EXTERNALERROR_RESOURCES = { "resources/properties/protocol_response_statuscodes" };  
+  private static final Locale[] DEFAULT_EXTERNALERROR_LOCALES = new Locale[] { new Locale("de", "AT") };
+  private Messages externalError = null;
+  
+  
+  private static MOAIDMessageProvider instance = null;
+  
+  public static MOAIDMessageProvider getInstance() {
+	  if (instance == null)
+		instance = new MOAIDMessageProvider();
+	  
+	  return instance;
+	  
+	}
+  
+  private MOAIDMessageProvider() {
+	  this.messages = new Messages(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES);
+	  this.externalError = new Messages(DEFAULT_EXTERNALERROR_RESOURCES, DEFAULT_EXTERNALERROR_LOCALES);
+	  
+  }	
+  
+  /**
+   * Get the message corresponding to a given message ID.
+   *
+   * @param messageId The ID of the message.
+   * @param parameters The parameters to fill in into the message arguments.
+   * @return The formatted message. 
+   */
+  @Override
+  public String getMessage(String messageId, Object[] parameters) {
+    return messages.getMessage(messageId, parameters);
+  }
+
+
+@Override
+public String getResponseErrorCode(Throwable throwable) {
+	String errorCode = null;
+	
+	if (throwable instanceof BKUException) {
+		BKUException error = (BKUException) throwable;			
+		errorCode = mapInternalErrorToExternalError(error.getMessageId()) + 
+				error.getBkuErrorCode();			
+		
+	} else if (throwable instanceof MISSimpleClientException) {
+		MISSimpleClientException error = (MISSimpleClientException) throwable;
+		
+		if (MiscUtil.isNotEmpty(error.getMISErrorCode()))
+			errorCode = mapInternalErrorToExternalError(error.getMessageId()) + 
+					error.getMISErrorCode();							
+		else
+			errorCode = mapInternalErrorToExternalError(error.getMessageId());
+					
+	} else if (throwable instanceof MOAIDException) {
+		MOAIDException error = (MOAIDException) throwable;
+		errorCode = mapInternalErrorToExternalError(error.getMessageId());
+	
+	} else if (throwable instanceof ProcessExecutionException) {
+		errorCode = IStatusMessager.CODES_EXTERNAL_ERROR_PROCESSENGINE;
+		
+	} else {
+		errorCode = IStatusMessager.CODES_EXTERNAL_ERROR_GENERIC;
+					
+	}
+			
+	return errorCode;
+}
+
+
+@Override
+public String mapInternalErrorToExternalError(String intErrorCode) {
+	String extErrorCode = messages.getMessage(intErrorCode, null);
+	
+	if (MiscUtil.isEmpty(extErrorCode))
+		extErrorCode = IStatusMessager.CODES_EXTERNAL_ERROR_GENERIC;
+			
+	return extErrorCode;
+}
+
+}
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java
index aed2efff2..749879c35 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java
@@ -26,12 +26,10 @@ package test.at.gv.egovernment.moa.util;
 import java.text.DateFormat;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
-import java.util.Calendar;
 import java.util.Date;
-import java.util.GregorianCalendar;
 import java.util.TimeZone;
 
-import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
 import junit.framework.TestCase;
 
 /**
diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
index f806654a8..d8146786a 100644
--- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
+++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
@@ -24,7 +24,7 @@ import org.springframework.web.servlet.DispatcherServlet;
 
 import at.gv.egiz.components.spring.api.SpringLoader;
 import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 97f56c6f4..d76e72aa4 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -42,7 +42,6 @@ import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.BKUException;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.exception.ServiceException;
@@ -64,6 +63,7 @@ import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.Pair;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
index 703d72f00..805b1b8f1 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
@@ -39,8 +39,8 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
 import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MISSimpleClientException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
index eca231094..fb3cf3713 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
@@ -61,8 +61,8 @@ import org.w3c.dom.traversal.NodeIterator;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.BKUException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.XPathUtils;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
index 154092b03..dba26f1db 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
@@ -64,9 +64,9 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.BKUException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java
index 139be49fe..582af517c 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java
@@ -31,6 +31,8 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
+
 /**
  * @author tlenz
  *
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index a8d0f2236..f9a432a9f 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -61,8 +61,8 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import iaik.asn1.structures.Name;
 import iaik.security.ec.common.ECPublicKey;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
index 26d50905e..a1e16a7f0 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
@@ -70,8 +70,8 @@ import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 import org.xml.sax.SAXException;
 
-import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MISSimpleClientException;
 import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASSignalServlet.java
index 3198d04a3..9a98c1ae1 100644
--- a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASSignalServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASSignalServlet.java
@@ -32,7 +32,7 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
-import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
index 16d909331..49d98ed33 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java
@@ -32,7 +32,7 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
-import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java
index 585e72c2f..503884edd 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java
@@ -32,8 +32,8 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
-import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
index 87d306822..ab7eb0830 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
@@ -31,7 +31,7 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
-import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
index 694f26b65..bf215373d 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
@@ -33,8 +33,8 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
 import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
-import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.logging.Logger;
 
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java
index 431ed5ef1..5edd36248 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java
@@ -32,8 +32,8 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
-import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
index 2a7cce89e..c53d1c98d 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
@@ -49,9 +49,9 @@ package at.gv.egovernment.moa.id.protocols.saml1;
 import java.text.ParseException;
 import java.util.List;
 
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DateTimeUtils;
 
@@ -62,7 +62,7 @@ import at.gv.egovernment.moa.util.DateTimeUtils;
  * @version $Id$
  */
 
-public class SAML1AuthenticationData extends AuthenticationData {
+public class SAML1AuthenticationData extends MOAAuthenticationData {
   /**
 	 * 
 	 */
@@ -137,7 +137,7 @@ public void setAssertionID(String assertionID) {
 
 public void setIssueInstant(String date) {
 	try {
-		setIssueInstant(DateTimeUtils.parseDateTime(date));
+		setAuthenticationIssueInstant(DateTimeUtils.parseDateTime(date));
 		
 	} catch (ParseException e) {
 		Logger.error("Parse IssueInstant element FAILED.", e);
-- 
cgit v1.2.3


From 3b26a365d832d4b0664777d2c348606247022564 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 14 Jun 2018 13:55:39 +0200
Subject: some more stuff

---
 .../configuration/struts/action/BasicOAAction.java |   2 +-
 .../moa/id/advancedlogging/MOAReversionLogger.java |  11 +-
 .../moa/id/advancedlogging/StatisticLogger.java    |   8 +-
 .../id/auth/builder/AuthenticationDataBuilder.java | 143 +++--------
 .../builder/DynamicOAAuthParameterBuilder.java     |  13 +-
 .../StartAuthentificationParameterParser.java      |   2 +-
 .../id/auth/servlet/IDPSingleLogOutServlet.java    |  33 ++-
 .../moa/id/auth/servlet/LogOutServlet.java         |   2 +-
 .../UniqueSessionIdentifierInterceptor.java        |   6 +-
 .../id/config/auth/OAAuthParameterDecorator.java   |  24 +-
 .../PropertyBasedAuthConfigurationProvider.java    |   2 +-
 .../config/auth/data/DynamicOAAuthParameters.java  |  10 +-
 .../moa/id/data/MOAAuthenticationData.java         |   4 +-
 .../moa/id/data/SLOInformationContainer.java       |  45 ++--
 .../moa/id/data/SLOInformationImpl.java            |   2 +
 .../moa/id/data/SLOInformationInterface.java       |  70 -----
 .../moa/id/moduls/AuthenticationManager.java       | 282 ++------------------
 .../gv/egovernment/moa/id/moduls/SSOManager.java   |  55 ++--
 .../builder/attributes/BPKAttributeBuilder.java    |  71 -----
 .../attributes/EIDSectorForIDAttributeBuilder.java |  55 ----
 .../builder/attributes/EIDSignerCertificate.java   |  12 +-
 .../attributes/EncryptedBPKAttributeBuilder.java   |  22 +-
 .../protocols/builder/attributes/HolderOfKey.java  |   4 +-
 .../MandateFullMandateAttributeBuilder.java        |  38 +--
 ...MandateLegalPersonFullNameAttributeBuilder.java |  56 ++--
 ...andateLegalPersonSourcePinAttributeBuilder.java |  14 +-
 ...teLegalPersonSourcePinTypeAttributeBuilder.java |  60 +++--
 .../MandateNaturalPersonBPKAttributeBuilder.java   |  78 +++---
 ...dateNaturalPersonBirthDateAttributeBuilder.java |  58 +++--
 ...ateNaturalPersonFamilyNameAttributeBuilder.java |  64 ++---
 ...dateNaturalPersonGivenNameAttributeBuilder.java |  59 +++--
 ...dateNaturalPersonSourcePinAttributeBuilder.java |  62 +++--
 ...NaturalPersonSourcePinTypeAttributeBuilder.java |  56 ++--
 .../MandateProfRepDescAttributeBuilder.java        |  63 +++--
 .../MandateProfRepOIDAttributeBuilder.java         |  37 +--
 .../MandateReferenceValueAttributeBuilder.java     |  15 +-
 .../attributes/MandateTypeAttributeBuilder.java    |  41 +--
 .../attributes/MandateTypeOIDAttributeBuilder.java |  26 +-
 .../id/protocols/pvp2x/AttributQueryAction.java    | 144 +++++++++--
 .../id/protocols/pvp2x/AuthenticationAction.java   |  10 +-
 .../moa/id/protocols/pvp2x/MetadataAction.java     |   8 +-
 .../moa/id/protocols/pvp2x/PVP2XProtocol.java      | 153 +++++------
 .../id/protocols/pvp2x/PVPAssertionStorage.java    |  10 +-
 .../id/protocols/pvp2x/PVPTargetConfiguration.java | 138 +++++-----
 .../moa/id/protocols/pvp2x/SingleLogOutAction.java |  56 ++--
 .../pvp2x/builder/AttributQueryBuilder.java        |   3 +-
 .../pvp2x/builder/PVPAttributeBuilder.java         |  18 +-
 .../pvp2x/builder/PVPAuthnRequestBuilder.java      |   4 +-
 .../pvp2x/builder/SingleLogOutBuilder.java         | 216 +++++++++++++++-
 .../builder/assertion/PVP2AssertionBuilder.java    |  65 ++---
 .../builder/attributes/SamlAttributeGenerator.java |   2 +-
 .../protocols/pvp2x/config/PVPConfiguration.java   |  10 +-
 .../NameIDFormatNotSupportedException.java         |   2 +-
 .../pvp2x/metadata/MOAMetadataProvider.java        |  35 +--
 .../pvp2x/metadata/SimpleMOAMetadataProvider.java  |  37 ++-
 .../pvp2x/signer/AbstractCredentialProvider.java   |   4 +-
 .../pvp2x/signer/IDPCredentialProvider.java        |   9 +-
 .../pvp2x/verification/EntityVerifier.java         |   9 +-
 .../pvp2x/verification/SAMLVerificationEngine.java |  18 +-
 .../storage/DBAuthenticationSessionStoreage.java   |  84 +++---
 .../moa/id/storage/DBTransactionStorage.java       |  19 +-
 .../id/storage/IAuthenticationSessionStoreage.java |  28 +-
 .../moa/id/storage/RedisTransactionStorage.java    |   6 +-
 .../gv/egovernment/moa/id/util/LoALevelMapper.java | 174 +++++++++++++
 .../egovernment/moa/id/util/PVPtoSTORKMapper.java  | 174 -------------
 .../egovernment/moa/id/util/QAALevelVerifier.java  |  22 +-
 ....protocols.builder.attributes.IAttributeBuilder |   2 -
 .../moa/id/module/test/TestRequestImpl.java        | 285 ---------------------
 .../spring/test/DummyTransactionStorage.java       | 147 -----------
 .../spring/test/ExpressionContextAdapter.java      |  52 ----
 .../moa/id/process/spring/test/SimplePojo.java     |  41 ---
 .../SpringExpressionAwareProcessEngineTest.java    | 154 -----------
 .../spring/test/SpringExpressionEvaluatorTest.java |  54 ----
 .../spring/test/task/CreateSAML1AssertionTask.java |  63 -----
 .../spring/test/task/GetIdentityLinkTask.java      |  59 -----
 .../id/process/spring/test/task/SelectBKUTask.java |  37 ---
 .../spring/test/task/SignAuthBlockTask.java        |  61 -----
 .../spring/test/task/ValidateIdentityLinkTask.java |  46 ----
 .../test/task/ValidateSignedAuthBlockTask.java     |  51 ----
 .../test/BooleanStringExpressionEvaluator.java     |  24 --
 .../moa/id/process/test/HalloWeltTask.java         |  24 --
 .../moa/id/process/test/HelloWorldTask.java        |  24 --
 .../process/test/ProcessDefinitionParserTest.java  | 137 ----------
 .../moa/id/process/test/ProcessEngineTest.java     | 146 -----------
 .../id/storage/test/DBTransactionStorageTest.java  |   6 +-
 .../moa/id/commons/api/IOAAuthParameters.java      |  19 +-
 ...roviderSpecificGUIFormBuilderConfiguration.java |  14 +-
 .../DefaultGUIFormBuilderConfiguration.java        |   2 +-
 ...PSpecificGUIBuilderConfigurationWithDBLoad.java |   7 +-
 ...cGUIBuilderConfigurationWithFileSystemLoad.java |   4 +-
 .../moa/id/auth/frontend/utils/FormBuildUtils.java |   4 +-
 .../moa/id/auth/MOAIDAuthSpringInitializer.java    |   2 +-
 .../bkamobileauthtests/BKAMobileAuthModule.java    |  14 +-
 .../tasks/FirstBKAMobileAuthTask.java              |  25 +-
 .../tasks/SecondBKAMobileAuthTask.java             |  24 +-
 .../attributes/OAuth20AttributeBuilder.java        |  29 ++-
 .../attributes/OpenIdAudiencesAttribute.java       |  17 +-
 .../OpenIdAuthenticationTimeAttribute.java         |  17 +-
 .../attributes/OpenIdExpirationTimeAttribute.java  |  15 +-
 .../attributes/OpenIdIssueInstantAttribute.java    |  15 +-
 .../oauth20/attributes/OpenIdIssuerAttribute.java  |  17 +-
 .../oauth20/attributes/OpenIdNonceAttribute.java   |  20 +-
 .../OpenIdSubjectIdentifierAttribute.java          |  15 +-
 .../attributes/ProfileDateOfBirthAttribute.java    |  15 +-
 .../attributes/ProfileFamilyNameAttribute.java     |  15 +-
 .../attributes/ProfileGivenNameAttribute.java      |  15 +-
 .../oauth20/protocol/OAuth20AuthRequest.java       |  86 +++----
 .../oauth20/protocol/OAuth20BaseRequest.java       |  15 +-
 .../oauth20/protocol/OAuth20Protocol.java          |   2 +-
 .../tasks/CreateAuthnRequestTask.java              |   4 +-
 110 files changed, 1725 insertions(+), 3163 deletions(-)
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/ExpressionContextAdapter.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SimplePojo.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/BooleanStringExpressionEvaluator.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessDefinitionParserTest.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
index 32368bab9..7d411b161 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
@@ -538,7 +538,7 @@ public class BasicOAAction extends BasicAction {
 			
 		} catch (ConfigurationStorageException | at.gv.egiz.components.configuration.api.ConfigurationException e) {
 			log.warn("MOAID Configuration can not be stored in Database", e);
-			throw new MOADatabaseException(e);
+			throw new MOADatabaseException(e.getMessage(), e);
 			
 		}
     	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index 0090bf3d3..322686c21 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -123,7 +123,6 @@ public class MOAReversionLogger implements IRevisionLogger {
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egiz.eaaf.core.api.IRequest, int)
 	 */
-	@Override
 	public void logEvent(ISPConfiguration oaConfig, IRequest pendingRequest, 
 			int eventCode) {		
 			if (selectOASpecificEventCodes(oaConfig).contains(eventCode))
@@ -136,7 +135,6 @@ public class MOAReversionLogger implements IRevisionLogger {
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egiz.eaaf.core.api.IRequest, int, java.lang.String)
 	 */
-	@Override
 	public void logEvent(IOAAuthParameters oaConfig, IRequest pendingRequest, 
 			int eventCode, String message) {		
 		if (selectOASpecificEventCodes(oaConfig).contains(eventCode))
@@ -251,11 +249,14 @@ public class MOAReversionLogger implements IRevisionLogger {
 		
 	}
 	
-	private List<Integer> selectOASpecificEventCodes(IOAAuthParameters oaConfig) {
+	private List<Integer> selectOASpecificEventCodes(ISPConfiguration oaConfig) {
 		List<Integer> OASpecificEventCodes = null;
-		if (oaConfig != null && oaConfig.getReversionsLoggingEventCodes() != null)
-			OASpecificEventCodes = oaConfig.getReversionsLoggingEventCodes();
+		if (oaConfig != null && oaConfig instanceof IOAAuthParameters) {
+			if (((IOAAuthParameters)oaConfig).getReversionsLoggingEventCodes() != null)
+				OASpecificEventCodes = ((IOAAuthParameters)oaConfig).getReversionsLoggingEventCodes();
 			
+		}
+		
 		else
 			OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes();
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
index e12b1372e..ea796d974 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
@@ -46,6 +46,7 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBod
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.ServiceException;
 import at.gv.egovernment.moa.id.client.SZRGWClientException;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
@@ -286,10 +287,10 @@ public class StatisticLogger implements IStatisticLogger{
 				}
 				
 				IAuthenticationSession moasession = null;
-				if (MiscUtil.isNotEmpty(errorRequest.getInternalSSOSessionIdentifier())) {
+				if (MiscUtil.isNotEmpty(errorRequest.getSSOSessionIdentifier())) {
 					Logger.debug("Use MOA session information from SSO session for ErrorLogging");
 					try {
-						moasession = authenticatedSessionStorage.getInternalSSOSession(errorRequest.getInternalSSOSessionIdentifier());
+						moasession = authenticatedSessionStorage.getInternalSSOSession(errorRequest.getSSOSessionIdentifier());
 						
 					} catch (MOADatabaseException e) {
 						Logger.error("Error during database communication", e);
@@ -298,7 +299,8 @@ public class StatisticLogger implements IStatisticLogger{
 										
 				} else {
 					Logger.debug("Use MOA session information from pending-req for ErrorLogging");
-					moasession = errorRequest.getMOASession();
+					moasession = new AuthenticationSessionWrapper(errorRequest.genericFullDataStorage()); 
+
 					
 				}
 				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index efe28c900..738f733a8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -36,11 +36,6 @@ import java.util.List;
 import javax.naming.ldap.LdapName;
 import javax.naming.ldap.Rdn;
 
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeQuery;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.ws.soap.common.SOAPException;
-import org.opensaml.xml.XMLObject;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.DOMException;
@@ -49,10 +44,12 @@ import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
 import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -71,7 +68,6 @@ import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
@@ -80,17 +76,9 @@ import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
-import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
+import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
@@ -112,9 +100,6 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
 	@Autowired protected AuthConfiguration authConfig;
-	@Autowired private AttributQueryBuilder attributQueryBuilder;
-	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
-	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
 	
 	@Override
 	public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
@@ -193,82 +178,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 		
 		return authdata;								
 	}
-	
-	/**
-	 * Get PVP authentication attributes by using a SAML2 AttributeQuery
-	 * 
-	 * @param reqQueryAttr List of PVP attributes which are requested
-	 * @param userNameID SAML2 UserNameID of the user for which attributes are requested
-	 * @param idpConfig Configuration of the IDP, which is requested 
-	 * @return 
-	 * @return PVP attribute DAO, which contains all received information
-	 * @throws MOAIDException
-	 */
-	public AssertionAttributeExtractor getAuthDataFromAttributeQuery(List<Attribute> reqQueryAttr,
-			String userNameID, IOAAuthParameters idpConfig, String spEntityID) throws MOAIDException{
-		String idpEnityID = idpConfig.getPublicURLPrefix();
-		
-		try {		
-			Logger.debug("Starting AttributeQuery process ...");
-			//collect attributes by using BackChannel communication
-			String endpoint = idpConfig.getIDPAttributQueryServiceURL();			
-			if (MiscUtil.isEmpty(endpoint)) {
-				Logger.error("No AttributeQueryURL for interfederationIDP " + idpEnityID);
-				throw new ConfigurationException("config.26", new Object[]{idpEnityID});
-				
-			}
-				
-			//build attributQuery request
-			AttributeQuery query = attributQueryBuilder.buildAttributQueryRequest(spEntityID, userNameID, endpoint, reqQueryAttr);
-			
-			//build SOAP request				
-			List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
-		
-			if (xmlObjects.size() == 0) {
-				Logger.error("Receive emptry AttributeQuery response-body.");
-				throw new AttributQueryException("auth.27", 
-						new Object[]{idpEnityID, "Receive emptry AttributeQuery response-body."});
-			
-			}
-		
-			Response intfResp;
-			if (xmlObjects.get(0) instanceof Response) {
-				intfResp = (Response) xmlObjects.get(0);
-			
-				//validate PVP 2.1 response
-				try {
-					samlVerificationEngine.verifyIDPResponse(intfResp, 
-							TrustEngineFactory.getSignatureKnownKeysTrustEngine(
-									metadataProvider));
-			
-					//create assertion attribute extractor from AttributeQuery response
-					return new AssertionAttributeExtractor(intfResp);
-		
-				} catch (Exception e) {
-					Logger.warn("PVP 2.1 assertion validation FAILED.", e);
-					throw new AssertionValidationExeption("auth.27", 
-							new Object[]{idpEnityID, e.getMessage()}, e);
-				}
-											
-			} else {
-				Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response");
-				throw new AttributQueryException("auth.27", 
-						new Object[]{idpEnityID, "Receive AttributeQuery response-body include no PVP 2.1 response"});
 			
-			}
-				 										
-		} catch (SOAPException e) {
-			throw new BuildException("builder.06", null, e);
-			
-		} catch (SecurityException e) {
-			throw new BuildException("builder.06", null, e);
-					
-		} catch (org.opensaml.xml.security.SecurityException e1) {
-			throw new BuildException("builder.06", null, e1);
-			
-		}
-	}
-		
 	private void buildAuthDataFormMOASession(MOAAuthenticationData authData, IAuthenticationSession session, 
 			IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException {
 
@@ -372,32 +282,43 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 			//####################################################
 			//set QAA level
 			includedToGenericAuthData.remove(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME);
+			String currentLoA = null;
 			if (MiscUtil.isNotEmpty(session.getQAALevel()))
-				authData.setQAALevel(session.getQAALevel());
-			
+				currentLoA = session.getQAALevel();			
 			else {
-				String qaaLevel = session.getGenericDataFromSession(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, String.class);
-				if (MiscUtil.isNotEmpty(qaaLevel)) {
-					Logger.debug("Find PVP-Attr '" + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + "':" + qaaLevel
+				currentLoA = session.getGenericDataFromSession(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, String.class);
+				if (MiscUtil.isNotEmpty(currentLoA)) {
+					Logger.debug("Find PVP-Attr '" + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA
 							+ " --> Parse QAA-Level from that attribute.");
-						
-					if (qaaLevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
-						authData.setQAALevel(qaaLevel);
-						
-					} else {
-						Logger.debug("Found PVP QAA level. QAA mapping process starts ... ");				
-						String mappedQAA = PVPtoSTORKMapper.getInstance().mapToQAALevel(qaaLevel);
-						if (MiscUtil.isNotEmpty(mappedQAA))
-							authData.setQAALevel(mappedQAA);
-											
-					}
+					
 				}
 			}
+				
+			if (MiscUtil.isNotEmpty(currentLoA)) {					
+				if (currentLoA.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
+					authData.setQAALevel(currentLoA);
+					authData.seteIDASLoA(LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(currentLoA));
+
+				} else if (currentLoA.startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) {
+					authData.setQAALevel(LoALevelMapper.getInstance().mapeIDASQAAToSTORKQAA(currentLoA));
+					authData.seteIDASLoA(currentLoA);
+										
+				} else {
+					Logger.debug("Found PVP QAA level. QAA mapping process starts ... ");				
+					String mappedStorkQAA = LoALevelMapper.getInstance().mapToQAALevel(currentLoA);
+					if (MiscUtil.isNotEmpty(mappedStorkQAA)) {
+						authData.setQAALevel(currentLoA);
+						authData.seteIDASLoA(LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(currentLoA));
+						
+					}										
+				}
+			}		
 			
 			//if no QAA level is set in MOASession then set default QAA level  
 			if (MiscUtil.isEmpty(authData.getQAALevel())) {														
-				Logger.info("No QAA level found. Set to default level " + PVPConstants.STORK_QAA_PREFIX + "1");
+				Logger.info("No QAA level found. Set to default level " + EAAFConstants.EIDAS_QAA_LOW);
 				authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + "1");
+				authData.seteIDASLoA(EAAFConstants.EIDAS_QAA_LOW);
 						
 			}
 	
@@ -810,7 +731,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 				try {
 					authData.setGenericData(elementKey, session.getGenericDataFromSession(elementKey));
 						
-				} catch (SessionDataStorageException e) {
+				} catch (EAAFStorageException e) {
 					Logger.warn("Can not add generic authData with key:" + elementKey, e);
 						
 				}				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
index e9e217137..a1d31f5ae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
@@ -29,7 +29,6 @@ import org.opensaml.saml2.core.Attribute;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.PVPAttributeConstants;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -89,16 +88,8 @@ public class DynamicOAAuthParameterBuilder {
 		
 		DynamicOAAuthParameters dynOAParams = new DynamicOAAuthParameters();
 		dynOAParams.setApplicationID(oaParam.getPublicURLPrefix());
-		try {
-			dynOAParams.setHasBaseIdProcessingRestriction(oaParam.hasBaseIdInternalProcessingRestriction());
-			dynOAParams.setHasBaseIdTransfergRestriction(oaParam.hasBaseIdTransferRestriction());
-			
-		} catch (EAAFConfigurationException e) {
-			Logger.warn("Can not resolve baseID restrications! Set to privacy friendly configuration", e);
-			dynOAParams.setHasBaseIdProcessingRestriction(true);
-			dynOAParams.setHasBaseIdTransfergRestriction(true);
-			
-		}
+		dynOAParams.setHasBaseIdProcessingRestriction(oaParam.hasBaseIdInternalProcessingRestriction());
+		dynOAParams.setHasBaseIdTransfergRestriction(oaParam.hasBaseIdTransferRestriction());
 		
 		Object storkRequst = null;
 		try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index e0d65e103..10c271b6a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -186,7 +186,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 	    			&& MiscUtil.isNotEmpty(templateURLList.get(0)) ) {	    	
 	    		templateURL = FileUtils.makeAbsoluteURL(
 	    				oaParam.getTemplateURL().get(0),
-	    				authConfig.getRootConfigFileDir());
+	    				authConfig.getRootConfigFileDir()); 
 	    		Logger.info("No SL-Template in request, load SL-Template from OA configuration (URL: " + templateURL + ")");
 
 	    	} else if ( (defaulTemplateURLList.size() > 0) && MiscUtil.isNotEmpty(defaulTemplateURLList.get(0))) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index 0e9db3964..f9aa1b83c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -36,12 +36,14 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -50,6 +52,7 @@ import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
@@ -66,7 +69,7 @@ import at.gv.egovernment.moa.util.URLEncoder;
 public class IDPSingleLogOutServlet extends AbstractController {
 	
 	@Autowired SSOManager ssoManager;
-	@Autowired AuthenticationManager authManager;
+	@Autowired IAuthenticationManager authManager;
 	@Autowired IAuthenticationSessionStoreage authenicationStorage;
 	@Autowired SingleLogOutBuilder sloBuilder;
 	
@@ -127,6 +130,9 @@ public class IDPSingleLogOutServlet extends AbstractController {
 			} catch (MOADatabaseException e) {
 				handleErrorNoRedirect(e, req, resp, false);
 				
+			} catch (EAAFException e) {
+				handleErrorNoRedirect(e, req, resp, false);
+				
 			}
 			
 			return;			
@@ -135,10 +141,13 @@ public class IDPSingleLogOutServlet extends AbstractController {
 			try {
 				if (ssoManager.isValidSSOSession(ssoid, null)) {
 				
-					AuthenticationSession authSession = authenicationStorage.getInternalMOASessionWithSSOID(ssoid);
+					String internalSSOId = authenicationStorage.getInternalSSOSessionWithSSOID(ssoid);
 					
-					if(authSession != null) {
-						authManager.performSingleLogOut(req, resp, authSession, authURL);
+					if(MiscUtil.isNotEmpty(internalSSOId)) {
+						ISLOInformationContainer sloInfoContainer = authManager.performSingleLogOut(req, resp, null, internalSSOId);
+						
+						Logger.debug("Starting technical SLO process ... ");
+						sloBuilder.toTechnicalLogout(sloInfoContainer, req, resp, authURL);						
 						return;
 							
 					}
@@ -159,11 +168,12 @@ public class IDPSingleLogOutServlet extends AbstractController {
 							sloContainer.putFailedOA("differntent OAs");
 							
 						String redirectURL = null;
-						if (sloContainer.getSloRequest() != null) {
+						IRequest sloReq = sloContainer.getSloRequest();
+						if (sloReq != null && sloReq instanceof PVPTargetConfiguration) {
 							//send SLO response to SLO request issuer
-							SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(sloContainer.getSloRequest());
-							LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
-							redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, sloContainer.getSloRequest().getRequest().getRelayState());
+							SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPTargetConfiguration)sloContainer.getSloRequest());
+							LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPTargetConfiguration)sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
+							redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, ((PVPTargetConfiguration)sloContainer.getSloRequest()).getRequest().getRelayState());
 															
 						} else {
 							//print SLO information directly
@@ -205,6 +215,9 @@ public class IDPSingleLogOutServlet extends AbstractController {
 					} catch (MOAIDException e) {
 						Logger.warn("Build SLO respone FAILED.", e);
 						
+					} catch (EAAFException e) {
+						Logger.warn("Build SLO respone FAILED.", e);
+						
 					}
 					
 					try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 21d329145..0285dd75b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -98,7 +98,7 @@ public class LogOutServlet {
 				
 			}
 			
-			if (ssomanager.destroySSOSessionOnIDPOnly(req, resp))
+			if (ssomanager.destroySSOSessionOnIDPOnly(req, resp, null))
 				Logger.info("User with SSO is logged out and get redirect to "+ redirectUrl);				
 			else
 				Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
index 752f54139..07b5242e0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
@@ -29,9 +29,9 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;
 
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
-import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -56,10 +56,10 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor {
 		//search for unique session identifier
 		String uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId);											
 		if (MiscUtil.isEmpty(uniqueSessionIdentifier))
-			uniqueSessionIdentifier = Random.nextRandom();
+			uniqueSessionIdentifier = Random.nextHexRandom16();
 		
 		TransactionIDUtils.setSessionId(uniqueSessionIdentifier);		
-		request.setAttribute(MOAIDConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier);
+		request.setAttribute(EAAFConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier);
 		
 		return true; 
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
index f0477c1fb..89e543209 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
@@ -60,7 +60,6 @@ import java.util.Set;
 import org.apache.commons.lang.SerializationUtils;
 
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -104,7 +103,7 @@ public class OAAuthParameterDecorator implements IOAAuthParameters, Serializable
 
       
   @Override
-  public boolean hasBaseIdInternalProcessingRestriction() throws EAAFConfigurationException {
+  public boolean hasBaseIdInternalProcessingRestriction() {
 	  String targetAreaIdentifier = getAreaSpecificTargetIdentifier();
 	  for (String el : spConfiguration.getTargetsWithNoBaseIdInternalProcessingRestriction()) {
 		  if (targetAreaIdentifier.startsWith(el))
@@ -116,7 +115,7 @@ public class OAAuthParameterDecorator implements IOAAuthParameters, Serializable
   }
 
   @Override
-  public boolean hasBaseIdTransferRestriction() throws EAAFConfigurationException {
+  public boolean hasBaseIdTransferRestriction() {
 	  String targetAreaIdentifier = getAreaSpecificTargetIdentifier();
 	  for (String el : spConfiguration.getTargetsWithNoBaseIdTransferRestriction()) {
 		  if (targetAreaIdentifier.startsWith(el))
@@ -688,13 +687,7 @@ public boolean isInterfederationSSOStorageAllowed() {
 }
 
 public boolean isIDPPublicService() throws ConfigurationException {
-	try {
-		return !hasBaseIdTransferRestriction();
-		
-	} catch (EAAFConfigurationException e) {
-		throw new ConfigurationException("internal.00", new Object[] {}, e);
-		
-	}
+	return !hasBaseIdTransferRestriction();
 	
 }
 
@@ -947,11 +940,14 @@ public List<String> getTargetsWithNoBaseIdTransferRestriction() {
 
 
 @Override
-/**
- * THIS METHODE IS NOT SUPPORTED IN THIS IMPLEMENTATION 
- */
 public String getUniqueIdentifier() {
-	return null;
+	return getPublicURLPrefix();
+}
+
+
+@Override
+public String getMinimumLevelOfAssurence() {
+	return getQaaLevel();
 }
 
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index db2499ad5..a0a34336c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -96,7 +96,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 		Map<String, String> oa = getActiveOnlineApplication(spIdentifier);
 		if (oa == null) {			
 			return null;
-		}
+		} 
 
 		return new OAAuthParameterDecorator(new SPConfigurationImpl(oa, this));
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index f401db8bf..11932f52a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -75,7 +75,7 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 	 * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifier()
 	 */
 	@Override
-	public String getAreaSpecificTargetIdentifier() throws ConfigurationException {
+	public String getAreaSpecificTargetIdentifier() {
 		return this.oaTargetAreaIdentifier;
 	}
 
@@ -551,8 +551,12 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 
 	@Override
 	public String getUniqueIdentifier() {
-		// TODO Auto-generated method stub
-		return null;
+		return getPublicURLPrefix();
+	}
+
+	@Override
+	public String getMinimumLevelOfAssurence() {
+		return getQaaLevel();
 	}
 
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
index 0e8a988ce..ba3eba2e6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
@@ -33,7 +33,7 @@ import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
+import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -76,7 +76,7 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 	public String getQAALevel() {
 		if (this.QAALevel != null && 
 				this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) {
-			String mappedQAA = PVPtoSTORKMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel);
+			String mappedQAA = LoALevelMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel);
 			if (MiscUtil.isNotEmpty(mappedQAA))
 				return mappedQAA;
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
index 20588ad0b..b1f123bbc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
@@ -30,7 +30,9 @@ import java.util.List;
 import java.util.Map.Entry;
 import java.util.Set;
 
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 
 /**
  * @author tlenz
@@ -40,9 +42,9 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
  	
 	private static final long serialVersionUID = 7148730740582881862L;
 	
-	private PVPTargetConfiguration sloRequest = null;
-	private LinkedHashMap<String, SLOInformationImpl> activeFrontChannalOAs;
-	private LinkedHashMap<String, SLOInformationImpl> activeBackChannelOAs;
+	private IRequest sloRequest = null;
+	private LinkedHashMap<String, SLOInformationInterface> activeFrontChannalOAs;
+	private LinkedHashMap<String, SLOInformationInterface> activeBackChannelOAs;
 	private List<String> sloFailedOAs = null;
 	private String transactionID = null;
 	private String sessionID = null;
@@ -51,8 +53,8 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
 	 * 
 	 */
 	public SLOInformationContainer() {
-		this.activeBackChannelOAs = new LinkedHashMap<String, SLOInformationImpl>(); 
-		this.activeFrontChannalOAs = new LinkedHashMap<String, SLOInformationImpl>(); 
+		this.activeBackChannelOAs = new LinkedHashMap<String, SLOInformationInterface>(); 
+		this.activeFrontChannalOAs = new LinkedHashMap<String, SLOInformationInterface>(); 
 		this.sloFailedOAs = new ArrayList<String>();
 		
 	}
@@ -61,28 +63,28 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
 	/**
 	 * @return the activeFrontChannalOAs
 	 */
-	public LinkedHashMap<String, SLOInformationImpl> getActiveFrontChannalOAs() {
+	public LinkedHashMap<String, SLOInformationInterface> getActiveFrontChannalOAs() {
 		return activeFrontChannalOAs;
 	}
 
 	/**
 	 * @param activeFrontChannalOAs the activeFrontChannalOAs to set
 	 */
-	public void setActiveFrontChannalOAs(LinkedHashMap<String, SLOInformationImpl> activeFrontChannalOAs) {
+	public void setActiveFrontChannalOAs(LinkedHashMap<String, SLOInformationInterface> activeFrontChannalOAs) {
 		this.activeFrontChannalOAs = activeFrontChannalOAs;
 	}
 
 	/**
 	 * @return the activeBackChannelOAs
 	 */
-	public LinkedHashMap<String, SLOInformationImpl> getActiveBackChannelOAs() {
+	public LinkedHashMap<String, SLOInformationInterface> getActiveBackChannelOAs() {
 		return activeBackChannelOAs;
 	}
 
 	/**
 	 * @param activeBackChannelOAs the activeBackChannelOAs to set
 	 */
-	public void setActiveBackChannelOAs(LinkedHashMap<String, SLOInformationImpl> activeBackChannelOAs) {
+	public void setActiveBackChannelOAs(LinkedHashMap<String, SLOInformationInterface> activeBackChannelOAs) {
 		this.activeBackChannelOAs = activeBackChannelOAs;
 	}
 
@@ -98,7 +100,7 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
 	 * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#getFrontChannelOASessionDescriptions()
 	 */
 	@Override
-	public Set<Entry<String, SLOInformationImpl>> getFrontChannelOASessionDescriptions() {
+	public Set<Entry<String, SLOInformationInterface>> getFrontChannelOASessionDescriptions() {
 		return activeFrontChannalOAs.entrySet();
 	}
 	
@@ -122,7 +124,7 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
 	 * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#getBackChannelOASessionDescripten(java.lang.String)
 	 */
 	@Override
-	public SLOInformationImpl getBackChannelOASessionDescripten(String oaID) {
+	public SLOInformationInterface getBackChannelOASessionDescripten(String oaID) {
 		return activeBackChannelOAs.get(oaID);
 	}
 	
@@ -134,19 +136,12 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
 		activeBackChannelOAs.remove(oaID);
 	}
 	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#getSloRequest()
-	 */
-	@Override
-	public PVPTargetConfiguration getSloRequest() {
-		return sloRequest;
-	}
-	
+
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#setSloRequest(at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration)
 	 */
 	@Override
-	public void setSloRequest(PVPTargetConfiguration sloRequest) {
+	public void setSloRequest(IRequest sloRequest) {
 		this.sloRequest = sloRequest;
 		
 	}
@@ -197,7 +192,11 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
 	public void setSessionID(String sessionID) {
 		this.sessionID = sessionID;
 	}
-	
-	
+
+
+	@Override
+	public IRequest getSloRequest() {
+		return this.sloRequest;
+	}
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
index 1d1e2f36a..5ff923bce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
@@ -26,6 +26,8 @@ import java.io.Serializable;
 
 import org.opensaml.saml2.metadata.SingleLogoutService;
 
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+
 
 /**
  * @author tlenz
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
deleted file mode 100644
index 31fdaacfd..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.data;
-
-/**
- * @author tlenz
- *
- */
-public interface SLOInformationInterface{
-	
-
-	/**
-	 * get AssertionID which was used for Service Provider Single LogOut request 
-	 * 
-	 * @return
-	 * SessionID (SessionIndex in case of SAML2)
-	 */
-	public String getSessionIndex();
-	
-	/**
-	 * get user identifier which was used
-	 * 
-	 * @return
-	 * bPK / wbPK (nameID in case of SAML2)
-	 */
-	public String getUserNameIdentifier();
-	
-	
-	/**
-	 * get protocol type which was used for authentication
-	 * 
-	 * @return
-	 * return authentication protocol type
-	 */
-	public String getProtocolType();
-
-	/**
-	 * @return
-	 */
-	public String getUserNameIDFormat();
-	
-	/**
-	 * Get the unique entityID of this Service-Provider
-	 * 
-	 * @return unique identifier, but never null
-	 */
-	public String getSpEntityID();
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 2e1af43e4..c05a271f6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -22,12 +22,8 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.moduls;
 
-import java.util.ArrayList;
-import java.util.Collection;
 import java.util.Enumeration;
-import java.util.Iterator;
 import java.util.List;
-import java.util.Map.Entry;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -35,46 +31,31 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.opensaml.saml2.core.LogoutRequest;
-import org.opensaml.saml2.core.LogoutResponse;
-import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.metadata.SingleLogoutService;
-import org.opensaml.ws.soap.common.SOAPException;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
-import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
-import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
-import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -92,7 +73,7 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 	public static final String MOA_SESSION = "MoaAuthenticationSession";
 	public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
 
-	public static final int SLOTIMEOUT = 30 * 1000; //30 sec
+	
 	
 
 	@Autowired private ITransactionStorage transactionStorage;
@@ -105,87 +86,33 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 	
 	
 	@Override
-	public void performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq)
-			throws EAAFException {
-		// TODO Auto-generated method stub
-		
-	}
-
-	@Override
-	public void performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq, String arg3)
+	public ISLOInformationContainer performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq, String internalSSOId)
 			throws EAAFException {
-		// TODO Auto-generated method stub
-		
-	}
-	
-	
-	
-	public void performSingleLogOut(HttpServletRequest httpReq,
-	HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException {
-		performSingleLogOut(httpReq, httpResp, session, pvpReq, null);
-		
-	}
-	
-	public void performSingleLogOut(HttpServletRequest httpReq,
-	HttpServletResponse httpResp, IAuthenticationSession session, String authURL) throws MOAIDException {
-		performSingleLogOut(httpReq, httpResp, session, null, authURL);
-		
-	}
-	
-	
-	public void performOnlyIDPLogOut(HttpServletRequest request,
-			HttpServletResponse response, String internalMOASsoSessionID) {
-		Logger.info("Remove active user-session");
-
-		if(internalMOASsoSessionID == null) {
-			internalMOASsoSessionID = StringEscapeUtils.escapeHtml((String) request.getParameter(PARAM_SESSIONID));
-		}
-		
-		if(internalMOASsoSessionID == null) {
-			Logger.info("NO MOA Session to logout");
-			return;
-		}
-		
-		AuthenticationSession authSession;
-		try {
-			authSession = authenticatedSessionStore.getInternalSSOSession(internalMOASsoSessionID);
-
-			if(authSession == null) {
-				Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID);
-				return;
-			}
-						
-			performOnlyIDPLogOut(authSession);
-					
-		} catch (MOADatabaseException e) {
-			Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID);
-			return;
-		}
-
-	}
-		
-	
-	private void performSingleLogOut(HttpServletRequest httpReq,
-	HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException {		
 		String pvpSLOIssuer = null;
-		String inboundRelayState = null;
 		String uniqueSessionIdentifier = "notSet";
 		String uniqueTransactionIdentifier = "notSet";
-		
+		PVPTargetConfiguration pvpReq = null;		
 		Logger.debug("Start technical Single LogOut process ... ");
 		
-		if (pvpReq != null) {
-			MOARequest samlReq = (MOARequest) pvpReq.getRequest();
-			LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
-			pvpSLOIssuer = logOutReq.getIssuer().getValue();
-			inboundRelayState = samlReq.getRelayState();
-			uniqueSessionIdentifier = pvpReq.getUniqueSessionIdentifier();
-			uniqueTransactionIdentifier = pvpReq.getUniqueTransactionIdentifier();
+		
+		if (pendingReq != null) {
+			uniqueSessionIdentifier = pendingReq.getUniqueSessionIdentifier();
+			uniqueTransactionIdentifier = pendingReq.getUniqueTransactionIdentifier();
+			
+			if (pendingReq instanceof PVPTargetConfiguration) {
+				pvpReq = ((PVPTargetConfiguration)pendingReq);
+				MOARequest samlReq = (MOARequest) pvpReq.getRequest();
+				LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
+				pvpSLOIssuer = logOutReq.getIssuer().getValue();
+			}
 			
+			if (MiscUtil.isEmpty(internalSSOId))
+				internalSSOId = pendingReq.getSSOSessionIdentifier();
+						
 		} else {			
 			AuthenticationSessionExtensions sessionExt;
 			try {
-				sessionExt = authenticatedSessionStore.getAuthenticationSessionExtensions(session.getSessionID());
+				sessionExt = authenticatedSessionStore.getAuthenticationSessionExtensions(internalSSOId);
 				if (sessionExt != null)
 					uniqueSessionIdentifier = sessionExt.getUniqueSessionId();
 				
@@ -199,8 +126,8 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 		}
 		
 		//store active OAs to SLOContaine
-		List<OASessionStore> dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(session);
-		List<InterfederationSessionStore> dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(session);
+		List<OASessionStore> dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(internalSSOId);
+		List<InterfederationSessionStore> dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(internalSSOId);
 		SLOInformationContainer sloContainer = new SLOInformationContainer();		
 		sloContainer.setTransactionID(uniqueTransactionIdentifier);
 		sloContainer.setSessionID(uniqueSessionIdentifier);
@@ -213,13 +140,13 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 				 + " BackChannel:" + sloContainer.getActiveBackChannelOAs().size()
 				 + " FrontChannel:" + sloContainer.getActiveFrontChannalOAs().size()
 				 + " NO_SLO_Support:" + sloContainer.getSloFailedOAs().size());
-		
+
+
 		//terminate MOASession
 		try {			
-			authenticatedSessionStore.destroyInternalSSOSession(session.getSessionID());
-			ssoManager.deleteSSOSessionID(httpReq, httpResp);
+			authenticatedSessionStore.destroyInternalSSOSession(internalSSOId);
+			ssoManager.destroySSOSessionOnIDPOnly(httpReq, httpResp, pendingReq);
 			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier);
-
 			Logger.debug("Active SSO Session on IDP is remove.");
 						
 		} catch (MOADatabaseException e) {
@@ -228,165 +155,8 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 			
 		}
 		
-		Logger.trace("Starting Service-Provider logout process ... ");		
-		revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_STARTED);		
-		//start service provider back channel logout process		
-		Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA();	
-		while (nextOAInterator.hasNext()) {
-			SLOInformationImpl sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next());
-			LogoutRequest sloReq = sloBuilder.buildSLORequestMessage(sloDescr);
-
-			try {
-				Logger.trace("Send backchannel SLO Request to " + sloDescr.getSpEntityID());
-				List<XMLObject> soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq);
-				
-				LogoutResponse sloResp = null;						
-				for (XMLObject el : soapResp) {
-					if (el instanceof LogoutResponse)
-						sloResp = (LogoutResponse) el;							
-				}
-				
-				if (sloResp == null) {
-					Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
-							+ " FAILED. NO LogOut response received.");
-					sloContainer.putFailedOA(sloDescr.getSpEntityID());
-					
-				} else {
-					samlVerificationEngine.verifySLOResponse(sloResp, 
-							TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
-					
-				}
-								
-				sloBuilder.checkStatusCode(sloContainer, sloResp);
-										
-			} catch (SOAPException e) {
-				Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
-						+ " FAILED.", e);
-				sloContainer.putFailedOA(sloDescr.getSpEntityID());
-				
-			} catch (SecurityException | InvalidProtocolRequestException e) {
-				Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
-						+ " FAILED.", e);
-				sloContainer.putFailedOA(sloDescr.getSpEntityID());
-				
-			}					
-		}
-						
-		//start service provider front channel logout process
-		try {
-			if (sloContainer.hasFrontChannelOA()) {
-				String relayState = Random.nextRandom();
-				
-				Collection<Entry<String, SLOInformationImpl>> sloDescr = sloContainer.getFrontChannelOASessionDescriptions();
-				List<String> sloReqList = new ArrayList<String>();
-				for (Entry<String, SLOInformationImpl> el : sloDescr) {
-					Logger.trace("Build frontChannel SLO Request for " + el.getValue().getSpEntityID());
-					
-					LogoutRequest sloReq = sloBuilder.buildSLORequestMessage(el.getValue());
-					try {
-						sloReqList.add(sloBuilder.getFrontChannelSLOMessageURL(el.getValue().getServiceURL(), el.getValue().getBinding(), 
-								sloReq, httpReq, httpResp, relayState));
-						
-					} catch (Exception e) {
-						Logger.warn("Failed to build SLO request for OA:" + el.getKey());
-						sloContainer.putFailedOA(el.getKey());
-						
-					}														
-				}
-				
-				//put SLO process-information into transaction storage
-				transactionStorage.put(relayState, sloContainer, -1);
-				
-				if (MiscUtil.isEmpty(authURL))
-					authURL = pvpReq.getAuthURL();
-				
-				String timeOutURL = authURL
-						+ "/idpSingleLogout"
-						+ "?restart=" + relayState;
-				
-				DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
-						authURL, 
-						DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
-						null);
-				
-				config.putCustomParameterWithOutEscaption("redirectURLs", sloReqList);
-				config.putCustomParameterWithOutEscaption("timeoutURL", timeOutURL);
-				config.putCustomParameter("timeout", String.valueOf(SLOTIMEOUT));
-		        
-		        guiBuilder.build(httpResp, config, "Single-LogOut GUI");
-		        
-								
-			} else {
-				if (pvpReq != null) {
-					//send SLO response to SLO request issuer
-					SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
-					LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs());
-					sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState, pvpReq);
-					
-				} else {
-					//print SLO information directly
-					DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
-							authURL, 
-							DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
-							null);
-					
-			        if (sloContainer.getSloFailedOAs() == null || 
-			        		sloContainer.getSloFailedOAs().size() == 0) {
-			        	revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID);
-			        	config.putCustomParameter("successMsg", 
-			        			MOAIDMessageProvider.getInstance().getMessage("slo.00", null));
-			        	
-			        } else {
-			        	revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
-			        	config.putCustomParameterWithOutEscaption("errorMsg", 
-			        			MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
-			        	
-			        }
-			        guiBuilder.build(httpResp, config, "Single-LogOut GUI");
-										
-				}
-									
-			}	
+		return sloContainer;
 		
-		} catch (GUIBuildException e) {
-			Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage());
-			throw  new MOAIDException("builder.09", new Object[]{e.getMessage()}, e);
-			
-		} catch (MOADatabaseException e) {
-			Logger.error("MOA AssertionDatabase ERROR", e);
-			if (pvpReq != null) {
-				SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
-				LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
-				sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState, pvpReq);
-
-				revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
-				
-			}else {
-				//print SLO information directly
-				DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
-						authURL, 
-						DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
-						null);
-				
-				revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
-				config.putCustomParameterWithOutEscaption("errorMsg", 
-	        			MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
-	        	
-	        	try {
-					guiBuilder.build(httpResp, config, "Single-LogOut GUI");
-					
-				} catch (GUIBuildException e1) {
-					Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage());
-					throw  new MOAIDException("builder.09", new Object[]{e.getMessage()}, e);
-					
-				}
-									
-			}
-			
-		} catch (Exception e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}				
 	}
 	
 	@Override
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index bded1943b..d3d7a9456 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -72,11 +72,15 @@ public class SSOManager implements ISSOManager {
 	
 	private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec
 
+	public static final String DATAID_INTERFEDERATIOIDP_URL = "INTERFEDERATIOIDP_URL";
+	
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
 	@Autowired private AuthConfiguration authConfig;
 	@Autowired private IRevisionLogger revisionsLogger;
 	
 	
+	
+	
 	//@Autowired private MOASessionDBUtils moaSessionDBUtils;
 	
 	
@@ -113,7 +117,7 @@ public class SSOManager implements ISSOManager {
 			return isSSOValid;
 						
 			
-		} catch (SessionDataStorageException | ConfigurationException | MOADatabaseException e) {
+		} catch (SessionDataStorageException | ConfigurationException | EAAFStorageException e) {
 			Logger.warn("Cann not process SSO session. Reason: " + e.getMessage(), e);
 			Logger.info("All SSO session will be ignored.");
 			
@@ -151,8 +155,9 @@ public class SSOManager implements ISSOManager {
 	
 	public void populatePendingRequestWithSSOInformation(IRequest pendingReq) throws EAAFSSOException {				
 		//populate pending request with eID data from SSO session if no userConsent is required
-		try {
-			AuthenticationSession ssoMOASession = getInternalMOASession(pendingReq.getSSOSessionIdentifier());
+		try {			
+			String ssoSessionId = authenticatedSessionStore.getInternalSSOSessionWithSSOID(pendingReq.getSSOSessionIdentifier());						
+			AuthenticationSession ssoMOASession = authenticatedSessionStore.getInternalSSOSession(ssoSessionId);
 			
 			if (ssoMOASession == null)
 				Logger.info("No MOASession FOUND with provided SSO-Cookie.");
@@ -192,25 +197,26 @@ public class SSOManager implements ISSOManager {
 			if (isValidSSOSession(ssoid, null)) {
 		
 				//delete SSO session and MOA session
-				AuthenticationSession ssoSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoid);
+				String ssoSessionId = authenticatedSessionStore.getInternalSSOSessionWithSSOID(ssoid);						
+				AuthenticationSession ssoMOASession = authenticatedSessionStore.getInternalSSOSession(ssoSessionId);
 		
-				if (ssoSession == null) {
+				if (ssoMOASession == null) {
 					Logger.info("No internal MOA SSO-Session found. Nothing to destroy");
 					return false;
 				
 				}
 			
 													
-				ssoSession.setAuthenticated(false);
+				ssoMOASession.setAuthenticated(false);
 
 				//log Session_Destroy to reversionslog
 				AuthenticationSessionExtensions sessionExtensions = 
-						authenticatedSessionStore.getAuthenticationSessionExtensions(ssoSession.getSSOSessionID());
+						authenticatedSessionStore.getAuthenticationSessionExtensions(ssoMOASession.getSSOSessionID());
 				revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
-				authenticatedSessionStore.destroyInternalSSOSession(ssoSession.getSSOSessionID());
+				authenticatedSessionStore.destroyInternalSSOSession(ssoMOASession.getSSOSessionID());
 			}
 			
-		} catch (MOADatabaseException | ConfigurationException | SessionDataStorageException e) {
+		} catch (ConfigurationException | SessionDataStorageException | EAAFStorageException e) {
 			Logger.info("NO MOA Authentication data for ID " + ssoid);
 			return false;
 			
@@ -235,14 +241,15 @@ public class SSOManager implements ISSOManager {
 	 * @param httpResp HttpServletResponse
 	 * @param protocolRequest Authentication request which is actually in process
 	 * @throws SessionDataStorageException 
+	 * @throws EAAFStorageException 
 	 * 
 	 **/
 	public void checkInterfederationIsRequested(HttpServletRequest httpReq, HttpServletResponse httpResp,
-			IRequest protocolRequest) throws SessionDataStorageException {
+			IRequest protocolRequest) throws SessionDataStorageException, EAAFStorageException {
 		String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP);
 
 		String interfederationIDP = 
-				protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class);
+				protocolRequest.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class);
 		if (MiscUtil.isNotEmpty(interfederationIDP)) {
 			Logger.debug("Protocolspecific preprocessing already set interfederation IDP " + interfederationIDP);
 			return;
@@ -254,14 +261,14 @@ public class SSOManager implements ISSOManager {
 			RequestImpl moaReq = (RequestImpl) protocolRequest;
 			if (MiscUtil.isNotEmpty(interIDP)) {
 				Logger.info("Receive SSO request for interfederation IDP " + interIDP);
-				moaReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, interIDP);
+				moaReq.setGenericDataToSession(DATAID_INTERFEDERATIOIDP_URL, interIDP);
 				
 			} else {
 				//check if IDP cookie is set
 				String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION);
 				if (MiscUtil.isNotEmpty(cookie)) {
 					Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie);
-					moaReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, cookie);
+					moaReq.setGenericDataToSession(DATAID_INTERFEDERATIOIDP_URL, cookie);
 				
 					deleteCookie(httpReq, httpResp, SSOINTERFEDERATION);									
 				}				
@@ -283,7 +290,7 @@ public class SSOManager implements ISSOManager {
 		Logger.debug("Add SSO information to MOASession.");
 
 		//Store SSO information into database
-		String newSSOSessionId = createSSOSessionInformations(moaSession.getSessionID(), 
+		String newSSOSessionId = createSSOSessionInformations(moaSession.getSSOSessionID(), 
 				pendingReq.getSPEntityId());
 
 		//set SSO cookie to response
@@ -298,7 +305,7 @@ public class SSOManager implements ISSOManager {
 		return newSSOSessionId;
 	}
 	
-	public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException, SessionDataStorageException {
+	public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException, SessionDataStorageException, EAAFStorageException {
 		
 		// search SSO Session
 		if (ssoSessionID == null) {
@@ -328,7 +335,7 @@ public class SSOManager implements ISSOManager {
 				//in case of federated SSO session, jump to federated IDP for authentication
 				
 				String interfederationIDP = 
-						protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class);
+						protocolRequest.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class);
 				
 				if (MiscUtil.isEmpty(interfederationIDP)) {
 					InterfederationSessionStore selectedIDP = authenticatedSessionStore.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid());
@@ -337,7 +344,7 @@ public class SSOManager implements ISSOManager {
 						//no local SSO session exist -> request interfederated IDP
 						Logger.info("SSO Session refer to federated IDP: " + selectedIDP.getIdpurlprefix());
 						protocolRequest.setGenericDataToSession(
-								RequestImpl.DATAID_INTERFEDERATIOIDP_URL, selectedIDP.getIdpurlprefix());
+								DATAID_INTERFEDERATIOIDP_URL, selectedIDP.getIdpurlprefix());
 						
 					} else {
 						Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
@@ -360,18 +367,18 @@ public class SSOManager implements ISSOManager {
 		
 	}
 	
-	public AuthenticationSession getInternalMOASession(String ssoSessionID) throws MOADatabaseException {
-		return authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID);
-		
-	}
+//	public String getInternalSSOSession(String ssoSessionID) throws MOADatabaseException {
+//		return authenticatedSessionStore.getInternalSSOSessionWithSSOID(ssoSessionID);
+//		
+//	}
 	
 	//TODO: refactor for faster DB access
 	public String getUniqueSessionIdentifier(String ssoSessionID) {
 		try {
 			if (MiscUtil.isNotEmpty(ssoSessionID)) {			
-				AuthenticationSession moaSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID);
-				if (moaSession != null) {
-					AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSession.getSSOSessionID());
+				String ssoSessionId = authenticatedSessionStore.getInternalSSOSessionWithSSOID(ssoSessionID);
+				if (MiscUtil.isNotEmpty(ssoSessionId)) {
+					AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(ssoSessionId);
 						return extSessionInformation.getUniqueSessionId();
 			
 				}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java
deleted file mode 100644
index 9262e97c2..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class BPKAttributeBuilder implements IPVPAttributeBuilder {
-	
-	public String getName() {
-		return BPK_NAME;
-	}
-	
-	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		String bpk = authData.getBPK();
-		String type = authData.getBPKType();
-		
-		if (MiscUtil.isEmpty(bpk))
-			throw new UnavailableAttributeException(BPK_NAME);
-			
-		if (type.startsWith(Constants.URN_PREFIX_WBPK))
-			type = type.substring((Constants.URN_PREFIX_WBPK + "+").length());
-		
-		else if (type.startsWith(Constants.URN_PREFIX_CDID)) 
-			type = type.substring((Constants.URN_PREFIX_CDID + "+").length());
-		
-		else if (type.startsWith(Constants.URN_PREFIX_EIDAS)) 
-			type = type.substring((Constants.URN_PREFIX_EIDAS + "+").length());
-		
-		if (bpk.length() > BPK_MAX_LENGTH) {
-			bpk = bpk.substring(0, BPK_MAX_LENGTH);
-		}
-		
-		Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type);
-		
-		return g.buildStringAttribute(BPK_FRIENDLY_NAME, BPK_NAME, type + ":" + bpk);
-	}
-	
-	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
-		return g.buildEmptyAttribute(BPK_FRIENDLY_NAME, BPK_NAME);
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java
deleted file mode 100644
index 783e044f8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder {
-
-	public String getName() {
-		return EID_SECTOR_FOR_IDENTIFIER_NAME;
-	}
-
-	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeBuilderException {		
-		String bpktype = authData.getBPKType();
-		
-		if (MiscUtil.isEmpty(authData.getBPKType()))
-			throw new UnavailableAttributeException(EID_SECTOR_FOR_IDENTIFIER_NAME);
-				
-		return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME,
-				EID_SECTOR_FOR_IDENTIFIER_NAME, bpktype);
-	}
-	
-	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
-		return g.buildEmptyAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME,
-				EID_SECTOR_FOR_IDENTIFIER_NAME);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java
index 2f18c78e2..7c2207d1d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.logging.Logger;
 
 public class EIDSignerCertificate implements IPVPAttributeBuilder {
@@ -43,11 +44,14 @@ public class EIDSignerCertificate implements IPVPAttributeBuilder {
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		
 		try {
-			byte[] signerCertificate = authData.getSignerCertificate();
-			if (signerCertificate != null) {
-				return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, 
+			if (authData instanceof IMOAAuthData) {
+				byte[] signerCertificate = ((IMOAAuthData)authData).getSignerCertificate();
+				if (signerCertificate != null) {
+					return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, 
 						Base64Utils.encodeToString(signerCertificate));
-			}
+				}
+			} else
+				Logger.info(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME + " is only available in MOA-ID context");
 			
 		}catch (Exception e) {
 			Logger.info("Signer certificate BASE64 encoding error");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
index e91bc90d6..090cf6b21 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
@@ -28,6 +28,8 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.logging.Logger;
 
 public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
 	
@@ -38,16 +40,20 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 
-		if (authData.getEncbPKList() != null &&
-				authData.getEncbPKList().size() > 0) {
-			String value = authData.getEncbPKList().get(0);
-			for (int i=1; i<authData.getEncbPKList().size(); i++)
-				value += ";"+authData.getEncbPKList().get(i);			
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).getEncbPKList() != null &&
+					((IMOAAuthData)authData).getEncbPKList().size() > 0) {
+				String value = ((IMOAAuthData)authData).getEncbPKList().get(0);
+				for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++)
+					value += ";"+((IMOAAuthData)authData).getEncbPKList().get(i);			
 			
-			return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, 
-					value);
+				return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, 
+						value);
 			
-		} 
+			}
+			
+		} else
+			Logger.info(ENC_BPK_LIST_FRIENDLY_NAME + " is only available in MOA-ID context");
 		
 		throw new UnavailableAttributeException(ENC_BPK_LIST_NAME);
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java
index e1e7440e6..c65199dd6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java
@@ -24,13 +24,13 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
 import java.io.IOException;
 
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 
@@ -45,7 +45,7 @@ public class HolderOfKey implements IPVPAttributeBuilder {
 		
 		try {
 			byte[] certEncoded = authData.getGenericData(
-					MOAIDAuthConstants.MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE, 
+					EAAFConstants.PROCESS_ENGINE_SSL_CLIENT_CERTIFICATE, 
 					byte[].class);
 			
 			if (certEncoded != null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
index 007f7403a..171dfe2d9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -33,6 +33,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DOMUtils;
@@ -45,25 +46,30 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder
 
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData.isUseMandate()) {
-			//only provide full mandate if it is included. 
-			//In case of federation only a short mandate could be include 
-			if (authData.getMandate() != null) {
-				String fullMandate;
-				try {
-					fullMandate = DOMUtils.serializeNode(authData
-							.getMandate());
-					return g.buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
-							MANDATE_FULL_MANDATE_NAME, Base64Utils.encodeToString(fullMandate.getBytes()));
-				} catch (TransformerException e) {
-					Logger.error("Failed to generate Full Mandate", e);
-				} catch (IOException e) {
-					Logger.error("Failed to generate Full Mandate", e);
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).isUseMandate()) {
+				//only provide full mandate if it is included. 
+				//In case of federation only a short mandate could be include 
+				if (((IMOAAuthData)authData).getMandate() != null) {
+					String fullMandate;
+					try {
+						fullMandate = DOMUtils.serializeNode(((IMOAAuthData)authData)
+								.getMandate());
+						return g.buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
+								MANDATE_FULL_MANDATE_NAME, Base64Utils.encodeToString(fullMandate.getBytes()));
+					} catch (TransformerException e) {
+						Logger.error("Failed to generate Full Mandate", e);
+					} catch (IOException e) {
+						Logger.error("Failed to generate Full Mandate", e);
+					}
 				}
+				throw new NoMandateDataAttributeException();
+				
 			}
-			throw new NoMandateDataAttributeException();
 			
-		}
+		} else
+			Logger.info(MANDATE_FULL_MANDATE_FRIENDLY_NAME + " is only available in MOA-ID context");			
+			
 		return null;
 
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
index e41a5ccf1..26ea1823e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -44,34 +45,39 @@ public class MandateLegalPersonFullNameAttributeBuilder implements IPVPAttribute
 	
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData.isUseMandate()) {
-			
-			//get PVP attribute directly, if exists 
-			String fullName = authData.getGenericData(MANDATE_LEG_PER_FULL_NAME_NAME, String.class);
-			
-			if (MiscUtil.isEmpty(fullName)) {
-				Element mandate = authData.getMandate();
-				if (mandate == null) {
-					throw new NoMandateDataAttributeException();
-					
-				}
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if (mandateObject == null) {
-					throw new NoMandateDataAttributeException();
-					
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).isUseMandate()) {
+				
+				//get PVP attribute directly, if exists 
+				String fullName = authData.getGenericData(MANDATE_LEG_PER_FULL_NAME_NAME, String.class);
+				
+				if (MiscUtil.isEmpty(fullName)) {
+					Element mandate = ((IMOAAuthData)authData).getMandate();
+					if (mandate == null) {
+						throw new NoMandateDataAttributeException();
+						
+					}
+					Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+					if (mandateObject == null) {
+						throw new NoMandateDataAttributeException();
+						
+					}
+					CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+					if (corporation == null) {
+						Logger.info("No corporation mandate");
+						throw new NoMandateDataAttributeException();
+						
+					}
+					fullName = corporation.getFullName();
 				}
-				CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
-				if (corporation == null) {
-					Logger.info("No corporation mandate");
-					throw new NoMandateDataAttributeException();
-					
-				}
-				fullName = corporation.getFullName();
+				return g.buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, MANDATE_LEG_PER_FULL_NAME_NAME,
+						fullName);
+				
 			}
-			return g.buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, MANDATE_LEG_PER_FULL_NAME_NAME,
-					fullName);
 			
-		}
+		} else
+			Logger.info(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME + " is only available in MOA-ID context");			
+			
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
index e20cf6684..cad8416b4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -44,11 +45,14 @@ public class MandateLegalPersonSourcePinAttributeBuilder  implements IPVPAttribu
 
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if(authData.isUseMandate()) {				
-			return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, 
-					MANDATE_LEG_PER_SOURCE_PIN_NAME, getLegalPersonIdentifierFromMandate(authData));
+		if (authData instanceof IMOAAuthData) {
+			if(((IMOAAuthData)authData).isUseMandate()) {				
+				return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, 
+					MANDATE_LEG_PER_SOURCE_PIN_NAME, getLegalPersonIdentifierFromMandate(((IMOAAuthData)authData)));
 			
-		}
+			}
+		} else
+			Logger.info(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME + " is only available in MOA-ID context");
 		
 		return null;
 		
@@ -59,7 +63,7 @@ public class MandateLegalPersonSourcePinAttributeBuilder  implements IPVPAttribu
 	}
 	
 	
-	protected String getLegalPersonIdentifierFromMandate(IAuthData authData) throws NoMandateDataAttributeException {
+	protected String getLegalPersonIdentifierFromMandate(IMOAAuthData authData) throws NoMandateDataAttributeException {
 		//get PVP attribute directly, if exists 
 		String sourcePin = authData.getGenericData(MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class);
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
index 098ecf68f..5fa0a5c48 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -44,39 +45,44 @@ public class MandateLegalPersonSourcePinTypeAttributeBuilder implements IPVPAttr
 	
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData.isUseMandate()) {
-			//get PVP attribute directly, if exists 
-			String sourcePinType = authData.getGenericData(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class);
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).isUseMandate()) {
+				//get PVP attribute directly, if exists 
+				String sourcePinType = authData.getGenericData(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class);
+							
+				if (MiscUtil.isEmpty(sourcePinType)) { 
+					Element mandate = ((IMOAAuthData)authData).getMandate();
+					if (mandate == null) {
+						throw new NoMandateDataAttributeException();
 						
-			if (MiscUtil.isEmpty(sourcePinType)) { 
-				Element mandate = authData.getMandate();
-				if (mandate == null) {
-					throw new NoMandateDataAttributeException();
-					
-				}
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if (mandateObject == null) {
-					throw new NoMandateDataAttributeException();
-					
-				}
-				CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
-				if (corporation == null) {
-					Logger.info("No corporate mandate");
-					throw new NoMandateDataAttributeException();
-					
-				}
-				if (corporation.getIdentification().size() == 0) {
-					Logger.info("Failed to generate IdentificationType");
-					throw new NoMandateDataAttributeException();
+					}
+					Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+					if (mandateObject == null) {
+						throw new NoMandateDataAttributeException();
+						
+					}
+					CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+					if (corporation == null) {
+						Logger.info("No corporate mandate");
+						throw new NoMandateDataAttributeException();
+						
+					}
+					if (corporation.getIdentification().size() == 0) {
+						Logger.info("Failed to generate IdentificationType");
+						throw new NoMandateDataAttributeException();
+						
+					}
+					sourcePinType = corporation.getIdentification().get(0).getType();
 					
 				}
-				sourcePinType = corporation.getIdentification().get(0).getType();
 				
+				return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME,
+						sourcePinType);
 			}
 			
-			return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME,
-					sourcePinType);
-		}
+		} else
+			Logger.info(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME + " is only available in MOA-ID context");
+	
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index ebec019ae..9160ef453 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -107,46 +108,49 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
 	protected Pair<String, String> internalBPKGenerator(IOAAuthParameters oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException {		
 		//get PVP attribute directly, if exists 
 		Pair<String, String> calcResult = null;
-		
-		if (authData.isUseMandate()) {	
-			String bpk = authData.getGenericData(MANDATE_NAT_PER_BPK_NAME, String.class);
-		
-			if (MiscUtil.isEmpty(bpk)) {
-				//read bPK from mandate if it is not directly included
-				Element mandate = authData.getMandate();
-				if (mandate == null) {
-					throw new NoMandateDataAttributeException();
-				}
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if (mandateObject == null) {
-					throw new NoMandateDataAttributeException();
-				}
-				PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
-				if (physicalPerson == null) {
-					Logger.debug("No physicalPerson mandate");
-					throw new NoMandateDataAttributeException();
-				}
-				IdentificationType id = null;
-				id = physicalPerson.getIdentification().get(0);
-				if (id == null) {
-					Logger.info("Failed to generate IdentificationType");
-					throw new NoMandateDataAttributeException();
-				}
-			
-								
-				if (id.getType().equals(Constants.URN_PREFIX_BASEID))									
-					calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(), 
-							oaParam.getAreaSpecificTargetIdentifier());								
-				else
-					calcResult = Pair.newInstance(id.getValue().getValue(), id.getType());
-
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).isUseMandate()) {	
+				String bpk = authData.getGenericData(MANDATE_NAT_PER_BPK_NAME, String.class);
 			
-			} else {
-				Logger.info("Find '" + MANDATE_NAT_PER_BPK_NAME + "' in AuthData. Use it what is is.");
-				calcResult = Pair.newInstance(bpk, null);
+				if (MiscUtil.isEmpty(bpk)) {
+					//read bPK from mandate if it is not directly included
+					Element mandate = ((IMOAAuthData)authData).getMandate();
+					if (mandate == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+					if (mandateObject == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+					if (physicalPerson == null) {
+						Logger.debug("No physicalPerson mandate");
+						throw new NoMandateDataAttributeException();
+					}
+					IdentificationType id = null;
+					id = physicalPerson.getIdentification().get(0);
+					if (id == null) {
+						Logger.info("Failed to generate IdentificationType");
+						throw new NoMandateDataAttributeException();
+					}
+				
+									
+					if (id.getType().equals(Constants.URN_PREFIX_BASEID))									
+						calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(), 
+								oaParam.getAreaSpecificTargetIdentifier());								
+					else
+						calcResult = Pair.newInstance(id.getValue().getValue(), id.getType());
+	
 				
+				} else {
+					Logger.info("Find '" + MANDATE_NAT_PER_BPK_NAME + "' in AuthData. Use it what is is.");
+					calcResult = Pair.newInstance(bpk, null);
+					
+				}
 			}
-		}
+			
+		} else
+			Logger.info(MANDATE_NAT_PER_BPK_FRIENDLY_NAME + " is only available in MOA-ID context");
 		
 		return calcResult;
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
index 0b8263ffb..e91087484 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
@@ -37,6 +37,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -65,41 +66,44 @@ public class MandateNaturalPersonBirthDateAttributeBuilder implements IPVPAttrib
 	
 	
 	protected String internalAttributGeneration(ISPConfiguration oaParam, IAuthData authData) throws InvalidDateFormatAttributeException, NoMandateDataAttributeException {		
-		if (authData.isUseMandate()) {
+		if (((IMOAAuthData)authData).isUseMandate()) {
 			
 			//get PVP attribute directly, if exists 
 			String birthDayString = authData.getGenericData(MANDATE_NAT_PER_BIRTHDATE_NAME, String.class);
 			
 			if (MiscUtil.isEmpty(birthDayString)) {
-				//read bPK from mandate if it is not directly included
-				Element mandate = authData.getMandate();
-				if (mandate == null) {
-					throw new NoMandateDataAttributeException();
-				}
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if (mandateObject == null) {
-					throw new NoMandateDataAttributeException();
-				}
-				PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
-				if (physicalPerson == null) {
-					Logger.info("No physicalPerson mandate");
-					throw new NoMandateDataAttributeException();
-				}
+				if (authData instanceof IMOAAuthData) {
+					//read bPK from mandate if it is not directly included
+					Element mandate = ((IMOAAuthData)authData).getMandate();
+					if (mandate == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+					if (mandateObject == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+					if (physicalPerson == null) {
+						Logger.info("No physicalPerson mandate");
+						throw new NoMandateDataAttributeException();
+					}
 				
-				String dateOfBirth = physicalPerson.getDateOfBirth();
-				try {
-					DateFormat mandateFormat = new SimpleDateFormat(MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT);
-					mandateFormat.setLenient(false);
-					Date date = mandateFormat.parse(dateOfBirth);
-					DateFormat pvpDateFormat = new SimpleDateFormat(MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN);
-					birthDayString = pvpDateFormat.format(date);
+					String dateOfBirth = physicalPerson.getDateOfBirth();
+					try {
+						DateFormat mandateFormat = new SimpleDateFormat(MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT);
+						mandateFormat.setLenient(false);
+						Date date = mandateFormat.parse(dateOfBirth);
+						DateFormat pvpDateFormat = new SimpleDateFormat(MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN);
+						birthDayString = pvpDateFormat.format(date);
 							
-				}
-				catch (ParseException e) {
-					Logger.warn("MIS mandate birthday has an incorrect formt. (Value:" + dateOfBirth, e);
-					throw new InvalidDateFormatAttributeException();
+					}
+					catch (ParseException e) {
+						Logger.warn("MIS mandate birthday has an incorrect formt. (Value:" + dateOfBirth, e);
+						throw new InvalidDateFormatAttributeException();
 					
-				}
+					}					
+				} else
+					Logger.info(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME + " is only available in MOA-ID context");
 				
 			} else {
 				try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
index 38a520298..9261ba063 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
@@ -34,6 +34,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -47,40 +48,45 @@ public class MandateNaturalPersonFamilyNameAttributeBuilder  implements IPVPAttr
 
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if(authData.isUseMandate()) {
+		if (authData instanceof IMOAAuthData) {
+			if(((IMOAAuthData)authData).isUseMandate()) {
 			
-			//get PVP attribute directly, if exists 
-			String familyName = authData.getGenericData(MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class);
-			
-			if (MiscUtil.isEmpty(familyName)) {
-				//read mandator familyName from mandate if it is not directly included
-				Element mandate = authData.getMandate();
-				if(mandate == null) {
-					throw new NoMandateDataAttributeException();
-				}
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if(mandateObject == null) {
-					throw new NoMandateDataAttributeException();
-				}
-				PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
-				if(physicalPerson == null) {
-					Logger.debug("No physicalPerson mandate");
-					throw new NoMandateDataAttributeException();
-				}
-				
-				StringBuilder sb = new StringBuilder();
-				Iterator<FamilyName> fNamesit = physicalPerson.getName().getFamilyName().iterator();
+				//get PVP attribute directly, if exists 
+				String familyName = authData.getGenericData(MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class);
 				
-				while(fNamesit.hasNext())
-					sb.append(" " + fNamesit.next().getValue());
-
-				familyName = sb.toString();
+				if (MiscUtil.isEmpty(familyName)) {
+					//read mandator familyName from mandate if it is not directly included
+					Element mandate = ((IMOAAuthData)authData).getMandate();
+					if(mandate == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+					if(mandateObject == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+					if(physicalPerson == null) {
+						Logger.debug("No physicalPerson mandate");
+						throw new NoMandateDataAttributeException();
+					}
+					
+					StringBuilder sb = new StringBuilder();
+					Iterator<FamilyName> fNamesit = physicalPerson.getName().getFamilyName().iterator();
+					
+					while(fNamesit.hasNext())
+						sb.append(" " + fNamesit.next().getValue());
+	
+					familyName = sb.toString();
+					
+				}
 				
+				return g.buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, 
+						MANDATE_NAT_PER_FAMILY_NAME_NAME, familyName);
 			}
 			
-			return g.buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, 
-					MANDATE_NAT_PER_FAMILY_NAME_NAME, familyName);
-		}
+		} else
+			Logger.info(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME + " is only available in MOA-ID context");
+		
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
index be8e761e0..fe952253d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
@@ -33,6 +33,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -46,37 +47,41 @@ public class MandateNaturalPersonGivenNameAttributeBuilder implements IPVPAttrib
 	
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData.isUseMandate()) {			
-			//get PVP attribute directly, if exists 
-			String givenName = authData.getGenericData(MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class);
-			
-			if (MiscUtil.isEmpty(givenName)) {
-				Element mandate = authData.getMandate();
-				if (mandate == null) {
-					throw new NoMandateDataAttributeException();
-				}
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if (mandateObject == null) {
-					throw new NoMandateDataAttributeException();
-				}
-				PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
-				if (physicalPerson == null) {
-					Logger.debug("No physicalPerson mandate");
-					throw new NoMandateDataAttributeException();
-				}
+		if (authData instanceof IMOAAuthData) {	
+			if (((IMOAAuthData)authData).isUseMandate()) {			
+				//get PVP attribute directly, if exists 
+				String givenName = authData.getGenericData(MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class);
 				
-				StringBuilder sb = new StringBuilder();
-				Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator();
-				
-				while (gNamesit.hasNext())
-					sb.append(" " + gNamesit.next());
-				
-				givenName = sb.toString();
+				if (MiscUtil.isEmpty(givenName)) {
+					Element mandate = ((IMOAAuthData)authData).getMandate();
+					if (mandate == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+					if (mandateObject == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+					if (physicalPerson == null) {
+						Logger.debug("No physicalPerson mandate");
+						throw new NoMandateDataAttributeException();
+					}
+					
+					StringBuilder sb = new StringBuilder();
+					Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator();
+					
+					while (gNamesit.hasNext())
+						sb.append(" " + gNamesit.next());
+					
+					givenName = sb.toString();
+					
+				}
 				
+				return g.buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, MANDATE_NAT_PER_GIVEN_NAME_NAME, givenName);
 			}
 			
-			return g.buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, MANDATE_NAT_PER_GIVEN_NAME_NAME, givenName);
-		}
+		} else
+			Logger.info(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME + " is only available in MOA-ID context");
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
index 2890b72d9..3c0a2cc94 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
@@ -33,6 +33,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.AttributePolicyException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -45,36 +46,41 @@ public class MandateNaturalPersonSourcePinAttributeBuilder  implements IPVPAttri
 
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if(authData.isUseMandate()) {
-			Element mandate = authData.getMandate();
-			if(mandate == null) {
-				throw new NoMandateDataAttributeException();
-			}
-			Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-			if(mandateObject == null) {
-				throw new NoMandateDataAttributeException();
-			}
-			PhysicalPersonType physicalPerson = mandateObject.getMandator()
-					.getPhysicalPerson();
-			if (physicalPerson == null) {
-				Logger.debug("No physicalPerson mandate");
-				throw new NoMandateDataAttributeException();
-			}
-			IdentificationType id = null;
-			id = physicalPerson.getIdentification().get(0);
-			
-			if(authData.isBaseIDTransferRestrication()) {
-				throw new AttributePolicyException(this.getName());
-			}
-			
-			if(id == null) {
-				Logger.info("Failed to generate IdentificationType");
-				throw new NoMandateDataAttributeException();
+		if (authData instanceof IMOAAuthData) {
+			if(((IMOAAuthData)authData).isUseMandate()) {
+				Element mandate = ((IMOAAuthData)authData).getMandate();
+				if(mandate == null) {
+					throw new NoMandateDataAttributeException();
+				}
+				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+				if(mandateObject == null) {
+					throw new NoMandateDataAttributeException();
+				}
+				PhysicalPersonType physicalPerson = mandateObject.getMandator()
+						.getPhysicalPerson();
+				if (physicalPerson == null) {
+					Logger.debug("No physicalPerson mandate");
+					throw new NoMandateDataAttributeException();
+				}
+				IdentificationType id = null;
+				id = physicalPerson.getIdentification().get(0);
+				
+				if(authData.isBaseIDTransferRestrication()) {
+					throw new AttributePolicyException(this.getName());
+				}
+				
+				if(id == null) {
+					Logger.info("Failed to generate IdentificationType");
+					throw new NoMandateDataAttributeException();
+				}
+				
+				return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME,
+						MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue());
 			}
 			
-			return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME,
-					MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue());
-		}
+		} else
+			Logger.info(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME + " is only available in MOA-ID context");
+		
 		return null;
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
index 6b3ed6768..0d9009778 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
@@ -32,6 +32,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -44,31 +45,36 @@ public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAt
 
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if(authData.isUseMandate()) {
-			Element mandate = authData.getMandate();
-			if(mandate == null) {
-				throw new NoMandateDataAttributeException();
-			}
-			Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-			if(mandateObject == null) {
-				throw new NoMandateDataAttributeException();
-			}
-			PhysicalPersonType physicalPerson = mandateObject.getMandator()
-					.getPhysicalPerson();
-			if (physicalPerson == null) {
-				Logger.debug("No physicalPerson mandate");
-				throw new NoMandateDataAttributeException();
-			}
-			IdentificationType id = null;
-			id = physicalPerson.getIdentification().get(0);
-			if(id == null) {
-				Logger.info("Failed to generate IdentificationType");
-				throw new NoMandateDataAttributeException();
-			}
-			
-			return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME,
-					MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, id.getType());
-		}
+		if (authData instanceof IMOAAuthData) {
+				if(((IMOAAuthData)authData).isUseMandate()) {
+					Element mandate = ((IMOAAuthData)authData).getMandate();
+					if(mandate == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+					if(mandateObject == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					PhysicalPersonType physicalPerson = mandateObject.getMandator()
+							.getPhysicalPerson();
+					if (physicalPerson == null) {
+						Logger.debug("No physicalPerson mandate");
+						throw new NoMandateDataAttributeException();
+					}
+					IdentificationType id = null;
+					id = physicalPerson.getIdentification().get(0);
+					if(id == null) {
+						Logger.info("Failed to generate IdentificationType");
+						throw new NoMandateDataAttributeException();
+					}
+					
+					return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME,
+							MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, id.getType());
+				}
+				
+		} else
+			Logger.info(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME + " is only available in MOA-ID context");
+		
 		return null;
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
index d8804d395..3cd9ef3e2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
@@ -31,8 +31,10 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder {
@@ -43,42 +45,47 @@ public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder
 
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if(authData.isUseMandate()) {						
-			String profRepName = authData.getGenericData(MANDATE_PROF_REP_DESC_NAME, String.class);
-			
-			if (MiscUtil.isEmpty(profRepName)) {			
-				IMISMandate misMandate = authData.getMISMandate();
-				
-				if(misMandate == null) {
-					throw new NoMandateDataAttributeException();
-				}
-			
-				profRepName = misMandate.getTextualDescriptionOfOID();
+		if (authData instanceof IMOAAuthData) {
+			if(((IMOAAuthData)authData).isUseMandate()) {						
+				String profRepName = authData.getGenericData(MANDATE_PROF_REP_DESC_NAME, String.class);
 				
-				//only read textual prof. rep. OID describtion from mandate annotation
-				// if also OID exists
-				if (MiscUtil.isEmpty(profRepName) 
-						&& MiscUtil.isNotEmpty(misMandate.getProfRep())) {			
-					Element mandate = authData.getMandate();
-					if (mandate == null) {
+				if (MiscUtil.isEmpty(profRepName)) {			
+					IMISMandate misMandate = ((IMOAAuthData)authData).getMISMandate();
+					
+					if(misMandate == null) {
 						throw new NoMandateDataAttributeException();
 					}
 				
-					Mandate mandateObject = MandateBuilder.buildMandate(authData.getMandate());
-					if (mandateObject == null) {
-						throw new NoMandateDataAttributeException();
-					}
-	
-					profRepName = mandateObject.getAnnotation();
+					profRepName = misMandate.getTextualDescriptionOfOID();
+					
+					//only read textual prof. rep. OID describtion from mandate annotation
+					// if also OID exists
+					if (MiscUtil.isEmpty(profRepName) 
+							&& MiscUtil.isNotEmpty(misMandate.getProfRep())) {			
+						Element mandate = ((IMOAAuthData)authData).getMandate();
+						if (mandate == null) {
+							throw new NoMandateDataAttributeException();
+						}
 					
+						Mandate mandateObject = MandateBuilder.buildMandate(((IMOAAuthData)authData).getMandate());
+						if (mandateObject == null) {
+							throw new NoMandateDataAttributeException();
+						}
+		
+						profRepName = mandateObject.getAnnotation();
+						
+					}
 				}
+				
+				if(MiscUtil.isNotEmpty(profRepName)) 
+					return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, 
+							MANDATE_PROF_REP_DESC_NAME, profRepName);
+											
 			}
 			
-			if(MiscUtil.isNotEmpty(profRepName)) 
-				return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, 
-						MANDATE_PROF_REP_DESC_NAME, profRepName);
-										
-		}
+		} else
+			Logger.info(MANDATE_PROF_REP_DESC_FRIENDLY_NAME + " is only available in MOA-ID context");
+		
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
index 555f92fe0..6cdf64dc3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
@@ -28,7 +28,9 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
+import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder {
@@ -39,25 +41,30 @@ public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder {
 	
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData.isUseMandate()) {			
-			String profRepOID = authData.getGenericData(MANDATE_PROF_REP_OID_NAME, String.class);			
-			
-			if (MiscUtil.isEmpty(profRepOID)) {			
-				IMISMandate mandate = authData.getMISMandate();
-				if (mandate == null) {
-					throw new NoMandateDataAttributeException();
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).isUseMandate()) {			
+				String profRepOID = authData.getGenericData(MANDATE_PROF_REP_OID_NAME, String.class);			
+				
+				if (MiscUtil.isEmpty(profRepOID)) {			
+					IMISMandate mandate = ((IMOAAuthData)authData).getMISMandate();
+					if (mandate == null) {
+						throw new NoMandateDataAttributeException();
+					}
+							
+					profRepOID = mandate.getProfRep();
+					
 				}
-						
-				profRepOID = mandate.getProfRep();
+							
+				if(MiscUtil.isEmpty(profRepOID)) 
+					return null;				
+				else			
+					return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, profRepOID);
 				
 			}
-						
-			if(MiscUtil.isEmpty(profRepOID)) 
-				return null;				
-			else			
-				return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, profRepOID);
 			
-		}
+		} else
+			Logger.info(MANDATE_PROF_REP_OID_FRIENDLY_NAME + " is only available in MOA-ID context");
+		
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java
index 45cce5852..f609117a4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java
@@ -27,6 +27,8 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.logging.Logger;
 
 public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuilder {
 	
@@ -36,11 +38,16 @@ public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuild
 	
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData.isUseMandate()) {
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).isUseMandate()) {
+			
+				return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME,
+						((IMOAAuthData)authData).getMandateReferenceValue());
+			}
+			
+		} else
+			Logger.info(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME + " is only available in MOA-ID context");
 		
-			return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME,
-					authData.getMandateReferenceValue());
-		}
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java
index 3bc7d5a2d..5471c5a13 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java
@@ -30,8 +30,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder {
@@ -42,27 +44,32 @@ public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder {
 	
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData.isUseMandate()) {						
-			//get PVP attribute directly, if exists 
-			String mandateType = authData.getGenericData(MANDATE_TYPE_NAME, String.class);
-			
-			if (MiscUtil.isEmpty(mandateType)) {
-				Element mandate = authData.getMandate();
-				if (mandate == null) {
-					throw new NoMandateDataAttributeException();
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).isUseMandate()) {						
+				//get PVP attribute directly, if exists 
+				String mandateType = authData.getGenericData(MANDATE_TYPE_NAME, String.class);
+				
+				if (MiscUtil.isEmpty(mandateType)) {
+					Element mandate = ((IMOAAuthData)authData).getMandate();
+					if (mandate == null) {
+						throw new NoMandateDataAttributeException();
+						
+					}
+					Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+					if (mandateObject == null) {
+						throw new NoMandateDataAttributeException();
+						
+					}
+					mandateType = mandateObject.getAnnotation();
 					
 				}
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if (mandateObject == null) {
-					throw new NoMandateDataAttributeException();
 					
-				}
-				mandateType = mandateObject.getAnnotation();
-				
+				return g.buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateType);
 			}
-				
-			return g.buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateType);
-		}
+			
+		} else
+			Logger.info(MANDATE_TYPE_FRIENDLY_NAME + " is only available in MOA-ID context");
+		
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
index d5c89fc97..88f5bc2f7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
@@ -27,6 +27,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -38,18 +39,23 @@ public class MandateTypeOIDAttributeBuilder implements IPVPAttributeBuilder {
 	
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData.isUseMandate()) {						
-			//get PVP attribute directly, if exists 
-			String mandateType = authData.getGenericData(MANDATE_TYPE_OID_NAME, String.class);
-			
-			if (MiscUtil.isEmpty(mandateType)) {
-				Logger.info("MIS Mandate does not include 'Mandate-Type OID'.");
-				return null;
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).isUseMandate()) {						
+				//get PVP attribute directly, if exists 
+				String mandateType = authData.getGenericData(MANDATE_TYPE_OID_NAME, String.class);
 				
+				if (MiscUtil.isEmpty(mandateType)) {
+					Logger.info("MIS Mandate does not include 'Mandate-Type OID'.");
+					return null;
+					
+				}
+					
+				return g.buildStringAttribute(MANDATE_TYPE_OID_FRIENDLY_NAME, MANDATE_TYPE_OID_NAME, mandateType);
 			}
-				
-			return g.buildStringAttribute(MANDATE_TYPE_OID_FRIENDLY_NAME, MANDATE_TYPE_OID_NAME, mandateType);
-		}
+			
+		} else
+			Logger.info(MANDATE_TYPE_OID_FRIENDLY_NAME + " is only available in MOA-ID context");
+		
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index cc48873af..c17f1a4dd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -37,36 +37,50 @@ import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.core.AttributeQuery;
 import org.opensaml.saml2.core.Response;
 import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.common.SOAPException;
+import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Service;
 
-import at.gv.egiz.eaaf.core.api.IAction;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
  * @author tlenz
@@ -76,12 +90,15 @@ import at.gv.egovernment.moa.logging.Logger;
 public class AttributQueryAction implements IAction {
 
 	@Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
-	@Autowired private AuthenticationDataBuilder authDataBuilder;
+	@Autowired private IAuthenticationDataBuilder authDataBuilder;
 	@Autowired private IDPCredentialProvider pvpCredentials;
 	@Autowired private AuthConfiguration authConfig;
 	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
 	@Autowired(required=true) ApplicationContext springContext;
 	
+	@Autowired private AttributQueryBuilder attributQueryBuilder;
+	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
+	
 	private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList(
 			new String[]{PVPConstants.EID_STORK_TOKEN_NAME});	
 	
@@ -109,14 +126,14 @@ public class AttributQueryAction implements IAction {
 			try {
 				//get Single Sign-On information for the Service-Provider
 				// which sends the Attribute-Query request
-				AuthenticationSession moaSession = authenticationSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier());
+				AuthenticationSession moaSession = authenticationSessionStorage.getInternalSSOSession(pendingReq.getSSOSessionIdentifier());
 				if (moaSession == null) {
-					Logger.warn("No MOASession with ID:" + pendingReq.getInternalSSOSessionIdentifier() + " FOUND.");
-					throw new MOAIDException("auth.02", new Object[]{pendingReq.getInternalSSOSessionIdentifier()});
+					Logger.warn("No MOASession with ID:" + pendingReq.getSSOSessionIdentifier() + " FOUND.");
+					throw new MOAIDException("auth.02", new Object[]{pendingReq.getSSOSessionIdentifier()});
 				}
 												
 				InterfederationSessionStore nextIDPInformation = 
-						authenticationSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(moaSession.getSessionID());
+						authenticationSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(moaSession.getSSOSessionID());
 			
 				AttributeQuery attrQuery = 
 						(AttributeQuery)((MOARequest)((PVPTargetConfiguration) pendingReq).getRequest()).getSamlRequest();
@@ -157,9 +174,9 @@ public class AttributQueryAction implements IAction {
 				throw new MOAIDException("pvp2.01", null, e);
 
 			} catch (MOADatabaseException e) {
-				Logger.error("MOASession with SessionID=" + pendingReq.getInternalSSOSessionIdentifier() 
+				Logger.error("MOASession with SessionID=" + pendingReq.getSSOSessionIdentifier() 
 					+ " is not found in Database", e);
-				throw new MOAIDException("init.04", new Object[] { pendingReq.getInternalSSOSessionIdentifier() });
+				throw new MOAIDException("init.04", new Object[] { pendingReq.getSSOSessionIdentifier() });
 				
 			}
 			
@@ -195,7 +212,7 @@ public class AttributQueryAction implements IAction {
 					((PVPTargetConfiguration) pendingReq).getRequest() instanceof MOARequest &&
 					((PVPTargetConfiguration) pendingReq).getRequest().getInboundMessage() instanceof AttributeQuery) {				
 				
-				authenticationSessionStorage.markOAWithAttributeQueryUsedFlag(session, pendingReq.getOAURL(), pendingReq.requestedModule());
+				authenticationSessionStorage.markOAWithAttributeQueryUsedFlag(session, pendingReq.getSPEntityId(), pendingReq.requestedModule());
 			}
 			
 			//build OnlineApplication dynamic from requested attributes (AttributeQuerry Request) and configuration
@@ -208,15 +225,18 @@ public class AttributQueryAction implements IAction {
 					+ " for authentication information.");
 	
 				//load configuration of next IDP
-				IOAAuthParameters idpLoaded = authConfig.getOnlineApplicationParameter(nextIDPInformation.getIdpurlprefix());
-				if (idpLoaded == null || !(idpLoaded instanceof OAAuthParameter)) {
+				IOAAuthParameters idpLoaded = 
+						authConfig.getServiceProviderConfiguration(
+								nextIDPInformation.getIdpurlprefix(),
+								OAAuthParameterDecorator.class);
+				if (idpLoaded == null || !(idpLoaded instanceof IOAAuthParameters)) {
 					Logger.warn("Configuration for federated IDP:" + nextIDPInformation.getIdpurlprefix() 
 						+ "is not loadable.");
 					throw new MOAIDException("auth.32", new Object[]{nextIDPInformation.getIdpurlprefix()});
 					
 				}
 
-				OAAuthParameter idp = (OAAuthParameter) idpLoaded;
+				IOAAuthParameters idp = idpLoaded;
 				
 				//check if next IDP config allows inbound messages
 				if (!idp.isInboundSSOInterfederationAllowed()) {
@@ -227,7 +247,7 @@ public class AttributQueryAction implements IAction {
 				}
 				
 				//check next IDP service area policy. BusinessService IDPs can only request wbPKs 
-				if (!spConfig.hasBaseIdTransferRestriction() && !idp.isIDPPublicService()) {
+				if (!spConfig.hasBaseIdTransferRestriction() && idp.hasBaseIdTransferRestriction()) {
 					Logger.error("Interfederated IDP " + idp.getPublicURLPrefix() 
 							+ " is a BusinessService-IDP but requests PublicService attributes.");
 					throw new MOAIDException("auth.34", new Object[]{nextIDPInformation.getIdpurlprefix()});
@@ -239,7 +259,7 @@ public class AttributQueryAction implements IAction {
 				 * 'pendingReq.getAuthURL() + "/sp/federated/metadata"' is implemented in federated_authentication module 
 				 *  but used in moa-id-lib. This should be refactored!!!  
 				 */
-				AssertionAttributeExtractor extractor = authDataBuilder.getAuthDataFromAttributeQuery(reqAttributes, 
+				AssertionAttributeExtractor extractor = getAuthDataFromAttributeQuery(reqAttributes, 
 						nextIDPInformation.getUserNameID(), idp, pendingReq.getAuthURL() + "/sp/federated/metadata");
 								
 				//mark attribute request as used
@@ -262,7 +282,7 @@ public class AttributQueryAction implements IAction {
 								
 			} else {													
 				Logger.debug("Build authData for AttributQuery from local MOASession.");							
-				IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq, session, spConfig);
+				IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq);
 				
 				//add default attributes in case of mandates or STORK is in use
 				List<String> attrList = addDefaultAttributes(reqAttributes, authData);
@@ -270,12 +290,19 @@ public class AttributQueryAction implements IAction {
 				//build Set of response attributes
 				List<Attribute> respAttr = PVPAttributeBuilder.buildSetOfResponseAttributes(authData, attrList);
 				
-				return Trible.newInstance(respAttr, authData.getSsoSessionValidTo(), authData.getQAALevel());
+				return Trible.newInstance(respAttr, authData.getSsoSessionValidTo(), authData.getEIDASQAALevel());
 				
 			}
 										
 		} catch (MOAIDException e) {
 			throw e;
+			
+		} catch (EAAFAuthenticationException e) {
+			throw new MOAIDException(e.getErrorId(), e.getParams(), e);
+			
+		} catch (EAAFConfigurationException e) {
+			throw new MOAIDException(e.getErrorId(), e.getParams(), e);
+			
 		}
 	}
 	
@@ -307,7 +334,8 @@ public class AttributQueryAction implements IAction {
 		}
 		
 		//add default mandate attributes if it is a authentication with mandates
-		if (authData.isUseMandate() && !reqAttributeNames.containsAll(DEFAULTMANDATEATTRIBUTES)) {
+		if (authData instanceof IMOAAuthData)
+		if (((IMOAAuthData)authData).isUseMandate() && !reqAttributeNames.containsAll(DEFAULTMANDATEATTRIBUTES)) {
 			for (String el : DEFAULTMANDATEATTRIBUTES) {
 				if (!reqAttributeNames.contains(el))
 					reqAttributeNames.add(el);
@@ -317,4 +345,76 @@ public class AttributQueryAction implements IAction {
 		return reqAttributeNames;
 	}
 	
+	/**
+	 * Get PVP authentication attributes by using a SAML2 AttributeQuery
+	 * 
+	 * @param reqQueryAttr List of PVP attributes which are requested
+	 * @param userNameID SAML2 UserNameID of the user for which attributes are requested
+	 * @param idpConfig Configuration of the IDP, which is requested 
+	 * @return 
+	 * @return PVP attribute DAO, which contains all received information
+	 * @throws MOAIDException
+	 */
+	public AssertionAttributeExtractor getAuthDataFromAttributeQuery(List<Attribute> reqQueryAttr,
+			String userNameID, IOAAuthParameters idpConfig, String spEntityID) throws MOAIDException{
+		String idpEnityID = idpConfig.getPublicURLPrefix();
+		
+		try {		
+			Logger.debug("Starting AttributeQuery process ...");
+			//collect attributes by using BackChannel communication
+			String endpoint = idpConfig.getIDPAttributQueryServiceURL();			
+			if (MiscUtil.isEmpty(endpoint)) {
+				Logger.error("No AttributeQueryURL for interfederationIDP " + idpEnityID);
+				throw new ConfigurationException("config.26", new Object[]{idpEnityID});
+				
+			}
+				
+			//build attributQuery request
+			AttributeQuery query = attributQueryBuilder.buildAttributQueryRequest(spEntityID, userNameID, endpoint, reqQueryAttr);
+			
+			//build SOAP request				
+			List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
+		
+			if (xmlObjects.size() == 0) {
+				Logger.error("Receive emptry AttributeQuery response-body.");
+				throw new AttributQueryException("auth.27", 
+						new Object[]{idpEnityID, "Receive emptry AttributeQuery response-body."});
+			
+			}
+		
+			Response intfResp;
+			if (xmlObjects.get(0) instanceof Response) {
+				intfResp = (Response) xmlObjects.get(0);
+			
+				//validate PVP 2.1 response
+				try {
+					samlVerificationEngine.verifyIDPResponse(intfResp, 
+							TrustEngineFactory.getSignatureKnownKeysTrustEngine(
+									metadataProvider));
+			
+					//create assertion attribute extractor from AttributeQuery response
+					return new AssertionAttributeExtractor(intfResp);
+		
+				} catch (Exception e) {
+					Logger.warn("PVP 2.1 assertion validation FAILED.", e);
+					throw new AssertionValidationExeption("auth.27", 
+							new Object[]{idpEnityID, e.getMessage()}, e);
+				}
+											
+			} else {
+				Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response");
+				throw new AttributQueryException("auth.27", 
+						new Object[]{idpEnityID, "Receive AttributeQuery response-body include no PVP 2.1 response"});
+			
+			}
+				 										
+		} catch (SOAPException e) {
+			throw new BuildException("builder.06", null, e);
+			
+		} catch (SecurityException e) {
+			throw new BuildException("builder.06", null, e);
+					
+		}
+	}
+	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index a8adc9ca0..43c860488 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -38,10 +38,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Service;
 
-import at.gv.egiz.eaaf.core.api.IAction;
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
@@ -60,7 +60,7 @@ import at.gv.egovernment.moa.logging.Logger;
 
 @Service("PVPAuthenticationRequestAction")
 public class AuthenticationAction implements IAction {
-	@Autowired IDPCredentialProvider pvpCredentials;
+	@Autowired IDPCredentialProvider pvpCredentials; 
 	@Autowired AuthConfiguration authConfig;
 	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
 	@Autowired(required=true) ApplicationContext springContext;
@@ -123,7 +123,7 @@ public class AuthenticationAction implements IAction {
 
 			//set protocol type
 			sloInformation.setProtocolType(req.requestedModule());
-			sloInformation.setSpEntityID(req.getOnlineApplicationConfiguration().getPublicURLPrefix());
+			sloInformation.setSpEntityID(req.getServiceProviderConfiguration().getUniqueIdentifier());
 			return sloInformation;
 			
 		} catch (MessageEncodingException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index baaf8b681..76956b5a8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -30,10 +30,10 @@ import org.springframework.stereotype.Service;
 
 import com.google.common.net.MediaType;
 
-import at.gv.egiz.eaaf.core.api.IAction;
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -48,7 +48,7 @@ public class MetadataAction implements IAction {
 
 	
-	@Autowired private IRevisionLogger revisionsLogger;
+	@Autowired private IRevisionLogger revisionsLogger; 
 	@Autowired private IDPCredentialProvider credentialProvider;
 	@Autowired private PVPMetadataBuilder metadatabuilder;
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 038e384f3..591aaa7cc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -22,6 +22,8 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x;
 
+import java.net.MalformedURLException;
+import java.net.URL;
 import java.util.Arrays;
 import java.util.List;
 
@@ -57,14 +59,15 @@ import org.springframework.web.bind.annotation.RequestMethod;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
 import at.gv.egiz.eaaf.core.exceptions.NoPassivAuthenticationException;
 import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityLogAdapter;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
@@ -80,7 +83,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
@@ -90,16 +92,14 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
-
+ 
 @Controller
 public class PVP2XProtocol extends AbstractAuthProtocolModulController implements IModulInfo {
 
@@ -107,6 +107,8 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 	@Autowired SAMLVerificationEngineSP samlVerificationEngine;
 	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
 	
+	@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
+	
 	public static final String NAME = PVP2XProtocol.class.getName();
 	public static final String PATH = "id_pvp2x";
 
@@ -137,16 +139,17 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 	
 	public PVP2XProtocol() {
 		super();
-	}
+	} 
 		
 	//PVP2.x metadata end-point
 	@RequestMapping(value = "/pvp2/metadata", method = {RequestMethod.POST, RequestMethod.GET})
-	public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
-		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
-			Logger.info("PVP2.1 is deaktivated!");
-			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-			
-		}
+	public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
+//		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
+//			Logger.info("PVP2.1 is deaktivated!");
+//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
+//			
+//		}
+		
 		//create pendingRequest object
 		PVPTargetConfiguration pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
 		pendingReq.initialize(req);
@@ -166,12 +169,12 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 	
 	//PVP2.x IDP POST-Binding end-point
 	@RequestMapping(value = "/pvp2/post", method = {RequestMethod.POST})
-	public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
-		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
-			Logger.info("PVP2.1 is deaktivated!");
-			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-			
-		}
+	public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
+//		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
+//			Logger.info("PVP2.1 is deaktivated!");
+//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
+//			
+//		}
 		
 		PVPTargetConfiguration pendingReq = null;
 		
@@ -206,7 +209,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			if (pendingReq != null)
 				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
 			
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
 			
 		} catch (SecurityException e) {
 			String samlRequest = req.getParameter("SAMLRequest");			
@@ -216,7 +219,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			if (pendingReq != null)
 				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
 			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
 		
 		} catch (MOAIDException e) {
 			
@@ -240,10 +243,10 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 	
 	//PVP2.x IDP Redirect-Binding end-point
 	@RequestMapping(value = "/pvp2/redirect", method = {RequestMethod.GET})
-	public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
+	public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
 		if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) {
 			Logger.info("PVP2.1 is deaktivated!");
-			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
 			
 		}
 		PVPTargetConfiguration pendingReq = null;
@@ -278,7 +281,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			if (pendingReq != null)
 				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
 			
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
 			
 		} catch (SecurityException e) {
 			String samlRequest = req.getParameter("SAMLRequest");			
@@ -288,7 +291,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			if (pendingReq != null)
 				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
 			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
 			
 		} catch (MOAIDException e) {
 			String samlRequest = req.getParameter("SAMLRequest");			
@@ -315,12 +318,12 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 	
 	//PVP2.x IDP SOAP-Binding end-point
 	@RequestMapping(value = "/pvp2/soap", method = {RequestMethod.POST})
-	public void PVPIDPSOAPRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
-		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
-			Logger.info("PVP2.1 is deaktivated!");
-			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-			
-		}
+	public void PVPIDPSOAPRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
+//		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
+//			Logger.info("PVP2.1 is deaktivated!");
+//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
+//			
+//		}
 				
 		PVPTargetConfiguration pendingReq = null;
 		try {
@@ -354,7 +357,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			if (pendingReq != null)
 				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
 			
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
 			
 		} catch (SecurityException e) {
 			String samlRequest = req.getParameter("SAMLRequest");			
@@ -364,7 +367,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			if (pendingReq != null)
 				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
 			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
 		
 		} catch (MOAIDException e) {			
 			//write revision log entries
@@ -393,7 +396,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			InboundMessage msg = pendingReq.getRequest();
 		
 			if (MiscUtil.isEmpty(msg.getEntityID())) {
-				throw new InvalidProtocolRequestException("pvp2.20", new Object[] {});
+				throw new InvalidProtocolRequestException("pvp2.20", new Object[] {}, "EntityId is null or empty");
 				
 			}
 			
@@ -425,8 +428,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 				throw new MOAIDException("Unsupported PVP21 message", new Object[] {});
 			}
 			
-			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
-					pendingReq, MOAIDEventConstants.AUTHPROTOCOL_TYPE, PATH);
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_TYPE, PATH);
 			
 			//switch to session authentication
 			performAuthentication(request, response, pendingReq);								
@@ -451,7 +453,6 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 		StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
 		StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
 		
-		ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
 		String moaError = null;
 		
 		if(e instanceof NoPassivAuthenticationException) {
@@ -473,12 +474,12 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			if(statusMessageValue != null) {
 				statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue));
 			}						
-			moaError = errorUtils.mapInternalErrorToExternalError(ex.getMessageId());
+			moaError = statusMessager.mapInternalErrorToExternalError(ex.getMessageId());
 			
 		} else {
 			statusCode.setValue(StatusCode.RESPONDER_URI);
 			statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
-			moaError = errorUtils.getResponseErrorCode(e);
+			moaError = statusMessager.getResponseErrorCode(e);
 		}
 		
 		
@@ -544,10 +545,11 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 	 * @param response
 	 * @param msg
 	 * @return
+	 * @throws EAAFException 
 	 * @throws MOAIDException 
 	 */
 	private void preProcessLogOut(HttpServletRequest request,
-			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws MOAIDException {
+			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws EAAFException {
 
 		InboundMessage inMsg = pendingReq.getRequest();		
 		MOARequest msg;
@@ -564,11 +566,11 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 
 			String oaURL = metadata.getEntityID();
 			oaURL = StringEscapeUtils.escapeHtml(oaURL);
-			IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(oaURL);
+			ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
 			
 			Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding());
 						
-			pendingReq.setOAURL(oaURL);
+			pendingReq.setSPEntityId(oaURL);
 			pendingReq.setOnlineApplicationConfiguration(oa);
 			pendingReq.setBinding(msg.getRequestBinding());
 			
@@ -584,17 +586,25 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			
 			Logger.debug("PreProcess SLO Response from " + resp.getIssuer());
 			
-			List<String> allowedPublicURLPrefix = 
-					AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
-			boolean isAllowedDestination = false;
+//			List<String> allowedPublicURLPrefix = authConfig.getIDPPublicURLPrefixes();
+//					AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
 			
-			for (String prefix : allowedPublicURLPrefix) {
-				if (resp.getDestination().startsWith(
-					prefix)) {
-					isAllowedDestination = true;
-					break;
-				}
+			boolean isAllowedDestination = false;			
+			try {
+				isAllowedDestination = MiscUtil.isNotEmpty(authConfig.validateIDPURL(new URL(resp.getDestination())));
+				
+			} catch (MalformedURLException e) {
+				Logger.info(resp.getDestination() + " is NOT valid. Reason: " + e.getMessage());
+				
 			}
+			
+//			for (String prefix : allowedPublicURLPrefix) {
+//				if (resp.getDestination().startsWith(
+//					prefix)) {
+//					isAllowedDestination = true;
+//					break;
+//				}
+//			}
 						
 			if (!isAllowedDestination) {
 				Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL");
@@ -607,7 +617,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 						
 						
 		} else 
-			throw new MOAIDException("Unsupported request", new Object[] {});
+			throw new EAAFException("Unsupported request");
 		
 		
 		pendingReq.setRequest(inMsg);
@@ -641,13 +651,8 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			
 		}
 
-		//check if Issuer is an interfederation IDP
-		// check parameter
-		if (!ParamValidatorUtils.isValidOA(moaRequest.getEntityID()))
-			throw new WrongParametersException("StartAuthentication",
-					PARAM_OA, "auth.12");
-		
-		IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(moaRequest.getEntityID());
+		//check if Issuer is an interfederation IDP		
+		IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(moaRequest.getEntityID(), IOAAuthParameters.class);
 		if (!oa.isInderfederationIDP()) {
 			Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs.");
 			throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null);
@@ -671,7 +676,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 		
 		//set preProcessed information into pending-request
 		pendingReq.setRequest(moaRequest);
-		pendingReq.setOAURL(moaRequest.getEntityID());
+		pendingReq.setSPEntityId(moaRequest.getEntityID());
 		pendingReq.setOnlineApplicationConfiguration(oa);
 		pendingReq.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
 		
@@ -682,7 +687,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 		pendingReq.setAction(AttributQueryAction.class.getName());
 
 		//add moasession
-		pendingReq.setInternalSSOSessionIdentifier(session.getSessionID());
+		pendingReq.setSSOSessionIdentifier(session.getSSOSessionID());
 				
 		//write revisionslog entry
 		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY);
@@ -717,13 +722,15 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 		
 		if (authnRequest.getIssueInstant() == null) {
 			Logger.warn("Unsupported request: No IssueInstant Attribute found.");
-			throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant Attribute found.", new Object[] {});
+			throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant Attribute found.", new Object[] {}, 
+					"Unsupported request: No IssueInstant Attribute found", pendingReq);
 			
 		}
 		
 		if (authnRequest.getIssueInstant().minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) {
 			Logger.warn("Unsupported request: No IssueInstant DateTime is not valid anymore.");
-			throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant DateTime is not valid anymore.", new Object[] {});
+			throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant DateTime is not valid anymore.", new Object[] {},
+					"Unsupported request: No IssueInstant DateTime is not valid anymore.", pendingReq);
 			
 		}
 			
@@ -790,22 +797,22 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 		AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq;
 		AuthnRequestValidator.validate(authReq);
 		
-		String useMandate = request.getParameter(PARAM_USEMANDATE);
-		if(useMandate != null) {
-			if(useMandate.equals("true") && attributeConsumer != null) {
-				if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
-					throw new MandateAttributesNotHandleAbleException();
-				}
-			}
-		}
+//		String useMandate = request.getParameter(PARAM_USEMANDATE);
+//		if(useMandate != null) {
+//			if(useMandate.equals("true") && attributeConsumer != null) {
+//				if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
+//					throw new MandateAttributesNotHandleAbleException();
+//				}
+//			}
+//		}
 						
 		String oaURL = moaRequest.getEntityMetadata(metadataProvider).getEntityID();
 		oaURL = StringEscapeUtils.escapeHtml(oaURL);
-		IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(oaURL);
+		ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
 		
 		Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());		
 
-		pendingReq.setOAURL(oaURL);
+		pendingReq.setSPEntityId(oaURL);
 		pendingReq.setOnlineApplicationConfiguration(oa);
 		pendingReq.setBinding(consumerService.getBinding());
 		pendingReq.setRequest(moaRequest);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
index 46e5b83f6..67cbafe90 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
@@ -29,7 +29,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.StoredAssertion;
 
 @Service("PVPAssertionStorage")
@@ -47,11 +47,11 @@ public class PVPAssertionStorage implements SAMLArtifactMap {
 				relyingPartyId,
 				issuerId,
 				samlMessage);
-		
-		try {
+		 
+		try { 
 			transactionStorage.put(artifact, assertion, -1);
 			
-		} catch (MOADatabaseException e) {
+		} catch (EAAFException e) {
 			// TODO Insert Error Handling, if Assertion could not be stored
 			throw new MarshallingException("Assertion are not stored in Database.",e);
 		}
@@ -61,7 +61,7 @@ public class PVPAssertionStorage implements SAMLArtifactMap {
 		try {
 			return transactionStorage.get(artifact, SAMLArtifactMapEntry.class);
 			
-		} catch (MOADatabaseException e) {
+		} catch (EAAFException e) {
 			// TODO Insert Error Handling, if Assertion could not be read
 			e.printStackTrace();
 			return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index 060a5fcc2..95a2d8715 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -22,31 +22,24 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x;
 
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
+import javax.servlet.http.HttpServletRequest;
 
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.impl.AuthnRequestImpl;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.logging.Logger;
 
 @Component("PVPTargetConfiguration")
 @Scope(value = BeanDefinition.SCOPE_PROTOTYPE)
 public class PVPTargetConfiguration extends RequestImpl {
 
+	@Autowired(required=true) IConfiguration authConfig;
+	
 	public static final String DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP = "useMinimalFrontChannelResponse";
 	public static final String DATAID_INTERFEDERATION_NAMEID = "federatedNameID";
 	public static final String DATAID_INTERFEDERATION_QAALEVEL = "federatedQAALevel";	
@@ -55,10 +48,17 @@ public class PVPTargetConfiguration extends RequestImpl {
 	
 	private static final long serialVersionUID = 4889919265919638188L;
 	
+	
+	
 	InboundMessage request;
 	String binding;
 	String consumerURL;
 	
+	public void initialize(HttpServletRequest req) throws EAAFException {
+		super.initialize(req, authConfig);
+		
+	}
+	
 	public InboundMessage getRequest() {
 		return request;
 	}
@@ -84,61 +84,61 @@ public class PVPTargetConfiguration extends RequestImpl {
 		
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
-	 */
-	@Override
-	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
-
-		Map<String, String> reqAttr = new HashMap<String, String>();
-		for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
-			reqAttr.put(el, "");
-						
-		try {			
-			SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata(metadataProvider).getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-			if (spSSODescriptor.getAttributeConsumingServices() != null && 
-					spSSODescriptor.getAttributeConsumingServices().size() > 0) {
-							
-				Integer aIdx = null;
-				if (getRequest() instanceof MOARequest && 
-						((MOARequest)getRequest()).getSamlRequest() instanceof AuthnRequestImpl) {					
-					AuthnRequestImpl authnRequest = (AuthnRequestImpl)((MOARequest)getRequest()).getSamlRequest();					
-					aIdx = authnRequest.getAttributeConsumingServiceIndex();
-					
-				} else {
-					Logger.error("MOARequest is NOT of type AuthnRequest");
-				}
-				
-				int idx = 0;
-
-				AttributeConsumingService attributeConsumingService = null;
-				
-				if (aIdx != null) {
-					idx = aIdx.intValue();
-					attributeConsumingService = spSSODescriptor
-							.getAttributeConsumingServices().get(idx);
-					
-				} else {
-					List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
-					for (AttributeConsumingService el : attrConsumingServiceList) {
-						if (el.isDefault())
-							attributeConsumingService = el;
-					}				
-				}
-				
-				for ( RequestedAttribute attr : attributeConsumingService.getRequestAttributes())
-					reqAttr.put(attr.getName(), "");
-			}
-			
-			//return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
-			return reqAttr.keySet();
-			
-		} catch (NoMetadataInformationException e) {
-			Logger.warn("NO metadata found for Entity " + getRequest().getEntityID());
-			return null;
-					
-		}
-		
-	}
+//	/* (non-Javadoc)
+//	 * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+//	 */
+//	@Override
+//	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
+//
+//		Map<String, String> reqAttr = new HashMap<String, String>();
+//		for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
+//			reqAttr.put(el, "");
+//						
+//		try {			
+//			SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata(metadataProvider).getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+//			if (spSSODescriptor.getAttributeConsumingServices() != null && 
+//					spSSODescriptor.getAttributeConsumingServices().size() > 0) {
+//							
+//				Integer aIdx = null;
+//				if (getRequest() instanceof MOARequest && 
+//						((MOARequest)getRequest()).getSamlRequest() instanceof AuthnRequestImpl) {					
+//					AuthnRequestImpl authnRequest = (AuthnRequestImpl)((MOARequest)getRequest()).getSamlRequest();					
+//					aIdx = authnRequest.getAttributeConsumingServiceIndex();
+//					
+//				} else {
+//					Logger.error("MOARequest is NOT of type AuthnRequest");
+//				}
+//				
+//				int idx = 0;
+//
+//				AttributeConsumingService attributeConsumingService = null;
+//				
+//				if (aIdx != null) {
+//					idx = aIdx.intValue();
+//					attributeConsumingService = spSSODescriptor
+//							.getAttributeConsumingServices().get(idx);
+//					
+//				} else {
+//					List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
+//					for (AttributeConsumingService el : attrConsumingServiceList) {
+//						if (el.isDefault())
+//							attributeConsumingService = el;
+//					}				
+//				}
+//				
+//				for ( RequestedAttribute attr : attributeConsumingService.getRequestAttributes())
+//					reqAttr.put(attr.getName(), "");
+//			}
+//			
+//			//return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
+//			return reqAttr.keySet();
+//			
+//		} catch (NoMetadataInformationException e) {
+//			Logger.warn("NO metadata found for Entity " + getRequest().getEntityID());
+//			return null;
+//					
+//		}
+//		
+//	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index 2d8d0f66f..6b945d692 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -35,20 +35,20 @@ import org.opensaml.saml2.metadata.SingleLogoutService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egiz.eaaf.core.api.IAction;
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.ISLOInformationContainer;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
-import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -71,7 +71,7 @@ import at.gv.egovernment.moa.util.URLEncoder;
 public class SingleLogOutAction implements IAction {
 
 	@Autowired private SSOManager ssomanager;
-	@Autowired private AuthenticationManager authManager;
+	@Autowired private IAuthenticationManager authManager;
 	@Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
 	@Autowired private ITransactionStorage transactionStorage;
 	@Autowired private SingleLogOutBuilder sloBuilder;
@@ -84,7 +84,7 @@ public class SingleLogOutAction implements IAction {
 	@Override
 	public SLOInformationInterface processRequest(IRequest req,
 			HttpServletRequest httpReq, HttpServletResponse httpResp,
-			IAuthData authData) throws MOAIDException {
+			IAuthData authData) throws EAAFException {
 
 		PVPTargetConfiguration pvpReq = (PVPTargetConfiguration) req;  
 
@@ -94,12 +94,12 @@ public class SingleLogOutAction implements IAction {
 			MOARequest samlReq = (MOARequest) pvpReq.getRequest();
 			LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
 
-			IAuthenticationSession session = 
-					authenticationSessionStorage.searchMOASessionWithNameIDandOAID(
+			String ssoSessionId = 
+					authenticationSessionStorage.searchSSOSessionWithNameIDandOAID(
 							logOutReq.getIssuer().getValue(), 
 							logOutReq.getNameID().getValue());
 
-			if (session == null) {
+			if (MiscUtil.isEmpty(ssoSessionId)) {
 				Logger.warn("Can not find active SSO session with nameID " 
 						+ logOutReq.getNameID().getValue() + " and OA " 
 						+ logOutReq.getIssuer().getValue());
@@ -116,10 +116,10 @@ public class SingleLogOutAction implements IAction {
 
 				} else {						
 					try {
-						session = ssomanager.getInternalMOASession(ssoID);
+						ssoSessionId = authenticationSessionStorage.getInternalSSOSessionWithSSOID(ssoID);
 
-						if (session == null)
-							throw new MOADatabaseException();
+						if (MiscUtil.isEmpty(ssoSessionId))
+							throw new MOADatabaseException("");
 						
 					} catch (MOADatabaseException e) {
 						Logger.info("Can not find active Session. Single LogOut not possible!");
@@ -134,8 +134,13 @@ public class SingleLogOutAction implements IAction {
 				}					
 			}
 
-			authManager.performSingleLogOut(httpReq, httpResp, session, pvpReq);
-
+			pvpReq.setSSOSessionIdentifier(ssoSessionId);
+			ISLOInformationContainer sloInformationContainer 
+				= authManager.performSingleLogOut(httpReq, httpResp, pvpReq, ssoSessionId);
+			
+			Logger.debug("Starting technical SLO process ... ");
+			sloBuilder.toTechnicalLogout(sloInformationContainer, httpReq, httpResp, null);
+													
 		} else if (pvpReq.getRequest() instanceof MOAResponse &&
 				((MOAResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) {
 			Logger.debug("Process Single LogOut response");
@@ -178,7 +183,7 @@ public class SingleLogOutAction implements IAction {
 						//						AssertionStore element = (AssertionStore) result.get(0);					
 						//						Object data = SerializationUtils.deserialize(element.getAssertion());
 						Logger.debug("Current Thread getAssertionStore: "+Thread.currentThread().getId());
-						Object o = transactionStorage.getAssertionStore(relayState);
+						Object o = transactionStorage.getRaw(relayState);
 						if(o==null){
 							Logger.trace("No entries found.");
 							throw new MOADatabaseException("No sessioninformation found with this ID");
@@ -202,12 +207,12 @@ public class SingleLogOutAction implements IAction {
 									//									session.saveOrUpdate(element);							
 									//									tx.commit();
 									Logger.debug("Current Thread putAssertionStore: "+Thread.currentThread().getId());
-									transactionStorage.putAssertionStore(element);
+									transactionStorage.putRaw(element.getArtifact(), element);
 
 									//sloContainer could be stored to database
 									storageSuccess = true;
 
-								} catch(MOADatabaseException e) {
+								} catch(EAAFException e) {
 									//tx.rollback();
 
 									counter++;									
@@ -230,11 +235,12 @@ public class SingleLogOutAction implements IAction {
 
 								storageSuccess = true;
 								String redirectURL = null;
-								if (sloContainer.getSloRequest() != null) {
-									//send SLO response to SLO request issuer
-									SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(sloContainer.getSloRequest());
-									LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
-									redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, sloContainer.getSloRequest().getRequest().getRelayState());
+								IRequest sloReq = sloContainer.getSloRequest();
+								if (sloReq != null && sloReq instanceof PVPTargetConfiguration) {
+									//send SLO response to SLO request issuer									
+									SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPTargetConfiguration)sloReq);
+									LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPTargetConfiguration)sloReq, sloContainer.getSloFailedOAs());
+									redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, ((PVPTargetConfiguration)sloReq).getRequest().getRelayState());
 
 								} else {
 									//print SLO information directly
@@ -276,7 +282,7 @@ public class SingleLogOutAction implements IAction {
 						}						
 					}
 				}
-			} catch (MOADatabaseException e) {
+			} catch (EAAFException e) {
 				Logger.error("MOA AssertionDatabase ERROR", e);
 				throw new SLOException("pvp2.19", null);
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
index c662a0af5..f3af12a2c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
@@ -49,11 +49,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.Document;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
index 6beaee92b..07da57d2a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
@@ -32,15 +32,15 @@ import java.util.ServiceLoader;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.metadata.RequestedAttribute;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
@@ -97,13 +97,13 @@ public class PVPAttributeBuilder {
 		
 	}
 	
-	public static Attribute buildAttribute(String name, IOAAuthParameters oaParam,
-			IAuthData authData) throws PVP2Exception, AttributeException {
+	public static Attribute buildAttribute(String name, ISPConfiguration  oaParam,
+			IAuthData authData) throws PVP2Exception, AttributeBuilderException {
 		if (builders.containsKey(name)) {
 			try {
 				return builders.get(name).build(oaParam, authData, generator);
 			}
-			catch (AttributeException e) {
+			catch (AttributeBuilderException e) {
 				if (e instanceof UnavailableAttributeException) {
 					throw e;
 				} else if (e instanceof InvalidDateFormatAttributeException) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
index be8c2abdf..a55e873b5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
@@ -95,7 +95,7 @@ public class PVPAuthnRequestBuilder {
 			
 			// use POST binding as default if it exists 
 			if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { 
-				endpoint = sss;
+				endpoint = sss; 
 				
 			} else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) 
 					&& endpoint == null )
@@ -215,7 +215,7 @@ public class PVPAuthnRequestBuilder {
 		
 		//encode message
 		binding.encodeRequest(null, httpResp, authReq, 
-				endpoint.getLocation(), pendingReq.getRequestID(), config.getAuthnRequestSigningCredential(), pendingReq);
+				endpoint.getLocation(), pendingReq.getPendingRequestId(), config.getAuthnRequestSigningCredential(), pendingReq);
 	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index d11d57ab8..a1d7f5d3a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -23,8 +23,12 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
 
 import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
 import java.util.LinkedHashMap;
 import java.util.List;
+import java.util.Map.Entry;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -52,6 +56,8 @@ import org.opensaml.saml2.metadata.SingleLogoutService;
 import org.opensaml.saml2.metadata.impl.SingleLogoutServiceBuilder;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.common.SOAPException;
+import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.io.Marshaller;
 import org.opensaml.xml.security.SecurityException;
 import org.opensaml.xml.security.x509.X509Credential;
@@ -63,12 +69,23 @@ import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.Document;
 
-import at.gv.egiz.eaaf.core.api.data.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
@@ -85,8 +102,12 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformation
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
  * @author tlenz
@@ -98,6 +119,181 @@ public class SingleLogOutBuilder {
 	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
 	@Autowired(required=true) ApplicationContext springContext;
 	@Autowired private IDPCredentialProvider credentialProvider;
+	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
+	@Autowired private IGUIFormBuilder guiBuilder;
+	@Autowired(required=true) protected IRevisionLogger revisionsLogger;
+	@Autowired private ITransactionStorage transactionStorage;
+
+	public static final int SLOTIMEOUT = 30 * 1000; //30 sec
+	
+	public void toTechnicalLogout(ISLOInformationContainer sloContainer, 
+			HttpServletRequest httpReq, HttpServletResponse httpResp, String authUrl) throws MOAIDException {		
+		Logger.trace("Starting Service-Provider logout process ... ");		
+		revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_STARTED);		
+		
+		//start service provider back channel logout process		
+		Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA();	
+		while (nextOAInterator.hasNext()) {
+			SLOInformationInterface sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next());
+			LogoutRequest sloReq = buildSLORequestMessage(sloDescr);
+
+			try {
+				Logger.trace("Send backchannel SLO Request to " + sloDescr.getSpEntityID());
+				List<XMLObject> soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq);
+				
+				LogoutResponse sloResp = null;						
+				for (XMLObject el : soapResp) {
+					if (el instanceof LogoutResponse)
+						sloResp = (LogoutResponse) el;							
+				}
+				
+				if (sloResp == null) {
+					Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
+							+ " FAILED. NO LogOut response received.");
+					sloContainer.putFailedOA(sloDescr.getSpEntityID());
+					
+				} else {
+					samlVerificationEngine.verifySLOResponse(sloResp, 
+							TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
+					
+				}
+								
+				checkStatusCode(sloContainer, sloResp);
+										
+			} catch (SOAPException e) {
+				Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
+						+ " FAILED.", e);
+				sloContainer.putFailedOA(sloDescr.getSpEntityID());
+				
+			} catch (SecurityException | InvalidProtocolRequestException e) {
+				Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
+						+ " FAILED.", e);
+				sloContainer.putFailedOA(sloDescr.getSpEntityID());
+				
+			}					
+		}
+						
+		IRequest pendingReq = null;		
+		PVPTargetConfiguration pvpReq = null;
+		//start service provider front channel logout process
+		try {
+			if (sloContainer.hasFrontChannelOA()) {
+				String relayState = Random.nextRandom();
+				
+				Collection<Entry<String, SLOInformationInterface>> sloDescr = sloContainer.getFrontChannelOASessionDescriptions();
+				List<String> sloReqList = new ArrayList<String>();
+				for (Entry<String, SLOInformationInterface> el : sloDescr) {
+					Logger.trace("Build frontChannel SLO Request for " + el.getValue().getSpEntityID());
+					
+					LogoutRequest sloReq = buildSLORequestMessage(el.getValue());
+					try {
+						sloReqList.add(getFrontChannelSLOMessageURL(el.getValue().getServiceURL(), el.getValue().getBinding(), 
+								sloReq, httpReq, httpResp, relayState));
+						
+					} catch (Exception e) {
+						Logger.warn("Failed to build SLO request for OA:" + el.getKey());
+						sloContainer.putFailedOA(el.getKey());
+						
+					}														
+				}
+				
+				//put SLO process-information into transaction storage
+				transactionStorage.put(relayState, sloContainer, -1);
+				
+				if (MiscUtil.isEmpty(authUrl))
+					authUrl = sloContainer.getSloRequest().getAuthURL();
+				
+				String timeOutURL = authUrl
+						+ "/idpSingleLogout"
+						+ "?restart=" + relayState;
+				
+				DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+						authUrl, 
+						DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
+						null);
+				
+				config.putCustomParameterWithOutEscaption("redirectURLs", sloReqList);
+				config.putCustomParameterWithOutEscaption("timeoutURL", timeOutURL);
+				config.putCustomParameter("timeout", String.valueOf(SLOTIMEOUT));
+		        
+		        guiBuilder.build(httpResp, config, "Single-LogOut GUI");
+		        
+								
+			} else {
+				pendingReq = sloContainer.getSloRequest();
+				if (pendingReq != null && pendingReq instanceof PVPTargetConfiguration) {
+					//send SLO response to SLO request issuer
+					pvpReq = (PVPTargetConfiguration)pendingReq;
+					SingleLogoutService sloService = getResponseSLODescriptor(pvpReq);
+					LogoutResponse message = buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs());
+					sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, pvpReq.getRequest().getRelayState(), pvpReq);
+					
+				} else {
+					//print SLO information directly
+					DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+							authUrl, 
+							DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
+							null);
+					
+			        if (sloContainer.getSloFailedOAs() == null || 
+			        		sloContainer.getSloFailedOAs().size() == 0) {
+			        	revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID);
+			        	config.putCustomParameter("successMsg", 
+			        			MOAIDMessageProvider.getInstance().getMessage("slo.00", null));
+			        	
+			        } else {
+			        	revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
+			        	config.putCustomParameterWithOutEscaption("errorMsg", 
+			        			MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
+			        	
+			        }
+			        guiBuilder.build(httpResp, config, "Single-LogOut GUI");
+										
+				}
+									
+			}	
+		
+		} catch (GUIBuildException e) {
+			Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage());
+			throw  new MOAIDException("builder.09", new Object[]{e.getMessage()}, e);
+			
+		} catch (MOADatabaseException e) {
+			Logger.error("MOA AssertionDatabase ERROR", e);
+			if (pvpReq != null) {
+				SingleLogoutService sloService = getResponseSLODescriptor(pvpReq);
+				LogoutResponse message = buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
+				sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, pvpReq.getRequest().getRelayState(), pvpReq);
+
+				revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
+				
+			}else {
+				//print SLO information directly
+				DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+						authUrl, 
+						DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
+						null);
+				
+				revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
+				config.putCustomParameterWithOutEscaption("errorMsg", 
+	        			MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
+	        	
+	        	try {
+					guiBuilder.build(httpResp, config, "Single-LogOut GUI");
+					
+				} catch (GUIBuildException e1) {
+					Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage());
+					throw  new MOAIDException("builder.09", new Object[]{e.getMessage()}, e);
+					
+				}
+									
+			}
+			
+		} catch (Exception e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		}	
+	}
+
 	
 		
 	public void checkStatusCode(ISLOInformationContainer sloContainer, LogoutResponse logOutResp) {
@@ -221,7 +417,7 @@ public class SingleLogOutBuilder {
 	}
 	
 	
-	public LogoutRequest buildSLORequestMessage(SLOInformationImpl sloInfo) throws ConfigurationException, MOAIDException {
+	public LogoutRequest buildSLORequestMessage(SLOInformationInterface sloDescr) throws ConfigurationException, MOAIDException {
 		LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class);
 		
 		SecureRandomIdentifierGenerator gen;
@@ -237,17 +433,17 @@ public class SingleLogOutBuilder {
 
 		DateTime now = new DateTime();
 		Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
-		issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(sloInfo.getAuthURL()));
+		issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(sloDescr.getAuthURL()));
 		issuer.setFormat(NameID.ENTITY);
 		sloReq.setIssuer(issuer);		
 		sloReq.setIssueInstant(now);
 		sloReq.setNotOnOrAfter(now.plusMinutes(5));
 		
-		sloReq.setDestination(sloInfo.getServiceURL());
+		sloReq.setDestination(sloDescr.getServiceURL());
 		
 		NameID nameID = SAML2Utils.createSAMLObject(NameID.class);
-		nameID.setFormat(sloInfo.getUserNameIDFormat());
-		nameID.setValue(sloInfo.getUserNameIdentifier());
+		nameID.setFormat(sloDescr.getUserNameIDFormat());
+		nameID.setValue(sloDescr.getUserNameIdentifier());
 		sloReq.setNameID(nameID );
 
 		//sign message
@@ -435,9 +631,9 @@ public class SingleLogOutBuilder {
 	public void parseActiveOAs(SLOInformationContainer container, 
 			List<OASessionStore> dbOAs, String removeOAID) {		
 		if (container.getActiveBackChannelOAs() == null)
-			container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationImpl>());			
+			container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationInterface>());			
 		if (container.getActiveFrontChannalOAs() == null)
-			container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationImpl>());
+			container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationInterface>());
 			
 		
 		if (dbOAs != null) {
@@ -491,9 +687,9 @@ public class SingleLogOutBuilder {
 	public void parseActiveIDPs(SLOInformationContainer container,
 			List<InterfederationSessionStore> dbIDPs, String removeIDP) {		
 		if (container.getActiveBackChannelOAs() == null)
-			container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationImpl>());			
+			container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationInterface>());			
 		if (container.getActiveFrontChannalOAs() == null)
-			container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationImpl>());
+			container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationInterface>());
 		
 		if (dbIDPs != null) {
 			for (InterfederationSessionStore el : dbIDPs) {				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 40c85945f..056e2bba0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -59,23 +59,26 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
 import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.id.util.QAALevelVerifier;
 import at.gv.egovernment.moa.logging.Logger;
@@ -91,7 +94,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
 	 * @param issuerEntityID EnitiyID, which should be used for this IDP response 
 	 * @param attrQuery AttributeQuery request from Service-Provider
 	 * @param attrList List of PVP response attributes
-	 * @param now Current time
+	 * @param now Current time 
 	 * @param validTo ValidTo time of the assertion
 	 * @param qaaLevel QAA level of the authentication
 	 * @param sessionIndex SAML2 SessionIndex, which should be included	 * 
@@ -141,48 +144,51 @@ public class PVP2AssertionBuilder implements PVPConstants {
 		AuthnContextClassRef authnContextClassRef = SAML2Utils
 				.createSAMLObject(AuthnContextClassRef.class);
 		
-		IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+		ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
 		
 		if (reqAuthnContext == null) {
-			 authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
+			 authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
 			
 		} else {
 
-			boolean stork_qaa_1_4_found = false;
+			boolean eIDAS_qaa_found = false;
 	
 			List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
 					.getAuthnContextClassRefs();
 		
-			if (reqAuthnContextClassRefIt.size() == 0) {
-			 
-				QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), 
-						STORK_QAA_1_4);
+			if (reqAuthnContextClassRefIt.size() == 0) {			 
+				QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), EAAFConstants.EIDAS_QAA_HIGH);
 			
-				stork_qaa_1_4_found = true;
-				authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
+				eIDAS_qaa_found = true;
+				authnContextClassRef.setAuthnContextClassRef(EAAFConstants.EIDAS_QAA_HIGH);
 			 
 			} else {
 				for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
 					String qaa_uri = authnClassRef.getAuthnContextClassRef();
-					if (qaa_uri.trim().equals(STORK_QAA_1_4)
-							|| qaa_uri.trim().equals(STORK_QAA_1_3)
-							|| qaa_uri.trim().equals(STORK_QAA_1_2)
-							|| qaa_uri.trim().equals(STORK_QAA_1_1)) {
+					
+					if (qaa_uri.trim().startsWith(STORK_QAA_PREFIX)) {
+						Logger.debug("Find STORK QAA leven in AuthnRequest. Starting mapping to eIDAS level ... ");
+						qaa_uri = LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(qaa_uri.trim());
+						
+					}
+					
+					if (qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_HIGH)
+							|| qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_SUBSTANTIAL)
+							|| qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_LOW)) {
 					
 						 if (authData.isForeigner()) {
-							 QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), 
-									 STORK_QAA_PREFIX + oaParam.getQaaLevel());
+							 QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), oaParam.getMinimumLevelOfAssurence());
 							 
-							 stork_qaa_1_4_found = true;
-							 authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
+							 eIDAS_qaa_found = true;
+							 authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
 							 
 						 } else {
 							 
-							 QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), 
+							 QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), 
 									 qaa_uri.trim());
 							 
-							 stork_qaa_1_4_found = true;
-							 authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
+							 eIDAS_qaa_found = true;
+							 authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
 							 							 
 						 }
 						 break;
@@ -190,9 +196,9 @@ public class PVP2AssertionBuilder implements PVPConstants {
 				 }
 			 }
 	
-			if (!stork_qaa_1_4_found) {
-				throw new QAANotSupportedException(STORK_QAA_1_4);
-			}
+			if (!eIDAS_qaa_found)
+				throw new QAANotSupportedException(EAAFConstants.EIDAS_QAA_HIGH);
+				
 		}
 		
 
@@ -289,11 +295,12 @@ public class PVP2AssertionBuilder implements PVPConstants {
 		
 		//build nameID and nameID Format from moasession
 		//TODO: nameID generation
-		if (authData.isUseMandate()) {
+		if (authData instanceof IMOAAuthData && 
+				((IMOAAuthData)authData).isUseMandate()) {
 			String bpktype = null;
 			String bpk = null;
 			
-			Element mandate = authData.getMandate();
+			Element mandate = ((IMOAAuthData)authData).getMandate();
 			if(mandate != null) {
 				Logger.debug("Read mandator bPK|baseID from full-mandate ... ");
 				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
index e462b277e..6ccacd6c8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
@@ -31,7 +31,7 @@ import org.opensaml.xml.schema.XSString;
 import org.opensaml.xml.schema.impl.XSIntegerBuilder;
 import org.opensaml.xml.schema.impl.XSStringBuilder;
 
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 
 public class SamlAttributeGenerator implements IAttributeGenerator<Attribute> {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index 64f5c7d73..81eca3765 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -44,7 +44,8 @@ import org.opensaml.saml2.metadata.OrganizationURL;
 import org.opensaml.saml2.metadata.SurName;
 import org.opensaml.saml2.metadata.TelephoneNumber;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -157,7 +158,7 @@ public class PVPConfiguration {
 				
 		try {
 			Logger.trace("Load metadata signing certificate for online application " + entityID);
-			IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID);		
+			ISPConfiguration  oaParam = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);		
 			if (oaParam == null) {
 				Logger.info("Online Application with ID " + entityID + " not found!");
 				return null;
@@ -186,6 +187,11 @@ public class PVPConfiguration {
 		} catch (IOException e) {
 			Logger.warn("Metadata signer certificate is not decodeable.", e);
 			return null;
+			
+		} catch (EAAFConfigurationException e) {
+			Logger.error("Configuration is not accessable.", e);
+			return null;
+			
 		}
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
index b1e7df014..c82e6bdf1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
@@ -29,7 +29,7 @@ import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
 public class NameIDFormatNotSupportedException extends AuthnRequestValidatorException {
 
 	public NameIDFormatNotSupportedException(String nameIDFormat) {
-		super("pvp2.12", new Object[] {nameIDFormat});
+		super("pvp2.12", new Object[] {nameIDFormat}, "NameID format not supported");
 		statusCodeValue = StatusCode.INVALID_NAMEID_POLICY_URI;
 
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 86284a2f4..7d43732a6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -49,12 +49,14 @@ import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.parse.BasicParserPool;
 import org.springframework.stereotype.Service;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.auth.IDestroyableObject;
 import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPEntityCategoryFilter;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain;
@@ -72,7 +74,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 	
 //	private static MOAMetadataProvider instance = null;
 	MetadataProvider internalProvider = null;
-	private Timer timer = null;
+	private Timer timer = null; 
 	private static Object mutex = new Object();
 	//private Map<String, Date> lastAccess = null;
 	
@@ -110,7 +112,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 				Logger.trace("Check consistence of PVP2X metadata");	
 				addAndRemoveMetadataProvider();
 					
-			} catch (ConfigurationException e) {
+			} catch (ConfigurationException | EAAFConfigurationException e) {
 				Logger.error("Access to MOA-ID configuration FAILED.", e);
 					
 			}
@@ -156,8 +158,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 			
 			
 			//reload metadata provider 
-			IOAAuthParameters oaParam = 
-					authConfig.getOnlineApplicationParameter(entityID);
+			ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityID);
 			if (oaParam != null) {
 				String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
 				if (MiscUtil.isNotEmpty(metadataURL)) {
@@ -175,7 +176,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 						String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
 						if (MiscUtil.isNotEmpty(certBase64)) {
 						byte[] cert = Base64Utils.decode(certBase64, false);
-						String oaFriendlyName = oaParam.getFriendlyName();
+						String oaFriendlyName = oaParam.getUniqueIdentifier();
 					
 						if (timer == null)
 							timer = new Timer(true);
@@ -222,6 +223,10 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 		} catch (ConfigurationException e) {
 			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
 					+ entityID + " FAILED.", e);
+			
+		} catch (EAAFConfigurationException e) {			
+			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
+					+ entityID + " FAILED.", e);
 		}
 		
 		return false;
@@ -246,7 +251,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 	}
 	
 	
-	private void addAndRemoveMetadataProvider() throws ConfigurationException {
+	private void addAndRemoveMetadataProvider() throws ConfigurationException, EAAFConfigurationException {
 		if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
 			Logger.info("Reload MOAMetaDataProvider.");
 			
@@ -282,8 +287,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 				while (oaInterator.hasNext()) {
 					Entry<String, String> oaKeyPair = oaInterator.next();
 					
-					IOAAuthParameters oaParam = 
-							authConfig.getOnlineApplicationParameter(oaKeyPair.getValue());
+					ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
 					if (oaParam != null) {
 						String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
 						
@@ -409,7 +413,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 	 * This method is deprecated because OA metadata should be loaded dynamically 
 	 * if the corresponding OA is requested.
 	 */
-	private void loadAllPVPMetadataFromKonfiguration() {
+	private void loadAllPVPMetadataFromKonfiguration() throws EAAFConfigurationException {
 		ChainingMetadataProvider chainProvider = new ChainingMetadataProvider();
 		Logger.info("Loading metadata");		
 		Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
@@ -423,11 +427,10 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 			while (oaInterator.hasNext()) {
 				Entry<String, String> oaKeyPair = oaInterator.next();
 				
-				IOAAuthParameters oaParam = 
-						authConfig.getOnlineApplicationParameter(oaKeyPair.getValue());
+				ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
 				if (oaParam != null) {
 					String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
-					String oaFriendlyName = oaParam.getFriendlyName();
+					String oaFriendlyName = oaParam.getUniqueIdentifier();
 					MetadataProvider httpProvider = null;
 			
 					try {
@@ -489,7 +492,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 				
 	}
 		
-	private PVPMetadataFilterChain buildMetadataFilterChain(IOAAuthParameters oaParam, String metadataURL, byte[] certificate) throws CertificateException, ConfigurationException {
+	private PVPMetadataFilterChain buildMetadataFilterChain(ISPConfiguration oaParam, String metadataURL, byte[] certificate) throws CertificateException, ConfigurationException {
 		PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
 		filterChain.getFilters().add(new SchemaValidationFilter());
 		filterChain.getFilters().add(
@@ -497,7 +500,9 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 						AuthConfiguration.PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER, 
 						false)));
 		
-		if (oaParam.isInderfederationIDP()) {
+		
+		
+		if ((new OAAuthParameterDecorator(oaParam)).isInderfederationIDP()) {
 			Logger.info("Online-Application is an interfederated IDP. Add addional Metadata policies");
 			filterChain.getFilters().add(new InterfederatedIDPPublicServiceFilter(metadataURL, oaParam.hasBaseIdTransferRestriction()));
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
index 6c2235654..c87b7515f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
@@ -23,6 +23,7 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
 
 import java.io.File;
+import java.net.MalformedURLException;
 import java.util.Timer;
 
 import javax.net.ssl.SSLHandshakeException;
@@ -57,6 +58,7 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
 	
 	
 	@Autowired 
+	//protected IConfiguration authConfig;
 	protected AuthConfiguration authConfig;
 	
 	/**
@@ -76,21 +78,30 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
 			return createNewHTTPMetaDataProvider(metadataLocation, filter, IdForLogging, timer, pool);
 		
 		else {
-			String absoluteMetadataLocation = FileUtils.makeAbsoluteURL(
-					metadataLocation,
-					authConfig.getRootConfigFileDir());
-			
-			if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) {
-				File metadataFile = new File(absoluteMetadataLocation);
-				if (metadataFile.exists())
-					return createNewFileSystemMetaDataProvider(metadataFile, filter, IdForLogging, timer, pool);
+			String absoluteMetadataLocation;
+			try {
+				absoluteMetadataLocation = FileUtils.makeAbsoluteURL(
+						metadataLocation,
+						authConfig.getConfigurationRootDirectory().toURL().toString());
 				
-				else {
-					Logger.warn("SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist");
-					return null;
-				}
+				if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) {
+					File metadataFile = new File(absoluteMetadataLocation);
+					if (metadataFile.exists())
+						return createNewFileSystemMetaDataProvider(metadataFile, filter, IdForLogging, timer, pool);
+					
+					else {
+						Logger.warn("SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist");
+						return null;
+					}
+					
+				}	
 				
-			}			
+				
+			} catch (MalformedURLException e) {
+				Logger.warn("SAML2 metadata URL is invalid: " + metadataLocation, e);
+				
+			}
+							
 		}
 		
 		Logger.warn("SAML2 metadata has an unsupported metadata location prefix: " + metadataLocation);		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
index af9ba0180..dd94e0093 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
@@ -33,6 +33,7 @@ import org.opensaml.xml.security.x509.X509Credential;
 import org.opensaml.xml.signature.Signature;
 import org.opensaml.xml.signature.SignatureConstants;
 
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.opemsaml.MOAKeyStoreX509CredentialAdapter;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -55,8 +56,9 @@ public abstract class AbstractCredentialProvider {
 	 * Get KeyStore
 	 * 
 	 * @return URL to the keyStore
+	 * @throws ConfigurationException 
 	 */
-	public abstract String getKeyStoreFilePath();
+	public abstract String getKeyStoreFilePath() throws ConfigurationException;
 	
 	/**
 	 * Get keyStore password
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
index 381289824..ebaef348c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
@@ -28,6 +28,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -53,14 +54,14 @@ public class IDPCredentialProvider extends AbstractCredentialProvider {
 	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath()
 	 */
 	@Override
-	public String getKeyStoreFilePath() {
+	public String getKeyStoreFilePath() throws ConfigurationException {
 		if (props == null)
 			props = authConfig.getGeneralPVP2ProperiesConfig();
 		
+
 		return FileUtils.makeAbsoluteURL(
-					props.getProperty(IDP_JAVAKEYSTORE), 
-					authConfig.getRootConfigFileDir());
-		
+						props.getProperty(IDP_JAVAKEYSTORE), 
+						authConfig.getRootConfigFileDir());		
 	}
 
 	/* (non-Javadoc)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
index 528d8cbb6..d89d04664 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
@@ -34,7 +34,8 @@ import org.opensaml.xml.security.x509.BasicX509Credential;
 import org.opensaml.xml.signature.SignatureValidator;
 import org.opensaml.xml.validation.ValidationException;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
@@ -52,8 +53,8 @@ public class EntityVerifier {
 	public static byte[] fetchSavedCredential(String entityID) {
 //		List<OnlineApplication> oaList = ConfigurationDBRead
 //				.getAllActiveOnlineApplications();
-		try {
-			IOAAuthParameters oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID);
+		try { 
+			ISPConfiguration oa = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);
 		
 			if (oa == null) {
 				Logger.debug("No OnlineApplication with EntityID: " + entityID);
@@ -67,7 +68,7 @@ public class EntityVerifier {
 			
 			}
 			
-		} catch (ConfigurationException e) {
+		} catch (ConfigurationException | EAAFConfigurationException e) {
 			Logger.error("Access MOA-ID configuration FAILED.", e);
 			
 		} catch (IOException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
index 870c70efe..50bc7fb68 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
@@ -62,7 +62,7 @@ public class SAMLVerificationEngine {
 	
 	public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
 		try {		
-			if (msg instanceof MOARequest && 
+			if (msg instanceof MOARequest &&  
 					((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType)
 				verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine);
 		
@@ -112,10 +112,10 @@ public class SAMLVerificationEngine {
 		    
 		} catch (ValidationException e) {
 			 Logger.warn("Signature is not conform to SAML signature profile", e);
-			 throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+			 throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature is not conform to SAML signature profile");
 		
 		} catch (SchemaValidationException e) {			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, "SAML response does not fit XML scheme");
 		
 		}
 
@@ -126,11 +126,11 @@ public class SAMLVerificationEngine {
 
 		try {
 		    if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
-		    	throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+		    	throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML response");
 		    }
 		} catch (org.opensaml.xml.security.SecurityException e) {
 		    Logger.warn("PVP2x message signature validation FAILED.", e);
-		    throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+		    throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML response");
 		}
 	}
 	
@@ -142,10 +142,10 @@ public class SAMLVerificationEngine {
 		    
 		} catch (ValidationException e) {
 		    Logger.warn("Signature is not conform to SAML signature profile", e);
-		    throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+		    throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Scheme validation FAILED on SAML request");
 		    
 		} catch (SchemaValidationException e) {			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, "Scheme verification FAILED on SAML request");
 			
 		}
 
@@ -156,11 +156,11 @@ public class SAMLVerificationEngine {
 
 		try {
 		    if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
-		        throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+		        throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML request");
 		    }
 		} catch (org.opensaml.xml.security.SecurityException e) {
 			Logger.warn("PVP2x message signature validation FAILED.", e);
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML request");
 		}
 	}
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
index 9ae41c06c..c5f02e7de 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
@@ -40,15 +40,17 @@ import org.springframework.transaction.annotation.Transactional;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
@@ -56,6 +58,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.commons.utils.JsonMapper;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.data.EncryptedData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
@@ -68,14 +71,12 @@ import at.gv.egovernment.moa.util.MiscUtil;
 public class DBAuthenticationSessionStoreage implements IAuthenticationSessionStoreage{
 
 	@PersistenceContext(unitName="session")
-	private EntityManager entityManager;
+	private EntityManager entityManager; 
 	
 	@Autowired AuthConfiguration authConfig;
 	
 	private static JsonMapper mapper = new JsonMapper();
-	
-	//@Autowired MOASessionDBUtils moaSessionDBUtils;
-	
+		
 	@Override
 	public boolean isAuthenticated(String internalSsoSessionID) {
 		
@@ -108,7 +109,8 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			sessionExt.setUniqueSessionId(target.getUniqueSessionIdentifier());
 			dbsession.setAdditionalInformation(mapper.serialize(sessionExt).getBytes("UTF-8"));
 		
-			AuthenticationSession session = new AuthenticationSession(id, now, target.getMOASession());
+			AuthenticationSession session = new AuthenticationSession(id, now, 
+					new AuthenticationSessionWrapper(target.genericFullDataStorage()));
 			encryptSession(session, dbsession);
 		
 			//store AssertionStore element to Database
@@ -123,7 +125,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			
 		} catch (JsonProcessingException | UnsupportedEncodingException e) {
 			Logger.warn("Extended session information can not be stored.", e);
-			throw new MOADatabaseException(e);
+			throw new MOADatabaseException("Extended session information can not be stored.", e);
 			
 		}
 				
@@ -180,7 +182,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			
 		} catch (MOADatabaseException e) {
 			Logger.warn("MOASession could not be stored.");
-			throw new MOADatabaseException(e);
+			throw new MOADatabaseException("MOASession could not be stored.", e);
 			
 		} catch (JsonProcessingException | UnsupportedEncodingException e) {
 			Logger.warn("Extended session information can not be stored.", e);
@@ -228,12 +230,12 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 	}
 	
 	@Override
-	public AuthenticationSession getInternalMOASessionWithSSOID(String SSOSessionID) throws MOADatabaseException {
-		MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID");	  
-		Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
+	public String getInternalSSOSessionWithSSOID(String externelSSOId) throws MOADatabaseException {
+		MiscUtil.assertNotNull(externelSSOId, "SSOsessionID");	  
+		Logger.trace("Get authenticated session with SSOID " + externelSSOId + " from database.");
 		  		  
 		Query query =  entityManager.createNamedQuery("getSessionWithSSOID");
-		query.setParameter("sessionid", SSOSessionID);		  
+		query.setParameter("sessionid", externelSSOId);		  
 		List<AuthenticatedSessionStore> results = query.getResultList();
 	 		  
 	    Logger.trace("Found entries: " + results.size());
@@ -245,7 +247,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 					 
 		} else
 			try {
-				return decryptSession(results.get(0));
+				return decryptSession(results.get(0)).getSSOSessionID();
 				
 			} catch (Throwable e) {
 				Logger.warn("MOASession deserialization-exception by using internal MOASessionID=" + results.get(0).getSessionid(), e);
@@ -312,7 +314,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 		//check if OA already has an active OA session
 		if (dbsession.getActiveOAsessions() != null) {
 			for (OASessionStore el : dbsession.getActiveOAsessions()) {
-				if (el.getOaurlprefix().equals(protocolRequest.getOAURL()))
+				if (el.getOaurlprefix().equals(protocolRequest.getSPEntityId()))
 					activeOA = el;						
 			}										 
 		}
@@ -321,7 +323,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			activeOA = new OASessionStore();
 				  
 	    //set active OA applications
-	    activeOA.setOaurlprefix(protocolRequest.getOAURL());
+	    activeOA.setOaurlprefix(protocolRequest.getSPEntityId());
 	    activeOA.setMoasession(dbsession);
 	    activeOA.setCreated(new Date());
 	  
@@ -360,21 +362,21 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 		entityManager.merge(dbsession);
 					
 		if (SLOInfo != null)
-			Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL() 
+			Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getSPEntityId() 
 					+ " and AssertionID: " + SLOInfo.getSessionIndex());
 		else
-			Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL());
+			Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getSPEntityId());
 					
 	}
 
 	@Override
-	public List<OASessionStore> getAllActiveOAFromMOASession(IAuthenticationSession moaSession) {
-		MiscUtil.assertNotNull(moaSession, "MOASession");
+	public List<OASessionStore> getAllActiveOAFromMOASession(String ssoSessionId) {
+		MiscUtil.assertNotNull( ssoSessionId, "MOASession");
 
-		  Logger.trace("Get OAs for moaSession " + moaSession.getSessionID() + " from database.");
+		  Logger.trace("Get OAs for moaSession " +  ssoSessionId + " from database.");
 		  
 		  Query query =  entityManager.createNamedQuery("getAllActiveOAsForSessionID");
-		  query.setParameter("sessionID", moaSession.getSessionID());		  
+		  query.setParameter("sessionID",  ssoSessionId);		  
 		  List<OASessionStore> results = query.getResultList();
 			  
 		  Logger.trace("Found entries: " + results.size());
@@ -384,13 +386,13 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 	}
 	
 	@Override
-	public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(IAuthenticationSession moaSession) {
-		MiscUtil.assertNotNull(moaSession, "MOASession");
+	public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(String ssoSessionId) {
+		MiscUtil.assertNotNull( ssoSessionId, "MOASession");
 
-		  Logger.trace("Get active IDPs for moaSession " + moaSession.getSessionID() + " from database.");
+		  Logger.trace("Get active IDPs for moaSession " +  ssoSessionId + " from database.");
 		  
 		  Query query =  entityManager.createNamedQuery("getAllActiveIDPsForSessionID");
-		  query.setParameter("sessionID", moaSession.getSessionID());		  
+		  query.setParameter("sessionID",  ssoSessionId);		  
 		  List<InterfederationSessionStore> results = query.getResultList();
 
 		  Logger.trace("Found entries: " + results.size());
@@ -399,7 +401,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 	}
 	
 	@Override
-	public IAuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) {	  
+	public String searchSSOSessionWithNameIDandOAID(String oaID, String userNameID) {	  
 		  MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
 		  MiscUtil.assertNotNull(userNameID, "userNameID");
 		  Logger.trace("Get moaSession for userNameID " + userNameID + " and OA " 
@@ -419,8 +421,10 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 		   	
 		  }
 		  
-		  try {			  		  
-			  return  decryptSession(results.get(0));
+		  try {			
+			  AuthenticationSession decrytedSession = decryptSession(results.get(0));
+			  
+			  return decrytedSession.getSSOSessionID();
 			
 		  } catch (BuildException e) {
 			  Logger.warn("MOASession deserialization-exception by using MOASessionID=" + results.get(0).getSessionid(), e);			
@@ -434,11 +438,11 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 		  MiscUtil.assertNotNull(moaSession, "MOASession");	  
 		  MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
 		  MiscUtil.assertNotNull(protocolType, "usedProtocol");
-		  Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSessionID() + " with OAID "
+		  Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSSOSessionID() + " with OAID "
 				  + oaID + " from database.");
 		  
 		  Query query =  entityManager.createNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol");
-		  query.setParameter("sessionID", moaSession.getSessionID());
+		  query.setParameter("sessionID", moaSession.getSSOSessionID());
 		  query.setParameter("oaID", oaID);
 		  query.setParameter("protocol", protocolType);		  
 		  List<AuthenticatedSessionStore> results = query.getResultList();
@@ -545,25 +549,25 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 	}
 	
 	@Override
-	public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException {		
+	public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException, EAAFConfigurationException {		
 		AuthenticatedSessionStore dbsession = null;
-		AuthenticationSession moaSession = null;
+		String ssoSessionId = null;		
 		Date now = new Date();
 		
 		//search for active session
-		if (MiscUtil.isNotEmpty(req.getInternalSSOSessionIdentifier())) {
-			Logger.debug("Internal SSO-Session object: " + req.getInternalSSOSessionIdentifier() + " used for federated SSO");
-			moaSession = getInternalMOASessionWithSSOID(req.getInternalSSOSessionIdentifier());
+		if (MiscUtil.isNotEmpty(req.getSSOSessionIdentifier())) {
+			Logger.debug("Internal SSO-Session object: " + req.getSSOSessionIdentifier() + " used for federated SSO");
+			ssoSessionId = getInternalSSOSessionWithSSOID(req.getSSOSessionIdentifier());
 			
 		} else {
 			Logger.debug("No internal SSO-Session object exists for federated SSO --> create new session object");
-			moaSession = createInternalSSOSession(req);
+			ssoSessionId = createInternalSSOSession(req).getSSOSessionID();
 			
 		}
 			
-		if (moaSession != null) {
+		if (MiscUtil.isNotEmpty(ssoSessionId)) {
 			try {
-				dbsession = searchInDatabase(moaSession.getSessionID());
+				dbsession = searchInDatabase(ssoSessionId);
 				
 			}catch (MOADatabaseException e) {
 				Logger.error("NO MOASession found but MOASession MUST already exist!");
@@ -617,7 +621,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			idp.setIdpurlprefix(idpEntityID);
 			idp.setAuthURL(req.getAuthURL());
 			
-			IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(idp.getIdpurlprefix());			
+			IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(idp.getIdpurlprefix(), OAAuthParameterDecorator.class);			
 			idp.setStoreSSOInformation(oa.isInterfederationSSOStorageAllowed());						
 			idp.setMoasession(dbsession);
 			idpList.add(idp);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
index 958ef4977..27d9d394d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
@@ -241,16 +241,17 @@ public class DBTransactionStorage implements ITransactionStorage {
 		}
 	}
 
-//	public Object getAssertionStore(String key) throws MOADatabaseException{
-//		return searchInDatabase(key);
-//		
-//	}
+	@Override
+	public Object getRaw(String key) throws MOADatabaseException {
+		return searchInDatabase(key);
+		
+	}
 	
-//	@Override
-//	public void putAssertionStore(Object element) throws MOADatabaseException{
-//		entityManager.merge(element);
-//		
-//	}
+	@Override
+	public void putRaw(String key, Object element) throws MOADatabaseException {
+		entityManager.merge(element);
+		
+	}
 	
 	private void cleanDelete(AssertionStore element) {
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
index 414df1328..ff9c4e358 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
@@ -26,7 +26,8 @@ import java.util.Date;
 import java.util.List;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -110,13 +111,13 @@ public interface IAuthenticationSessionStoreage {
 	public void setAuthenticated(String internalSsoSessionID, boolean isAuthenticated);
 	
 	/**
-	 * Find the MOASessionId of an active Single Sign-On session
+	 * Find the internal SSO session identifier of an active Single Sign-On session
 	 * 
-	 * @param SSOSessionID Single Sign-On sessionID
-	 * @return internal MOA SSO-Session of the associated SSO-Session Id 
+	 * @param externelSSOId external Single Sign-On sessionID
+	 * @return internal SSO-Session identifier 
 	 * @throws MOADatabaseException 
 	 */
-	public AuthenticationSession getInternalMOASessionWithSSOID(String SSOSessionID) throws MOADatabaseException;
+	public String getInternalSSOSessionWithSSOID(String externelSSOId) throws MOADatabaseException;
 	
 	/**
 	 * Check if a MOASession is an active Single Sign-On session
@@ -151,28 +152,28 @@ public interface IAuthenticationSessionStoreage {
 	/**
 	 * Get all Single Sign-On authenticated Service-Provider of a MOASession
 	 * 
-	 * @param moaSession MOASession data object
+	 * @param ssoSessionId SSO session id
 	 * @return List of Service-Provider information
 	 */
-	public List<OASessionStore> getAllActiveOAFromMOASession(IAuthenticationSession moaSession);
+	public List<OASessionStore> getAllActiveOAFromMOASession(String ssoSessionId);
 	
 	
 	/**
 	 * Get all active interfederation connections for a MOASession
 	 * 
-	 * @param moaSession MOASession data object
+	 * @param ssoSessionId SSO session id
 	 * @return List of Interfederation-IDP information
 	 */
-	public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(IAuthenticationSession moaSession);
+	public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(String ssoSessionId);
 	
 	/**
-	 * Search a MOASession by using already transfered authentication information 
+	 * Search a SSO session by using already transfered authentication information 
 	 * 
 	 * @param oaID Service-Provider identifier, which has received the authentication information
 	 * @param userNameID UserId (bPK), which was send to this Service-Provider
-	 * @return MOASession, or null if no corresponding MOASession is found
+	 * @return SSO-session identifier, or null if no corresponding SSO session is found
 	 */
-	public IAuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID);
+	public String searchSSOSessionWithNameIDandOAID(String oaID, String userNameID);
 	
 	/**
 	 * Search a active Single Sign-On session for a specific Service-Provider
@@ -220,8 +221,9 @@ public interface IAuthenticationSessionStoreage {
 	 * @throws MOADatabaseException
 	 * @throws AssertionAttributeExtractorExeption
 	 * @throws BuildException
+	 * @throws EAAFConfigurationException 
 	 */
-	public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException;
+	public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException, EAAFConfigurationException;
 	
 	/**
 	 * Search an active federation IDP which could be used for federated Single Sign-On by using an AttributeQuery
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
index f30613474..8d36e81bb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
@@ -40,6 +40,7 @@ import org.springframework.data.redis.serializer.JacksonJsonRedisSerializer;
 import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
@@ -352,12 +353,13 @@ private AssertionStore prepareAssertion(AssertionStore element, String key, Obje
 	}
 
 @Override
-public Object getAssertionStore(String key) throws MOADatabaseException {
+public Object getRaw(String key) throws EAAFException {
 	return searchInDatabase(key);
+	
 }
 
 @Override
-public void putAssertionStore(Object element) throws MOADatabaseException {
+public void putRaw(String key, Object element) throws EAAFException {
 	// TODO Auto-generated method stub
 	AssertionStore as = (AssertionStore)element;
 	final int expTime = redisTemplate.getExpire(as.getArtifact(), TimeUnit.MILLISECONDS).intValue();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
new file mode 100644
index 000000000..3e3d9dafc
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
@@ -0,0 +1,174 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.util;
+
+import java.io.IOException;
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.data.AuthenticationRole;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class LoALevelMapper {
+
+	private static final String PVP_SECCLASS_PREFIX = "http://www.ref.gv.at/ns/names/agiz/pvp/";
+	private static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/";
+	private static final String eIDAS_QAA_PREFIX = "http://eidas.europa.eu/";
+	
+	private static final String MAPPING_RESOURCE = 
+			"resources/properties/pvp-stork_mapping.properties";
+	
+	private static final String MAPPING_SECCLASS_PREFIX = "secclass_";
+	private static final String MAPPING_EIDAS_PREFIX = "eidas_";
+	
+	private Properties mapping = null;
+	
+	private static LoALevelMapper instance = null;
+	
+	public static LoALevelMapper getInstance() {
+		if (instance == null) {
+			instance = new LoALevelMapper();			
+		}
+		
+		return instance;
+	}
+	
+	private LoALevelMapper() {
+		try {
+			mapping = new Properties();
+			mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE));
+			Logger.debug("PVP -> STORK Role mapping initialisation finished.");
+			
+		} catch (IOException e) {
+			Logger.error("PVP -> STORK Role mapping initialisation FAILED." , e);
+			mapping = null;
+			
+		}
+		
+		
+	}
+
+	/**
+	 * Map STORK QAA level to eIDAS QAA level
+	 * 
+	 * @param storkQAA STORK QAA level
+	 * @return
+	 */
+	public String mapSTORKQAAToeIDASQAA(String storkQAA) {
+		if (mapping != null) {
+			String input = storkQAA.substring(STORK_QAA_PREFIX.length());			
+			String mappedQAA = mapping.getProperty(MAPPING_EIDAS_PREFIX + input);
+			if (MiscUtil.isNotEmpty(mappedQAA)) {
+				Logger.info("Map STORK-QAA " + storkQAA + " to eIDAS-QAA " + mappedQAA);
+				return mappedQAA;
+				
+			}						
+		}		
+		Logger.warn("No eIDAS-QAA mapping for STORK-QAA " + storkQAA +" !");
+		return null;
+		
+	}
+	
+	/**
+	 * Map eIDAS QAA-level to STORK QAA-level
+	 * 
+	 * @param qaaLevel eIDAS QAA-level
+	 * @return STORK QAA-level
+	 */
+	public String mapeIDASQAAToSTORKQAA(String qaaLevel) {
+		if (mapping != null) {
+			String input = qaaLevel.substring(eIDAS_QAA_PREFIX.length());			
+			String mappedQAA = mapping.getProperty(input);
+			if (MiscUtil.isNotEmpty(mappedQAA)) {
+				Logger.info("Map eIDAS-QAA " + qaaLevel + " to STORK-QAA " + mappedQAA);
+				return mappedQAA;
+				
+			}						
+		}		
+		Logger.warn("No eIDAS-QAA mapping for eIDAS-QAA " + qaaLevel +" !");
+		return null;
+	}
+	
+	/**Map a STORK QAA level to PVP SecClass
+	 * 
+	 * @param STORK-QAA level
+	 * @return PVP SecClass pvpQAALevel
+	 */	
+	public String mapToSecClass(String storkQAALevel) {
+		if (mapping != null) {
+			String input = storkQAALevel.substring(STORK_QAA_PREFIX.length());			
+			String mappedQAA = mapping.getProperty(MAPPING_SECCLASS_PREFIX + input);
+			if (MiscUtil.isNotEmpty(mappedQAA)) {
+				Logger.info("Map STORK-QAA " + storkQAALevel + " to PVP SecClass " + mappedQAA);
+				return mappedQAA;
+				
+			}						
+		}		
+		Logger.warn("No mapping for STORK-QAA " + storkQAALevel +" !");
+		return null;
+	}
+	
+	/**Map a PVP SecClass to STORK QAA level
+	 * 
+	 * @param PVP SecClass pvpQAALevel
+	 * @return STORK-QAA level
+	 */	
+	public String mapToQAALevel(String pvpQAALevel) {
+		if (mapping != null) {
+			String input = pvpQAALevel.substring(PVP_SECCLASS_PREFIX.length());			
+			String mappedQAA = mapping.getProperty(input);
+			if (MiscUtil.isNotEmpty(mappedQAA)) {
+				Logger.info("Map PVP SecClass " + pvpQAALevel + " to STORK-QAA " + mappedQAA);
+				return mappedQAA;
+				
+			}						
+		}		
+		Logger.warn("No mapping for PVP SecClass " + pvpQAALevel +" !");
+		return null;
+	}
+	
+	/**Map a PVP Role attribute to STORK ECAuthenticationRole attribute values
+	 * 
+	 * @param PVP Role attribute
+	 * @return STORK ECAuthenticationRole attribute value
+	 */
+	public String map(AuthenticationRole el) {
+		if (mapping != null) {
+			//String ecRole = mapping.getProperty(el.getRawRoleString());
+			String ecRole = mapping.getProperty(el.getRoleName());
+			if (MiscUtil.isNotEmpty(ecRole)) {
+				//Logger.info("Map PVPRole " + el.getRawRoleString() + " to ECRole " + ecRole);
+				Logger.info("Map PVPRole " + el.getRoleName() + " to ECRole " + ecRole);
+				return ecRole;
+			}			
+		}
+		//Logger.warn("NO mapping for PVPRole "+ el.getRawRoleString() + " !");
+		Logger.warn("NO mapping for PVPRole "+ el.getRoleName() + " !");
+		return null;
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
deleted file mode 100644
index 099a70470..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
+++ /dev/null
@@ -1,174 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.util;
-
-import java.io.IOException;
-import java.util.Properties;
-
-import at.gv.egovernment.moa.id.data.AuthenticationRole;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-public class PVPtoSTORKMapper {
-
-	private static final String PVP_SECCLASS_PREFIX = "http://www.ref.gv.at/ns/names/agiz/pvp/";
-	private static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/";
-	private static final String eIDAS_QAA_PREFIX = "http://eidas.europa.eu/";
-	
-	private static final String MAPPING_RESOURCE = 
-			"resources/properties/pvp-stork_mapping.properties";
-	
-	private static final String MAPPING_SECCLASS_PREFIX = "secclass_";
-	private static final String MAPPING_EIDAS_PREFIX = "eidas_";
-	
-	private Properties mapping = null;
-	
-	private static PVPtoSTORKMapper instance = null;
-	
-	public static PVPtoSTORKMapper getInstance() {
-		if (instance == null) {
-			instance = new PVPtoSTORKMapper();			
-		}
-		
-		return instance;
-	}
-	
-	private PVPtoSTORKMapper() {
-		try {
-			mapping = new Properties();
-			mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE));
-			Logger.debug("PVP -> STORK Role mapping initialisation finished.");
-			
-		} catch (IOException e) {
-			Logger.error("PVP -> STORK Role mapping initialisation FAILED." , e);
-			mapping = null;
-			
-		}
-		
-		
-	}
-
-	/**
-	 * Map STORK QAA level to eIDAS QAA level
-	 * 
-	 * @param storkQAA STORK QAA level
-	 * @return
-	 */
-	public String mapSTORKQAAToeIDASQAA(String storkQAA) {
-		if (mapping != null) {
-			String input = storkQAA.substring(STORK_QAA_PREFIX.length());			
-			String mappedQAA = mapping.getProperty(MAPPING_EIDAS_PREFIX + input);
-			if (MiscUtil.isNotEmpty(mappedQAA)) {
-				Logger.info("Map STORK-QAA " + storkQAA + " to eIDAS-QAA " + mappedQAA);
-				return mappedQAA;
-				
-			}						
-		}		
-		Logger.warn("No eIDAS-QAA mapping for STORK-QAA " + storkQAA +" !");
-		return null;
-		
-	}
-	
-	/**
-	 * Map eIDAS QAA-level to STORK QAA-level
-	 * 
-	 * @param qaaLevel eIDAS QAA-level
-	 * @return STORK QAA-level
-	 */
-	public String mapeIDASQAAToSTORKQAA(String qaaLevel) {
-		if (mapping != null) {
-			String input = qaaLevel.substring(eIDAS_QAA_PREFIX.length());			
-			String mappedQAA = mapping.getProperty(input);
-			if (MiscUtil.isNotEmpty(mappedQAA)) {
-				Logger.info("Map eIDAS-QAA " + qaaLevel + " to STORK-QAA " + mappedQAA);
-				return mappedQAA;
-				
-			}						
-		}		
-		Logger.warn("No eIDAS-QAA mapping for eIDAS-QAA " + qaaLevel +" !");
-		return null;
-	}
-	
-	/**Map a STORK QAA level to PVP SecClass
-	 * 
-	 * @param STORK-QAA level
-	 * @return PVP SecClass pvpQAALevel
-	 */	
-	public String mapToSecClass(String storkQAALevel) {
-		if (mapping != null) {
-			String input = storkQAALevel.substring(STORK_QAA_PREFIX.length());			
-			String mappedQAA = mapping.getProperty(MAPPING_SECCLASS_PREFIX + input);
-			if (MiscUtil.isNotEmpty(mappedQAA)) {
-				Logger.info("Map STORK-QAA " + storkQAALevel + " to PVP SecClass " + mappedQAA);
-				return mappedQAA;
-				
-			}						
-		}		
-		Logger.warn("No mapping for STORK-QAA " + storkQAALevel +" !");
-		return null;
-	}
-	
-	/**Map a PVP SecClass to STORK QAA level
-	 * 
-	 * @param PVP SecClass pvpQAALevel
-	 * @return STORK-QAA level
-	 */	
-	public String mapToQAALevel(String pvpQAALevel) {
-		if (mapping != null) {
-			String input = pvpQAALevel.substring(PVP_SECCLASS_PREFIX.length());			
-			String mappedQAA = mapping.getProperty(input);
-			if (MiscUtil.isNotEmpty(mappedQAA)) {
-				Logger.info("Map PVP SecClass " + pvpQAALevel + " to STORK-QAA " + mappedQAA);
-				return mappedQAA;
-				
-			}						
-		}		
-		Logger.warn("No mapping for PVP SecClass " + pvpQAALevel +" !");
-		return null;
-	}
-	
-	/**Map a PVP Role attribute to STORK ECAuthenticationRole attribute values
-	 * 
-	 * @param PVP Role attribute
-	 * @return STORK ECAuthenticationRole attribute value
-	 */
-	public String map(AuthenticationRole el) {
-		if (mapping != null) {
-			//String ecRole = mapping.getProperty(el.getRawRoleString());
-			String ecRole = mapping.getProperty(el.getRoleName());
-			if (MiscUtil.isNotEmpty(ecRole)) {
-				//Logger.info("Map PVPRole " + el.getRawRoleString() + " to ECRole " + ecRole);
-				Logger.info("Map PVPRole " + el.getRoleName() + " to ECRole " + ecRole);
-				return ecRole;
-			}			
-		}
-		//Logger.warn("NO mapping for PVPRole "+ el.getRawRoleString() + " !");
-		Logger.warn("NO mapping for PVPRole "+ el.getRoleName() + " !");
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
index 88a64bd07..ca71ad946 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
@@ -22,8 +22,9 @@
  */
 package at.gv.egovernment.moa.id.util;
 
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotAllowedException;
+import at.gv.egovernment.moa.logging.Logger;
 
 /**
  * @author tlenz
@@ -33,10 +34,23 @@ public class QAALevelVerifier {
 
 	public static void verifyQAALevel(String qaaAuth, String qaaRequest) throws QAANotAllowedException {
 		
-		Integer qaaA = Integer.valueOf(qaaAuth.substring(PVPConstants.STORK_QAA_PREFIX.length()));
-		Integer qaaR = Integer.valueOf(qaaRequest.substring(PVPConstants.STORK_QAA_PREFIX.length()));
+		if (EAAFConstants.EIDAS_QAA_LOW.equals(qaaRequest) && 
+					(EAAFConstants.EIDAS_QAA_LOW.equals(qaaAuth) || 
+							EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaAuth) ||
+									EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth))
+				) 
+			Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
 		
-		if (qaaA < qaaR)
+		else if (EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaRequest) && 
+					(EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaAuth) ||
+								EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth))
+				) 
+			Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
+		
+		else if (EAAFConstants.EIDAS_QAA_HIGH.equals(qaaRequest) && EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth)) 
+			Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
+		
+		else 
 			throw new QAANotAllowedException(qaaAuth, qaaRequest);
 		
 	}
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
index 1e3672a0d..14d4d9fb6 100644
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
@@ -1,8 +1,6 @@
-at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSectorForIDAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN
 at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
deleted file mode 100644
index 9b6eedb11..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
+++ /dev/null
@@ -1,285 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.module.test;
-
-import java.util.Collection;
-
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
-
-/**
- * @author tlenz
- *
- */
-public class TestRequestImpl implements IRequest {
-
-	private String processInstanceID = null; 
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedModule()
-	 */
-	@Override
-	public String requestedModule() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedAction()
-	 */
-	@Override
-	public String requestedAction() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getOAURL()
-	 */
-	@Override
-	public String getOAURL() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#isPassiv()
-	 */
-	@Override
-	public boolean isPassiv() {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#forceAuth()
-	 */
-	@Override
-	public boolean forceAuth() {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getGenericData(java.lang.String)
-	 */
-	@Override
-	public Object getGenericData(String key) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getGenericData(java.lang.String, java.lang.Class)
-	 */
-	@Override
-	public <T> T getGenericData(String key, Class<T> clazz) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#setGenericDataToSession(java.lang.String, java.lang.Object)
-	 */
-	@Override
-	public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException {
-		// TODO Auto-generated method stub
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestID()
-	 */
-	@Override
-	public String getRequestID() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getUniqueTransactionIdentifier()
-	 */
-	@Override
-	public String getUniqueTransactionIdentifier() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getUniqueSessionIdentifier()
-	 */
-	@Override
-	public String getUniqueSessionIdentifier() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getProcessInstanceId()
-	 */
-	@Override
-	public String getProcessInstanceId() {
-		return processInstanceID;
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getAuthURL()
-	 */
-	@Override
-	public String getAuthURL() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getAuthURLWithOutSlash()
-	 */
-	@Override
-	public String getAuthURLWithOutSlash() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#isNeedAuthentication()
-	 */
-	@Override
-	public boolean isNeedAuthentication() {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#needSingleSignOnFunctionality()
-	 */
-	@Override
-	public boolean needSingleSignOnFunctionality() {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#setNeedSingleSignOnFunctionality(boolean)
-	 */
-	@Override
-	public void setNeedSingleSignOnFunctionality(boolean needSSO) {
-		// TODO Auto-generated method stub
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#isAuthenticated()
-	 */
-	@Override
-	public boolean isAuthenticated() {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#setAuthenticated(boolean)
-	 */
-	@Override
-	public void setAuthenticated(boolean isAuthenticated) {
-		// TODO Auto-generated method stub
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getOnlineApplicationConfiguration()
-	 */
-	@Override
-	public IOAAuthParameters getOnlineApplicationConfiguration() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/**
-	 * @param processInstanceID the processInstanceID to set
-	 */
-	public void setProcessInstanceID(String processInstanceID) {
-		this.processInstanceID = processInstanceID;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#isAbortedByUser()
-	 */
-	@Override
-	public boolean isAbortedByUser() {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#setAbortedByUser(boolean)
-	 */
-	@Override
-	public void setAbortedByUser(boolean isAborted) {
-		// TODO Auto-generated method stub
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedAttributes()
-	 */
-	@Override
-	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.commons.api.IRequest#getInternalSSOSessionIdentifier()
-	 */
-	@Override
-	public String getInternalSSOSessionIdentifier() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.commons.api.IRequest#getMOASession()
-	 */
-	@Override
-	public IAuthenticationSession getMOASession() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.commons.api.IRequest#populateMOASessionWithSSOInformation(at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession)
-	 */
-	@Override
-	public void populateMOASessionWithSSOInformation(IAuthenticationSession ssoSession) {
-		// TODO Auto-generated method stub
-		
-	}
-	
-	
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java
deleted file mode 100644
index 08fb4e043..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java
+++ /dev/null
@@ -1,147 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test;
-
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.Iterator;
-import java.util.List;
-
-import javax.sql.DataSource;
-
-import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Dummy DataSource implementation for convenience in test cases where a
- * database connection will never actually be acquired.
- *
- * @see DataSource
- * @author Chris Beams
- */
-public class DummyTransactionStorage implements ITransactionStorage {
-
-	public class DummyDBEntry{
-		public DummyDBEntry(String key, Object value){
-			this.obj =value;
-			this.key = key;
-		}
-		public String getKey() {
-			return key;
-		}
-		public void setKey(String key) {
-			this.key = key;
-		}
-		public Object getObj() {
-			return obj;
-		}
-		public void setObj(Object obj) {
-			this.obj = obj;
-		}
-		private String key;
-		private Object obj;
-	}
-	
-	private ArrayList<DummyDBEntry> ds = new ArrayList<DummyDBEntry>();
-	
-
-	
-	@Override
-	public boolean containsKey(String key) {
-		// TODO Auto-generated method stub
-		Iterator<DummyDBEntry> it = ds.iterator();
-		while(it.hasNext()){
-			DummyDBEntry t = it.next();
-			if(t.getKey().equals(key))
-				return true;
-		}
-		return false;
-	}
-
-	@Override
-	public void put(String key, Object value, int timeout_ms)
-			throws MOADatabaseException {
-		// TODO Auto-generated method stub
-		this.remove(key);
-		this.ds.add(new DummyDBEntry(key, value));
-		
-	}
-
-	@Override
-	public Object get(String key) throws MOADatabaseException {
-		// TODO Auto-generated method stub
-		Iterator<DummyDBEntry> it = ds.iterator();
-		while(it.hasNext()){
-			DummyDBEntry t = it.next();
-			if(t.getKey().equals(key))
-				return t;
-		}
-		return null;
-	}
-
-	@Override
-	public <T> T get(String key, Class<T> clazz) throws MOADatabaseException {
-		
-		  DummyDBEntry o = (DummyDBEntry) get(key);
-		  if(o == null)
-			  return null;
-		  try {
-			  @SuppressWarnings("unchecked")
-			T test = (T) (clazz.cast(o.getObj()));
-			return test;
-			
-		  } catch (Exception e) {
-			Logger.warn("Sessioninformation Cast-Exception by using Artifact=" + key);
-			throw new MOADatabaseException("Sessioninformation Cast-Exception");
-			
-		  }
-	}
-
-	@Override
-	public <T> T get(String key, Class<T> clazz, long dataTimeOut)
-			throws MOADatabaseException, AuthenticationException {
-		// TODO Auto-generated method stub
-		return get(key,clazz);
-	}
-
-	@Override
-	public void changeKey(String oldKey, String newKey, Object value)
-			throws MOADatabaseException {
-		this.remove(oldKey);
-		this.put(newKey, value, -1);
-		
-	}
-
-	@Override
-	public void remove(String key) {
-		Iterator<DummyDBEntry> it = ds.iterator();
-		while(it.hasNext()){
-			DummyDBEntry t = it.next();
-			if(t.getKey().equals(key)){
-				this.ds.remove(t);
-				return;
-			}
-		}
-		
-	}
-
-	@Override
-	public List<String> clean(Date now, long dataTimeOut) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public Object getAssertionStore(String key) throws MOADatabaseException {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public void putAssertionStore(Object element) throws MOADatabaseException {
-		// TODO Auto-generated method stub
-		
-	}
-
-    
-}
\ No newline at end of file
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/ExpressionContextAdapter.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/ExpressionContextAdapter.java
deleted file mode 100644
index c26236619..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/ExpressionContextAdapter.java
+++ /dev/null
@@ -1,52 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test;
-
-
-import java.io.Serializable;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-
-import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext;
-
-/**
- * Adapter class for {@link ExpressionEvaluationContext}. Intended to be used for testing purposes.
- * 
- * @author tknall
- * 
- */
-public class ExpressionContextAdapter implements ExpressionEvaluationContext {
-
-	private static final long serialVersionUID = 1L;
-
-	private Map<String, Serializable> ctxData = Collections.synchronizedMap(new HashMap<String, Serializable>());
-
-	/**
-	 * Returns a certain {@link Serializable} object associated with a certain {@code key}.
-	 * 
-	 * @param key
-	 *            The key.
-	 * @return The object or {@code null} if no object was found stored with that key or if a {@code null} value was
-	 *         stored.
-	 */
-	Serializable get(String key) {
-		return ctxData.get(key);
-	}
-
-	/**
-	 * Stores a {@link Serializable} with a certain {@code key}.
-	 * 
-	 * @param key
-	 *            The key.
-	 * @param object
-	 *            The object.
-	 */
-	void put(String key, Serializable object) {
-		ctxData.put(key, object);
-	}
-
-	@Override
-	public Map<String, Serializable> getCtx() {
-		return Collections.unmodifiableMap(ctxData);
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SimplePojo.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SimplePojo.java
deleted file mode 100644
index 89f3c0383..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SimplePojo.java
+++ /dev/null
@@ -1,41 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test;
-
-import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator;
-
-/**
- * A dummy pojo used to test {@link ExpressionEvaluator} with Spring EL referencing Spring beans.
- * 
- * @author tknall
- * 
- */
-public class SimplePojo {
-
-	private Boolean booleanValue;
-	private String stringValue;
-	private Integer integerValue;
-
-	public Boolean getBooleanValue() {
-		return booleanValue;
-	}
-
-	public void setBooleanValue(Boolean booleanValue) {
-		this.booleanValue = booleanValue;
-	}
-
-	public String getStringValue() {
-		return stringValue;
-	}
-
-	public void setStringValue(String stringValue) {
-		this.stringValue = stringValue;
-	}
-
-	public Integer getIntegerValue() {
-		return integerValue;
-	}
-
-	public void setIntegerValue(Integer integerValue) {
-		this.integerValue = integerValue;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java
deleted file mode 100644
index c06735f9e..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java
+++ /dev/null
@@ -1,154 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test;
-
-import static at.gv.egovernment.moa.id.process.ProcessInstanceState.NOT_STARTED;
-import static at.gv.egovernment.moa.id.process.ProcessInstanceState.SUSPENDED;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Properties;
-
-import org.hibernate.cfg.Configuration;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
-import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
-import at.gv.egovernment.moa.id.module.test.TestRequestImpl;
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException;
-import at.gv.egovernment.moa.id.process.ProcessEngine;
-import at.gv.egovernment.moa.id.process.ProcessEngineImpl;
-import at.gv.egovernment.moa.id.process.ProcessExecutionException;
-import at.gv.egovernment.moa.id.process.ProcessInstance;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.spring.SpringExpressionEvaluator;
-
-/**
- * Tests the process engine using processes based on Spring EL referencing the process context and further Spring beans.
- * 
- * @author tknall
- * 
- */
-@RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration("/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml")
-public class SpringExpressionAwareProcessEngineTest {
-
-	@Autowired private static ProcessEngine pe;
-	@Autowired private ApplicationContext applicationContext;
-	
-	private boolean isInitialized = false;
-
-	@Before
-	public void init() throws IOException, ProcessDefinitionParserException {
-
-		if (!isInitialized) {
-
-			if (pe == null) {
-				pe = applicationContext.getBean("processEngine", ProcessEngine.class);
-				
-			}
-
-			((ProcessEngineImpl) pe).setTransitionConditionExpressionEvaluator(new SpringExpressionEvaluator());
-			try (InputStream in = SpringExpressionAwareProcessEngineTest.class.getResourceAsStream("SampleProcessDefinitionWithExpression1.xml")) {
-				((ProcessEngineImpl) pe).registerProcessDefinition(in);
-			}
-			try (InputStream in = SpringExpressionAwareProcessEngineTest.class.getResourceAsStream("SampleProcessDefinitionForSAML1Authentication.xml")) {
-				((ProcessEngineImpl) pe).registerProcessDefinition(in);
-			}
-
-		initHibernateForTesting();
-		}
-	}
-
-	private static void initHibernateForTesting() throws IOException{
-
-		InputStream in = SpringExpressionAwareProcessEngineTest.class.getResourceAsStream("/at/gv/egovernment/moa/id/process/hibernate.configuration.test.properties");
-		Properties props = new Properties();
-		props.load(in);
-
-		try {
-			//ConfigurationDBUtils.initHibernate(props);
-			Configuration config = new Configuration();
-			config.addProperties(props);
-			//config.addAnnotatedClass(ProcessInstanceStore.class);
-			config.addAnnotatedClass(AssertionStore.class);
-			//MOASessionDBUtils.initHibernate(config, props);
-		} catch (Exception e) {
-			e.printStackTrace();
-		}
-	}
-
-
-	@Test
-	public void testSampleProcessDefinitionWithExpression1() throws IOException, ProcessDefinitionParserException, ProcessExecutionException {
-
-		TestRequestImpl req =  new TestRequestImpl();
-		
-		String piId = pe.createProcessInstance("SampleProcessWithExpression1");
-		ProcessInstance pi = pe.getProcessInstance(piId);
-		assertEquals(NOT_STARTED, pi.getState());
-		
-		
-		// start process
-		req.setProcessInstanceID(piId);
-		pe.start(req);
-		
-		//processInstance should be removed when it ends
-		try {
-			pi = pe.getProcessInstance(piId);
-			throw new ProcessExecutionException("ProcessInstance should be removed already, but it was found.");
-			//assertEquals(ENDED, pi.getState());
-			
-		} catch (IllegalArgumentException e) {
-			// do nothing because processInstance should be already removed 
-			
-		}
-	}
-
-	@Test
-	public void testSampleProcessDefinitionForSAML1Authentication() throws IOException, ProcessDefinitionParserException, ProcessExecutionException {
-
-		TestRequestImpl req =  new TestRequestImpl();
-		
-		String piId = pe.createProcessInstance("SampleProcessDefinitionForSAML1Authentication");
-		ProcessInstance pi = pe.getProcessInstance(piId);
-		assertEquals(NOT_STARTED, pi.getState());
-
-		// start process
-		req.setProcessInstanceID(piId);
-		pe.start(req);		
-		pi = pe.getProcessInstance(piId);
-		assertEquals(SUSPENDED, pi.getState());
-		
-		ExecutionContext ec = pi.getExecutionContext();
-		assertNotNull(ec);
-		System.out.println(ec.keySet());
-
-		assertNotNull(ec.get("bkuURL"));
-		assertNotNull(ec.get("IdentityLink"));
-		assertNotNull(ec.get("isIdentityLinkValidated"));
-		assertNotNull(ec.get("SignedAuthBlock"));
-		assertNotNull(ec.get("isSignedAuthBlockValidated"));
-		assertNotNull(ec.get("SAML1Assertion"));
-		
-		pe.signal(req);
-		try {
-			pi = pe.getProcessInstance(piId);
-			throw new ProcessExecutionException("ProcessInstance should be removed already, but it was found.");
-			//assertEquals(ENDED, pi.getState());
-			
-		} catch (IllegalArgumentException e) {
-			// do nothing because processInstance should be already removed 
-			
-		}
-
-
-
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest.java
deleted file mode 100644
index bc9d1d399..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest.java
+++ /dev/null
@@ -1,54 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test;
-
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
-import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator;
-
-/**
- * Tests the {@link ExpressionEvaluator} using a Spring EL based implementation capable of dereferencing Spring beans.
- * 
- * @author tknall
- * 
- */
-@RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration
-public class SpringExpressionEvaluatorTest {
-
-	private ExpressionContextAdapter ctx;
-
-	@Autowired
-	private ExpressionEvaluator expressionEvaluator;
-
-	@Before
-	public void prepareTest() {
-		ctx = new ExpressionContextAdapter();
-	}
-
-	@Test
-	public void testEvaluateSimpleExpression() {
-		assertTrue(expressionEvaluator.evaluate(ctx, "'true'"));
-	}
-
-	@Test
-	public void testEvaluateExpressionWithCtx() {
-		ctx.put("myProperty", false);
-		assertFalse(expressionEvaluator.evaluate(ctx, "ctx['myProperty']"));
-	}
-
-	@Test
-	public void testEvaluateExpressionWithBeanReference() {
-		assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.booleanValue"));
-		assertTrue(expressionEvaluator.evaluate(ctx, "'HelloWorld'.equals(@simplePojo.stringValue)"));
-		assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.integerValue == 42"));
-		assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.stringValue.length() == 10"));
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java
deleted file mode 100644
index d3b9789fc..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java
+++ /dev/null
@@ -1,63 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test.task;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.charset.Charset;
-import java.util.Objects;
-
-import org.apache.commons.io.IOUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * A dummy task simulating the creation of a SAML1 assertion.
- * <p>
- * Requires context data:
- * <ul>
- * <li>{@code IdentityLink}</li>
- * <li>{@code isIdentityLinkValidated}</li>
- * <li>{@code SignedAuthBlock}</li>
- * <li>{@code isSignedAuthBlockValidated}</li>
- * </ul>
- * </p>
- * <p>
- * Enriches context data with:
- * <ul>
- * <li>{@code SAML1Assertion}</li>
- * </ul>
- * </p>
- * 
- * @author tknall
- * 
- */
-@Service("CreateSAML1AssertionTask")
-public class CreateSAML1AssertionTask implements Task {
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-
-	@Override
-	public IRequest execute(IRequest penReq, ExecutionContext executionContext) throws TaskExecutionException {
-		Objects.requireNonNull(executionContext.get("IdentityLink"));
-		assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isIdentityLinkValidated"))));
-		Objects.requireNonNull(executionContext.get("SignedAuthBlock"));
-		assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isSignedAuthBlockValidated"))));
-
-		log.debug("Using IdentityLink and signed auth block in order to create SAML1 assertion.");
-
-		try (InputStream in = getClass().getResourceAsStream("SAML1Assertion.xml")) {
-			executionContext.put("SAML1Assertion", IOUtils.toString(in, Charset.forName("UTF-8")));
-			
-		} catch (IOException e) {
-			throw new TaskExecutionException(null, "", e);
-		}
-
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java
deleted file mode 100644
index 7657f1c1f..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java
+++ /dev/null
@@ -1,59 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test.task;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.charset.Charset;
-import java.util.Objects;
-
-import org.apache.commons.io.IOUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * A dummy task simulating the retrieval of an IdentityLink.
- * <p/>
- * Asynchonous
- * <p>
- * Requires context data:
- * <ul>
- * <li>{@code bkuURL}</li>
- * </ul>
- * </p>
- * <p>
- * Enriches context data with:
- * <ul>
- * <li>{@code IdentityLink}</li>
- * </ul>
- * </p>
- * 
- * @author tknall
- * 
- */
-@Service("GetIdentityLinkTask")
-public class GetIdentityLinkTask implements Task {
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-
-	@Override
-	public IRequest execute(IRequest penReq, ExecutionContext executionContext) throws TaskExecutionException {
-		Objects.requireNonNull(executionContext.get("bkuURL"));
-
-		log.debug("Using bkuURL in order to retrieve IdentityLink.");
-
-		try (InputStream in = getClass().getResourceAsStream("IdentityLink_Max_Mustermann.xml")) {
-			executionContext.put("IdentityLink", IOUtils.toString(in, Charset.forName("UTF-8")));
-			
-		} catch (IOException e) {
-			throw new TaskExecutionException(null, "", e);
-		}
-		
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java
deleted file mode 100644
index 1163a0706..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java
+++ /dev/null
@@ -1,37 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test.task;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * A dummy task simulating a bku selection.
- * <p/>
- * Asynchonous
- * <p>
- * Enriches context data with:
- * <ul>
- * <li>{@code bkuURL}</li>
- * </ul>
- * </p>
- * 
- * @author tknall
- * 
- */
-@Service("SelectBKUTask")
-public class SelectBKUTask implements Task {
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-
-	@Override
-	public IRequest execute(IRequest penReq, ExecutionContext executionContext) {
-		log.debug("Providing BKU selection.");
-		executionContext.put("bkuURL", "https://127.0.0.1:3496/https-security-layer-request");
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java
deleted file mode 100644
index 1d10b08a8..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java
+++ /dev/null
@@ -1,61 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test.task;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.charset.Charset;
-import java.util.Objects;
-
-import org.apache.commons.io.IOUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * A dummy task simulating the signature of an auth block.
- * <p/>
- * Asynchonous
- * <p>
- * Requires context data:
- * <ul>
- * <li>{@code IdentityLink}</li>
- * <li>{@code isIdentityLinkValidated}</li>
- * <li>{@code bkuURL}</li>
- * </ul>
- * </p>
- * <p>
- * Enriches context data with:
- * <ul>
- * <li>{@code SignedAuthBlock}</li>
- * </ul>
- * </p>
- * 
- * @author tknall
- * 
- */
-@Service("SignAuthBlockTask")
-public class SignAuthBlockTask implements Task {
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-
-	@Override
-	public IRequest execute(IRequest penReq, ExecutionContext executionContext) throws TaskExecutionException {
-		Objects.requireNonNull(executionContext.get("IdentityLink"));
-		assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isIdentityLinkValidated"))));
-		Objects.requireNonNull(executionContext.get("bkuURL"));
-
-		log.debug("Using validated IdentityLink and bkuURL in order to sign auth block.");
-		try (InputStream in = getClass().getResourceAsStream("SignedAuthBlock.xml")) {
-			executionContext.put("SignedAuthBlock", IOUtils.toString(in, Charset.forName("UTF-8")));
-		} catch (IOException e) {
-			throw new TaskExecutionException(null, "", e);
-						
-		}
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java
deleted file mode 100644
index 19a87d520..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java
+++ /dev/null
@@ -1,46 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test.task;
-
-import java.util.Objects;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * Dummy task simulating the validation of an IdentityLink.
- * <p>
- * Requires context data:
- * <ul>
- * <li>{@code IdentityLink}</li>
- * </ul>
- * </p>
- * <p>
- * Enriches context data with:
- * <ul>
- * <li>{@code isIdentityLinkValidated}</li>
- * </ul>
- * </p>
- * 
- * @author tknall
- * 
- */
-@Service("ValidateIdentityLinkTask")
-public class ValidateIdentityLinkTask implements Task {
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-
-	@Override
-	public IRequest execute(IRequest penReq, ExecutionContext executionContext) {
-		Objects.requireNonNull(executionContext.get("IdentityLink"));
-
-		log.debug("Validating IdentityLink.");
-
-		executionContext.put("isIdentityLinkValidated", true);
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java
deleted file mode 100644
index afae6463d..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java
+++ /dev/null
@@ -1,51 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test.task;
-
-import java.util.Objects;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * A dummy task simulating the validation of an auth block.
- * <p>
- * Requires context data:
- * <ul>
- * <li>{@code IdentityLink}</li>
- * <li>{@code isIdentityLinkValidated}</li>
- * <li>{@code SignedAuthBlock}</li>
- * </ul>
- * </p>
- * <p>
- * Enriches context data with:
- * <ul>
- * <li>{@code isSignedAuthBlockValidated}</li>
- * </ul>
- * </p>
- * 
- * @author tknall
- * 
- */
-@Service("ValidateSignedAuthBlockTask")
-public class ValidateSignedAuthBlockTask implements Task {
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-
-	@Override
-	public IRequest execute(IRequest penReq, ExecutionContext executionContext) throws TaskExecutionException {
-		Objects.requireNonNull(executionContext.get("IdentityLink"));
-		assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isIdentityLinkValidated"))));
-		Objects.requireNonNull(executionContext.get("SignedAuthBlock"));
-
-		log.debug("Using validated IdentityLink and signed auth block in order to validate signed auth block.");
-
-		executionContext.put("isSignedAuthBlockValidated", true);
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/BooleanStringExpressionEvaluator.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/BooleanStringExpressionEvaluator.java
deleted file mode 100644
index 20dfc50ef..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/BooleanStringExpressionEvaluator.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package at.gv.egovernment.moa.id.process.test;
-
-import java.util.Objects;
-
-import org.apache.commons.lang3.BooleanUtils;
-
-import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext;
-import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator;
-
-/**
- * Expression evaluator that guesses the boolean value from a String. Refer to {@link BooleanUtils#toBoolean(String)}
- * for further information.
- * 
- * @author tknall
- * 
- */
-public class BooleanStringExpressionEvaluator implements ExpressionEvaluator {
-
-	@Override
-	public boolean evaluate(ExpressionEvaluationContext expressionContext, String expression) {
-		return BooleanUtils.toBoolean(Objects.requireNonNull(expression, "Expression must not be null."));
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java
deleted file mode 100644
index d808713c1..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package at.gv.egovernment.moa.id.process.test;
-
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * Simple task that just outputs a "Hallo World" text to the console.
- * 
- * @author tknall
- * 
- */
-@Service("HalloWeltTask")
-public class HalloWeltTask implements Task {
-
-	@Override
-	public IRequest execute(IRequest pendingReq, ExecutionContext executionContext) {
-		System.out.println("Hallo Welt");
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java
deleted file mode 100644
index ee02d0030..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package at.gv.egovernment.moa.id.process.test;
-
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * Simple task that just outputs a "Hello World" text to the console.
- * 
- * @author tknall
- * 
- */
-@Service("HelloWorldTask")
-public class HelloWorldTask implements Task {
-
-	@Override
-	public IRequest execute(IRequest pendingReq, ExecutionContext executionContext) {
-		System.out.println("Hello World");
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessDefinitionParserTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessDefinitionParserTest.java
deleted file mode 100644
index df13f064b..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessDefinitionParserTest.java
+++ /dev/null
@@ -1,137 +0,0 @@
-package at.gv.egovernment.moa.id.process.test;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertTrue;
-
-import java.io.IOException;
-import java.io.InputStream;
-
-import org.junit.Test;
-
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParser;
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException;
-import at.gv.egovernment.moa.id.process.model.EndEvent;
-import at.gv.egovernment.moa.id.process.model.ProcessDefinition;
-import at.gv.egovernment.moa.id.process.model.ProcessNode;
-import at.gv.egovernment.moa.id.process.model.StartEvent;
-import at.gv.egovernment.moa.id.process.model.TaskInfo;
-import at.gv.egovernment.moa.id.process.model.Transition;
-
-public class ProcessDefinitionParserTest {
-	
-	@Test(expected = ProcessDefinitionParserException.class)
-	public void testParseInvalidProcessDefinition_MultipleStartEvents() throws IOException, ProcessDefinitionParserException {
-		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_MultipleStartEvents.xml")) {
-			new ProcessDefinitionParser().parse(in);
-		}
-	}
-	
-	@Test(expected = ProcessDefinitionParserException.class)
-	public void testParseInvalidProcessDefinition_TransitionLoop() throws IOException, ProcessDefinitionParserException {
-		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_TransitionLoop.xml")) {
-			new ProcessDefinitionParser().parse(in);
-		}
-	}
-	
-	@Test(expected = ProcessDefinitionParserException.class)
-	public void testParseInvalidProcessDefinition_TransitionStartsFromEndEvent() throws IOException, ProcessDefinitionParserException {
-		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_TransitionStartsFromEndEvent.xml")) {
-			new ProcessDefinitionParser().parse(in);
-		}
-	}
-	
-	@Test(expected = ProcessDefinitionParserException.class)
-	public void testParseInvalidProcessDefinition_TransitionRefsTransition() throws IOException, ProcessDefinitionParserException {
-		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_TransitionRefsTransition.xml")) {
-			new ProcessDefinitionParser().parse(in);
-		}
-	}
-	
-	@Test(expected = ProcessDefinitionParserException.class)
-	public void testParseInvalidProcessDefinition_NoStartEvents() throws IOException, ProcessDefinitionParserException {
-		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_NoStartEvents.xml")) {
-			new ProcessDefinitionParser().parse(in);
-		}
-	}
-	
-	@Test
-	public void testParseSampleProcessDefinition() throws IOException, ProcessDefinitionParserException {
-		try (InputStream in = getClass().getResourceAsStream("SampleProcessDefinition1.xml")) {
-			
-			ProcessDefinitionParser parser = new ProcessDefinitionParser();
-			ProcessDefinition pd = parser.parse(in);
-			
-			assertNotNull(pd);
-			assertEquals("SampleProcess1", pd.getId());
-			
-			// first assert tasks then transitions
-			// start event
-			StartEvent startEvent = pd.getStartEvent();
-			assertNotNull(startEvent);
-			assertEquals("start", startEvent.getId());
-			assertEquals(startEvent, pd.getProcessNode("start"));
-			// task1
-			ProcessNode processNode = pd.getProcessNode("task1");
-			assertNotNull(processNode);
-			assertTrue(processNode instanceof TaskInfo);
-			TaskInfo task1 = (TaskInfo) processNode;
-			assertEquals("task1", task1.getId());
-			assertFalse(task1.isAsync());
-			// task2 
-			processNode = pd.getProcessNode("task2");
-			assertNotNull(processNode);
-			assertTrue(processNode instanceof TaskInfo);
-			TaskInfo task2 = (TaskInfo) processNode;
-			assertEquals("task2", task2.getId());
-			assertTrue(task2.isAsync());
-			// end event
-			processNode = pd.getProcessNode("end");
-			assertNotNull(processNode);
-			assertTrue(processNode instanceof EndEvent);
-			EndEvent endEvent = (EndEvent) processNode;
-			assertEquals("end", endEvent.getId());
-			
-			// assert transitions
-			// start event
-			assertNotNull(startEvent.getIncomingTransitions());
-			assertTrue(startEvent.getIncomingTransitions().isEmpty());
-			assertNotNull(startEvent.getOutgoingTransitions());
-			assertEquals(1, startEvent.getOutgoingTransitions().size());
-			// transition from start to task1
-			Transition startToTask1 = startEvent.getOutgoingTransitions().get(0);
-			assertEquals("fromStart", startToTask1.getId());
-			assertEquals(startEvent, startToTask1.getFrom());
-			assertEquals(task1, startToTask1.getTo());
-			assertEquals("true", startToTask1.getConditionExpression());
-			// task1
-			assertNotNull(task1.getIncomingTransitions());
-			assertEquals(1, task1.getIncomingTransitions().size());
-			assertEquals(startToTask1, task1.getIncomingTransitions().get(0));
-			assertNotNull(task1.getOutgoingTransitions());
-			assertEquals(1, task1.getOutgoingTransitions().size());
-			// transition from task1 to task2
-			Transition task1ToTask2 = task1.getOutgoingTransitions().get(0);
-			assertNull(task1ToTask2.getId());
-			assertEquals(task1, task1ToTask2.getFrom());
-			assertEquals(task2, task1ToTask2.getTo());
-			assertNull(task1ToTask2.getConditionExpression());
-			// task2
-			assertNotNull(task2.getIncomingTransitions());
-			assertEquals(1, task2.getIncomingTransitions().size());
-			assertEquals(task1ToTask2, task2.getIncomingTransitions().get(0));
-			assertNotNull(task2.getOutgoingTransitions());
-			assertEquals(1, task2.getOutgoingTransitions().size());
-			// transition from task2 to end
-			Transition task2ToEnd = task2.getOutgoingTransitions().get(0);
-			assertNull(task2ToEnd.getId());
-			assertEquals(task2, task2ToEnd.getFrom());
-			assertEquals(endEvent, task2ToEnd.getTo());
-			assertNull(task2ToEnd.getConditionExpression());
-			
-		}
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java
deleted file mode 100644
index 6744c0403..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java
+++ /dev/null
@@ -1,146 +0,0 @@
-package at.gv.egovernment.moa.id.process.test;
-
-import static at.gv.egovernment.moa.id.process.ProcessInstanceState.NOT_STARTED;
-import static at.gv.egovernment.moa.id.process.ProcessInstanceState.SUSPENDED;
-import static org.junit.Assert.assertEquals;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Properties;
-
-import org.hibernate.cfg.Configuration;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
-import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
-import at.gv.egovernment.moa.id.module.test.TestRequestImpl;
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParser;
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException;
-import at.gv.egovernment.moa.id.process.ProcessEngine;
-import at.gv.egovernment.moa.id.process.ProcessEngineImpl;
-import at.gv.egovernment.moa.id.process.ProcessExecutionException;
-import at.gv.egovernment.moa.id.process.ProcessInstance;
-
-@RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration("/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml")
-public class ProcessEngineTest {
-	
-	@Autowired private static ProcessEngine pe;
-
-	@Autowired private ApplicationContext applicationContext;
-	
-	private boolean isInitialized = false;
-	
-	@Before
-	public void init() throws IOException, ProcessDefinitionParserException {
-		
-		if (!isInitialized) {
-			ProcessDefinitionParser pdp = new ProcessDefinitionParser();
-
-			if (pe == null) {
-				pe = applicationContext.getBean("processEngine", ProcessEngine.class);
-				
-			}
-			
-			((ProcessEngineImpl) pe).setTransitionConditionExpressionEvaluator(new BooleanStringExpressionEvaluator());
-			try (InputStream in = ProcessEngineTest.class.getResourceAsStream("SampleProcessDefinition1.xml")) {
-				((ProcessEngineImpl) pe).registerProcessDefinition(pdp.parse(in));
-			}
-			try (InputStream in = ProcessEngineTest.class.getResourceAsStream("SampleProcessDefinition2.xml")) {
-				((ProcessEngineImpl) pe).registerProcessDefinition(pdp.parse(in));
-			}
-
-			initHibernateForTesting();
-			isInitialized = true;
-		}
-	}
-	
-	private static void initHibernateForTesting() throws IOException{
-
-		InputStream in = ProcessEngineTest.class.getResourceAsStream("/at/gv/egovernment/moa/id/process/hibernate.configuration.test.properties");
-		Properties props = new Properties();
-		props.load(in);
-
-		try {
-			//ConfigurationDBUtils.initHibernate(props);
-			Configuration config = new Configuration();
-			config.addProperties(props);
-			//config.addAnnotatedClass(ProcessInstanceStore.class);
-			config.addAnnotatedClass(AssertionStore.class);
-			//MOASessionDBUtils.initHibernate(config, props);
-		} catch (Exception e) {
-			e.printStackTrace();
-		}
-	}
-	
-	@Test
-	public void testSampleProcess1() throws IOException, ProcessDefinitionParserException, ProcessExecutionException {
-		
-		TestRequestImpl testReq = new TestRequestImpl();
-		
-		String piId = pe.createProcessInstance("SampleProcess1");
-		ProcessInstance pi = pe.getProcessInstance(piId);
-		assertEquals(NOT_STARTED, pi.getState());
-
-		// start process
-		testReq.setProcessInstanceID(piId);
-		pe.start(testReq);
-		pi = pe.getProcessInstance(piId);
-		assertEquals(SUSPENDED, pi.getState());
-
-		System.out.println("Do something asynchronously");
-		testReq.setProcessInstanceID(piId);
-		pe.signal(testReq);
-		try {
-			pi = pe.getProcessInstance(piId);
-			throw new ProcessExecutionException("ProcessInstance should be removed already, but it was found.");
-			//assertEquals(ENDED, pi.getState());
-			
-		} catch (IllegalArgumentException e) {
-			// do nothing because processInstance should be already removed 
-			
-		}
-	}
-	
-	@Test
-	public void testSampleProcess2() throws IOException, ProcessDefinitionParserException, ProcessExecutionException {
-
-		TestRequestImpl testReq = new TestRequestImpl();
-		
-		String piId = pe.createProcessInstance("SampleProcess2");
-		ProcessInstance pi = pe.getProcessInstance(piId);
-		assertEquals(NOT_STARTED, pi.getState());
-
-		// start process
-		testReq.setProcessInstanceID(piId);
-		pe.start(testReq);
-		pi = pe.getProcessInstance(piId);
-		assertEquals(SUSPENDED, pi.getState());
-
-		System.out.println("Do something asynchronously");
-		testReq.setProcessInstanceID(piId);
-		pe.signal(testReq);
-		try {
-			pi = pe.getProcessInstance(piId);
-			throw new ProcessExecutionException("ProcessInstance should be removed already, but it was found.");
-			//assertEquals(ENDED, pi.getState());
-			
-		} catch (IllegalArgumentException e) {
-			// do nothing because processInstance should be already removed 
-			
-		}
-		
-		
-	}
-
-	@Test(expected = IllegalArgumentException.class)
-	public void testProcessInstanceDoesNotExist() {
-		pe.getProcessInstance("does not exist");
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java
index fc415097c..0c410e966 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java
@@ -12,14 +12,14 @@ import org.w3c.dom.Element;
 import org.xml.sax.SAXException;
 
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egovernment.moa.id.storage.DBTransactionStorage;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.util.DOMUtils;
 
 public class DBTransactionStorageTest {
 
-	public static void main (String[] args) throws SAXException, IOException, ParserConfigurationException, MOADatabaseException{
+	public static void main (String[] args) throws SAXException, IOException, ParserConfigurationException, EAAFException{
 		DBTransactionStorageTest t = new DBTransactionStorageTest();
 		t.test();
 	}
@@ -32,7 +32,7 @@ public class DBTransactionStorageTest {
 	}
 
 	
-	public void test() throws SAXException, IOException, ParserConfigurationException, MOADatabaseException{
+	public void test() throws SAXException, IOException, ParserConfigurationException, EAAFException{
 
 
 		ApplicationContext context = new FileSystemXmlApplicationContext("src/test/java/testBeans.xml");
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
index 8ca65e745..67a6552ef 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
@@ -27,7 +27,6 @@ import java.util.Collection;
 import java.util.List;
 
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
 import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
@@ -64,10 +63,9 @@ public interface IOAAuthParameters extends ISPConfiguration{
 	 * 'urn:publicid:gv.at:cdid+' is allowed to receive baseIDs
 	 * 
 	 * @return true if there is a restriction, otherwise false
-	 * @throws ConfigurationException In case of online-application configuration has public and private identifies
 	 */
 	@Override
-	public boolean hasBaseIdInternalProcessingRestriction() throws EAAFConfigurationException;
+	public boolean hasBaseIdInternalProcessingRestriction();
 	
 	
 	/**
@@ -78,22 +76,11 @@ public interface IOAAuthParameters extends ISPConfiguration{
 	 * 'urn:publicid:gv.at:cdid+' is allowed to receive baseIDs
 	 * 
 	 * @return true if there is a restriction, otherwise false
-	 * @throws ConfigurationException In case of online-application configuration has public and private identifies
 	 */
 	@Override
-	public boolean hasBaseIdTransferRestriction() throws EAAFConfigurationException;
-	
-	
-	/**
-	 * Get the full area-identifier for this online application to calculate the 
-	 * area-specific unique person identifier (bPK, wbPK, eIDAS unique identifier, ...). 
-	 * This identifier always contains the full prefix 
-	 * 
-	 * @return area identifier with prefix
-	 * @throws ConfigurationException In case of online-application configuration has public and private identifies  
-	 */
-	public String getAreaSpecificTargetIdentifier() throws ConfigurationException;
+	public boolean hasBaseIdTransferRestriction();
 	
+		
 	/**
 	 * Get a friendly name for the specific area-identifier of this online application
 	 * 
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
index 8f09dc1aa..e1f995e82 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
@@ -29,10 +29,10 @@ import java.util.Map;
 
 import org.apache.commons.lang.StringEscapeUtils;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -121,10 +121,10 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
 		params.put(PARAM_BKU_LOCAL, IOAAuthParameters.LOCALBKU);
 		
 		if (pendingReq != null) {							
-			params.put(PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq.getRequestID()));
+			params.put(PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq.getPendingRequestId()));
 
 			//add service-provider specific GUI parameters
-			IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+			IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
 			if (oaParam != null) {
 				params.put(PARAM_OANAME, StringEscapeUtils.escapeHtml(oaParam.getFriendlyName()));
 
@@ -170,7 +170,7 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
 	 */
 	private void addCountrySelection(Map<String, Object> params, IOAAuthParameters oaParam) {
 		String pepslist = "";
-		try {				
+		try {				 
 			for (CPEPS current : oaParam.getPepsList()) {
 				String countryName = null;							
 				if (MiscUtil.isNotEmpty(MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getFullCountryCode().toUpperCase())))
@@ -205,14 +205,14 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
 	 */
 	@Override
 	public InputStream getTemplate(String viewName) {		
-		if (pendingReq != null && pendingReq.getOnlineApplicationConfiguration() != null) {
+		if (pendingReq != null && pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class) != null) {
 			
 			byte[] oatemplate = null;			
 			if (VIEW_BKUSELECTION.equals(viewName))				
-				oatemplate = pendingReq.getOnlineApplicationConfiguration().getBKUSelectionTemplate();
+				oatemplate = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getBKUSelectionTemplate();
 			
 			else if (VIEW_SENDASSERTION.equals(viewName))
-				oatemplate = pendingReq.getOnlineApplicationConfiguration().getSendAssertionTemplate();
+				oatemplate = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getSendAssertionTemplate();
 			
 			// OA specific template requires a size of 8 bits minimum
 			if (oatemplate != null && oatemplate.length > 7)
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
index a1223b093..5283089ed 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
@@ -101,7 +101,7 @@ public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderCo
 	public Map<String, Object> getSpecificViewParameters() {
 		Map<String, Object> params =  new HashMap<String, Object>();
 		if (pendingReq != null) {							
-			params.put(PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq.getRequestID()));
+			params.put(PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq.getPendingRequestId()));
 			
 		}		
 		if (customParameters != null)
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
index 8d5a8bf9b..8afda3c71 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
@@ -26,6 +26,7 @@ import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 
 /**
  * @author tlenz
@@ -62,14 +63,14 @@ public class SPSpecificGUIBuilderConfigurationWithDBLoad extends AbstractService
 	 */
 	@Override
 	public InputStream getTemplate(String viewName) {		
-		if (pendingReq != null && pendingReq.getOnlineApplicationConfiguration() != null) {
+		if (pendingReq != null && pendingReq.getServiceProviderConfiguration() != null) {
 			
 			byte[] oatemplate = null;			
 			if (VIEW_BKUSELECTION.equals(viewName))				
-				oatemplate = pendingReq.getOnlineApplicationConfiguration().getBKUSelectionTemplate();
+				oatemplate = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getBKUSelectionTemplate();
 			
 			else if (VIEW_SENDASSERTION.equals(viewName))
-				oatemplate = pendingReq.getOnlineApplicationConfiguration().getSendAssertionTemplate();
+				oatemplate = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getSendAssertionTemplate();
 			
 			// OA specific template requires a size of 8 bits minimum
 			if (oatemplate != null && oatemplate.length > 7)
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
index bb947a15f..6092c8d5d 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
@@ -81,10 +81,10 @@ public class SPSpecificGUIBuilderConfigurationWithFileSystemLoad extends Abstrac
 	 */
 	@Override
 	public InputStream getTemplate(String viewName) {		
-		if (pendingReq != null && pendingReq.getOnlineApplicationConfiguration() != null && 
+		if (pendingReq != null && pendingReq.getServiceProviderConfiguration() != null && 
 				configKeyIdentifier != null) {
 			try {
-				String templateURL = pendingReq.getOnlineApplicationConfiguration().getConfigurationValue(configKeyIdentifier);
+				String templateURL = pendingReq.getServiceProviderConfiguration().getConfigurationValue(configKeyIdentifier);
 				if (MiscUtil.isNotEmpty(templateURL)) {
 					String absURL = FileUtils.makeAbsoluteURL(templateURL, configRootContextDir);				
 					if (!absURL.startsWith("file:")) {
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
index 947a42345..53ec222dc 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
@@ -26,7 +26,7 @@ package at.gv.egovernment.moa.id.auth.frontend.utils;
 import java.util.HashMap;
 import java.util.Map;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -76,7 +76,7 @@ public class FormBuildUtils {
 				
 				defaultmap.put(PARAM_REDIRECTTARGET, "_top");
 			}
-	}
+	} 
 	
 	public static void customiceLayoutBKUSelection(Map<String, Object> params, IOAAuthParameters oaParam) {
 		
diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
index d8146786a..d32ce972a 100644
--- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
+++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
@@ -91,7 +91,7 @@ public class MOAIDAuthSpringInitializer implements WebApplicationInitializer {
 					rootContext.getEnvironment().addActiveProfile(profile);
 				}
 			}
-
+		
 			Logger.info("Spring-context was initialized with active profiles: " + 
 					Arrays.asList(rootContext.getEnvironment().getActiveProfiles()));
 			
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
index 2e09bf55c..1269229d0 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
@@ -29,13 +29,13 @@ import javax.annotation.PostConstruct;
 
 import org.springframework.beans.factory.annotation.Autowired;
 
-import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager;
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager;
+import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.tasks.FirstBKAMobileAuthTask;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -48,7 +48,7 @@ public class BKAMobileAuthModule implements AuthModule {
 	private int priority = 1;
 	
 	@Autowired(required=true) protected AuthConfiguration authConfig;
-	@Autowired(required=true) private AuthenticationManager authManager;
+	@Autowired(required=true) private IAuthenticationManager authManager;
 	
 	private List<String> uniqueIDsDummyAuthEnabled = new ArrayList<String>();
 	
@@ -71,7 +71,7 @@ public class BKAMobileAuthModule implements AuthModule {
 	
 	@PostConstruct
 	public void initialDummyAuthWhiteList() {
-		String sensitiveSpIdentifier = authConfig.getBasicMOAIDConfiguration("modules.bkamobileAuth.entityID");
+		String sensitiveSpIdentifier = authConfig.getBasicConfiguration("modules.bkamobileAuth.entityID");
 		if (MiscUtil.isNotEmpty(sensitiveSpIdentifier)) {
 			uniqueIDsDummyAuthEnabled.addAll(KeyValueUtils.getListOfCSVValues(sensitiveSpIdentifier));
 			
@@ -91,7 +91,7 @@ public class BKAMobileAuthModule implements AuthModule {
 	 */
 	@Override
 	public String selectProcess(ExecutionContext context) {		
-		String spEntityID = (String) context.get(MOAIDAuthConstants.PROCESSCONTEXT_UNIQUE_OA_IDENTFIER);
+		String spEntityID = (String) context.get(EAAFConstants.PROCESS_ENGINE_SERVICE_PROVIDER_ENTITYID);
 		if (MiscUtil.isNotEmpty(spEntityID)) {				
 			if (uniqueIDsDummyAuthEnabled.contains(spEntityID)) {
 				String eIDBlob = (String)context.get(FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW);
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
index 37ee3f201..68b944814 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
@@ -29,6 +29,7 @@ import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.KeySpec;
+import java.util.Date;
 
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
@@ -54,15 +55,17 @@ import com.google.gson.JsonParseException;
 import com.google.gson.JsonParser;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
@@ -90,7 +93,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 	private static final String EIDCONTAINER_EID = "eid";
 	private static final String EIDCONTAINER_KEY_IDL = "idl";
 	private static final String EIDCONTAINER_KEY_BINDINGCERT = "cert";
-	
+	 
 	public static final String REQ_PARAM_eID_BLOW = "eidToken";
 	
 	@Autowired(required=true) private AuthConfiguration authConfig;
@@ -111,7 +114,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 				throw new MOAIDException("NO eID data blob included!", null);
 			}
 								
-			parseDemoValuesIntoMOASession(pendingReq, pendingReq.getMOASession(), eIDBlobRawB64);
+			parseDemoValuesIntoMOASession(pendingReq, eIDBlobRawB64);
 			
 		} catch (MOAIDException e) {
 			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
@@ -133,7 +136,9 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 	 * @throws MOAIDException 
 	 * @throws IOException 
 	 */
-	private void parseDemoValuesIntoMOASession(IRequest pendingReq, IAuthenticationSession moaSession, String eIDBlobRawB64) throws MOAIDException, IOException {
+	private void parseDemoValuesIntoMOASession(IRequest pendingReq, String eIDBlobRawB64) throws MOAIDException, IOException {
+		IAuthenticationSession moaSession = new AuthenticationSession("1235", new Date());
+		
 		Logger.debug("Check eID blob signature  ... ");
 		byte[] eIDBlobRaw = Base64Utils.decode(eIDBlobRawB64.trim(), false);
 		
@@ -209,6 +214,8 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 			Logger.info("Session Restore completed");
 			
 			
+			pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession());
+			
 		} catch (MOAIDException e) {
 			throw e;
 			
@@ -236,6 +243,10 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 			Logger.error("Can not extract mobile-app binding-certificate from eID blob.", e);
 			throw new MOAIDException("Can not extract mobile-app binding-certificate from eID blob.", null, e);
 						
+		} catch (EAAFStorageException e) {
+			Logger.error("Can not populate pending-request with eID data.", e);
+			throw new MOAIDException("Can not populate pending-request with eID data.", null, e);
+			
 		} finally {
 						
 		}
@@ -243,7 +254,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 	}
 	
 	private SecretKey generateDecryptionKey(byte[] salt) throws MOAIDException {
-		String decryptionPassPhrase = authConfig.getBasicMOAIDConfiguration(CONF_EID_TOKEN_ENCRYPTION_KEY, "DEFAULTPASSWORD");			
+		String decryptionPassPhrase = authConfig.getBasicConfiguration(CONF_EID_TOKEN_ENCRYPTION_KEY, "DEFAULTPASSWORD");			
 		try {
 			SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
 			KeySpec spec = new PBEKeySpec(decryptionPassPhrase.toCharArray(), salt, 2000, 128);
@@ -276,7 +287,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 		}
 		SignerInfo signerInfos = verifySigResult.getSignerInfo();
 		DateTime date = new DateTime(signerInfos.getSigningTime().getTime());
-		Integer signingTimeJitter = Integer.valueOf(authConfig.getBasicMOAIDConfiguration(CONF_SIGNING_TIME_JITTER, "5"));
+		Integer signingTimeJitter = Integer.valueOf(authConfig.getBasicConfiguration(CONF_SIGNING_TIME_JITTER, "5"));
 		if (date.plusMinutes(signingTimeJitter).isBeforeNow()) {
 			Logger.warn("CMS signature-time is before: " + date.plusMinutes(signingTimeJitter));
 			throw new MOAIDException("CMS signature-time is before: " + date.plusMinutes(signingTimeJitter), null);
@@ -290,7 +301,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 		cmsSigVerifyReq.setSignatories(VerifyCMSSignatureRequestImpl.ALL_SIGNATORIES);
 		cmsSigVerifyReq.setExtended(false);
 		cmsSigVerifyReq.setPDF(false);
-		cmsSigVerifyReq.setTrustProfileId(authConfig.getBasicMOAIDConfiguration(CONF_MOASPSS_TRUSTPROFILE, "!!NOT SET!!!"));
+		cmsSigVerifyReq.setTrustProfileId(authConfig.getBasicConfiguration(CONF_MOASPSS_TRUSTPROFILE, "!!NOT SET!!!"));
 		cmsSigVerifyReq.setCMSSignature(new ByteArrayInputStream(eIDBlobRaw));				
 		return cmsSigVerifyReq;		
 	}
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
index 5c70b2628..9ce987956 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
@@ -25,21 +25,26 @@ package at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.tasks;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.URL;
+import java.util.Date;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.FileUtils;
@@ -50,7 +55,9 @@ import at.gv.egovernment.moa.util.FileUtils;
  */
 @Component("SecondBKAMobileAuthTask")
 public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
-
+ 
+	@Autowired AuthConfiguration moaAuthConfig;
+	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
@@ -60,7 +67,7 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
 		
 		try {
 			Logger.info("Add user credentials for BKA MobileAuth SAML2 test and finalize authentication");	
-			parseDemoValuesIntoMOASession(pendingReq, pendingReq.getMOASession());
+			parseDemoValuesIntoMOASession(pendingReq);
 
 			// store MOASession into database
 	    	requestStoreage.storePendingRequest(pendingReq);
@@ -78,8 +85,11 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
 	 * @param pendingReq
 	 * @param moaSession
 	 * @throws MOAIDException 
+	 * @throws EAAFStorageException 
 	 */
-	private void parseDemoValuesIntoMOASession(IRequest pendingReq, IAuthenticationSession moaSession) throws MOAIDException {
+	private void parseDemoValuesIntoMOASession(IRequest pendingReq) throws MOAIDException, EAAFStorageException {
+		IAuthenticationSession moaSession = new AuthenticationSession("1233", new Date());
+		
 		moaSession.setUseMandates(false);
 		moaSession.setForeigner(false);
 		
@@ -87,18 +97,20 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
 		moaSession.setQAALevel(PVPConstants.STORK_QAA_1_4);
 			
 		try {
-			String idlurl = FileUtils.makeAbsoluteURL(authConfig.getMonitoringTestIdentityLinkURL(), authConfig.getRootConfigFileDir());				
+			String idlurl = FileUtils.makeAbsoluteURL(moaAuthConfig.getMonitoringTestIdentityLinkURL(), moaAuthConfig.getRootConfigFileDir());				
 		  	URL keystoreURL = new URL(idlurl);					
 			InputStream idlstream = keystoreURL.openStream();
 			IIdentityLink identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink();			
 			moaSession.setIdentityLink(identityLink);
-			
+						
 		} catch (ParseException | IOException e) {
 			Logger.error("IdentityLink is not parseable.", e);
 			throw new MOAIDException("IdentityLink is not parseable.", null);
 			
 		}
 			
+		pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession());
+		
 	}
 
 }
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 6afc68161..46381fb3d 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -30,23 +30,25 @@ import org.apache.commons.lang.StringUtils;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonPrimitive;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIssuingNationAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType;
 import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIssuingNationAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSectorForIDAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePIN;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePINType;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder;
@@ -62,7 +64,6 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceVal
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.logging.Logger;
 
 public final class OAuth20AttributeBuilder {
@@ -70,7 +71,7 @@ public final class OAuth20AttributeBuilder {
 	private OAuth20AttributeBuilder() {
 		throw new InstantiationError();
 	}
-	
+	 
 	private static IAttributeGenerator<Pair<String, JsonPrimitive>> generator = new IAttributeGenerator<Pair<String, JsonPrimitive>>() {
 		
 		public Pair<String, JsonPrimitive> buildStringAttribute(final String friendlyName, final String name, final String value) {
@@ -206,7 +207,7 @@ public final class OAuth20AttributeBuilder {
 	}
 	
 	private static void addAttibutes(final List<IAttributeBuilder> builders, final JsonObject jsonObject,
-			final IOAAuthParameters oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) {
+			final ISPConfiguration oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) {
 		for (IAttributeBuilder b : builders) {
 			try {
 				//TODO: better solution requires more refactoring :(
@@ -222,7 +223,7 @@ public final class OAuth20AttributeBuilder {
 					jsonObject.add(attribute.getFirst(), attribute.getSecond());
 				}
 			}
-			catch (AttributeException e) {
+			catch (AttributeBuilderException e) {
 				Logger.info("Cannot add attribute " + b.getName());
 			}
 		}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java
index 076ded75a..b3586245b 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java
@@ -22,12 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class OpenIdAudiencesAttribute implements IAttributeBuilder {
 	
@@ -35,9 +34,9 @@ public class OpenIdAudiencesAttribute implements IAttributeBuilder {
 		return "aud";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException { 
-		return g.buildStringAttribute(this.getName(), "", oaParam.getPublicURLPrefix());
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException { 
+		return g.buildStringAttribute(this.getName(), "", oaParam.getUniqueIdentifier());
 	}
 	
 	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
index 0e99a18c3..933ee8904 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
@@ -22,12 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class OpenIdAuthenticationTimeAttribute implements IAttributeBuilder {
 	
@@ -35,9 +34,9 @@ public class OpenIdAuthenticationTimeAttribute implements IAttributeBuilder {
 		return "auth_time";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
-		return g.buildLongAttribute(this.getName(), "", ((long) (authData.getIssueInstant().getTime() / 1000)));
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+		return g.buildLongAttribute(this.getName(), "", ((long) (authData.getAuthenticationIssueInstant().getTime() / 1000)));
 	}
 	
 	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
index 05638c907..04efa3979 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
@@ -24,12 +24,11 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
 import java.util.Date;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class OpenIdExpirationTimeAttribute implements IAttributeBuilder {
 	
@@ -39,8 +38,8 @@ public class OpenIdExpirationTimeAttribute implements IAttributeBuilder {
 		return "exp";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000 + expirationTime));
 	}
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
index b40d752eb..459d2b1cd 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
@@ -24,12 +24,11 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
 import java.util.Date;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class OpenIdIssueInstantAttribute implements IAttributeBuilder {
 	
@@ -37,8 +36,8 @@ public class OpenIdIssueInstantAttribute implements IAttributeBuilder {
 		return "iat";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000));
 	}
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
index d212feb12..2f4124c32 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
@@ -22,12 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class OpenIdIssuerAttribute implements IAttributeBuilder {
 	
@@ -35,9 +34,9 @@ public class OpenIdIssuerAttribute implements IAttributeBuilder {
 		return "iss";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
-		return g.buildStringAttribute(this.getName(), "", authData.getIssuer());
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+		return g.buildStringAttribute(this.getName(), "", authData.getAuthenticationIssuer());
 	}
 	
 	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
index 99465bf95..66b6a2518 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
@@ -22,27 +22,27 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class OpenIdNonceAttribute implements IAttributeBuilder {
 	
-	public String getName() {
+	public String getName() { 
 		return "nonce";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException { 
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException { 
 		return g.buildStringAttribute(this.getName(), "", null);
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest,
-			IAttributeGenerator<ATT> g) throws AttributeException { 
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException { 
 		if (MiscUtil.isNotEmpty(oAuthRequest.getNonce()))
 			return g.buildStringAttribute(this.getName(), "", oAuthRequest.getNonce());
 		else
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
index 4b1219c9d..e3e717ec3 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
@@ -22,12 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class OpenIdSubjectIdentifierAttribute implements IAttributeBuilder {
 	
@@ -35,8 +34,8 @@ public class OpenIdSubjectIdentifierAttribute implements IAttributeBuilder {
 		return "sub";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		return g.buildStringAttribute(this.getName(), "", authData.getBPK());
 	}
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
index f1b0bd108..d23877395 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
@@ -22,12 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class ProfileDateOfBirthAttribute implements IAttributeBuilder {
 	
@@ -35,8 +34,8 @@ public class ProfileDateOfBirthAttribute implements IAttributeBuilder {
 		return "birthdate";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		return g.buildStringAttribute(this.getName(), "", authData.getFormatedDateOfBirth());
 	}
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
index 0ea6ba643..540962a29 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
@@ -22,12 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class ProfileFamilyNameAttribute implements IAttributeBuilder {
 	
@@ -35,8 +34,8 @@ public class ProfileFamilyNameAttribute implements IAttributeBuilder {
 		return "family_name";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		return g.buildStringAttribute(this.getName(), "", authData.getFamilyName());
 	}
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
index e6c7fd18d..f6f774a46 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
@@ -22,12 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class ProfileGivenNameAttribute implements IAttributeBuilder {
 	
@@ -35,8 +34,8 @@ public class ProfileGivenNameAttribute implements IAttributeBuilder {
 		return "given_name";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		return g.buildStringAttribute(this.getName(), "", authData.getGivenName());
 	}
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index 67c0aafce..1528cfb28 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -22,30 +22,22 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
 
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Map;
-
 import javax.servlet.http.HttpServletRequest;
 
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
-import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
 import at.gv.egovernment.moa.logging.Logger;
 
 @Component("OAuth20AuthRequest")
@@ -102,7 +94,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 	 *            the state to set
 	 */
 	public void setState(String state) {
-		this.state = state;
+		this.state = state; 
 	}
 	
 	/**
@@ -188,7 +180,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 		// check if client id and redirect uri are ok
 		try {
 			// OAOAUTH20 cannot be null at this point. check was done in base request
-			IOAAuthParameters oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL());
+			IOAAuthParameters oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getSPEntityId());
 			
 			
 			if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
@@ -206,40 +198,40 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 		
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
-	 */
-	@Override
-	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
-		Map<String, String> reqAttr = new HashMap<String, String>();
-		for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
-			reqAttr.put(el, "");
-						
-		for (String s : scope.split(" ")) {
-			if (s.equalsIgnoreCase("profile")) {
-				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile())
-					reqAttr.put(el.getName(), "");
-
-			} else if (s.equalsIgnoreCase("eID")) {
-				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid())
-					reqAttr.put(el.getName(), "");
-				
-			} else if (s.equalsIgnoreCase("eID_gov")) {
-				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov())
-					reqAttr.put(el.getName(), "");
-				
-			} else if (s.equalsIgnoreCase("mandate")) {
-				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate())
-					reqAttr.put(el.getName(), "");
-				
-			} else if (s.equalsIgnoreCase("stork")) {
-				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork())
-					reqAttr.put(el.getName(), "");
-				
-			}
-		}
-		
-		//return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
-		return reqAttr.keySet();
-	}
+//	/* (non-Javadoc)
+//	 * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+//	 */
+//	@Override
+//	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
+//		Map<String, String> reqAttr = new HashMap<String, String>();
+//		for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
+//			reqAttr.put(el, "");
+//						
+//		for (String s : scope.split(" ")) {
+//			if (s.equalsIgnoreCase("profile")) {
+//				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile())
+//					reqAttr.put(el.getName(), "");
+//
+//			} else if (s.equalsIgnoreCase("eID")) {
+//				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid())
+//					reqAttr.put(el.getName(), "");
+//				
+//			} else if (s.equalsIgnoreCase("eID_gov")) {
+//				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov())
+//					reqAttr.put(el.getName(), "");
+//				
+//			} else if (s.equalsIgnoreCase("mandate")) {
+//				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate())
+//					reqAttr.put(el.getName(), "");
+//				
+//			} else if (s.equalsIgnoreCase("stork")) {
+//				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork())
+//					reqAttr.put(el.getName(), "");
+//				
+//			}
+//		}
+//		
+//		//return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
+//		return reqAttr.keySet();
+//	}
 }
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
index d3136b43e..2ce5234ac 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -30,12 +30,13 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
@@ -49,6 +50,8 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 	
 	protected Set<String> allowedParameters = new HashSet<String>();
 		
+	@Autowired(required=true) protected IConfiguration authConfig;
+	
 	protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception {
 		String param = request.getParameter(name);
 		Logger.debug("Reading param " + name + " from HttpServletRequest with value " + param);
@@ -70,8 +73,8 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 			if (!ParamValidatorUtils.isValidOA(oaURL)) {
 				throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
 			}
-			this.setOAURL(oaURL);
-			IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL);
+			this.setSPEntityId(oaURL);
+			ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaURL);
 			
 			if (oaParam == null) {
 				throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
@@ -83,7 +86,7 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 				throw new OAuth20OANotSupportedException();
 			}
 		}
-		catch (ConfigurationException e) {
+		catch (EAAFConfigurationException e) {
 			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
 		}
 		
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 5acb1c547..ff802136f 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -57,7 +57,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 		return PATH;
 	}
 	
-	/**
+	/** 
 	 * 
 	 */
 	public OAuth20Protocol() {
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
index 4c829f6ca..4ae255d1d 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
@@ -49,7 +49,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
+import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -182,7 +182,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 					pendingReq.getClass().isInstance(storkRequst)) {
 				
 				try {									
-					secClass = PVPtoSTORKMapper.getInstance().mapToSecClass(
+					secClass = LoALevelMapper.getInstance().mapToSecClass(
 							PVPConstants.STORK_QAA_PREFIX + String.valueOf(storkSecClass));
 				
 				} catch (Exception e) {
-- 
cgit v1.2.3


From 6b38531ef2a829e3dab513ae8c679511a848421d Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 14 Jun 2018 16:30:49 +0200
Subject: untested, but without dependency problems

---
 .../gv/egovernment/moa/id/moduls/SSOManager.java   |  2 +
 .../MandateNaturalPersonBPKAttributeBuilder.java   |  2 +-
 .../moa/id/auth/AuthenticationServer.java          | 35 +++++-----
 .../AuthenticationBlockAssertionBuilder.java       |  5 +-
 .../auth/builder/GetIdentityLinkFormBuilder.java   |  7 +-
 .../internal/DefaultCitizenCardAuthModuleImpl.java |  6 +-
 .../internal/tasks/CertificateReadRequestTask.java | 14 ++--
 .../internal/tasks/CreateIdentityLinkFormTask.java | 15 ++--
 .../modules/internal/tasks/GetForeignIDTask.java   | 15 ++--
 .../internal/tasks/GetMISSessionIDTask.java        | 24 ++++---
 .../tasks/InitializeBKUAuthenticationTask.java     | 30 ++++----
 .../tasks/PrepareAuthBlockSignatureTask.java       |  8 ++-
 .../internal/tasks/PrepareGetMISMandateTask.java   | 30 ++++----
 .../tasks/VerifyAuthenticationBlockTask.java       | 11 +--
 .../internal/tasks/VerifyCertificateTask.java      | 16 ++---
 .../internal/tasks/VerifyIdentityLinkTask.java     | 11 +--
 .../CreateXMLSignatureResponseValidator.java       |  8 +--
 .../VerifyXMLSignatureResponseValidator.java       |  4 +-
 .../moa/id/util/CitizenCardServletUtils.java       |  6 +-
 .../MOAeIDASSAMLEngineConfigurationImpl.java       |  4 +-
 .../eidas/eIDASAuthenticationModulImpl.java        |  6 +-
 .../engine/MOAeIDASChainingMetadataProvider.java   | 13 +++-
 .../eidas/tasks/CreateIdentityLinkTask.java        | 23 ++++---
 .../eidas/tasks/GenerateAuthnRequestTask.java      | 23 ++++---
 .../eidas/tasks/ReceiveAuthnResponseTask.java      | 27 ++++----
 .../auth/modules/eidas/utils/SAMLEngineUtils.java  |  2 +-
 .../eidas/utils/SimpleEidasAttributeGenerator.java |  4 +-
 .../modules/eidas/utils/eIDASAttributeBuilder.java | 23 ++++---
 .../moa/id/protocols/eidas/EIDASData.java          | 11 +--
 .../moa/id/protocols/eidas/EIDASProtocol.java      | 26 +++----
 .../id/protocols/eidas/EidasMetaDataRequest.java   | 12 ++--
 .../eidas/attributes/builder/IeIDASAttribute.java  |  4 +-
 .../attributes/builder/eIDASAttrDateOfBirth.java   |  4 +-
 .../attributes/builder/eIDASAttrFamilyName.java    | 14 ++--
 .../attributes/builder/eIDASAttrGivenName.java     | 12 ++--
 .../builder/eIDASAttrLegalPersonIdentifier.java    | 39 ++++++-----
 .../eIDASAttrNaturalPersonalIdentifier.java        | 14 ++--
 ...DASAttrRepresentativeLegalPersonIdentifier.java | 46 +++++++------
 ...ttrRepresentativeNaturalPersonalIdentifier.java | 14 ++--
 .../eidas/eIDASAuthenticationRequest.java          | 16 +++--
 .../eidas/validator/eIDASResponseValidator.java    |  3 +-
 .../elgamandates/ELGAMandatesAuthModuleImpl.java   |  6 +-
 .../tasks/EvaluateMandateServiceTask.java          |  6 +-
 .../tasks/ReceiveElgaMandateResponseTask.java      | 27 ++++----
 .../tasks/RedirectToMandateSelectionTask.java      |  4 +-
 .../elgamandates/tasks/RequestELGAMandateTask.java | 14 ++--
 .../tasks/SelectMandateServiceTask.java            |  6 +-
 .../utils/ELGAMandateServiceMetadataProvider.java  |  2 +-
 .../elgamandates/utils/ELGAMandateUtils.java       |  9 +--
 .../utils/ELGAMandatesCredentialProvider.java      | 19 +++---
 .../attributes/OAuth20AttributeBuilder.java        | 13 ++--
 .../oauth20/protocol/OAuth20AuthAction.java        | 16 ++---
 .../oauth20/protocol/OAuth20AuthRequest.java       |  8 +--
 .../oauth20/protocol/OAuth20Protocol.java          | 49 +++++++-------
 .../oauth20/protocol/OAuth20TokenAction.java       |  8 +--
 .../oauth20/protocol/OAuth20TokenRequest.java      | 25 +++----
 .../sl20_auth/SL20AuthenticationModulImpl.java     | 10 +--
 .../modules/sl20_auth/sl20/JsonSecurityUtils.java  | 15 ++--
 .../sl20_auth/tasks/CreateQualeIDRequestTask.java  | 21 +++---
 .../sl20_auth/tasks/ReceiveQualeIDTask.java        | 21 +++---
 .../ssotransfer/SSOTransferAuthModuleImpl.java     |  6 +-
 .../data/SSOTransferAuthenticationData.java        | 60 +++++++++-------
 .../data/SSOTransferOnlineApplication.java         | 57 +++++++++++-----
 .../ssotransfer/servlet/SSOTransferServlet.java    | 23 +++++--
 .../task/InitializeRestoreSSOSessionTask.java      |  6 +-
 .../ssotransfer/task/RestoreSSOSessionTask.java    | 28 ++++----
 .../auth/modules/ssotransfer/utils/GUIUtils.java   |  4 +-
 .../ssotransfer/utils/SSOContainerUtils.java       |  7 +-
 .../FederatedAuthenticationModuleImpl.java         |  6 +-
 .../tasks/CreateAuthnRequestTask.java              | 14 ++--
 .../tasks/ReceiveAuthnResponseTask.java            | 79 +++++++++++-----------
 .../utils/FederatedAuthCredentialProvider.java     | 19 +++---
 .../AuthenticationDataAssertionBuilder.java        | 19 +++---
 .../moa/id/protocols/saml1/GetArtifactAction.java  | 14 ++--
 .../saml1/GetAuthenticationDataService.java        | 18 +++--
 .../protocols/saml1/SAML1AuthenticationServer.java | 29 ++++----
 .../moa/id/protocols/saml1/SAML1Protocol.java      | 51 +++++++-------
 .../moa/id/protocols/saml1/SAML1RequestImpl.java   | 59 +++++++---------
 .../moa/id/auth/parser/SAMLArtifactParserTest.java |  4 +-
 .../moa/id/monitoring/DatabaseTestModule.java      |  4 +-
 .../moa/id/monitoring/IdentityLinkTestModule.java  |  2 +-
 pom.xml                                            | 10 +--
 82 files changed, 728 insertions(+), 659 deletions(-)

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index d3d7a9456..1274a0407 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -73,6 +73,8 @@ public class SSOManager implements ISSOManager {
 	private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec
 
 	public static final String DATAID_INTERFEDERATIOIDP_URL = "INTERFEDERATIOIDP_URL";
+	public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "INTERFEDERATIOIDP_RESPONSE";
+	public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "INTERFEDERATIOIDP_ENTITYID";
 	
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
 	@Autowired private AuthConfiguration authConfig;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index 9160ef453..ac3828750 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -105,7 +105,7 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
 		return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME);
 	}
 	
-	protected Pair<String, String> internalBPKGenerator(IOAAuthParameters oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException {		
+	protected Pair<String, String> internalBPKGenerator(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException {		
 		//get PVP attribute directly, if exists 
 		Pair<String, String> calcResult = null;
 		if (authData instanceof IMOAAuthData) {
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index d76e72aa4..2b2a8cab6 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -25,10 +25,8 @@ import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 import org.xml.sax.SAXException;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
-import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
@@ -58,6 +56,7 @@ import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
@@ -72,6 +71,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
 import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
@@ -93,7 +93,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 
 	@Autowired private MOAReversionLogger revisionsLogger;
 	@Autowired private AuthConfiguration authConfig;
-	
+	 
 	/**
 	 * Constructor for AuthenticationServer.
 	 */
@@ -145,9 +145,9 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 		}
 
 		//load OnlineApplication configuration
-		IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+		IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
 		if (oaParam == null)
-			throw new AuthenticationException("auth.00", new Object[]{pendingReq.getOAURL()});
+			throw new AuthenticationException("auth.00", new Object[]{pendingReq.getSPEntityId()});
 
 		//load Template
 		String templateURL = pendingReq.getGenericData(
@@ -200,7 +200,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 
 		//build DataURL for BKU request
 		String dataURL = new DataURLBuilder().buildDataURL(
-				pendingReq.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, pendingReq.getRequestID());
+				pendingReq.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, pendingReq.getPendingRequestId());
 
 		//removed in MOAID 2.0
 		String pushInfobox = "";
@@ -295,7 +295,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 		// builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
 		Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
 		.build(identityLink, authConfig
-				.getMoaSpIdentityLinkTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseIDLTestTrustStore()));
+				.getMoaSpIdentityLinkTrustProfileID(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).isUseIDLTestTrustStore()));
 
 		// invokes the call
 		Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance()
@@ -304,7 +304,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 		IVerifiyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
 				domVerifyXMLSignatureResponse).parseData();
 
-		IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+		IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
 		
 		// validates the <VerifyXMLSignatureResponse>
 		VerifyXMLSignatureResponseValidator.getInstance().validate(
@@ -319,8 +319,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 		//Removed in MOA-ID 2.0
 		//verifyInfoboxes(session, infoboxReadResponseParameters, false);
 
-		revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
-				pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED);
+		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED);
 		
 		return "found!";
 	}
@@ -398,7 +397,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 			throw new AuthenticationException("auth.10", new Object[]{
 					GET_MIS_SESSIONID, PARAM_SESSIONID});
 
-		IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+		IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
 		try {
 			// sets the extended SAML attributes for OID (Organwalter)
 			setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam
@@ -435,7 +434,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 			IAuthenticationSession session, IRequest pendingReq) throws ConfigurationException,
 			BuildException, ValidateException {
 
-		IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+		IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
 
 		// builds the AUTH-block
 		String authBlock = buildAuthenticationBlock(session, oaParam, pendingReq);
@@ -448,7 +447,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 				transformsInfos);
 		
 		SpecificTraceLogger.trace("Req. Authblock: " + createXMLSignatureRequest);
-		SpecificTraceLogger.trace("OA config: " + pendingReq.getOnlineApplicationConfiguration().toString());
+		SpecificTraceLogger.trace("OA config: " + pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).toString());
 		SpecificTraceLogger.trace("saml1RequestedTarget: " + pendingReq.getGenericData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class));
 		SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + pendingReq.getGenericData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class));	
 				
@@ -514,8 +513,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 				xmlReadInfoboxResponse);
 		X509Certificate cert = p.parseCertificate();
 
-		revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
-				pendingReq, MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED);
+		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED);
 		
 		return cert;
 
@@ -966,7 +964,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 
 		// builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call
 		List<String> vtids = authConfig.getMoaSpAuthBlockVerifyTransformsInfoIDs();
-		String tpid = authConfig.getMoaSpAuthBlockTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseAuthBlockTestTestStore());
+		String tpid = authConfig.getMoaSpAuthBlockTrustProfileID(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).isUseAuthBlockTestTestStore());
 		Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp,
 				vtids, tpid);
 		// debug output
@@ -996,7 +994,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 			}
 		}
 
-		IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+		IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
 
 		// validates the <VerifyXMLSignatureResponse>
 		VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp,
@@ -1037,8 +1035,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 		//set QAA Level four in case of card authentifcation
 		session.setQAALevel(PVPConstants.STORK_QAA_1_4);
 		
-		revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
-				pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED);
+		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED);
 		
 		revisionsLogger.logPersonalInformationEvent(pendingReq, session.getIdentityLink() 
 				);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index 1c5fe0c5b..bbd90fdaa 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -47,13 +47,13 @@ import javax.xml.transform.stream.StreamResult;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -69,8 +69,7 @@ import at.gv.egovernment.moa.util.StringUtils;
  * Builder for the authentication block <code>&lt;saml:Assertion&gt;</code>
  * to be included in a <code>&lt;CreateXMLSignatureResponse&gt;</code>.
  * 
- * @author Paul Ivancsics
- * @version $Id$
+ * @author Paul Ivancsics 
  */
 public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertionBuilder implements Constants {
 
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
index 8c3147af2..e4063903d 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
@@ -50,9 +50,9 @@ import java.io.IOException;
 import java.io.StringReader;
 import java.io.StringWriter;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -156,9 +156,10 @@ public class GetIdentityLinkFormBuilder extends Builder {
     String dataURL, 
     String certInfoXMLRequest, 
     String certInfoDataURL, 
-    String pushInfobox, IOAAuthParameters oaParam, 
+    String pushInfobox, 
+    IOAAuthParameters oaParam, 
     String appletheigth,
-    String appletwidth,
+    String appletwidth, 
   	String contextURL)
   throws BuildException 
   {      
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
index c6faad2bb..5bf0bc422 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
@@ -3,9 +3,9 @@ package at.gv.egovernment.moa.id.auth.modules.internal;
 
 import org.apache.commons.lang3.StringUtils;
 
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 
 /**
  * Module descriptor
@@ -16,7 +16,7 @@ public class DefaultCitizenCardAuthModuleImpl implements AuthModule {
 	public int getPriority() {
 		return 0;
 	}
-
+ 
 	@Override
 	public String selectProcess(ExecutionContext context) {		
 		//select process if BKU is selected and it is no STORK authentication
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
index 3e2ebdc3c..f53dfae45 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
@@ -10,15 +10,15 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.lang3.BooleanUtils;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.CitizenCardServletUtils;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -50,10 +50,9 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask {
 			throws TaskExecutionException {
 		Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
 					
-		try {
+		try { 
 			//execute default task initialization
-			defaultTaskInitialization(req, executionContext);
-		
+			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
 			boolean useMandate = moasession.isMandateUsed();
 			boolean identityLinkAvailable = BooleanUtils.isTrue((Boolean) executionContext.get("identityLinkAvailable"));	
 			if (!identityLinkAvailable && useMandate) {
@@ -66,7 +65,7 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask {
 
 			// build dataurl (to the VerifyCertificateSerlvet)
 			String dataurl = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), REQ_VERIFY_CERTIFICATE,
-					pendingReq.getRequestID());
+					pendingReq.getPendingRequestId());
 
 			CitizenCardServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest,
 					AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
@@ -77,9 +76,6 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask {
 		} catch (IOException e) {
 			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
 			
-		} catch (MOADatabaseException e1) {
-			throw new TaskExecutionException(pendingReq, e1.getMessage(), e1);
-			
 		} finally {
 			
 		}		
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
index fbb900cf6..af8f780ec 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
@@ -10,14 +10,15 @@ import org.springframework.stereotype.Component;
 
 import com.google.common.net.MediaType;
 
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.StringUtils;
 
@@ -61,20 +62,18 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
 			throws TaskExecutionException {		
-		try {
+		try { 
 			//execute default task initialization
-			defaultTaskInitialization(req, executionContext);
-						
+			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			
 	    	//normal MOA-ID authentication
 	    	Logger.debug("Starting normal MOA-ID authentication");		    			    	    	
 	    	String getIdentityLinkForm = authServer.startAuthentication(moasession, req, pendingReq);	   
 
 			
 			if (BooleanUtils.isTrue((Boolean) executionContext.get("useMandate")))
-				revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
-						pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED);			
-				revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
-					pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, moasession.getBkuURL());
+				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED);			
+				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, moasession.getBkuURL());
 				     				
 			if (!StringUtils.isEmpty(getIdentityLinkForm)) {
 				byte[] content = getIdentityLinkForm.getBytes("UTF-8");
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
index 1f20ee389..ec1de6155 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
@@ -18,10 +18,12 @@ import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
@@ -31,7 +33,6 @@ import at.gv.egovernment.moa.id.client.SZRGWClientException;
 import at.gv.egovernment.moa.id.client.utils.SZRGWClientUtils;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -72,7 +73,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
 	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
 			throws TaskExecutionException {
 
-		Logger.debug("POST GetForeignIDServlet");
+		Logger.debug("POST GetForeignIDServlet"); 
 
 		Map<String, String> parameters;
 
@@ -94,8 +95,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
 			Logger.debug(xmlCreateXMLSignatureResponse);
 			
 			//execute default task initialization
-			defaultTaskInitialization(req, executionContext);
-			
+			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
 		
 			CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse)
 					.parseResponseDsig();
@@ -122,8 +122,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
 				throw new MOAIDException("auth.14", null);
 			}
 
-			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
-					pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_CONNECTED);
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_CONNECTED);
 			
 			// make SZR request to the identity link
 			CreateIdentityLinkResponse response = SZRGWClientUtils.getIdentityLink(pendingReq, signature);
@@ -143,10 +142,10 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
 
 				authServer.getForeignAuthenticationData(moasession);
 				
-				revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
-						pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED);
+				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED);
 
 				//store pending request
+				pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 				requestStoreage.storePendingRequest(pendingReq);
 
  
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
index a56c8f6ac..d81afee7b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
@@ -15,16 +15,19 @@ import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
 import org.xml.sax.SAXException;
 
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.MISMandate;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
 import at.gv.egovernment.moa.logging.Logger;
@@ -58,28 +61,29 @@ import iaik.pki.PKIException;
 public class GetMISSessionIDTask extends AbstractAuthServletTask {
 
 	@Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer;
+	@Autowired private AuthConfiguration moaAuthConfig;
 	
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
 			throws TaskExecutionException {
-		
+		 
 		Logger.debug("POST GetMISSessionIDServlet");
 
 		try {
 			//execute default task initialization
-			defaultTaskInitialization(req, executionContext);
+			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
 			
 			//get MIS sessionID
 			String misSessionID = moasession.getMISSessionID();
 
 			//get mandates from MIS
-			ConnectionParameterInterface connectionParameters = authConfig
-					.getOnlineMandatesConnectionParameter(pendingReq.getOnlineApplicationConfiguration());
+			ConnectionParameterInterface connectionParameters = moaAuthConfig
+					.getOnlineMandatesConnectionParameter(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class));
 			SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(
-					authConfig,
+					moaAuthConfig,
 					connectionParameters);
 			List<MISMandate> list = MISSimpleClient.sendGetMandatesRequest(
-					connectionParameters.getUrl(), misSessionID, sslFactory, authConfig);
+					connectionParameters.getUrl(), misSessionID, sslFactory, moaAuthConfig);
 
 			//check if mandates received
 			if (list == null || list.size() == 0) {
@@ -87,8 +91,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
 				throw new AuthenticationException("auth.15", null);
 			}
 
-			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
-					pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED);
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED);
 
 			
 			// for now: list contains only one element
@@ -114,9 +117,10 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
 			moasession.setMISMandate(mandate);
 			
 			//log mandate specific set of events
-			revisionsLogger.logMandateEventSet(pendingReq, mandate);
+			//revisionsLogger.logMandateEventSet(pendingReq, mandate);
 									
 			//store pending request with new MOASession data information
+			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 			
 			
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
index ceaf4ca38..b170d9e89 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
@@ -30,17 +30,19 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -53,11 +55,12 @@ import at.gv.egovernment.moa.util.MiscUtil;
 public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
 
 	@Autowired StartAuthentificationParameterParser authInitialisationParser;
+	@Autowired private AuthConfiguration moaAuthConfig;
 	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
-	@Override
+	@Override 
 	public void execute(ExecutionContext executionContext,
 			HttpServletRequest request, HttpServletResponse response)
 			throws TaskExecutionException {
@@ -81,10 +84,10 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
 	}
 	
 	protected void internalInitializeWithoutPersist(ExecutionContext executionContext,
-			HttpServletRequest request, HttpServletResponse response) throws WrongParametersException, MOAIDException, MOADatabaseException {
+			HttpServletRequest request, HttpServletResponse response) throws EAAFException {
 		
 		Logger.info("BKU is selected -> Start BKU communication ...");			
-		defaultTaskInitialization(request, executionContext);
+		AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
 		
 		boolean isLegacyRequest = false;
 		Object isLegacyRequestObj = executionContext.get("isLegacyRequest");
@@ -109,14 +112,13 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
 	    	}
 							
 	    	//load OA Config
-			IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+			IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
 			
 			if (oaParam == null)
-				throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() });
+				throw new AuthenticationException("auth.00", new Object[] { pendingReq.getSPEntityId() });
 			
 			else {
-				revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
-						pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid);
+				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid);
 				
 		    	//get Target from config or from request in case of SAML 1				
 				String target = null;
@@ -128,7 +130,7 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
 		    	String bkuURL = oaParam.getBKUURL(bkuid);
 		    	if (MiscUtil.isEmpty(bkuURL)) {
 		    		Logger.info("No OA specific BKU defined. Use BKU from default configuration");
-		    		bkuURL = authConfig.getDefaultBKUURL(bkuid);
+		    		bkuURL = moaAuthConfig.getDefaultBKUURL(bkuid);
 		    	}
 		    	
 		    	//search for OA specific template
@@ -139,13 +141,13 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
 		    		templateURL = oaTemplateURLList.get(0);
 		    		
 		    	} else {		    	
-		    		templateURL = authConfig.getSLRequestTemplates(bkuid);
+		    		templateURL = moaAuthConfig.getSLRequestTemplates(bkuid);
 		    	}
 		    	
 		    	//make url absolut if it is a local url
 	    		if (MiscUtil.isNotEmpty(templateURL))
 	    			templateURL = FileUtils.makeAbsoluteURL(templateURL, 
-	    					authConfig.getRootConfigFileDir());
+	    					moaAuthConfig.getRootConfigFileDir());
 		    	
 		    	if (oaParam.isOnlyMandateAllowed()) 
 		    		useMandate = "true";
@@ -156,7 +158,7 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
 		    	//parse all OA parameters i
 		    	authInitialisationParser.parse(	moasession, 
 		    									target, 
-		    									pendingReq.getOAURL(),
+		    									pendingReq.getSPEntityId(),
 		    									bkuURL,
 		    									templateURL,
 		    									useMandate,
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
index 2fac58e44..d1d0ef086 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
@@ -7,11 +7,12 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.CitizenCardServletUtils;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -40,7 +41,7 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask {
 
 	@Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer;
 	
-	@Override
+	@Override 
 	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
 			throws TaskExecutionException {
 		// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet
@@ -49,13 +50,14 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask {
 		
 		try {
 			//initialize task
-			defaultTaskInitialization(req, executionContext);
+			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
 			
 			//build authBlock
 			String createXMLSignatureRequest = authServer
 					.getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq);
 
 			//store pending request with new MOASession data information
+			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 			
 			//write response
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
index 805b1b8f1..4db814246 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
@@ -30,18 +30,21 @@ import javax.net.ssl.SSLSocketFactory;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import org.w3c.dom.Element;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MISSimpleClientException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
@@ -55,7 +58,9 @@ import at.gv.egovernment.moa.util.DOMUtils;
 @Component("PrepareGetMISMandateTask")
 public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
 
-	/* (non-Javadoc)
+	@Autowired private AuthConfiguration moaAuthConfig;
+	
+	/* (non-Javadoc) 
 	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
 	@Override
@@ -66,11 +71,11 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
 		//mandate Mode
 		try {
 			//perform default task initialization
-			defaultTaskInitialization(request, executionContext);
+			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
 						
 			ConnectionParameterInterface connectionParameters = 
-					authConfig.getOnlineMandatesConnectionParameter(pendingReq.getOnlineApplicationConfiguration());	
-			SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(authConfig, connectionParameters);
+					moaAuthConfig.getOnlineMandatesConnectionParameter(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class));	
+			SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(moaAuthConfig, connectionParameters);
 			
 			// get identitity link as byte[]
 			Element elem = moasession.getIdentityLink().getSamlAssertion();
@@ -83,9 +88,9 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
 	        String redirectURL = new DataURLBuilder().buildDataURL(
 			    pendingReq.getAuthURL(),
 			    GET_MIS_SESSIONID,
-			    pendingReq.getRequestID());
+			    pendingReq.getPendingRequestId());
 			
-	        IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+	        IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
 	        List<String> profiles = oaParam.getMandateProfiles();
 
 	        if (profiles == null) {
@@ -101,8 +106,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
 	        //TODO: check in case of SSO!!!
 	        String targetType = oaParam.getAreaSpecificTargetIdentifier();  
 	        
-	        revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
-					pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED, mandateReferenceValue);
+	        revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED, mandateReferenceValue);
 	        
 	        MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(
 	        		connectionParameters.getUrl(), 
@@ -115,7 +119,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
 	        		targetType,
 	        		authBlock,
 	        		sslFactory,
-	        		authConfig);
+	        		moaAuthConfig);
 	        
 	        if (misSessionID == null) {
 	      	  Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
@@ -127,10 +131,10 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
 	        moasession.setMISSessionID(misSessionID.getSessiondId());
 		
 	      //store pending request with new MOASession data information
+	        pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 	        			
-			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
-					pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT);
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT);
 			
 	        response.setStatus(302);
 	    	response.addHeader("Location", redirectMISGUI);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
index c16eec30c..3b70c55e9 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
@@ -13,13 +13,14 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -55,7 +56,7 @@ import at.gv.egovernment.moa.logging.Logger;
  * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet}.
  * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
  *
- */
+ */ 
 @Component("VerifyAuthenticationBlockTask")
 public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
 
@@ -86,15 +87,15 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
 				throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
 
 			//execute default task initialization
-			defaultTaskInitialization(req, executionContext);
+			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
 			
-			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
-					pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
 			
 			//verify authBlock
 			authServer.verifyAuthenticationBlock(pendingReq, moasession, createXMLSignatureResponse);
 			
 			//store pending request with new MOASession data information
+			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 							
 		}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
index e7a66b5a9..5b207d33e 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
@@ -13,14 +13,15 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.CitizenCardServletUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.spss.util.CertificateUtils;
@@ -56,7 +57,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
 
 	@Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer;
 	
-	@Override
+	@Override 
 	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
 			throws TaskExecutionException {
 
@@ -76,10 +77,9 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
 				
 	    try {
 	    	//execute default task initialization
-			defaultTaskInitialization(req, executionContext);
+	    	AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
 			
-			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
-					pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
 	    		    	
 	    	//read certificate from response
     		X509Certificate cert = authServer.getCertificate(pendingReq, parameters);
@@ -98,6 +98,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
 	    				authServer.getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq);
 	    		
 	    		//store pending request with new MOASession data information
+	    		pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 				requestStoreage.storePendingRequest(pendingReq);
 	    		
 		    	CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
@@ -113,8 +114,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
 	    		}
 	    		
 	    		// Foreign Identities Modus	
-	    		revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
-						pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND);
+	    		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND);
 	    		
 		    	String createXMLSignatureRequest = authServer.createXMLSignatureRequestForeignID(pendingReq, cert);
 		    	
@@ -123,7 +123,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
 	             new DataURLBuilder().buildDataURL(
 	               pendingReq.getAuthURL(),
 	               REQ_GET_FOREIGN_ID,
-	               pendingReq.getRequestID());
+	               pendingReq.getPendingRequestId());
 	      		    	
 		    	CitizenCardServletUtils.writeCreateXMLSignatureRequest(resp, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
 		    	
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
index b9fed684c..99eba56c1 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
@@ -10,13 +10,14 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -48,7 +49,7 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
 
 	@Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer;
 	
-	@Override
+	@Override 
 	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
 			throws TaskExecutionException {
 
@@ -65,15 +66,15 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
 		
 		try {
 			//execute default task initialization
-			defaultTaskInitialization(req, executionContext);
+			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
 		
-			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
-					pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
 
 			//verify identityLink
 			boolean identityLinkAvailable = authServer.verifyIdentityLink(pendingReq, moasession, parameters) != null;
 			
 			//store pending request with new MOASession data information
+			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 
 			//set 'identityLink exists' flag to context
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 21de37603..44c3992d0 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -56,7 +56,6 @@ import javax.xml.bind.DatatypeConverter;
 import org.jaxen.SimpleNamespaceContext;
 import org.w3c.dom.Element;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
@@ -65,6 +64,7 @@ import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.ValidateException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
@@ -138,7 +138,7 @@ public class CreateXMLSignatureResponseValidator {
   public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, IAuthenticationSession session, IRequest pendingReq)
    throws ValidateException, BuildException, ConfigurationException {
       // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
-    IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+    IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
     String oaURL = oaParam.getPublicURLPrefix(); 
     IIdentityLink identityLink = session.getIdentityLink();
     
@@ -663,11 +663,11 @@ public class CreateXMLSignatureResponseValidator {
 	  } catch (Exception e) {
 		  SpecificTraceLogger.trace("Validate AuthBlock with SSO");
 		  SpecificTraceLogger.trace("Signed AuthBlock: " + session.getAuthBlock());
-		  SpecificTraceLogger.trace("OA config: " + pendingReq.getOnlineApplicationConfiguration().toString());		  
+		  SpecificTraceLogger.trace("OA config: " + pendingReq.getServiceProviderConfiguration().toString());		  
 		  throw e;
 		  
 	  }
-    
+     
   }
   
   public void validateSigningDateTime( CreateXMLSignatureResponse csresp) throws ValidateException {
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index f9a432a9f..17a3fe7ab 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -54,10 +54,10 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Set;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.ValidateException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -113,7 +113,7 @@ public class VerifyXMLSignatureResponseValidator {
   public void validate(IVerifiyXMLSignatureResponse verifyXMLSignatureResponse,
                        List<String> identityLinkSignersSubjectDNNames, 
                        String whatToCheck,
-                       IOAAuthParameters oaParam)
+                       IOAAuthParameters oaParam) 
     throws ValidateException, ConfigurationException {
 
     if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0)
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
index 3eb1114ea..01e349d0f 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
@@ -70,7 +70,7 @@ import at.gv.egovernment.moa.logging.Logger;
  */
 public class CitizenCardServletUtils extends ServletUtils{
   
-  /**
+  /** 
    * Writes out whether the CreateXMLSignatureRequest or a Redirect for form input processing 
    * depending on the requests starting text.
    * 
@@ -89,7 +89,7 @@ public class CitizenCardServletUtils extends ServletUtils{
     if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
       resp.setStatus(307);
       String dataURL = new DataURLBuilder().buildDataURL(
-        pendingReq.getAuthURL(), MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK, pendingReq.getRequestID());
+        pendingReq.getAuthURL(), MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK, pendingReq.getPendingRequestId());
       resp.addHeader("Location", dataURL);
       
       //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
@@ -101,7 +101,7 @@ public class CitizenCardServletUtils extends ServletUtils{
       Logger.debug("Finished POST " + servletName);
       
     } else {
-      String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), servletGoal, pendingReq.getRequestID());
+      String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), servletGoal, pendingReq.getPendingRequestId());
       resp.setContentType("text/html");
       resp.setStatus(302);
       resp.addHeader("Location", redirectURL);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
index 78793d3fc..d743b57e3 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
@@ -131,7 +131,7 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends
         
     private Properties loadConfigurationFromExternalFile(String key) throws ConfigurationException {
 		String configFile = 
-				AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration(key);
+				AuthConfigurationProviderFactory.getInstance().getBasicConfiguration(key);
 		if (MiscUtil.isEmpty(configFile)) {
 			Logger.warn("No eIDAS SAML-engine configuration key: " 
 					+ key + " found in MOA-ID properties configuration file.");
@@ -150,7 +150,7 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends
     	Properties inputProps = loadConfigurationFromExternalFile(configKey);
     	
     	String configFile = 
-				AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration(configKey);
+				AuthConfigurationProviderFactory.getInstance().getBasicConfiguration(configKey);
     	
     	PropsParameter outputProps = new PropsParameter();
     	outputProps.setFileName(configFile);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
index 90dbb7342..ec042949a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java
@@ -24,8 +24,8 @@ package at.gv.egovernment.moa.id.auth.modules.eidas;
 
 import org.apache.commons.lang3.StringUtils;
 
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 
 /**
  * @author tlenz
@@ -37,7 +37,7 @@ public class eIDASAuthenticationModulImpl implements AuthModule {
 
 	@Override
 	public int getPriority() {
-		return priority;
+		return priority; 
 	}
 
 	/**
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index a2ec47a45..94cd04ca7 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.auth.IDestroyableObject;
 import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
 import at.gv.egovernment.moa.id.auth.IPostStartupInitializable;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
@@ -71,11 +72,17 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
 	 */
 	@Override
 	public void executeAfterStartup() {
-		initializeEidasMetadataFromFileSystem();
+		try {
+			initializeEidasMetadataFromFileSystem();
+			
+		} catch (ConfigurationException e) {
+			Logger.error("Post start-up initialization of eIDAS Metadata-Provider FAILED.", e);
+			
+		}
 		
 	}
 	
-	protected void initializeEidasMetadataFromFileSystem() {
+	protected void initializeEidasMetadataFromFileSystem() throws ConfigurationException {
 		Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX);
 		if (!metadataToLoad.isEmpty()) {
 			Logger.info("Load static configurated eIDAS metadata ... ");			
@@ -229,7 +236,7 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
 		//add Metadata filters
 		MetadataFilterChain filter = new MetadataFilterChain();
 		filter.addFilter(new MOASPMetadataSignatureFilter(
-				authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE)));
+				authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE)));
 		
 		return createNewMoaMetadataProvider(metadataURL, filter, 
 					"eIDAS metadata-provider", 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
index 4045e1ad6..45033562f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -24,27 +24,31 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
 import java.io.InputStream;
 import java.text.SimpleDateFormat;
+import java.util.Date;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.joda.time.DateTime;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DOMUtils;
@@ -58,18 +62,18 @@ import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
 @Component("CreateIdentityLinkTask")
 public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 
+	@Autowired private AuthConfiguration moaAuthConfig; 
+	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
-	 */
+	 */ 
 	@Override
 	public void execute(ExecutionContext executionContext,
 			HttpServletRequest request, HttpServletResponse response)
 			throws TaskExecutionException {
-		try{
-			defaultTaskInitialization(request, executionContext);
-												
+		try{												
 			//get eIDAS attributes from MOA-Session
-			ImmutableAttributeMap eIDASAttributes = moasession.getGenericDataFromSession(
+			ImmutableAttributeMap eIDASAttributes = pendingReq.getGenericData(
 					AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, 
 					ImmutableAttributeMap.class);
 			
@@ -138,7 +142,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 
 	            //resign IDL
 				IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
-				Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), authConfig.getStorkFakeIdLResigningKey());
+				Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), moaAuthConfig.getStorkFakeIdLResigningKey());
 				identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink();
 				
 			} else {
@@ -156,10 +160,13 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 				throw new MOAIDException("stork.10", null);
 			}
 			
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED);			
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED);
+			AuthenticationSession moasession = new AuthenticationSession("1234", new Date());
 			moasession.setForeigner(true);
 			moasession.setIdentityLink(identityLink);
 			moasession.setBkuURL("Not applicable (eIDASAuthentication)");
+			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
+			
 			
 			//store MOA-session to database
 			requestStoreage.storePendingRequest(pendingReq);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 4ad5194a9..a87d971d8 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -44,8 +44,8 @@ import org.springframework.util.StringUtils;
 
 import com.google.common.net.MediaType;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
@@ -56,10 +56,11 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetada
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
 import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -87,14 +88,14 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
-	@Override
+	@Override 
 	public void execute(ExecutionContext executionContext,
 			HttpServletRequest request, HttpServletResponse response)
 			throws TaskExecutionException {
 		
 		try{						
 			//get service-provider configuration
-			IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
+			IOAAuthParameters oaConfig = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
 
 			// get target and validate citizen countryCode
 			String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC);
@@ -104,7 +105,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 				throw new AuthenticationException("eIDAS.03", new Object[] { "" });
 				
 			}
-			CPEPS cpeps = authConfig.getStorkConfig().getCPEPSWithFullName(citizenCountryCode);
+			CPEPS cpeps = ((AuthConfiguration)authConfig).getStorkConfig().getCPEPSWithFullName(citizenCountryCode);
 			if(null == cpeps) {
 				Logger.error("PEPS unknown for country: " + citizenCountryCode);
 				throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode});
@@ -161,7 +162,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			}
 			
 			//TODO: switch to entityID
-			revisionsLogger.logEvent(oaConfig, pendingReq, 
+			revisionsLogger.logEvent(pendingReq, 
 					MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED,
 					metadataUrl);
 			
@@ -181,7 +182,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 					
 				} else {
 					boolean globallyMandatory = false;
-					for (StorkAttribute currentGlobalAttribute : authConfig.getStorkConfig().getStorkAttributes())
+					for (StorkAttribute currentGlobalAttribute : ((AuthConfiguration)authConfig).getStorkConfig().getStorkAttributes())
 						if (current.getName().equals(currentGlobalAttribute.getName())) {
 							globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory());
 							break;
@@ -195,7 +196,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			
 			//request 
 			if (reqAttrList.isEmpty()) {
-				Logger.info("No attributes requested by OA:" + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix()
+				Logger.info("No attributes requested by OA:" + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier()
 						+ " -->  Request attr:" + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + " by default");
 				AttributeDefinition<?> newAttribute = SAMLEngineUtils.getMapOfAllAvailableAttributes().get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
 				Builder<?> attrBuilder = AttributeDefinition.builder(newAttribute).required(true);
@@ -235,7 +236,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			
 			//set service provider (eIDAS node) countryCode 
 			authnRequestBuilder.serviceProviderCountryCode(
-					authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"));
+					authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"));
 			
 			//set citizen country code for foreign uses
 			authnRequestBuilder.citizenCountryCode(cpeps.getCountryCode());
@@ -302,7 +303,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 
             String actionType = "SAMLRequest";
             context.put(actionType, SAMLRequest);
-            context.put("RelayState", pendingReq.getRequestID());
+            context.put("RelayState", pendingReq.getPendingRequestId());
             context.put("action", authnReqEndpoint.getLocation());
             
             Logger.debug("Using SingleSignOnService url as action: " + authnReqEndpoint.getLocation());
@@ -323,7 +324,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
             response.setContentLength(content.length);
             response.getOutputStream().write(content);
 
-            revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
+            revisionsLogger.logEvent(pendingReq, 
 					MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED,
 					authnRequest.getRequest().getId());
             	        
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 5f6f01f01..55416e92b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -7,6 +7,7 @@ import org.opensaml.saml2.core.StatusCode;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
@@ -16,9 +17,9 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetada
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASResponseNotSuccessException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.eidas.validator.eIDASResponseValidator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
@@ -36,7 +37,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException {
 
-		try{			
+		try{			 
 			//get SAML Response
 			String base64SamlToken = request.getParameter("SAMLResponse");
 			if (MiscUtil.isEmpty(base64SamlToken)) {
@@ -46,7 +47,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			}
 			
 			//get MOASession
-			defaultTaskInitialization(request, executionContext);
+			//defaultTaskInitialization(request, executionContext);
 			
 			//decode SAML response
 			byte[] decSamlToken = EidasStringUtil.decodeBytesFromBase64(base64SamlToken);		
@@ -79,7 +80,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			// **********************************************************
 			// *******   MOA-ID specific response validation   **********
 			// **********************************************************
-			String spCountry = authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT");
+			String spCountry = authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT");
 			eIDASResponseValidator.validateResponse(pendingReq, samlResp, spCountry);
 
 			
@@ -90,23 +91,23 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			//update MOA-Session data with received information			
 			Logger.debug("Store eIDAS response information into MOA-session.");
 					
-			moasession.setQAALevel(samlResp.getLevelOfAssurance());
-						
-			moasession.setGenericDataToSession(
+			pendingReq.setGenericDataToSession(AuthProzessDataConstants.VALUE_QAALEVEL, samlResp.getLevelOfAssurance());
+			
+			pendingReq.setGenericDataToSession(
 					AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, 
 					samlResp.getAttributes());
 						
-			moasession.setGenericDataToSession(
+			pendingReq.setGenericDataToSession(
 					AuthenticationSessionStorageConstants.eIDAS_RESPONSE, 
 					decSamlToken);
 			
 			//set issuer nation as PVP attribute into MOASession
-			moasession.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry());
+			pendingReq.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry());
 						
 			//store MOA-session to database
 			requestStoreage.storePendingRequest(pendingReq);
 			
-			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
+			revisionsLogger.logEvent(pendingReq, 
 					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED,
 					samlResp.getId());
 		
@@ -116,20 +117,20 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 		}catch (EIDASSAMLEngineException e) {
 			Logger.warn("eIDAS Response validation FAILED.", e);
 			Logger.debug("eIDAS response was: " + request.getParameter("SAMLResponse"));
-			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
+			revisionsLogger.logEvent(pendingReq, 
 					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
 			throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", 
 					new EIDASEngineException("eIDAS.09", new Object[]{e.getMessage()}, e));
 					
 		} catch (MOADatabaseException e) {
-			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
+			revisionsLogger.logEvent(pendingReq, 
 					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
 			throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", 
 					new MOAIDException("init.04", new Object[]{""}, e));
 			
 		} catch (Exception e) {
 			Logger.warn("eIDAS Response processing FAILED.", e);
-			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
+			revisionsLogger.logEvent(pendingReq, 
 					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
 			throw new TaskExecutionException(pendingReq, e.getMessage(), 
 					new MOAIDException("eIDAS.10", new Object[]{e.getMessage()}, e));
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 02a5df098..8e840e2c1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -82,7 +82,7 @@ public class SAMLEngineUtils {
 				
 				//load additional eIDAS attribute definitions
 				String additionalAttributeConfigFile = 
-						AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration(
+						AuthConfigurationProviderFactory.getInstance().getBasicConfiguration(
 								Constants.CONIG_PROPS_EIDAS_SAMLENGINE_ATTIONAL_ATTRIBUTE_DEFINITIONS);
 				AttributeRegistry addAttrDefinitions = AttributeRegistries.empty();				
 				if (MiscUtil.isNotEmpty(additionalAttributeConfigFile)) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java
index d43fa1622..e3b58d259 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java
@@ -22,7 +22,7 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
 
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 
 /**
  * @author tlenz
@@ -37,7 +37,7 @@ public class SimpleEidasAttributeGenerator implements IAttributeGenerator<String
 	public String buildStringAttribute(String friendlyName, String name, String value) {
 		return value;
 		
-	}
+	} 
 
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildIntegerAttribute(java.lang.String, java.lang.String, int)
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
index 37eca73e5..8add8e206 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
@@ -30,14 +30,15 @@ import java.util.ServiceLoader;
 
 import com.google.common.collect.ImmutableSet;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
@@ -52,7 +53,7 @@ import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException;
  */
 public class eIDASAttributeBuilder extends PVPAttributeBuilder {		
 	private static IAttributeGenerator<String> generator = new SimpleEidasAttributeGenerator();
-	
+	 
 	private static List<String> listOfSupportedeIDASAttributes;
 	private static ServiceLoader<IeIDASAttribute> eIDASAttributLoader = 
 			ServiceLoader.load(IeIDASAttribute.class);
@@ -99,7 +100,7 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder {
 	 * @param authData Authentication data that contains user information for attribute generation
 	 * @return eIDAS attribute response {@link Pair} or null if the attribute generation FAILES
 	 */
-	public static Pair<AttributeDefinition<?>,ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, IOAAuthParameters onlineApplicationConfiguration,
+	public static Pair<AttributeDefinition<?>,ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, ISPConfiguration onlineApplicationConfiguration,
 			IAuthData authData) {
 		
 		String attrName = attr.getNameUri().toString();
@@ -110,11 +111,15 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder {
 		if (attrBuilder != null) {
 			try {
 				String attrValue = attrBuilder.build(onlineApplicationConfiguration, authData, generator);
+				boolean isMandatesUsed = false;
+				if (authData instanceof IMOAAuthData)
+					isMandatesUsed = ((IMOAAuthData)authData).isUseMandate();
+					
 				if (MiscUtil.isNotEmpty(attrValue)) {
 					//set uniqueIdentifier attribute, because eIDAS SAMLEngine use this flag to select the
 					//  Subject->NameID value from this attribute
 					Builder<?> eIDASAttrBuilder = AttributeDefinition.builder(attr);
-					eIDASAttrBuilder.uniqueIdentifier(evaluateUniqueID(attrName, authData.isUseMandate()));
+					eIDASAttrBuilder.uniqueIdentifier(evaluateUniqueID(attrName, isMandatesUsed));
 					AttributeDefinition<?> returnAttr = eIDASAttrBuilder.build();
 					
 					//unmarshal attribute value into eIDAS attribute  
@@ -135,7 +140,7 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder {
 										
 				} 
 								
-			} catch (AttributeException e) {
+			} catch (AttributeBuilderException e) {
 				Logger.debug("Attribute can not generate requested attribute:" + attr.getNameUri().toString() + " Reason:" + e.getMessage());
 				
 			}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
index 7d25af05a..a9a3ef01f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java
@@ -1,8 +1,5 @@
 package at.gv.egovernment.moa.id.protocols.eidas;
 
-import java.util.Collection;
-
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
@@ -30,13 +27,7 @@ public class EIDASData extends RequestImpl {
 	private String remoteIPAddress;
 
 	private String remoteRelayState;
- 	
-	@Override
-	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-	
+ 		
 	/**
 	 * Gets the eidas requested attributes.
 	 *
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 8ed9e1f2e..ce5f4dc6b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -45,8 +45,9 @@ import org.springframework.web.bind.annotation.RequestMethod;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
-import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
@@ -59,7 +60,6 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -81,9 +81,11 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
  *
  * @author tlenz
  */
-@Controller
+@Controller 
 public class EIDASProtocol extends AbstractAuthProtocolModulController implements IModulInfo {
 
+	public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE";
+	
     public static final String NAME = EIDASProtocol.class.getName();
     public static final String PATH = "eidas";	
 
@@ -109,11 +111,11 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
 
 	//eIDAS metadata end-point
 	@RequestMapping(value = "/eidas/metadata", method = {RequestMethod.GET})
-	public void eIDASMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
+	public void eIDASMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
 		
 		//create pendingRequest object
 		EIDASData pendingReq = applicationContext.getBean(EIDASData.class);
-		pendingReq.initialize(req);
+		pendingReq.initialize(req, authConfig);
 		pendingReq.setModule(NAME);
 		pendingReq.setNeedAuthentication(false);
 		pendingReq.setAuthenticated(false);
@@ -138,11 +140,11 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
 	
 	//PVP2.x IDP POST-Binding end-point
 	@RequestMapping(value = "/eidas/ColleagueRequest", method = {RequestMethod.POST})
-	public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {
+	public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {
 		
 		//create pending-request object
 		EIDASData pendingReq = applicationContext.getBean(EIDASData.class);
-		pendingReq.initialize(req);
+		pendingReq.initialize(req, authConfig);
 		pendingReq.setModule(NAME);
 		
 		revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
@@ -192,7 +194,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
 			ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider);
 			
 			String cititzenCountryCode = 
-					authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, 
+					authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, 
 							MOAIDAuthConstants.COUNTRYCODE_AUSTRIA);
 			
 			
@@ -222,7 +224,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
 			}
 			
 			//check eIDAS node configuration
-			IOAAuthParameters oaConfig = authConfig.getOnlineApplicationParameter(samlReq.getIssuer());
+			ISPConfiguration oaConfig = authConfig.getServiceProviderConfiguration(samlReq.getIssuer());
 			if (oaConfig == null)
 				throw new EIDASAuthnRequestProcessingException("eIDAS.08", new Object[]{samlReq.getIssuer()});
 			
@@ -347,7 +349,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
 			pendingReq.setRemoteRelayState(relayState);
 			
 			//store level of assurance
-			pendingReq.setGenericDataToSession(RequestImpl.eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE, 
+			pendingReq.setGenericDataToSession(eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE, 
 					eIDASSamlReq.getEidasLevelOfAssurance().stringValue());			
 			
 			//set flag if transiend identifier is requested
@@ -364,7 +366,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
 			pendingReq.setEidasRequest(eIDASSamlReq);
 						
 			// - memorize OA url
-			pendingReq.setOAURL(samlReq.getIssuer());
+			pendingReq.setSPEntityId(samlReq.getIssuer());
 	
 			// - memorize OA config
 			pendingReq.setOnlineApplicationConfiguration(oaConfig);
@@ -487,7 +489,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
     private boolean iseIDASTargetAValidOrganisation(String reqCC, String bPKTargetArea) {
     	if (MiscUtil.isNotEmpty(reqCC)) {    	
     		List<String> allowedOrganisations = KeyValueUtils.getListOfCSVValues(
-    				authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROPS_EIDAS_BPK_TARGET_PREFIX + reqCC.toLowerCase()));
+    				authConfig.getBasicConfiguration(Constants.CONFIG_PROPS_EIDAS_BPK_TARGET_PREFIX + reqCC.toLowerCase()));
     		if (allowedOrganisations.contains(bPKTargetArea)) {
     			Logger.debug(bPKTargetArea + " is a valid OrganisationIdentifier for request-country: "+ reqCC);
     			return true;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index 5df905d31..bbd132a3b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -28,10 +28,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.stereotype.Service;
 
-import at.gv.egiz.eaaf.core.api.IAction;
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
@@ -56,7 +56,7 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
  */
 @Service("EidasMetaDataRequest")
 public class EidasMetaDataRequest implements IAction {
-    
+     
 	@Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
 	@Autowired(required=true) AuthConfiguration authConfig;
 	
@@ -136,7 +136,7 @@ public class EidasMetaDataRequest implements IAction {
         metadataConfigBuilder.authnRequestsSigned(true);
         metadataConfigBuilder.wantAssertionsSigned(true);
         metadataConfigBuilder.assuranceLevel(
-        		authConfig.getBasicMOAIDConfiguration(
+        		authConfig.getBasicConfiguration(
         				Constants.CONIG_PROPS_EIDAS_NODE_LoA, 
         				MOAIDAuthConstants.eIDAS_LOA_HIGH));
         
@@ -172,7 +172,7 @@ public class EidasMetaDataRequest implements IAction {
 			if (pvpOrganisation != null) {
 				eu.eidas.auth.engine.metadata.OrganizationData.Builder organizationConfig = OrganizationData.builder();
 				organizationConfig.url(pvpOrganisation.getURLs().get(0).getURL().getLocalString());
-				organizationConfig.name(authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRY, "Austria"));
+				organizationConfig.name(authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRY, "Austria"));
 				//TODO: add display name and maybe update name
 				
 				
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/IeIDASAttribute.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/IeIDASAttribute.java
index 15060fb52..84b68f91a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/IeIDASAttribute.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/IeIDASAttribute.java
@@ -22,12 +22,12 @@
  */
 package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder;
 
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
 
 /**
  * @author tlenz
  *
  */
-public interface IeIDASAttribute extends IAttributeBuilder{
+public interface IeIDASAttribute extends IAttributeBuilder{ 
 
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java
index 64e5ae770..1f00af765 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java
@@ -22,14 +22,14 @@
  */
 package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder;
 
-import at.gv.egovernment.moa.id.protocols.builder.attributes.BirthdateAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BirthdateAttributeBuilder;
 
 /**
  * @author tlenz
  *
  */
 public class eIDASAttrDateOfBirth extends BirthdateAttributeBuilder implements IeIDASAttribute {
-
+ 
 	@Override
 	public String getName() {
 		return eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.DATE_OF_BIRTH.getNameUri().toString();
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java
index 6fde4696a..50b270765 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java
@@ -22,10 +22,10 @@
  */
 package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 /**
  * @author tlenz
@@ -36,7 +36,7 @@ public class eIDASAttrFamilyName implements IeIDASAttribute{
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#getName()
 	 */
-	@Override
+	@Override 
 	public String getName() {
 		return eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_FAMILY_NAME.getNameUri().toString();		
 	}
@@ -45,8 +45,8 @@ public class eIDASAttrFamilyName implements IeIDASAttribute{
 	 * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator)
 	 */
 	@Override
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
-			throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
 		return g.buildStringAttribute(null, getName(), authData.getFamilyName());
 	}
 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java
index 812e9f83a..3b83a9793 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java
@@ -22,10 +22,10 @@
  */
 package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 /**
  * @author tlenz
@@ -45,8 +45,8 @@ public class eIDASAttrGivenName implements IeIDASAttribute{
 	 * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator)
 	 */
 	@Override
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
-			throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {
 		return g.buildStringAttribute(null, getName(), authData.getGivenName());
 	}
 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
index 028be9096..7f18c21cb 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
@@ -22,11 +22,12 @@
  */
 package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -38,24 +39,26 @@ import at.gv.egovernment.moa.util.MiscUtil;
 public class eIDASAttrLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute {
 
 	@Override
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
-		if(authData.isUseMandate()) {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+		
+		if (authData instanceof IMOAAuthData) {
+			if(((IMOAAuthData)authData).isUseMandate()) {
 			
-			//extract eIDAS unique Id prefix from naturalPerson bPK identifier
-			if (MiscUtil.isEmpty(authData.getBPKType())
+				//extract eIDAS unique Id prefix from naturalPerson bPK identifier
+				if (MiscUtil.isEmpty(authData.getBPKType())
 					|| !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) {
-				Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType());
-				throw new AttributeException("Suspect bPKType for eIDAS identifier generation");
+					Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType());
+					throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation");
 				
-			} 
-			
-			//add eIDAS eID prefix to legal person identifier
-			String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1);
-			String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(authData);						
-			return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, 
-					MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID);
+				} 
 			
+				//add eIDAS eID prefix to legal person identifier
+				String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1);
+				String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(((IMOAAuthData)authData));						
+				return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, 
+						MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID);
+			}
 		}
 		
 		return null;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java
index f36f9298c..14b1d06b6 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java
@@ -24,14 +24,14 @@ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder;
 
 import java.security.MessageDigest;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils;
 import at.gv.egovernment.moa.id.data.Trible;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -54,8 +54,8 @@ public class eIDASAttrNaturalPersonalIdentifier implements IeIDASAttribute{
 	 * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator)
 	 */
 	@Override
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
-			throws AttributeException {		
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {		
 		String personalID = authData.getBPK();
 		
 		//generate eIDAS conform 'PersonalIdentifier' attribute
@@ -64,7 +64,7 @@ public class eIDASAttrNaturalPersonalIdentifier implements IeIDASAttribute{
 			if (MiscUtil.isEmpty(authData.getBPKType())
 					|| !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) {
 				Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType());
-				throw new AttributeException("Suspect bPKType for eIDAS identifier generation");
+				throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation");
 				
 			} 
 			
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
index 692896842..6c65872e4 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
@@ -22,11 +22,12 @@
  */
 package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -37,24 +38,27 @@ import at.gv.egovernment.moa.util.MiscUtil;
 public class eIDASAttrRepresentativeLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute {
 
 	@Override
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
-		if(authData.isUseMandate()) {
-			
-			//extract eIDAS unique Id prefix from naturalPerson bPK identifier
-			if (MiscUtil.isEmpty(authData.getBPKType())
-					|| !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) {
-				Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType());
-				throw new AttributeException("Suspect bPKType for eIDAS identifier generation");
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+		
+		if (authData instanceof IMOAAuthData) {
+			if(((IMOAAuthData)authData).isUseMandate()) {
+				
+				//extract eIDAS unique Id prefix from naturalPerson bPK identifier
+				if (MiscUtil.isEmpty(authData.getBPKType())
+						|| !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) {
+					Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType());
+					throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation");
+					
+				} 
+				
+				//add eIDAS eID prefix to legal person identifier
+				String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1);
+				String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(((IMOAAuthData)authData));						
+				return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, 
+						MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID);
 				
-			} 
-			
-			//add eIDAS eID prefix to legal person identifier
-			String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1);
-			String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(authData);						
-			return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, 
-					MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID);
-			
+			}
 		}
 		
 		return null;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
index 98915a562..6c3bfc569 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
@@ -24,16 +24,16 @@ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder;
 
 import java.security.MessageDigest;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.data.Trible;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -56,8 +56,8 @@ public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNat
 	 * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator)
 	 */
 	@Override
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
-			throws AttributeException {	
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g)
+			throws AttributeBuilderException {	
 		
 		try {
 			Pair<String, String> calcResult = internalBPKGenerator(oaParam, authData);
@@ -71,7 +71,7 @@ public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNat
 					if (MiscUtil.isEmpty(type)
 							|| !type.startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) {
 						Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType());
-						throw new AttributeException("Suspect bPKType for eIDAS identifier generation");
+						throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation");
 						
 					} 
 					
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index 509d4b71a..82d0facd4 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -36,10 +36,10 @@ import org.springframework.stereotype.Service;
 
 import com.google.common.collect.ImmutableSet;
 
-import at.gv.egiz.eaaf.core.api.IAction;
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
@@ -47,6 +47,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetada
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeBuilder;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.logging.Logger;
@@ -71,7 +72,7 @@ import eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils;
  */
 
 @Service("eIDASAuthenticationRequest")
-public class eIDASAuthenticationRequest implements IAction {
+public class eIDASAuthenticationRequest implements IAction { 
 	
 	@Autowired protected IRevisionLogger revisionsLogger;
 	@Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
@@ -93,7 +94,8 @@ public class eIDASAuthenticationRequest implements IAction {
 		ImmutableAttributeMap reqAttributeList = (ImmutableAttributeMap) eidasRequest.getEidasRequestedAttributes();
 		
 		//add mandate attr. to requested attributes of eMandates are used an no mandate attr. are requested
-		if (authData.isUseMandate()) {
+		if (authData instanceof IMOAAuthData 
+				&&  ((IMOAAuthData)authData).isUseMandate()) {
 			Logger.trace("eMandates are used. Starting eIDAS requsted attr. update process ....");
 			Builder reqAttrWithMandates = ImmutableAttributeMap.builder(reqAttributeList);
 			
@@ -154,7 +156,7 @@ public class eIDASAuthenticationRequest implements IAction {
 		//add attributes
 		responseBuilder.attributes(eIDASAttrbutMap);
 		
-		//set success statuscode
+		//set success statuscode 
 		responseBuilder.statusCode(StatusCode.SUCCESS_URI);
 	
 		//build response
@@ -246,7 +248,7 @@ public class eIDASAuthenticationRequest implements IAction {
 
 	private void buildAndAddAttribute(ImmutableAttributeMap.Builder attrMapBuilder, AttributeDefinition<?> attr, IRequest req, IAuthData authData) throws MOAIDException {
 		Pair<AttributeDefinition<?>, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute(
-				attr, req.getOnlineApplicationConfiguration(), authData);
+				attr, req.getServiceProviderConfiguration(), authData);
 					
 		if(eIDASAttr == null) {				
 			if (attr.isRequired()) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java
index 48b438b09..24d24db2c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java
@@ -26,6 +26,7 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.logging.Logger;
@@ -46,7 +47,7 @@ public class eIDASResponseValidator {
 		 * validate received LoA against minimum required LoA  |
 		 *_____________________________________________________|
 		 */
-		LevelOfAssurance reqLoA = LevelOfAssurance.fromString(pendingReq.getOnlineApplicationConfiguration().getQaaLevel());
+		LevelOfAssurance reqLoA = LevelOfAssurance.fromString(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getQaaLevel());
 		LevelOfAssurance respLoA = LevelOfAssurance.fromString(samlResp.getLevelOfAssurance()); 
 		if (respLoA.numericValue() < reqLoA.numericValue()) {
 			Logger.error("eIDAS Response LevelOfAssurance is lower than the required! "
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
index f14ffb111..0d460f293 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
@@ -25,10 +25,10 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates;
 
 import org.springframework.beans.factory.annotation.Autowired;
 
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
@@ -40,14 +40,14 @@ import at.gv.egovernment.moa.util.MiscUtil;
 public class ELGAMandatesAuthModuleImpl extends DefaultCitizenCardAuthModuleImpl {
 
 	@Autowired private AuthConfiguration authConfig; 
-	
+	 
 	private int priority = 0;
 	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
 	 */
 	@Override
-	public int getPriority() {
+	public int getPriority() { 
 		return priority;
 	}
 	
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java
index 7a8c0c9e0..5c1f8e7bb 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java
@@ -28,6 +28,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.lang.StringEscapeUtils;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
@@ -35,7 +36,6 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConsta
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -50,7 +50,7 @@ public class EvaluateMandateServiceTask extends AbstractAuthServletTask {
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
-	@Override
+	@Override 
 	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
 			throws TaskExecutionException {
 		try {
@@ -68,7 +68,7 @@ public class EvaluateMandateServiceTask extends AbstractAuthServletTask {
 			if (useELGA) {
 				//validate service-provider again
 				if (!ELGAMandateUtils.checkServiceProviderAgainstELGAModulConfigration(authConfig, pendingReq)) {
-					Logger.info("Service-Provider: " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() 
+					Logger.info("Service-Provider: " + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier() 
 							+ " does not fulfill requirements to use ELGA-MandateService.");
 					throw new MOAIDException("service.10", new Object[]{
 							ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
index 015a40507..12f2bde60 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
@@ -37,6 +37,7 @@ import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
@@ -45,7 +46,6 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
@@ -78,7 +78,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
-	@Override
+	@Override 
 	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
 			throws TaskExecutionException {		
 		InboundMessage msg = null;
@@ -113,7 +113,8 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 			 
 			if (MiscUtil.isEmpty(msg.getEntityID())) {
 				throw new InvalidProtocolRequestException("sp.pvp2.04", 
-						new Object[] {ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING});
+						new Object[] {ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING},
+						"No service-provider with EntityId: " + msg.getEntityID() + " in configuration");
 				
 			}
 			
@@ -144,12 +145,6 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 				
 			}
 
-			
-			
-			//load MOASession object
-			defaultTaskInitialization(request, executionContext);
-			
-
 			/**
 			 * Mandate Reference-Value is generated from ELGA MandateServie  -->
 			 * MOA-ID generated reference value is not equal to reference-value from ELGA MandateService
@@ -169,7 +164,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 			
 			Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
 			for (String el : includedAttrNames) {
-				moasession.setGenericDataToSession(el, extractor.getSingleAttributeValue(el));
+				pendingReq.setGenericDataToSession(el, extractor.getSingleAttributeValue(el));
 				Logger.debug("Add PVP-attribute " + el + " into MOASession");
 				
 			}
@@ -186,11 +181,13 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 									 extractor.getSingleAttributeValue(PVPConstants.MANDATE_TYPE_NAME));
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE, 
 									 MOAReversionLogger.NAT_PERSON);
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH, 
-									  revisionsLogger.buildPersonInformationHash(
-											 extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME), 
-											 extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME), 
-											 extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME)));						
+
+			//TODO!!!!
+//			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH, 
+//									  revisionsLogger.buildPersonInformationHash(
+//											 extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME), 
+//											 extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME), 
+//											 extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME)));						
 			
 			Logger.info("Receive a valid assertion from ELGA mandate-service " + msg.getEntityID()); 
 											
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java
index 6eff5e574..625623f4a 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java
@@ -29,12 +29,12 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils;
 import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -45,7 +45,7 @@ import at.gv.egovernment.moa.logging.Logger;
 public class RedirectToMandateSelectionTask extends AbstractAuthServletTask {
 
 	@Autowired IGUIFormBuilder guiBuilder;
-	
+	 
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
index abe23f0a4..70dc87df9 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
@@ -35,11 +35,13 @@ import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesRequestBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.exceptions.ELGAMetadataException;
@@ -49,7 +51,6 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -67,7 +68,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
 	@Autowired ELGAMandatesCredentialProvider credential;
 	@Autowired AuthConfiguration authConfig;
 	@Autowired ELGAMandateServiceMetadataProvider metadataService;
-	
+	 
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
@@ -76,7 +77,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
 			throws TaskExecutionException {
 		try{
 			// get IDP entityID from Online Application configuration
-			String elgaMandateServiceEntityID = pendingReq.getOnlineApplicationConfiguration().getConfigurationValue(ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID);
+			String elgaMandateServiceEntityID = pendingReq.getServiceProviderConfiguration().getConfigurationValue(ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID);
 			
 			// use first ELGA Mandate-Service from general MOA-ID configuration, of no OA specific exists
 			if (MiscUtil.isEmpty(elgaMandateServiceEntityID)) {
@@ -100,7 +101,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
 			}
 			
 			//load metadata with metadataURL, as backup
-			String metadataURL = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATAURL);
+			String metadataURL = authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATAURL);
 			if (MiscUtil.isNotEmpty(metadataURL)) {
 				Logger.warn("Use not recommended metadata-provider initialization!"
 						+ " SAML2 'Well-Known-Location' is the preferred methode.");
@@ -113,7 +114,8 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
 			EntityDescriptor entityDesc = metadataService.getEntityDescriptor(elgaMandateServiceEntityID);			
 			
 			//load MOASession from database
-			defaultTaskInitialization(request, executionContext);
+			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			
 			
 			//setup AuthnRequestBuilder configuration
 			ELGAMandatesRequestBuilderConfiguration authnReqConfig = new ELGAMandatesRequestBuilderConfiguration();
@@ -125,7 +127,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
 			//set bPK of representative
 			String representativeBPK = null;
 			
-			String configTarget = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_SUBJECTNAMEID_TARGET);
+			String configTarget = authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_SUBJECTNAMEID_TARGET);
 			if (MiscUtil.isEmpty(configTarget)) {
 				Logger.warn("Connect ELGA Mandate-Service FAILED -> No bPK-Type for SubjectNameID found.");
 				throw new MOAIDException("service.10", 
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java
index 978f9db9d..854f9d2bb 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java
@@ -30,6 +30,7 @@ import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
 import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
@@ -39,7 +40,6 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils
 import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -51,7 +51,7 @@ public class SelectMandateServiceTask extends AbstractAuthServletTask {
 
 	@Autowired IGUIFormBuilder guiBuilder;
 	
-	/* (non-Javadoc)
+	/* (non-Javadoc) 
 	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
 	@Override
@@ -67,7 +67,7 @@ public class SelectMandateServiceTask extends AbstractAuthServletTask {
 						ELGAMandatesAuthConstants.TEMPLATE_MANDATE_SERVICE_SELECTION,
 						MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL,
 						GeneralProcessEngineSignalController.ENDPOINT_GENERIC,
-						authConfig.getRootConfigFileDir());
+						authConfig.getConfigurationRootDirectory().toURL().toString());
 			
 				guiBuilder.build(response, config, "Mandate-Service selection");
 		
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
index adc2a310b..07f618c10 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
@@ -238,7 +238,7 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
 			//Metadata provider seems not loaded --> Add new metadata provider
 			Logger.info("Initialize PVP MetadataProvider:" + metdataURL + " to connect ELGA Mandate-Service");
 		
-			String trustProfileID = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATA_TRUSTPROFILE);
+			String trustProfileID = authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATA_TRUSTPROFILE);
 			if (MiscUtil.isEmpty(trustProfileID)) {
 				Logger.error("Create ELGA Mandate-Service Client FAILED: No trustProfileID to verify PVP metadata." );
 				throw new MetadataProviderException("No trustProfileID to verify PVP metadata.");
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java
index 90eb7b0fb..6fa9c5a77 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java
@@ -25,9 +25,10 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils;
 import java.util.List;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 
 /**
  * @author tlenz
@@ -39,11 +40,11 @@ public class ELGAMandateUtils {
 	 * 
 	 * @return true, if ELGA mandateservice is allowed, otherwise false
 	 */
-	public static boolean checkServiceProviderAgainstELGAModulConfigration(AuthConfiguration authConfig, IRequest pendingReq) {
+	public static boolean checkServiceProviderAgainstELGAModulConfigration(IConfiguration authConfig, IRequest pendingReq) {
 		String allowedMandateTypesCSV = 
-				authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES);		
+				authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES);		
 		List<String> allowedMandateTypes = KeyValueUtils.getListOfCSVValues(allowedMandateTypesCSV);		
-		List<String> spMandateProfiles = pendingReq.getOnlineApplicationConfiguration().getMandateProfiles();
+		List<String> spMandateProfiles = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getMandateProfiles();
 
 		boolean isELGAMandateServiceAllowed = false;
 		if (spMandateProfiles != null) {			
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
index f5bcdb70b..c8fe55e51 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
@@ -27,6 +27,7 @@ import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
 import at.gv.egovernment.moa.util.FileUtils;
 
@@ -43,9 +44,9 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider {
 	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath()
 	 */
 	@Override
-	public String getKeyStoreFilePath() {
+	public String getKeyStoreFilePath() throws ConfigurationException {
 		return FileUtils.makeAbsoluteURL(
-					authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_KEYSTORE), 
+					authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_KEYSTORE), 
 					authConfig.getRootConfigFileDir());
 	}
 
@@ -54,7 +55,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider {
 	 */
 	@Override
 	public String getKeyStorePassword() {
-		return authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim();
+		return authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim();
 
 	}
 
@@ -63,7 +64,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider {
 	 */
 	@Override
 	public String getMetadataKeyAlias() {
-		return authConfig.getBasicMOAIDConfiguration(
+		return authConfig.getBasicConfiguration(
 				ELGAMandatesAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD).trim();
 	}
 
@@ -72,7 +73,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider {
 	 */
 	@Override
 	public String getMetadataKeyPassword() {
-		return authConfig.getBasicMOAIDConfiguration(
+		return authConfig.getBasicConfiguration(
 				ELGAMandatesAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD).trim();
 	}
 
@@ -81,7 +82,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider {
 	 */
 	@Override
 	public String getSignatureKeyAlias() {
-		return authConfig.getBasicMOAIDConfiguration(
+		return authConfig.getBasicConfiguration(
 				ELGAMandatesAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD).trim();
 	}
 
@@ -90,7 +91,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider {
 	 */
 	@Override
 	public String getSignatureKeyPassword() {
-		return authConfig.getBasicMOAIDConfiguration(
+		return authConfig.getBasicConfiguration(
 				ELGAMandatesAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD).trim();
 	}
 
@@ -99,7 +100,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider {
 	 */
 	@Override
 	public String getEncryptionKeyAlias() {
-		return authConfig.getBasicMOAIDConfiguration(
+		return authConfig.getBasicConfiguration(
 				ELGAMandatesAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD).trim();
 	}
 
@@ -108,7 +109,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider {
 	 */
 	@Override
 	public String getEncryptionKeyPassword() {
-		return authConfig.getBasicMOAIDConfiguration(
+		return authConfig.getBasicConfiguration(
 				ELGAMandatesAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD).trim();
 	}
 
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 46381fb3d..d97c8f7cf 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -42,7 +42,6 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeB
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType;
 import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL;
@@ -230,33 +229,33 @@ public final class OAuth20AttributeBuilder {
 	}
 	
 	public static void addScopeOpenId(final JsonObject jsonObject,
-			final IOAAuthParameters oaParam, final IAuthData authData, 
+			final ISPConfiguration oaParam, final IAuthData authData, 
 			final OAuth20AuthRequest oAuthRequest) {
 		addAttibutes(buildersOpenId, jsonObject, oaParam, authData, oAuthRequest);
 	}
 	
 	public static void addScopeProfile(final JsonObject jsonObject,
-			final IOAAuthParameters oaParam, final IAuthData authData) {
+			final ISPConfiguration oaParam, final IAuthData authData) {
 		addAttibutes(buildersProfile, jsonObject, oaParam, authData, null);
 	}
 	
 	public static void addScopeEID(final JsonObject jsonObject,
-			final IOAAuthParameters oaParam, final IAuthData authData) {
+			final ISPConfiguration oaParam, final IAuthData authData) {
 		addAttibutes(buildersEID, jsonObject, oaParam, authData, null);
 	}
 	
 	public static void addScopeEIDGov(final JsonObject jsonObject,
-			final IOAAuthParameters oaParam, final IAuthData authData) {
+			final ISPConfiguration oaParam, final IAuthData authData) {
 		addAttibutes(buildersEIDGov, jsonObject, oaParam, authData, null);
 	}
 	
 	public static void addScopeMandate(final JsonObject jsonObject,
-			final IOAAuthParameters oaParam, final IAuthData authData) {
+			final ISPConfiguration oaParam, final IAuthData authData) {
 		addAttibutes(buildersMandate, jsonObject, oaParam, authData, null);
 	}
 	
 	public static void addScopeSTORK(final JsonObject jsonObject,
-			final IOAAuthParameters oaParam, final IAuthData authData) {
+			final ISPConfiguration oaParam, final IAuthData authData) {
 		addAttibutes(buildersSTORK, jsonObject, oaParam, authData, null);
 	}
 
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index 0189bc97d..5d461afc8 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -33,11 +33,11 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egiz.eaaf.core.api.IAction;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
@@ -67,7 +67,7 @@ class OAuth20AuthAction implements IAction {
 			IAuthData authData) throws MOAIDException {
 		
 		OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req;		
-		String responseType = oAuthRequest.getResponseType();
+		String responseType = oAuthRequest.getResponseType(); 
 		
 		revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST);
 		
@@ -111,7 +111,7 @@ class OAuth20AuthAction implements IAction {
 			
 			
 			//TODO: maybe add bPK / wbPK to SLO information
-			SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), req.getOnlineApplicationConfiguration().getPublicURLPrefix(), accessToken, null, null, req.requestedModule());
+			SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), req.getServiceProviderConfiguration().getUniqueIdentifier(), accessToken, null, null, req.requestedModule());
 			
 			return sloInformation;
 		}
@@ -156,9 +156,9 @@ class OAuth20AuthAction implements IAction {
 	
 	private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, IAuthData authData)
 			throws MOAIDException, SignatureException {
-		IOAAuthParameters oaParam = oAuthRequest.getOnlineApplicationConfiguration();
+		ISPConfiguration oaParam = oAuthRequest.getServiceProviderConfiguration();
 		
-		OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer());
+		OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getAuthenticationIssuer());
 		OAuthJsonToken token = new OAuthJsonToken(signer);
 		
 		StringBuilder resultScopes = new StringBuilder();
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index 1528cfb28..40701d91d 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -28,10 +28,10 @@ import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
@@ -180,7 +180,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 		// check if client id and redirect uri are ok
 		try {
 			// OAOAUTH20 cannot be null at this point. check was done in base request
-			IOAAuthParameters oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getSPEntityId());
+			ISPConfiguration oAuthConfig = authConfig.getServiceProviderConfiguration(this.getSPEntityId());
 			
 			
 			if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
@@ -192,7 +192,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 			Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID);
 			
 			
-		} catch (ConfigurationException e) {
+		} catch (EAAFConfigurationException e) {
 			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
 		}
 		
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index ff802136f..e04d719d9 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -19,8 +19,8 @@ import com.google.gson.JsonObject;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
-import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
@@ -30,7 +30,6 @@ import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -49,7 +48,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 					PVPConstants.BPK_NAME
 			});
 		
-	public String getName() {
+	public String getName() { 
 		return NAME;
 	}
 	
@@ -68,22 +67,22 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 	
 	//OpenID Connect auth request
 	@RequestMapping(value = "/oauth2/auth", method = {RequestMethod.POST, RequestMethod.GET})
-	public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {
-		if (!authConfig.getAllowedProtocols().isOAUTHActive()) {
-			Logger.info("OpenID-Connect is deaktivated!");
-			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-			
-		}
+	public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException {
+//		if (!authConfig.getAllowedProtocols().isOAUTHActive()) {
+//			Logger.info("OpenID-Connect is deaktivated!");
+//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+//			
+//		}
 		
 		OAuth20AuthRequest pendingReq = applicationContext.getBean(OAuth20AuthRequest.class);
 		try {			
-			pendingReq.initialize(req);
+			pendingReq.initialize(req, authConfig);
 			pendingReq.setModule(OAuth20Protocol.NAME);		
 			pendingReq.populateParameters(req);
 			
-		} catch (OAuth20Exception e) {
+		} catch (EAAFException e) {
 			Logger.info("OpenID-Connect request has a validation error: " + e.getMessage());
-			throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), e);
+			throw new InvalidProtocolRequestException(e.getErrorId(), e.getParams(), e.getMessage(), e);
 			
 		}
 		
@@ -102,22 +101,22 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 	
 	//openID Connect tokken request
 	@RequestMapping(value = "/oauth2/token", method = {RequestMethod.POST, RequestMethod.GET})
-	public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {
-		if (!authConfig.getAllowedProtocols().isOAUTHActive()) {
-			Logger.info("OpenID-Connect is deaktivated!");
-			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-			
-		}
+	public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException {
+//		if (!authConfig.getAllowedProtocols().isOAUTHActive()) {
+//			Logger.info("OpenID-Connect is deaktivated!");
+//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+//			
+//		}
 		
 		OAuth20TokenRequest pendingReq = applicationContext.getBean(OAuth20TokenRequest.class);
 		try {			
-			pendingReq.initialize(req);
+			pendingReq.initialize(req, authConfig);
 			pendingReq.setModule(OAuth20Protocol.NAME);		
 			pendingReq.populateParameters(req);
 			
-		} catch (OAuth20Exception e) {
+		} catch (EAAFException e) {
 			Logger.info("OpenID-Connect request has a validation error: " + e.getMessage());
-			throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), e);
+			throw new InvalidProtocolRequestException(e.getErrorId(), e.getParams(), e.getMessage(), e);
 			
 		}
 				
@@ -149,18 +148,16 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 		String errorUri = protocolRequest.getAuthURL() 
 				+"/" + OAuth20Constants.ERRORPAGE;
 		String moaError = null;
-		
-		ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
-		
+				
 		if (e instanceof OAuth20Exception) {
 			errorCode = ((OAuth20Exception) e).getErrorCode();
 			errorDescription = URLEncoder.encode(((OAuth20Exception) e).getMessageId() + ": " + e.getMessage(), "UTF-8");
-			moaError = errorUtils.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId());
+			moaError = statusMessager.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId());
 			
 		} else {
 			errorCode = OAuth20Constants.ERROR_SERVER_ERROR;
 			errorDescription = URLEncoder.encode(e.getMessage(), "UTF-8");
-			moaError = errorUtils.getResponseErrorCode(e);
+			moaError = statusMessager.getResponseErrorCode(e);
 		}
 				
 		String paramRedirect = null;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
index 239665801..f3dcbd295 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
@@ -31,10 +31,10 @@ import org.springframework.stereotype.Service;
 
 import com.google.gson.JsonObject;
 
-import at.gv.egiz.eaaf.core.api.IAction;
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
@@ -55,7 +55,7 @@ class OAuth20TokenAction implements IAction {
 	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
 			IAuthData authData) throws MOAIDException {
 		
-		
+		 
 		OAuth20SessionObject auth20SessionObject = null;
 		try {
 			OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index cada39a3a..e14914512 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -22,19 +22,16 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
 
-import java.util.Collection;
-
 import javax.servlet.http.HttpServletRequest;
 
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
@@ -141,7 +138,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
 		// check if client id and secret are ok
 		try {
 			// OAOAUTH20 cannot be null at this point. check was done in base request
-			IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL());
+			ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(this.getSPEntityId());
 			
 			if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) {
 				throw new OAuth20AccessDeniedException();
@@ -154,7 +151,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
 			this.setOnlineApplicationConfiguration(oaParam);
 			
 		}
-		catch (ConfigurationException e) {
+		catch (EAAFConfigurationException e) {
 			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
 		}
 		
@@ -165,11 +162,11 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
 		this.allowedParameters.add(OAuth20Constants.PARAM_REDIRECT_URI);
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
-	 */
-	@Override
-	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
-		return null;
-	}
+//	/* (non-Javadoc)
+//	 * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+//	 */
+//	@Override
+//	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
+//		return null;
+//	}
 }
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
index 1b49c3969..a2b58931e 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
@@ -27,11 +27,11 @@ import javax.annotation.PostConstruct;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 
-import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager;
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -46,8 +46,8 @@ public class SL20AuthenticationModulImpl implements AuthModule {
 	@Autowired(required=true) private AuthenticationManager authManager;
 	
 	@Override
-	public int getPriority() {
-		return priority;
+	public int getPriority() { 
+		return priority; 
 	}
 
 	/**
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
index e0965c712..2766eab05 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
@@ -29,6 +29,7 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20SecurityEx
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoBuildException;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.utils.X509Utils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.FileUtils;
@@ -226,34 +227,34 @@ public class JsonSecurityUtils implements IJOSETools{
 			return null;
 	}
 	
-	private String getKeyStoreFilePath() {
+	private String getKeyStoreFilePath() throws ConfigurationException {
 		return FileUtils.makeAbsoluteURL(
-					authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH), 
+					authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH), 
 					authConfig.getRootConfigFileDir());
 	}
 	
 	private String getKeyStorePassword() {
-		return authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD).trim();
+		return authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD).trim();
 
 	}
 	
 	private String getSigningKeyAlias() {
-		return authConfig.getBasicMOAIDConfiguration(
+		return authConfig.getBasicConfiguration(
 				Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS).trim();
 	}
 	
 	private String getSigningKeyPassword() {
-		return authConfig.getBasicMOAIDConfiguration(
+		return authConfig.getBasicConfiguration(
 				Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD).trim();
 	}
 
 	private String getEncryptionKeyAlias() {
-		return authConfig.getBasicMOAIDConfiguration(
+		return authConfig.getBasicConfiguration(
 				Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS).trim();
 	}
 	
 	private String getEncryptionKeyPassword() {
-		return authConfig.getBasicMOAIDConfiguration(
+		return authConfig.getBasicConfiguration(
 				Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD).trim();
 	}
 	
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
index 85ec1e213..77ccb0720 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
@@ -22,7 +22,8 @@ import org.springframework.stereotype.Component;
 
 import com.google.gson.JsonObject;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
@@ -38,7 +39,6 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUti
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moaspss.logging.Logger;
@@ -47,8 +47,9 @@ import at.gv.egovernment.moaspss.logging.Logger;
 public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 
 	@Autowired(required=true) private IJOSETools joseTools;
+	@Autowired private AuthConfiguration moaAuthConfig;
 	
-	@Override
+	@Override 
 	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
 			throws TaskExecutionException {
 			
@@ -56,17 +57,17 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 
 			try {
 				//get service-provider configuration
-				IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
+				ISPConfiguration oaConfig = pendingReq.getServiceProviderConfiguration();
 				
 				//get basic configuration parameters
-				String vdaQualeIDUrl = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID);				
+				String vdaQualeIDUrl = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID);				
 				if (MiscUtil.isEmpty(vdaQualeIDUrl)) {
 					Logger.error("NO VDA URL for qualified eID (" + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID + ")");
 					throw new SL20Exception("sl20.03", new Object[]{"NO VDA URL for qualified eID"});
 					
 				}
 				
-				String authBlockId = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_AUTHBLOCK_ID);
+				String authBlockId = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_VDA_AUTHBLOCK_ID);
 				if (MiscUtil.isEmpty(authBlockId)) {
 					Logger.error("NO AuthBlock Template identifier for qualified eID (" + Constants.CONFIG_PROP_VDA_AUTHBLOCK_ID + ")");
 					throw new SL20Exception("sl20.03", new Object[]{"NO AuthBlock Template identifier for qualified eID"});
@@ -75,11 +76,11 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 				
 				//build DataURL for qualified eID response
 				String dataURL = new DataURLBuilder().buildDataURL(
-						pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_DATAURL, pendingReq.getRequestID());
+						pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_DATAURL, pendingReq.getPendingRequestId());
 				
 				//build qualifiedeID command
 				Map<String, String> qualifiedeIDParams = new HashMap<String, String>();
-				qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID, oaConfig.getPublicURLPrefix());
+				qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID, oaConfig.getUniqueIdentifier());
 				qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME, oaConfig.getFriendlyName());			
 				//qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE, UUID.randomUUID().toString());
 
@@ -95,11 +96,11 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 								
 				//open http client
 				SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(
-						authConfig,
+						moaAuthConfig,
 						vdaQualeIDUrl);
 				CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient(
 						sslFactory,
-						authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true));
+						moaAuthConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true));
 				
 				//build post request
 				HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build());								
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
index 2ad19e088..325e1906d 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -13,7 +13,6 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.http.entity.ContentType;
-import org.jose4j.keys.X509Util;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
@@ -22,12 +21,14 @@ import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 import com.google.gson.JsonSyntaxException;
 
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
 import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
-import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils;
 import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception;
@@ -38,14 +39,11 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moaspss.logging.Logger;
-import iaik.esi.sva.util.X509Utils;
-import iaik.utils.Util;
 
 @Component("ReceiveQualeIDTask")
 public class ReceiveQualeIDTask extends AbstractAuthServletTask {
@@ -55,7 +53,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
 			throws TaskExecutionException {
-		
+		 
 		Logger.debug("Receiving SL2.0 response process .... ");
 		try {
 			//get SL2.0 command or result from HTTP request
@@ -131,7 +129,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				
 				
 				//add into session
-				defaultTaskInitialization(request, executionContext);
+				AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
 				moasession.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink());
 				moasession.setBkuURL(ccsURL);
 				//TODO: from AuthBlock
@@ -143,13 +141,14 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				pendingReq.setAuthenticated(true);
 								
 				//store pending request
+				pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 				requestStoreage.storePendingRequest(pendingReq);
 								
 				//create response 
 				Map<String, String> reqParameters = new HashMap<String, String>();
-				reqParameters.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID());
+				reqParameters.put(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID, pendingReq.getPendingRequestId());
 				JsonObject callReqParams = SL20JSONBuilderUtils.createCallCommandParameters(
-						new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT, null), 
+						new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.ENDPOINT_FINALIZEPROTOCOL, null), 
 						SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, 
 						false, 
 						reqParameters);
@@ -161,7 +160,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 								
 				//build second redirect command for IDP
 				JsonObject redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters(
-						new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT, null), 
+						new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.ENDPOINT_FINALIZEPROTOCOL, null), 
 						redirectOneCommand, null, true);
 				JsonObject redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams);
 				
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java
index f65694703..b9d08a20f 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java
@@ -22,8 +22,8 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.ssotransfer;
 
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 
 /**
  * @author tlenz
@@ -49,7 +49,7 @@ public class SSOTransferAuthModuleImpl implements AuthModule{
 		this.priority = priority;
 	}
 	
-	/* (non-Javadoc)
+	/* (non-Javadoc) 
 	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
 	 */
 	@Override
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
index 1a1d06479..5a17d6123 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
@@ -28,7 +28,6 @@ import java.util.List;
 
 import org.w3c.dom.Element;
 
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
@@ -36,13 +35,14 @@ import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.data.AuthenticationRole;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
  * @author tlenz
  *
- */
-public class SSOTransferAuthenticationData implements IAuthData {
+ */ 
+public class SSOTransferAuthenticationData implements IMOAAuthData {
 
 	private IAuthenticationSession authSession = null;
 	boolean isIDPPrivateService = true;
@@ -55,21 +55,38 @@ public class SSOTransferAuthenticationData implements IAuthData {
 		
 	}
 	
-	
 	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.IAuthData#getIssueInstant()
+	 * @see at.gv.egovernment.moa.id.data.IAuthData#isBaseIDTransferRestrication()
 	 */
 	@Override
-	public Date getIssueInstant() {
+	public boolean isBaseIDTransferRestrication() {
+		return this.isIDPPrivateService;
+	}
+
+
+	@Override
+	public Date getAuthenticationIssueInstant() {
 		// TODO Auto-generated method stub
 		return null;
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.IAuthData#getIssuer()
-	 */
+
 	@Override
-	public String getIssuer() {
+	public String getAuthenticationIssueInstantString() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+
+	@Override
+	public String getAuthenticationIssuer() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+
+	@Override
+	public String getCiticenCountryCode() {
 		// TODO Auto-generated method stub
 		return null;
 	}
@@ -327,15 +344,6 @@ public class SSOTransferAuthenticationData implements IAuthData {
 		return false;
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.IAuthData#getCcc()
-	 */
-	@Override
-	public String getCcc() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.data.IAuthData#getEIDASQAALevel()
 	 */
@@ -354,13 +362,17 @@ public class SSOTransferAuthenticationData implements IAuthData {
 		return this.authSession.getGenericDataFromSession(key, clazz);
 	}
 
+	@Override
+	public String getInterfederatedIDP() {
+		// TODO Auto-generated method stub
+		return null;
+	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.IAuthData#isBaseIDTransferRestrication()
-	 */
 	@Override
-	public boolean isBaseIDTransferRestrication() {
-		return this.isIDPPrivateService;
+	public boolean isInterfederatedSSOSession() {
+		// TODO Auto-generated method stub
+		return false;
 	}
 
+
 }
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
index 8656c1224..a866f3939 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
@@ -27,7 +27,7 @@ import java.util.Collection;
 import java.util.List;
 import java.util.Map;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
 import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
@@ -35,7 +35,7 @@ import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 
 /**
- * @author tlenz
+ * @author tlenz 
  *
  */
 public class SSOTransferOnlineApplication implements IOAAuthParameters {
@@ -391,37 +391,60 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters {
 	}
 
 	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#hasBaseIdInternalProcessingRestriction()
+	 * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifierFriendlyName()
 	 */
 	@Override
-	public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException {
-		return false;
+	public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#hasBaseIdTransferRestriction()
-	 */
 	@Override
-	public boolean hasBaseIdTransferRestriction() throws ConfigurationException {
+	public boolean containsConfigurationKey(String arg0) {
+		// TODO Auto-generated method stub
 		return false;
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifier()
-	 */
 	@Override
-	public String getAreaSpecificTargetIdentifier() throws ConfigurationException {
+	public String getMinimumLevelOfAssurence() {
 		// TODO Auto-generated method stub
 		return null;
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifierFriendlyName()
-	 */
 	@Override
-	public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException {
+	public List<String> getTargetsWithNoBaseIdInternalProcessingRestriction() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getTargetsWithNoBaseIdTransferRestriction() {
 		// TODO Auto-generated method stub
 		return null;
 	}
 
+	@Override
+	public String getUniqueIdentifier() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getAreaSpecificTargetIdentifier() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean hasBaseIdInternalProcessingRestriction() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean hasBaseIdTransferRestriction() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
 }
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
index 055a49bd2..9f910d598 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
@@ -74,6 +74,7 @@ import com.google.gson.JsonParser;
 
 import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
@@ -87,6 +88,7 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -138,7 +140,7 @@ public class SSOTransferServlet{
 	 * @throws IOException
 	 */
 	@RequestMapping(value = {	"/TestTransferSSOSession"
-							}, 
+							},  
 							method = {RequestMethod.GET})
 	public void testTransferSSOSessionGUIWithoutAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {				
 		try {
@@ -267,6 +269,14 @@ public class SSOTransferServlet{
 				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
 				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
 				
+			} catch (ConfigurationException e) {
+				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
+			
+			} catch (EAAFException e) {
+				Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e);
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
+				
 			}
 							
 		} else {
@@ -367,6 +377,11 @@ public class SSOTransferServlet{
 			} catch (NoSuchPaddingException e) {
 				e.printStackTrace();
 				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
+			
+			} catch (EAAFException e) {
+				e.printStackTrace();
+				resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage()));
+				
 			}
 			
 			
@@ -405,10 +420,10 @@ public class SSOTransferServlet{
 			if (ssomanager.isValidSSOSession(ssoid, null)) {
 				//create first step of SSO Transfer GUI
 								
-				IAuthenticationSession authSession = authenticationSessionStorage.getInternalMOASessionWithSSOID(ssoid);
-				if(authSession != null) {
+				String ssoSessionId = authenticationSessionStorage.getInternalSSOSessionWithSSOID(ssoid);
+				if(ssoSessionId != null) {
 					internalCreateQRCodeForTransfer(resp, authURL, 
-							authSession.getSessionID(), 
+							ssoSessionId, 
 							SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE, config);
 						
 					return;
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
index 2b53a1e75..95590b51a 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
@@ -34,6 +34,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
@@ -45,7 +46,6 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 
@@ -61,7 +61,7 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask {
 	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
-	 */
+	 */ 
 	@Override
 	public void execute(ExecutionContext executionContext,
 			HttpServletRequest request, HttpServletResponse response)
@@ -86,7 +86,7 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask {
 			String nonce = Random.nextLongRandom();
 			
 			GUIUtils.buildSSOTransferGUI(guiBuilder, response, authURL, 
-					pendingReq.getRequestID(), nonce, dhKeyIDP.getF());
+					pendingReq.getPendingRequestId(), nonce, dhKeyIDP.getF());
 			
 			//store DH params and nonce to pending-request
 			SSOTransferContainer container = new SSOTransferContainer();
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
index 72ed9c7be..f1075f060 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
@@ -27,6 +27,7 @@ import java.io.IOException;
 import java.io.PrintWriter;
 import java.math.BigInteger;
 import java.security.MessageDigest;
+import java.util.Date;
 
 import javax.crypto.Cipher;
 import javax.crypto.spec.DHPublicKeySpec;
@@ -44,17 +45,19 @@ import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 
 import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.logging.Logger;
@@ -72,7 +75,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 	@Autowired SSOContainerUtils ssoTransferUtils;
 	@Autowired IGUIFormBuilder guiBuilder;
 	
-	/* (non-Javadoc)
+	/* (non-Javadoc) 
 	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
 	@Override
@@ -186,8 +189,10 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 				Logger.debug("MobileDevice is valid. --> Starting session reconstruction ...");
 		    					
 		    	//transfer SSO Assertion into MOA-Session
-		    	ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, pendingReq.getMOASession(), attributeExtractor);
-		    		
+				AuthenticationSession moaSession = new AuthenticationSession("1235", new Date());
+		    	ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moaSession, attributeExtractor);
+		    	pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession());
+		    	
 		    	// store MOASession into database
 		    	requestStoreage.storePendingRequest(pendingReq);
 		    		
@@ -244,15 +249,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 				
 			} else {
 		    	//session is valid --> load MOASession object
-		    	try {
-					defaultTaskInitialization(request, executionContext);
-								
-				} catch (MOAIDException | MOADatabaseException e1) {
-					Logger.error("Database Error! MOASession is not stored!");
-					throw new TaskExecutionException(pendingReq, "Load MOASession FAILED.", e1);
-					
-				}
-				
+
+				IAuthenticationSession moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());			    
 				DateTime moaSessionCreated = new DateTime(moasession.getSessionCreated().getTime());
 				if (moaSessionCreated.plusMinutes(1).isBeforeNow()) {
 					Logger.warn("No SSO session-container received. Stop authentication process after time-out.");
@@ -274,7 +272,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 						}	
 						
 						GUIUtils.buildSSOTransferGUI(guiBuilder, response, 
-								authURL, pendingReq.getRequestID(), nonce, container.getDhParams().getF());
+								authURL, pendingReq.getPendingRequestId(), nonce, container.getDhParams().getF());
 						
 					} catch (IOException | MOAIDException e) {
 						throw new TaskExecutionException(pendingReq, e.getMessage(), e);
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
index fac59ed4e..1a4a9b80b 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
@@ -30,11 +30,11 @@ import javax.servlet.http.HttpServletResponse;
 
 import com.google.gson.JsonObject;
 
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
 import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
 import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
@@ -71,7 +71,7 @@ public class GUIUtils {
 		try {
 			String containerURL = authURL
 					+ SSOTransferConstants.SERVLET_SSOTRANSFER_FROM_SMARTPHONE
-					+ "?" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + requestID;
+					+ "?" + EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID + "=" + requestID;
 		
 			
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
index 5c85fd8b0..189fcd2f6 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
@@ -97,9 +97,8 @@ import org.w3c.dom.NodeList;
 
 import com.google.gson.JsonObject;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
@@ -108,11 +107,13 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferAuthent
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferOnlineApplication;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
@@ -366,7 +367,7 @@ public class SSOContainerUtils {
 			
 			String sessionIndex = SAML2Utils.getSecureIdentifier();
 
-			IAuthData authData = new SSOTransferAuthenticationData(authConfig, authSession);
+			IMOAAuthData authData = new SSOTransferAuthenticationData(authConfig, authSession);
 			
 			Assertion assertion = PVP2AssertionBuilder.buildGenericAssertion(
 					entityID,
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java
index 6bf6652c8..4068d2d99 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java
@@ -22,9 +22,9 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.federatedauth;
 
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 
 /**
  * @author tlenz
@@ -39,7 +39,7 @@ public class FederatedAuthenticationModuleImpl implements AuthModule {
 	public int getPriority() {
 		// TODO Auto-generated method stub
 		return 0;
-	}
+	} 
 
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
index 4ae255d1d..717099a8d 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
@@ -35,16 +35,16 @@ import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthnRequestBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildException;
@@ -59,7 +59,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
  */
 @Component("CreateFederatedAuthnRequestTask")
 public class CreateAuthnRequestTask extends AbstractAuthServletTask {
-
+ 
 	@Autowired PVPAuthnRequestBuilder authnReqBuilder;
 	@Autowired FederatedAuthCredentialProvider credential;
 	@Autowired(required=true) MOAMetadataProvider metadataProvider;
@@ -72,7 +72,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			throws TaskExecutionException {
 		try{
 			// get IDP entityID
-			String idpEntityID = pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class);
+			String idpEntityID = pendingReq.getGenericData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class);
 					
 			if (MiscUtil.isEmpty(idpEntityID)) {
 				Logger.info("Interfederation not possible -> not inderfederation IDP EntityID found!");
@@ -81,7 +81,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			}
 			
 			//load IDP configuration from MOA-ID Configuration
-			IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(idpEntityID);
+			IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(idpEntityID, IOAAuthParameters.class);
 			//validate IDP
 			if (!idpConfig.isInderfederationIDP() || !idpConfig.isInboundSSOInterfederationAllowed()) {
 				Logger.info("Requested interfederation IDP " + idpEntityID + " is not valid for interfederation.");
@@ -156,7 +156,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 	}
 	
 	private String evaluateRequiredQAALevel() {
-		IOAAuthParameters sp = pendingReq.getOnlineApplicationConfiguration();
+		IOAAuthParameters sp = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
 				
 		//check if STORK protocol module is in ClassPath
 		Object storkRequst = null;
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
index 2fc1ec053..c20342a11 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.tasks;
 import java.io.IOException;
 import java.util.Arrays;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.List;
 import java.util.Set;
 
@@ -41,11 +42,12 @@ import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
@@ -53,11 +55,10 @@ import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
@@ -65,9 +66,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnResponseValidationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
@@ -89,7 +88,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
 public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 
 	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
-	@Autowired private FederatedAuthCredentialProvider credentialProvider;
+	@Autowired private FederatedAuthCredentialProvider credentialProvider; 
 	@Autowired private SSOManager ssoManager;
 	@Autowired private AttributQueryBuilder attributQueryBuilder;
 	@Autowired private AuthenticationDataBuilder authDataBuilder;
@@ -133,7 +132,9 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 					comperator);
 			 
 			if (MiscUtil.isEmpty(msg.getEntityID())) {
-				throw new InvalidProtocolRequestException("sp.pvp2.04", new Object[] {FederatedAuthConstants.MODULE_NAME_FOR_LOGGING});
+				throw new InvalidProtocolRequestException("sp.pvp2.04", 
+						new Object[] {FederatedAuthConstants.MODULE_NAME_FOR_LOGGING},
+						"NO configuration for SP entityID: " + msg.getEntityID());
 				
 			}
 
@@ -150,8 +151,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);
 			
 			//load IDP and SP configuration
-			IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(msg.getEntityID());
-			IOAAuthParameters spConfig = pendingReq.getOnlineApplicationConfiguration();
+			IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class);
+			IOAAuthParameters spConfig = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
 			
 			//check if response Entity is valid
 			if (!idpConfig.isInderfederationIDP()) {
@@ -161,10 +162,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 								msg.getEntityID()});
 				
 			}
-			
-			//load MOASession from database
-			defaultTaskInitialization(request, executionContext);
-			
+						
 			//initialize Attribute extractor
 			AssertionAttributeExtractor extractor = 
 					new AssertionAttributeExtractor((Response) processedMsg.getResponse());
@@ -187,7 +185,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 				//SP is real Service-Provider  --> check attributes in response 
 				// and start Attribute-Query if required 
 												
-				getAuthDataFromInterfederation(extractor, pendingReq.getOnlineApplicationConfiguration(), 
+				getAuthDataFromInterfederation(extractor, pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class), 
 						idpConfig);	
 
 				//store federatedIDP to MOASession
@@ -199,8 +197,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			}
 
 			//store valid assertion into pending-request
-			pendingReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg);
-			pendingReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID());
+			pendingReq.setGenericDataToSession(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg);
+			pendingReq.setGenericDataToSession(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID());
 			
 			//store pending-request
 			requestStoreage.storePendingRequest(pendingReq);
@@ -225,13 +223,21 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 		} catch (AssertionValidationExeption | AuthnResponseValidationException e) {
 			Logger.info("PVP response validation FAILED. Msg:" + e.getMessage());			
 			if (msg != null) {
-				IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(msg.getEntityID());
-				
-				//remove federated IDP from SSO session if exists
-				ssoManager.removeInterfederatedSSOIDP(msg.getEntityID(), request);
+				IOAAuthParameters idpConfig = null;
+				try {					
+					idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class);
+					//remove federated IDP from SSO session if exists
+					ssoManager.removeInterfederatedSSOIDP(msg.getEntityID(), request);
+					
+					//select next step
+					handleAuthnResponseValidationProblem(executionContext, idpConfig, e);
+					
+				} catch (EAAFConfigurationException e1) {
+					Logger.error("Can not handle error during an internal problem. ", e1);
+					throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
+					
+				}
 				
-				//select next step
-				handleAuthnResponseValidationProblem(executionContext, idpConfig, e);
 								
 			} else
 				throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
@@ -256,22 +262,25 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 		
 		try {
 			Logger.debug("Service Provider is no federated IDP --> start Attribute validation or requesting ... ");
-			Collection<String> requestedAttr = pendingReq.getRequestedAttributes(metadataProvider);
+			
+			//TODO!!!!!
+			//Collection<String> requestedAttr = pendingReq.getRequestedAttributes(metadataProvider);
+			Collection<String> requestedAttr = Collections.emptyList();
 						
 			//check if SAML2 Assertion contains a minimal set of attributes
 			
 			//TODO: switch back to correct attribute query
 			if (!extractor.containsAllRequiredAttributes() 
-					&& !extractor.containsAllRequiredAttributes(minimalIDLAttributeNamesList)) {
+					&& !extractor.containsAllRequiredAttributes(minimalIDLAttributeNamesList) ) {
 				Logger.info("Received assertion does no contain a minimum set of attributes. Starting AttributeQuery process ...");				
 				
 				//build attributQuery request
 				List<Attribute> attributs = 
 						attributQueryBuilder.buildSAML2AttributeList(spConfig, requestedAttr.iterator());
 			
-				//request IDP to get additional attributes
-				extractor = authDataBuilder.getAuthDataFromAttributeQuery(attributs, extractor.getNameID(), 
-						idpConfig, pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_METADATA);
+//				//request IDP to get additional attributes
+//				extractor = authDataBuilder.getAuthDataFromAttributeQuery(attributs, extractor.getNameID(), 
+//						idpConfig, pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_METADATA);
 								
 			} else {
 				Logger.info("Interfedation response include a minimal set of attributes with are required. Skip AttributQuery request step. ");
@@ -303,29 +312,23 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 					}					
 				} 
 				
-				moasession.setGenericDataToSession(el, value);				
+				pendingReq.setGenericDataToSession(el, value);				
 				Logger.debug("Add PVP-attribute " + el + " into MOASession");
 				
 			}
 			
 			//set validTo from this federated IDP response
-			moasession.setGenericDataToSession(
+			pendingReq.setGenericDataToSession(
 					AuthenticationSessionStorageConstants.FEDERATION_RESPONSE_VALIDE_TO, 
 					extractor.getAssertionNotOnOrAfter());
 									
-		} catch (AttributQueryException e) {
-			throw new BuildException("builder.06", null, e);
-			
-		} catch (SessionDataStorageException e) {
-			throw new BuildException("builder.06", null, e);
-			
 		} catch (AssertionValidationExeption e) {
 			throw new BuildException("builder.06", null, e);
 			
-		} catch (AssertionAttributeExtractorExeption e) {
+		} catch (MOAIDException e) {
 			throw new BuildException("builder.06", null, e);
 			
-		} catch (MOAIDException e) {
+		} catch (EAAFStorageException e) {
 			throw new BuildException("builder.06", null, e);
 			
 		}
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
index aac253083..9ef02935b 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
@@ -27,6 +27,7 @@ import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
 import at.gv.egovernment.moa.util.FileUtils;
 
@@ -43,9 +44,9 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider
 	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath()
 	 */
 	@Override
-	public String getKeyStoreFilePath() {
+	public String getKeyStoreFilePath() throws ConfigurationException {
 		return FileUtils.makeAbsoluteURL(
-					authConfig.getBasicMOAIDConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTORE), 
+					authConfig.getBasicConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTORE), 
 					authConfig.getRootConfigFileDir());
 	}
 
@@ -54,7 +55,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider
 	 */
 	@Override
 	public String getKeyStorePassword() {
-		return authConfig.getBasicMOAIDConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim();
+		return authConfig.getBasicConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim();
 
 	}
 
@@ -63,7 +64,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider
 	 */
 	@Override
 	public String getMetadataKeyAlias() {
-		return authConfig.getBasicMOAIDConfiguration(
+		return authConfig.getBasicConfiguration(
 				FederatedAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD).trim();
 	}
 
@@ -72,7 +73,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider
 	 */
 	@Override
 	public String getMetadataKeyPassword() {
-		return authConfig.getBasicMOAIDConfiguration(
+		return authConfig.getBasicConfiguration(
 				FederatedAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD).trim();
 	}
 
@@ -81,7 +82,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider
 	 */
 	@Override
 	public String getSignatureKeyAlias() {
-		return authConfig.getBasicMOAIDConfiguration(
+		return authConfig.getBasicConfiguration(
 				FederatedAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD).trim();
 	}
 
@@ -90,7 +91,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider
 	 */
 	@Override
 	public String getSignatureKeyPassword() {
-		return authConfig.getBasicMOAIDConfiguration(
+		return authConfig.getBasicConfiguration(
 				FederatedAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD).trim();
 	}
 
@@ -99,7 +100,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider
 	 */
 	@Override
 	public String getEncryptionKeyAlias() {
-		return authConfig.getBasicMOAIDConfiguration(
+		return authConfig.getBasicConfiguration(
 				FederatedAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD).trim();
 	}
 
@@ -108,7 +109,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider
 	 */
 	@Override
 	public String getEncryptionKeyPassword() {
-		return authConfig.getBasicMOAIDConfiguration(
+		return authConfig.getBasicConfiguration(
 				FederatedAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD).trim();
 	}
 
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index f6c8cb6e3..7ab222fa0 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -32,7 +32,6 @@ import java.util.List;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
 import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
@@ -41,7 +40,7 @@ import at.gv.egovernment.moa.util.StringUtils;
 
 /**
  * Builder for the authentication data <code>&lt;saml:Assertion&gt;</code>
- * to be provided by the MOA ID Auth component.
+ * to be provided by the MOA ID Auth component. 
  *
  * @author Paul Ivancsics
  * @version $Id$
@@ -277,8 +276,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
     	if (!useCondition) {
     		assertion = MessageFormat.format(AUTH_DATA, new Object[] {
     		        authData.getAssertionID(), 
-    		        authData.getIssuer(), 
-    		        authData.getIssueInstantString(), 
+    		        authData.getAuthenticationIssuer(), 
+    		        authData.getAuthenticationIssueInstantString(), 
     		        pkType,
     		        pkValue, 
     		        StringUtils.removeXMLDeclaration(xmlAuthBlock), 
@@ -302,8 +301,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
     		
     		assertion = MessageFormat.format(AUTH_DATA_WITH_CONDITIONS, new Object[] {
     		        authData.getAssertionID(), 
-    		        authData.getIssuer(), 
-    		        authData.getIssueInstantString(), 
+    		        authData.getAuthenticationIssuer(), 
+    		        authData.getAuthenticationIssueInstantString(), 
     		        notBefore,
     		        notOnOrAfter,
     		        pkType,
@@ -400,8 +399,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
     	if (!useCondition) {
     		assertion = MessageFormat.format(AUTH_DATA_MANDATE, new Object[] {
     		        authData.getAssertionID(), 
-    		        authData.getIssuer(), 
-    		        authData.getIssueInstantString(), 
+    		        authData.getAuthenticationIssuer(), 
+    		        authData.getAuthenticationIssueInstantString(), 
     		        pkType,
     		        pkValue, 
     		        StringUtils.removeXMLDeclaration(xmlAuthBlock), 
@@ -426,8 +425,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
     		
     		assertion = MessageFormat.format(AUTH_DATA_MANDATE_WITH_CONDITIONS, new Object[] {
     		        authData.getAssertionID(), 
-    		        authData.getIssuer(), 
-    		        authData.getIssueInstantString(),
+    		        authData.getAuthenticationIssuer(), 
+    		        authData.getAuthenticationIssueInstantString(),
     		        notBefore,
     		        notOnOrAfter,
     		        pkType,
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 99d5d9063..3452da003 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -28,15 +28,15 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
-import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.URLEncoder;
@@ -49,9 +49,9 @@ public class GetArtifactAction implements IAction {
 	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
 			HttpServletResponse httpResp, IAuthData obj) throws AuthenticationException {
 			
-		String oaURL = (String) req.getOAURL();
+		String oaURL = (String) req.getSPEntityId();
 		
-		String sourceID = null;
+		String sourceID = null; 
 		if (req instanceof SAML1RequestImpl) {
 			SAML1RequestImpl saml1req = (SAML1RequestImpl) req;
 			sourceID = saml1req.getSourceID();
@@ -68,7 +68,7 @@ public class GetArtifactAction implements IAction {
 		}
 					
 		try {
-			IOAAuthParameters oaParam = req.getOnlineApplicationConfiguration();
+			IOAAuthParameters oaParam = req.getServiceProviderConfiguration(IOAAuthParameters.class);
 								
 			//TODO: add eIDAS to SAML1 protocol if it is really necessary
 			
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index 13df30862..85e2107c6 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -72,15 +72,14 @@ import org.xml.sax.SAXException;
 
 import com.google.common.net.MediaType;
 
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
-import at.gv.egovernment.moa.id.auth.servlet.AbstractController;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
@@ -98,7 +97,7 @@ import at.gv.egovernment.moa.util.XPathUtils;
  * since SAML1 is deprecated MOA-ID >= 2.0.0 
  * 
  * @author tlenz
- */
+ */ 
 @Controller
 public class GetAuthenticationDataService extends AbstractController implements Constants {
 
@@ -280,9 +279,7 @@ public class GetAuthenticationDataService extends AbstractController implements
 					try {
 						Throwable error = saml1AuthServer.getErrorResponse(samlArtifact);
 						statusCode = "samlp:Responder";
-						
-						ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
-						
+												
 						if (error instanceof MOAIDException) {
 							statusMessageCode = ((MOAIDException)error).getMessageId();
 							statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage());
@@ -291,8 +288,9 @@ public class GetAuthenticationDataService extends AbstractController implements
 							statusMessage = StringEscapeUtils.escapeXml(error.getMessage());
 							
 						}							
-						subStatusCode = errorUtils.getResponseErrorCode(error);
-															
+						subStatusCode = statusMessager.getResponseErrorCode(error);
+											
+						
 					} catch (Exception e) {
 						//no authentication data for given SAML artifact
 						statusCode = "samlp:Requester";
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index bf4a55e46..1be3e3daa 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -43,6 +43,11 @@ import org.xml.sax.SAXException;
 
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
@@ -57,17 +62,12 @@ import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
 import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.storage.ITransactionStorage;
-import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
@@ -86,7 +86,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 		
 	@Autowired private ITransactionStorage authenticationDataStore;
 	
-	/**
+	/** 
 	 * time out in milliseconds used by {@link cleanup} for authentication data
 	 * store
 	 */
@@ -103,8 +103,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 		}
 		Throwable error = null;
 		try {
-			error = authenticationDataStore
-					.get(samlArtifact, Throwable.class);
+			error = authenticationDataStore.get(samlArtifact, Throwable.class);
 			
 			if (error == null) {
 				Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
@@ -114,7 +113,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 				
 			authenticationDataStore.remove(samlArtifact);
 				
-		} catch (MOADatabaseException e) {
+		} catch (EAAFException e) {
 			Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
 			throw new AuthenticationException("1206", new Object[] { samlArtifact });
 		}
@@ -189,7 +188,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 			}
 				
 				
-		} catch (MOADatabaseException e) {
+		} catch (EAAFException e) {
 			Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
 			throw new AuthenticationException("1206", new Object[] { samlArtifact });
 		}		
@@ -201,10 +200,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 	}
 	
 	public String BuildErrorAssertion(Throwable error, IRequest protocolRequest) 
-			throws BuildException, MOADatabaseException {
+			throws EAAFException {
 		
 		String samlArtifact = new SAMLArtifactBuilder().build(
-				protocolRequest.getOAURL(), protocolRequest.getRequestID(),
+				protocolRequest.getSPEntityId(), protocolRequest.getPendingRequestId(),
 				null);
 		
 		authenticationDataStore.put(samlArtifact, error, authDataTimeOut);
@@ -428,7 +427,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 			//authData.setSamlAssertion(samlAssertion);
 				
 			String samlArtifact = new SAMLArtifactBuilder().build(
-			authData.getIssuer(), Random.nextRandom(),
+			authData.getAuthenticationIssuer(), Random.nextRandom(),
 			sourceID);
 			
 			storeAuthenticationData(samlArtifact, samlAssertion);
@@ -443,7 +442,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 
 	}
 
-	private String generateMandateDate(IOAAuthParameters oaParam, AuthenticationData authData
+	private String generateMandateDate(IOAAuthParameters oaParam, MOAAuthenticationData authData
 			) throws AuthenticationException, BuildException,
 			ParseException, ConfigurationException, ServiceException,
 			ValidateException {
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 8dfe10268..54b137ce1 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -37,8 +37,10 @@ import org.springframework.web.bind.annotation.RequestMethod;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
-import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
@@ -47,7 +49,6 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -60,7 +61,7 @@ import at.gv.egovernment.moa.util.URLEncoder;
  * @deprecated
  * @author tlenz
  *
- */
+ */ 
 
 @Controller
 public class SAML1Protocol extends AbstractAuthProtocolModulController implements IModulInfo {
@@ -99,15 +100,15 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
 
 	
 	@RequestMapping(value = "/StartAuthentication", method = {RequestMethod.POST, RequestMethod.GET})
-	public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException {		
-		if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) {
-			Logger.info("SAML1 is deaktivated!");
-			throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" });
-			
-		}
+	public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {		
+//		if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) {
+//			Logger.info("SAML1 is deaktivated!");
+//			throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" });
+//			
+//		}
 		
 		SAML1RequestImpl pendingReq = applicationContext.getBean(SAML1RequestImpl.class);
-		pendingReq.initialize(req);
+		pendingReq.initialize(req, authConfig);
 		pendingReq.setModule(NAME);
 	
 		revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
@@ -128,15 +129,15 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
 	
 	
 	public void preProcess(HttpServletRequest request,
-			HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException {
+			HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException, InvalidProtocolRequestException, EAAFConfigurationException, EAAFStorageException {
 		try {	
-			String oaURL = (String) request.getParameter(PARAM_OA);
+			String oaURL = (String) request.getParameter(MOAIDAuthConstants.PARAM_OA);
 			//oaURL = StringEscapeUtils.escapeHtml(oaURL);
 			
-			String target = (String) request.getParameter(PARAM_TARGET);
+			String target = (String) request.getParameter(MOAIDAuthConstants.PARAM_TARGET);
 			target = StringEscapeUtils.escapeHtml(target);
 			
-			String sourceID = request.getParameter(PARAM_SOURCEID);
+			String sourceID = request.getParameter(MOAIDAuthConstants.PARAM_SOURCEID);
 			sourceID = StringEscapeUtils.escapeHtml(sourceID);
 			
 			//the target parameter is used to define the OA in SAML1 standard
@@ -147,35 +148,35 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
 			
 			if (MiscUtil.isEmpty(oaURL)) {
 				Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!");
-				throw new WrongParametersException("StartAuthentication", PARAM_OA,
+				throw new WrongParametersException("StartAuthentication", MOAIDAuthConstants.PARAM_OA,
 						"auth.12");
 				
 			}
 			
 			if (!ParamValidatorUtils.isValidOA(oaURL))
-				throw new WrongParametersException("StartAuthentication", PARAM_OA,
+				throw new WrongParametersException("StartAuthentication", MOAIDAuthConstants.PARAM_OA,
 						"auth.12");
 			
-			pendingRequest.setOAURL(oaURL);
+			pendingRequest.setSPEntityId(oaURL);
 			
 			Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL);
 			
 		    if (!ParamValidatorUtils.isValidSourceID(sourceID))
-	            throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");
+	            throw new WrongParametersException("StartAuthentication", MOAIDAuthConstants.PARAM_SOURCEID, "auth.12");
 			
 			
 			//load Target only from OA config
-			IOAAuthParameters oaParam = authConfig.getOnlineApplicationParameter(oaURL);
+			IOAAuthParameters oaParam = authConfig.getServiceProviderConfiguration(oaURL, IOAAuthParameters.class);
 			
 			if (oaParam == null)
 				throw new InvalidProtocolRequestException("auth.00",
-						new Object[] { null });
+						new Object[] { null }, "No Online-Application configuration found");
 					
 			SAML1ConfigurationParameters saml1 = oaParam.getSAML1Parameter();
 			if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) {
 				Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication.");
 				throw new InvalidProtocolRequestException("auth.00",
-						new Object[] { null });
+						new Object[] { null }, "OA: " + oaURL + " can not used with SAML1");
 			}
 			pendingRequest.setOnlineApplicationConfiguration(oaParam);
 			
@@ -213,7 +214,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
 			pendingRequest.setAction(GetArtifactAction.class.getName());
 			
 		} catch (WrongParametersException e) {
-			throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters());
+			throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), "SAML1 parameter validation FAILED");
 			
 		} catch (InvalidProtocolRequestException e) {
 			throw e;
@@ -226,15 +227,15 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
 			HttpServletRequest request, HttpServletResponse response,
 			IRequest protocolRequest) 
 					throws Throwable{
-		if (!protocolRequest.getOnlineApplicationConfiguration().getSAML1Parameter().isProvideAllErrors())
+		if (!protocolRequest.getServiceProviderConfiguration(IOAAuthParameters.class).getSAML1Parameter().isProvideAllErrors())
 			return false;
 		
 		else {	
 			String samlArtifactBase64 = saml1AuthServer.BuildErrorAssertion(e, protocolRequest);
 		
 			String url = protocolRequest.getAuthURL() + "/RedirectServlet";
-			url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8"));
-			url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+			url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getSPEntityId(), "UTF-8"));
+			url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
 			url = response.encodeRedirectURL(url);
 		
 			response.setContentType("text/html");
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
index 1d3525626..4d3e60dd7 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
@@ -22,18 +22,11 @@
  */
 package at.gv.egovernment.moa.id.protocols.saml1;
 
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
-import at.gv.egovernment.moa.id.moduls.RequestImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 
 /**
  * @author tlenz
@@ -45,7 +38,7 @@ public class SAML1RequestImpl extends RequestImpl {
 
 	private static final long serialVersionUID = -4961979968425683115L;
 	
-	private String sourceID = null;
+	private String sourceID = null; 
 	private String target = null;
 	
 	/**
@@ -78,29 +71,29 @@ public class SAML1RequestImpl extends RequestImpl {
 		this.target = target;
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
-	 */
-	@Override
-	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
-		
-		List<String> reqAttr = new ArrayList<String>();
-		reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION);
-		
-		SAML1ConfigurationParameters saml1 = this.getOnlineApplicationConfiguration().getSAML1Parameter();
-		if (saml1 != null) {
-			if (saml1.isProvideAUTHBlock())
-				reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME);
-			
-			if (saml1.isProvideCertificate())
-				reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME);
-			
-			if (saml1.isProvideFullMandatorData())
-				reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME);
-		}
-				
-		return reqAttr;
-		
-	}
+//	/* (non-Javadoc)
+//	 * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+//	 */
+//	@Override
+//	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
+//		
+//		List<String> reqAttr = new ArrayList<String>();
+//		reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION);
+//		
+//		SAML1ConfigurationParameters saml1 = this.getOnlineApplicationConfiguration().getSAML1Parameter();
+//		if (saml1 != null) {
+//			if (saml1.isProvideAUTHBlock())
+//				reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME);
+//			
+//			if (saml1.isProvideCertificate())
+//				reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME);
+//			
+//			if (saml1.isProvideFullMandatorData())
+//				reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME);
+//		}
+//				
+//		return reqAttr;
+//		
+//	}
 
 }
diff --git a/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java b/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java
index 961c8d0b5..4591e456f 100644
--- a/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java
+++ b/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java
@@ -46,9 +46,9 @@
 
 package test.at.gv.egovernment.moa.id.auth.parser;
 
+import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
 import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
-import at.gv.egovernment.moa.id.util.Random;
 import test.at.gv.egovernment.moa.id.UnitTestCase;
 
 /*
@@ -63,7 +63,7 @@ public class SAMLArtifactParserTest extends UnitTestCase {
   public SAMLArtifactParserTest(String name) {
     super(name);
   }
-
+ 
   public void testParseTypeCode() throws Exception {
     String sessionID = Random.nextRandom();
     String samlArtifact = new SAMLArtifactBuilder().build(URL1, sessionID, null); 
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
index a616e80ad..3676ca7d7 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
@@ -94,8 +94,8 @@ public class DatabaseTestModule implements TestModuleInterface{
 	
 	private String testMOAAdvancedLoggingDatabase() {		
 		try {
-			statLogUtils.testConnection();
-		
+			statLogUtils.internalTesting();
+			
 			Logger.trace("Finish Test: AdvancedLoggingDataBase");
 			return null;
 			
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
index a56be1f46..e6dbcd89d 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
@@ -68,7 +68,7 @@ public class IdentityLinkTestModule implements TestModuleInterface {
 		Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
 				.build(identityLink, config
 						.getMoaSpIdentityLinkTrustProfileID(false));
-
+ 
 		// invokes the call
 		Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance()
 				.verifyXMLSignature(domVerifyXMLSignatureRequest);
diff --git a/pom.xml b/pom.xml
index c682d9eb8..6e5ee2fb8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,17 +22,17 @@
 		-->
 		
 			<!-- Project Version -->			
-			<moa-id-version>3.3.3-snapshot</moa-id-version>
+			<moa-id-version>4.0.0-snapshot</moa-id-version>
 			
-			<moa-id-version-final>3.3.3-snapshot</moa-id-version-final>			
-			<moa-id-version-edu>3.3.3-snapshot</moa-id-version-edu>			
+			<moa-id-version-final>4.0.0-snapshot</moa-id-version-final>			
+			<moa-id-version-edu>4.0.0-snapshot</moa-id-version-edu>			
 			
 			<moa-id-proxy-version>2.0.1</moa-id-proxy-version>
 			
-			<configtool-version>2.4.2-snapshot</configtool-version>
+			<configtool-version>3.0.0-snapshot</configtool-version>
 			<demo-oa-version>2.0.6</demo-oa-version>
 			
-			<moa-id-module-elga_mandate_client>1.3</moa-id-module-elga_mandate_client>
+			<moa-id-module-elga_mandate_client>1.3.1</moa-id-module-elga_mandate_client>
 
 			<!-- =================================================================================== -->
 			<eaaf-core.version>1.0.0-snapshot</eaaf-core.version>							
-- 
cgit v1.2.3


From 5d46366bfebd7bc38d7df3d648bf03bd29700a2e Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 15 Jun 2018 13:16:19 +0200
Subject: fix first refactoring problems

---
 .../egovernment/moa/id/util/PVPtoSTORKMapper.java  | 174 +++++++++++++++++++++
 .../main/resources/moaid.authentication.beans.xml  |  26 +--
 .../main/resources/moaid.configuration.beans.xml   |   2 +
 ...ingExpressionAwareProcessEngineTest-context.xml |  24 +--
 .../moa/id/commons/utils/MOAIDMessageProvider.java |   8 +-
 id/server/moa-id-frontend-resources/pom.xml        |   4 +
 .../MOAIDGuiBilderConfigurationFactory.java        |  17 ++
 7 files changed, 219 insertions(+), 36 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
 create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
new file mode 100644
index 000000000..099a70470
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
@@ -0,0 +1,174 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.util;
+
+import java.io.IOException;
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.data.AuthenticationRole;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class PVPtoSTORKMapper {
+
+	private static final String PVP_SECCLASS_PREFIX = "http://www.ref.gv.at/ns/names/agiz/pvp/";
+	private static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/";
+	private static final String eIDAS_QAA_PREFIX = "http://eidas.europa.eu/";
+	
+	private static final String MAPPING_RESOURCE = 
+			"resources/properties/pvp-stork_mapping.properties";
+	
+	private static final String MAPPING_SECCLASS_PREFIX = "secclass_";
+	private static final String MAPPING_EIDAS_PREFIX = "eidas_";
+	
+	private Properties mapping = null;
+	
+	private static PVPtoSTORKMapper instance = null;
+	
+	public static PVPtoSTORKMapper getInstance() {
+		if (instance == null) {
+			instance = new PVPtoSTORKMapper();			
+		}
+		
+		return instance;
+	}
+	
+	private PVPtoSTORKMapper() {
+		try {
+			mapping = new Properties();
+			mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE));
+			Logger.debug("PVP -> STORK Role mapping initialisation finished.");
+			
+		} catch (IOException e) {
+			Logger.error("PVP -> STORK Role mapping initialisation FAILED." , e);
+			mapping = null;
+			
+		}
+		
+		
+	}
+
+	/**
+	 * Map STORK QAA level to eIDAS QAA level
+	 * 
+	 * @param storkQAA STORK QAA level
+	 * @return
+	 */
+	public String mapSTORKQAAToeIDASQAA(String storkQAA) {
+		if (mapping != null) {
+			String input = storkQAA.substring(STORK_QAA_PREFIX.length());			
+			String mappedQAA = mapping.getProperty(MAPPING_EIDAS_PREFIX + input);
+			if (MiscUtil.isNotEmpty(mappedQAA)) {
+				Logger.info("Map STORK-QAA " + storkQAA + " to eIDAS-QAA " + mappedQAA);
+				return mappedQAA;
+				
+			}						
+		}		
+		Logger.warn("No eIDAS-QAA mapping for STORK-QAA " + storkQAA +" !");
+		return null;
+		
+	}
+	
+	/**
+	 * Map eIDAS QAA-level to STORK QAA-level
+	 * 
+	 * @param qaaLevel eIDAS QAA-level
+	 * @return STORK QAA-level
+	 */
+	public String mapeIDASQAAToSTORKQAA(String qaaLevel) {
+		if (mapping != null) {
+			String input = qaaLevel.substring(eIDAS_QAA_PREFIX.length());			
+			String mappedQAA = mapping.getProperty(input);
+			if (MiscUtil.isNotEmpty(mappedQAA)) {
+				Logger.info("Map eIDAS-QAA " + qaaLevel + " to STORK-QAA " + mappedQAA);
+				return mappedQAA;
+				
+			}						
+		}		
+		Logger.warn("No eIDAS-QAA mapping for eIDAS-QAA " + qaaLevel +" !");
+		return null;
+	}
+	
+	/**Map a STORK QAA level to PVP SecClass
+	 * 
+	 * @param STORK-QAA level
+	 * @return PVP SecClass pvpQAALevel
+	 */	
+	public String mapToSecClass(String storkQAALevel) {
+		if (mapping != null) {
+			String input = storkQAALevel.substring(STORK_QAA_PREFIX.length());			
+			String mappedQAA = mapping.getProperty(MAPPING_SECCLASS_PREFIX + input);
+			if (MiscUtil.isNotEmpty(mappedQAA)) {
+				Logger.info("Map STORK-QAA " + storkQAALevel + " to PVP SecClass " + mappedQAA);
+				return mappedQAA;
+				
+			}						
+		}		
+		Logger.warn("No mapping for STORK-QAA " + storkQAALevel +" !");
+		return null;
+	}
+	
+	/**Map a PVP SecClass to STORK QAA level
+	 * 
+	 * @param PVP SecClass pvpQAALevel
+	 * @return STORK-QAA level
+	 */	
+	public String mapToQAALevel(String pvpQAALevel) {
+		if (mapping != null) {
+			String input = pvpQAALevel.substring(PVP_SECCLASS_PREFIX.length());			
+			String mappedQAA = mapping.getProperty(input);
+			if (MiscUtil.isNotEmpty(mappedQAA)) {
+				Logger.info("Map PVP SecClass " + pvpQAALevel + " to STORK-QAA " + mappedQAA);
+				return mappedQAA;
+				
+			}						
+		}		
+		Logger.warn("No mapping for PVP SecClass " + pvpQAALevel +" !");
+		return null;
+	}
+	
+	/**Map a PVP Role attribute to STORK ECAuthenticationRole attribute values
+	 * 
+	 * @param PVP Role attribute
+	 * @return STORK ECAuthenticationRole attribute value
+	 */
+	public String map(AuthenticationRole el) {
+		if (mapping != null) {
+			//String ecRole = mapping.getProperty(el.getRawRoleString());
+			String ecRole = mapping.getProperty(el.getRoleName());
+			if (MiscUtil.isNotEmpty(ecRole)) {
+				//Logger.info("Map PVPRole " + el.getRawRoleString() + " to ECRole " + ecRole);
+				Logger.info("Map PVPRole " + el.getRoleName() + " to ECRole " + ecRole);
+				return ecRole;
+			}			
+		}
+		//Logger.warn("NO mapping for PVPRole "+ el.getRawRoleString() + " !");
+		Logger.warn("NO mapping for PVPRole "+ el.getRoleName() + " !");
+		return null;
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
index ba8c47304..d8565112b 100644
--- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
+++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
@@ -15,18 +15,10 @@
  	<task:annotation-driven executor="MOA-ID-Auth_TaskExecutor" scheduler="MOA-ID-Auth_Scheduler"/>
 	<task:executor id="MOA-ID-Auth_TaskExecutor" pool-size="5"/>
 	<task:scheduler id="MOA-ID-Auth_Scheduler" pool-size="10"/>
- 
- 	<bean id="processEngine" class="at.gv.egovernment.moa.id.process.ProcessEngineImpl">
-		<property name="transitionConditionExpressionEvaluator">
-			<bean class="at.gv.egovernment.moa.id.process.springweb.SpringWebExpressionEvaluator" />
-		</property>
-	</bean>
-	
+  	
 	<!-- import auth modules -->
 	<import resource="classpath*:**/*.authmodule.beans.xml" />
 
-	<bean id="moduleRegistration" class="at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration" factory-method="getInstance" />
-	
 	<context:component-scan base-package="at.gv.egovernment.moa.id.auth.servlet" />
 	<context:component-scan base-package="at.gv.egovernment.moa.id.protocols" />
  
@@ -42,17 +34,13 @@
 	<bean id="MOAID_SSOManager" 
 				class="at.gv.egovernment.moa.id.moduls.SSOManager"/>
 
+	<bean 	id="moaGUIConfigurationFactory" 
+			class="at.gv.egovernment.moa.id.auth.frontend.MOAIDGuiBilderConfigurationFactory" />
 	
 
 	<bean id="AuthenticationSessionStoreage" 
 				class="at.gv.egovernment.moa.id.storage.DBAuthenticationSessionStoreage"/>
-				
-	<bean id="RequestStorage" 
-				class="at.gv.egovernment.moa.id.moduls.RequestStorage"/>
-				
-	<bean id="ProcessInstanceStoreage" 
-				class="at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAOImpl"/>
-
+								
 	<bean id="MOAReversionLogger" 
 				class="at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger"/>
 				
@@ -80,11 +68,7 @@
 	<bean id="RestartAuthProzessManagement" 
 				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.RestartAuthProzessManagement"
 				scope="prototype"/>				
-
-	<bean id="FinalizeAuthenticationTask" 
-				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.FinalizeAuthenticationTask"
-				scope="prototype"/>
-				
+			
 	<bean id="GenerateSSOConsentEvaluatorFrameTask" 
 				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GenerateSSOConsentEvaluatorFrameTask"
 				scope="prototype"/>
diff --git a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
index 9c27ba581..b23948688 100644
--- a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
+++ b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
@@ -11,6 +11,8 @@
 
 	<context:property-placeholder location="${moa.id.configuration}"/> 
 
+	<bean id="MOAIDMessageProvider" class="at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider" />
+
 	<bean id="moaidauthconfig" class="at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider">
 		<constructor-arg value="#{systemProperties['moa.id.configuration']}"/>
 	</bean>
diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml
index 7d9db0ab7..2f4648de3 100644
--- a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml
+++ b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml
@@ -9,40 +9,40 @@
 		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
 		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
 
-	<bean id="springElAwareExpressionEvaluator" class="at.gv.egovernment.moa.id.process.spring.SpringExpressionEvaluator" />
+	<bean id="springElAwareExpressionEvaluator" class="at.gv.egiz.eaaf.core.impl.idp.process.spring.SpringExpressionEvaluator" />
 
-	<bean id="processEngine" class="at.gv.egovernment.moa.id.process.ProcessEngineImpl">
+	<bean id="processEngine" class="at.gv.egiz.eaaf.core.impl.idp.process.ProcessEngineImpl">
 		<property name="transitionConditionExpressionEvaluator" ref="springElAwareExpressionEvaluator" />
 	</bean>
 	
 	<bean id="TransactionStorage" 
-				class="at.gv.egovernment.moa.id.process.spring.test.DummyTransactionStorage"/>
+				class="at.gv.egiz.eaaf.core.impl.idp.process.spring.test.DummyTransactionStorage"/>
 	
 	<bean id="ProcessInstanceStoreage" 
-				class="at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAOImpl"/>	
+				class="at.gv.egiz.eaaf.core.impl.idp.process.dao.ProcessInstanceStoreDAOImpl"/>	
 	
 	<bean id="HelloWorldTask" 
-				class="at.gv.egovernment.moa.id.process.test.HelloWorldTask"/>
+				class="at.gv.egiz.eaaf.core.impl.idp.process.test.HelloWorldTask"/>
 	
 	<bean id="HalloWeltTask" 
-				class="at.gv.egovernment.moa.id.process.test.HalloWeltTask"/>
+				class="at.gv.egiz.eaaf.core.impl.idp.process.test.HalloWeltTask"/>
 				
 	<bean id="SelectBKUTask" 
-				class="at.gv.egovernment.moa.id.process.spring.test.task.SelectBKUTask"/>
+				class="at.gv.egiz.eaaf.core.impl.idp.process.spring.test.task.SelectBKUTask"/>
 				
 	<bean id="CreateSAML1AssertionTask" 
-				class="at.gv.egovernment.moa.id.process.spring.test.task.CreateSAML1AssertionTask"/>
+				class="at.gv.egiz.eaaf.core.impl.idp.process.spring.test.task.CreateSAML1AssertionTask"/>
 
 	<bean id="GetIdentityLinkTask" 
-				class="at.gv.egovernment.moa.id.process.spring.test.task.GetIdentityLinkTask"/>
+				class="at.gv.egiz.eaaf.core.impl.idp.process.spring.test.task.GetIdentityLinkTask"/>
 
 	<bean id="SignAuthBlockTask" 
-				class="at.gv.egovernment.moa.id.process.spring.test.task.SignAuthBlockTask"/>
+				class="at.gv.egiz.eaaf.core.impl.idp.process.spring.test.task.SignAuthBlockTask"/>
 				
 	<bean id="ValidateIdentityLinkTask" 
-				class="at.gv.egovernment.moa.id.process.spring.test.task.ValidateIdentityLinkTask"/>
+				class="at.gv.egiz.eaaf.core.impl.idp.process.spring.test.task.ValidateIdentityLinkTask"/>
 				
 	<bean id="ValidateSignedAuthBlockTask" 
-				class="at.gv.egovernment.moa.id.process.spring.test.task.ValidateSignedAuthBlockTask"/>																	
+				class="at.gv.egiz.eaaf.core.impl.idp.process.spring.test.task.ValidateSignedAuthBlockTask"/>																	
 	
 </beans>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java
index bc1e2dcdb..2cb867cbc 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java
@@ -48,6 +48,8 @@ package at.gv.egovernment.moa.id.commons.utils;
 
 import java.util.Locale;
 
+import org.springframework.stereotype.Service;
+
 import at.gv.egiz.eaaf.core.api.IStatusMessager;
 import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException;
@@ -57,7 +59,7 @@ import at.gv.egovernment.moa.util.Messages;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 
-//@Service("MOAIDMessageProvider")
+@Service("MOAIDMessageProvider")
 public class MOAIDMessageProvider implements IStatusMessager {
   
   //internal messanges
@@ -81,7 +83,7 @@ public class MOAIDMessageProvider implements IStatusMessager {
 	  
 	}
   
-  private MOAIDMessageProvider() {
+  public MOAIDMessageProvider() {
 	  this.messages = new Messages(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES);
 	  this.externalError = new Messages(DEFAULT_EXTERNALERROR_RESOURCES, DEFAULT_EXTERNALERROR_LOCALES);
 	  
@@ -136,7 +138,7 @@ public String getResponseErrorCode(Throwable throwable) {
 
 @Override
 public String mapInternalErrorToExternalError(String intErrorCode) {
-	String extErrorCode = messages.getMessage(intErrorCode, null);
+	String extErrorCode = externalError.getMessage(intErrorCode, null);
 	
 	if (MiscUtil.isEmpty(extErrorCode))
 		extErrorCode = IStatusMessager.CODES_EXTERNAL_ERROR_GENERIC;
diff --git a/id/server/moa-id-frontend-resources/pom.xml b/id/server/moa-id-frontend-resources/pom.xml
index 342cedac8..4a960e359 100644
--- a/id/server/moa-id-frontend-resources/pom.xml
+++ b/id/server/moa-id-frontend-resources/pom.xml
@@ -106,6 +106,10 @@
   		<groupId>MOA.id.server</groupId>
   		<artifactId>moa-id-commons</artifactId>
   	</dependency>
+  	<dependency>
+    	<groupId>at.gv.egiz.eaaf</groupId>
+		<artifactId>eaaf-core</artifactId>
+    </dependency> 
   	
   	<dependency>
 			<groupId>org.springframework</groupId>
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java
new file mode 100644
index 000000000..98f7fccf5
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.auth.frontend;
+
+import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
+import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfigurationFactory;
+import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
+
+public class MOAIDGuiBilderConfigurationFactory implements IGUIBuilderConfigurationFactory {
+
+	@Override
+	public IGUIBuilderConfiguration getDefaultErrorGUI(String authURL) {
+		return new DefaultGUIFormBuilderConfiguration(authURL, 
+				DefaultGUIFormBuilderConfiguration.VIEW_ERRORMESSAGE, null); 
+
+	}
+
+	
+}
-- 
cgit v1.2.3


From 55f71502a0b62624d5ebc0e4aa749b3f5d5a0bf2 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 15 Jun 2018 13:33:59 +0200
Subject: Add operation identifier for signature validation step

---
 .../moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java      | 2 +-
 .../src/main/resources/resources/properties/id_messages_de.properties   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 407454c2a..cc26b8b6e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -118,7 +118,7 @@ public class VerifyXMLSignatureResponseValidator {
     throws ValidateException, ConfigurationException {
 
     if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0)
-      throw new ValidateException("validator.06", null);
+      throw new ValidateException("validator.06", new Object[] {whatToCheck});
       
     if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) {
 			String checkFailedReason ="";
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 799b32025..49ef8220d 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -154,7 +154,7 @@ validator.03=Der Namespace eines \u00F6ffentlicher Schl\u00FCssels ist ung\u00FC
 validator.04=Es wurde ein SAML\:Attribut ohne \u00F6ffentlichen Schl\u00FCssel gefunden {0}
 validator.05=Es wurde {0} keine DSIG:Signature gefunden
 
-validator.06=Die Signatur ist ung\u00FCltig
+validator.06=Die Signatur ist ung\u00FCltig. Operation: {0}
 validator.07=Das Zertifikat der Personenbindung ist ung\u00FCltig.<br>{0}
 validator.08=Das Manifest ist ung\u00FCltig
 validator.09=Die \u00F6ffentlichen Schl\u00FCssel des Identitiy Link stimmen nicht mit dem retournierten Zertifikat \u00FCberein
-- 
cgit v1.2.3


From 1f8f686bee862ae95e32fc79664d82dcc21f708f Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 15 Jun 2018 15:39:36 +0200
Subject: first tests with PVP2 S-Profil and SAML1

---
 .../moa/id/advancedlogging/MOAReversionLogger.java | 10 ++-
 .../PropertyBasedAuthConfigurationProvider.java    | 52 ++++++++++++++-
 .../moa/id/moduls/AuthenticationManager.java       | 16 +----
 .../builder/attributes/EIDIdentityLinkBuilder.java | 76 ++++++++++++++++++++++
 .../moa/id/protocols/pvp2x/PVP2XProtocol.java      |  8 +--
 .../id/protocols/pvp2x/PVPTargetConfiguration.java | 11 ----
 .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder | 23 +++++++
 ....egiz.eaaf.core.api.idp.auth.modules.AuthModule |  2 +
 ...t.gv.egovernment.moa.id.auth.modules.AuthModule |  2 -
 ....protocols.builder.attributes.IAttributeBuilder | 22 -------
 ....egiz.eaaf.core.api.idp.auth.modules.AuthModule |  2 +
 ...t.gv.egovernment.moa.id.auth.modules.AuthModule |  2 -
 .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder | 11 ++++
 ....protocols.builder.attributes.IAttributeBuilder | 11 ----
 14 files changed, 173 insertions(+), 75 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java
 create mode 100644 id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
 create mode 100644 id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule
 delete mode 100644 id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule
 delete mode 100644 id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
 create mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule
 delete mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
 delete mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index 322686c21..e630455b4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -251,13 +251,11 @@ public class MOAReversionLogger implements IRevisionLogger {
 	
 	private List<Integer> selectOASpecificEventCodes(ISPConfiguration oaConfig) {
 		List<Integer> OASpecificEventCodes = null;
-		if (oaConfig != null && oaConfig instanceof IOAAuthParameters) {
-			if (((IOAAuthParameters)oaConfig).getReversionsLoggingEventCodes() != null)
-				OASpecificEventCodes = ((IOAAuthParameters)oaConfig).getReversionsLoggingEventCodes();
+		if (oaConfig != null && oaConfig instanceof IOAAuthParameters && 
+				((IOAAuthParameters)oaConfig).getReversionsLoggingEventCodes() != null) {
+			OASpecificEventCodes = ((IOAAuthParameters)oaConfig).getReversionsLoggingEventCodes();
 			
-		}
-		
-		else
+		} else
 			OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes();
 		
 		return OASpecificEventCodes;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index a0a34336c..d5328618a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -16,6 +16,7 @@ import org.springframework.transaction.annotation.Transactional;
 
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.idp.conf.SPConfigurationImpl;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -1254,9 +1255,54 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 
 
 	@Override
-	public String validateIDPURL(URL arg0) {
-		// TODO Auto-generated method stub
-		return null;
+	public String validateIDPURL(URL requestedURL) throws EAAFException{
+		List<String> configuredPublicURLPrefix = getPublicURLPrefix();
+		
+		if (!isVirtualIDPsEnabled()) {
+			Logger.trace("Virtual IDPs are disabled. Use default IDP PublicURLPrefix from configuration: " + configuredPublicURLPrefix.get(0));
+			return configuredPublicURLPrefix.get(0); 
+			
+		} else {
+			Logger.debug("Extract AuthenticationServiceURL: " + requestedURL);
+			URL resultURL = null;
+			
+			for (String el : configuredPublicURLPrefix) {
+				try {
+					URL configuredURL = new URL(el);
+
+					//get Ports from URL
+					int configPort = configuredURL.getPort();					
+					if (configPort == -1)
+						configPort = configuredURL.getDefaultPort();
+					
+					int authURLPort = requestedURL.getPort();
+					if (authURLPort == -1)
+						authURLPort = requestedURL.getDefaultPort();
+					
+					//check AuthURL against ConfigurationURL
+					if (configuredURL.getHost().equals(requestedURL.getHost()) &&
+							configPort == authURLPort &&
+							configuredURL.getPath().equals(requestedURL.getPath())) {
+						Logger.debug("Select configurated PublicURLPrefix: " + configuredURL 
+								+ " for authURL: " + requestedURL);
+						resultURL = configuredURL;
+					}
+					
+				} catch (MalformedURLException e) {
+					Logger.error("Configurated IDP PublicURLPrefix is not a valid URL." + el);
+					
+				}				
+			}
+			
+			if (resultURL == null) {
+				Logger.warn("Extract AuthenticationServiceURL: " + requestedURL + " is NOT found in configuration.");
+				throw new ConfigurationException("config.25", new Object[]{requestedURL});
+				
+			} else {
+				return resultURL.toExternalForm();
+				
+			}					
+		}
 	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index c05a271f6..72b350991 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -35,10 +35,8 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
-import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
@@ -54,8 +52,6 @@ import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -73,16 +69,8 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 	public static final String MOA_SESSION = "MoaAuthenticationSession";
 	public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
 
-	
-	
-
-	@Autowired private ITransactionStorage transactionStorage;
-	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
-	
-	@Autowired private SingleLogOutBuilder sloBuilder;
-	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
-	@Autowired private IGUIFormBuilder guiBuilder;
-	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
+	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;	
+	@Autowired private SingleLogOutBuilder sloBuilder;;
 	
 	
 	@Override
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java
new file mode 100644
index 000000000..2c0a9fe74
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java
@@ -0,0 +1,76 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
+
+import java.io.IOException;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.util.Base64Utils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+
+
+
+public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder {
+	private static final Logger log = LoggerFactory.getLogger(EIDIdentityLinkBuilder.class);
+	
+	
+	public String getName() {
+		return EID_IDENTITY_LINK_NAME;
+	}
+
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+		try {
+			String ilAssertion = null;			
+			if (authData instanceof IMOAAuthData 
+					&&  ((IMOAAuthData)authData).getIdentityLink() == null)
+				throw new UnavailableAttributeException(EID_IDENTITY_LINK_NAME);
+			
+			ilAssertion = ((IMOAAuthData)authData).getIdentityLink().getSerializedSamlAssertion();
+			
+			return g.buildStringAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
+					EID_IDENTITY_LINK_NAME, Base64Utils.encodeToString(ilAssertion.getBytes("UTF-8")));
+			
+			
+		} catch (IOException e) {
+			log.warn("IdentityLink serialization error.", e);
+			return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
+					EID_IDENTITY_LINK_NAME);
+		}
+		
+	}
+
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
+				EID_IDENTITY_LINK_NAME);
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 591aaa7cc..176b1af43 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -152,7 +152,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 		
 		//create pendingRequest object
 		PVPTargetConfiguration pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
-		pendingReq.initialize(req);
+		pendingReq.initialize(req, authConfig);
 		pendingReq.setModule(NAME);
 		
 		revisionsLogger.logEvent(
@@ -181,7 +181,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 		try {
 			//create pendingRequest object
 			pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
-			pendingReq.initialize(req);
+			pendingReq.initialize(req, authConfig);
 			pendingReq.setModule(NAME);
 			
 			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
@@ -253,7 +253,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 		try {
 			//create pendingRequest object
 			pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
-			pendingReq.initialize(req);
+			pendingReq.initialize(req, authConfig);
 			pendingReq.setModule(NAME);
 			
 			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
@@ -329,7 +329,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 		try {
 			//create pendingRequest object
 			pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
-			pendingReq.initialize(req);
+			pendingReq.initialize(req, authConfig);
 			pendingReq.setModule(NAME);
 			
 			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index 95a2d8715..279d88860 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -22,15 +22,10 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x;
 
-import javax.servlet.http.HttpServletRequest;
-
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
 
@@ -38,7 +33,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
 @Scope(value = BeanDefinition.SCOPE_PROTOTYPE)
 public class PVPTargetConfiguration extends RequestImpl {
 
-	@Autowired(required=true) IConfiguration authConfig;
 	
 	public static final String DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP = "useMinimalFrontChannelResponse";
 	public static final String DATAID_INTERFEDERATION_NAMEID = "federatedNameID";
@@ -53,12 +47,7 @@ public class PVPTargetConfiguration extends RequestImpl {
 	InboundMessage request;
 	String binding;
 	String consumerURL;
-	
-	public void initialize(HttpServletRequest req) throws EAAFException {
-		super.initialize(req, authConfig);
 		
-	}
-	
 	public InboundMessage getRequest() {
 		return request;
 	}
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
new file mode 100644
index 000000000..a1fd81eb2
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -0,0 +1,23 @@
+at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock
+at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL
+at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate
+at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN
+at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.MandateFullMandateAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepDescAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepOIDAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeOIDAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule
new file mode 100644
index 000000000..5116c2a08
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule
@@ -0,0 +1,2 @@
+at.gv.egovernment.moa.id.auth.modules.BKUSelectionModuleImpl
+at.gv.egovernment.moa.id.auth.modules.SingleSignOnConsentsModuleImpl
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule
deleted file mode 100644
index 5116c2a08..000000000
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule
+++ /dev/null
@@ -1,2 +0,0 @@
-at.gv.egovernment.moa.id.auth.modules.BKUSelectionModuleImpl
-at.gv.egovernment.moa.id.auth.modules.SingleSignOnConsentsModuleImpl
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
deleted file mode 100644
index 14d4d9fb6..000000000
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
+++ /dev/null
@@ -1,22 +0,0 @@
-at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock
-at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL
-at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate
-at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN
-at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.MandateFullMandateAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepDescAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepOIDAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeOIDAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule
new file mode 100644
index 000000000..e628fbd1b
--- /dev/null
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule
@@ -0,0 +1,2 @@
+# The default moaid process
+at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule
deleted file mode 100644
index e628fbd1b..000000000
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule
+++ /dev/null
@@ -1,2 +0,0 @@
-# The default moaid process
-at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
new file mode 100644
index 000000000..3c11c725d
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -0,0 +1,11 @@
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrDateOfBirth
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrFamilyName
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrGivenName
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeDateOfBirth
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeFamilyName
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeGivenName
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalName
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalPersonIdentifier
+at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
deleted file mode 100644
index 3c11c725d..000000000
--- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
+++ /dev/null
@@ -1,11 +0,0 @@
-at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrDateOfBirth
-at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrFamilyName
-at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrGivenName
-at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier
-at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrNaturalPersonalIdentifier
-at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeDateOfBirth
-at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeFamilyName
-at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeGivenName
-at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalName
-at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeLegalPersonIdentifier
-at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASAttrRepresentativeNaturalPersonalIdentifier
-- 
cgit v1.2.3


From 139926faa31ae3ed34dc0083fee503d439112281 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 20 Jun 2018 15:11:13 +0200
Subject: refactor PVP2 S-Profile implementation and perform first tests

---
 id/ConfigWebTool/pom.xml                           |  10 +
 .../auth/pvp2/AttributeListBuilder.java            |   6 +-
 .../auth/pvp2/MetaDataVerificationFilter.java      |  12 +-
 .../auth/pvp2/PVPSOAPRequestSecurityPolicy.java    |   6 +-
 .../config/ConfigurationProvider.java              |   2 +-
 .../moa/id/configuration/helper/MailHelper.java    |   2 +-
 .../configuration/struts/action/BasicOAAction.java |   2 +-
 .../configuration/struts/action/IndexAction.java   |  10 +-
 .../validation/oa/OAPVP2ConfigValidation.java      |   8 +-
 .../id/config/webgui/MOAIDWebGUIConfiguration.java |   2 +-
 id/server/idserverlib/pom.xml                      |  65 +-
 .../id/advancedlogging/MOAIDEventConstants.java    |   3 -
 .../moa/id/advancedlogging/MOAReversionLogger.java |   5 +-
 .../moa/id/auth/IDestroyableObject.java            |  36 -
 .../moa/id/auth/IGarbageCollectorProcessing.java   |  36 -
 .../moa/id/auth/IPostStartupInitializable.java     |  41 -
 .../moa/id/auth/MOAGarbageCollector.java           |   1 +
 .../id/auth/builder/AuthenticationDataBuilder.java |  31 +-
 .../moa/id/auth/builder/BPKBuilder.java            |   2 +-
 .../builder/DynamicOAAuthParameterBuilder.java     |   4 +-
 .../auth/builder/MOAIDSubjectNameIdGenerator.java  | 114 +++
 .../tasks/RestartAuthProzessManagement.java        | 108 ---
 .../StartAuthentificationParameterParser.java      |   2 +-
 .../id/auth/servlet/IDPSingleLogOutServlet.java    |  12 +-
 .../moa/id/config/ConfigurationProviderImpl.java   |   4 +-
 .../moa/id/data/ISLOInformationContainer.java      |  70 --
 .../moa/id/data/MOAAuthenticationData.java         |  10 +-
 .../java/at/gv/egovernment/moa/id/data/Pair.java   |  45 --
 .../moa/id/data/SLOInformationImpl.java            | 190 -----
 .../java/at/gv/egovernment/moa/id/data/Trible.java |  51 --
 .../moa/id/moduls/AuthenticationManager.java       |  12 +-
 .../moa/id/opemsaml/MOAIDHTTPPostEncoder.java      | 114 ---
 .../opemsaml/MOAKeyStoreX509CredentialAdapter.java |  52 --
 .../opemsaml/MOAStringRedirectDeflateEncoder.java  |  75 --
 .../MandateNaturalPersonBPKAttributeBuilder.java   |   2 +-
 .../id/protocols/pvp2x/AttributQueryAction.java    |  60 +-
 .../id/protocols/pvp2x/AuthenticationAction.java   | 151 ----
 .../moa/id/protocols/pvp2x/MetadataAction.java     |  93 ---
 .../moa/id/protocols/pvp2x/PVP2XProtocol.java      | 835 --------------------
 .../moa/id/protocols/pvp2x/PVPConstants.java       |  99 +--
 .../id/protocols/pvp2x/PVPTargetConfiguration.java | 133 ----
 .../moa/id/protocols/pvp2x/SingleLogOutAction.java |  31 +-
 .../moa/id/protocols/pvp2x/binding/IDecoder.java   |  44 --
 .../moa/id/protocols/pvp2x/binding/IEncoder.java   |  71 --
 .../id/protocols/pvp2x/binding/MOAURICompare.java  |  53 --
 .../id/protocols/pvp2x/binding/PostBinding.java    | 240 ------
 .../protocols/pvp2x/binding/RedirectBinding.java   | 244 ------
 .../id/protocols/pvp2x/binding/SoapBinding.java    | 176 -----
 .../pvp2x/builder/AttributQueryBuilder.java        |  11 +-
 .../pvp2x/builder/AuthResponseBuilder.java         | 147 ----
 .../pvp2x/builder/CitizenTokenBuilder.java         | 171 -----
 .../pvp2x/builder/PVPAttributeBuilder.java         | 207 -----
 .../pvp2x/builder/PVPAuthnRequestBuilder.java      | 221 ------
 .../pvp2x/builder/PVPMetadataBuilder.java          | 442 -----------
 .../pvp2x/builder/SingleLogOutBuilder.java         |  82 +-
 .../builder/assertion/PVP2AssertionBuilder.java    | 543 -------------
 .../builder/attributes/SamlAttributeGenerator.java |  88 ---
 .../pvp2x/config/IDPPVPMetadataConfiguration.java  |  27 +-
 .../IPVPAuthnRequestBuilderConfiguruation.java     | 162 ----
 .../config/IPVPMetadataBuilderConfiguration.java   | 238 ------
 .../pvp2x/config/MOADefaultBootstrap.java          |  64 --
 .../MOADefaultSecurityConfigurationBootstrap.java  | 152 ----
 .../config/MOAPVPMetadataConfigurationFactory.java |  21 +
 .../protocols/pvp2x/config/PVPConfiguration.java   |  87 +--
 .../AssertionAttributeExtractorExeption.java       |  50 --
 .../exceptions/AssertionValidationExeption.java    |  49 --
 .../pvp2x/exceptions/AttributQueryException.java   |  44 --
 .../exceptions/AuthnRequestBuildException.java     |  47 --
 .../AuthnResponseValidationException.java          |  48 --
 .../exceptions/BindingNotSupportedException.java   |  41 -
 .../InvalidAssertionConsumerServiceException.java  |  48 --
 .../InvalidAssertionEncryptionException.java       |  36 -
 .../exceptions/InvalidDateFormatException.java     |  39 -
 .../MandateAttributesNotHandleAbleException.java   |   2 +
 .../NOSLOServiceDescriptorException.java           |   2 +
 .../NameIDFormatNotSupportedException.java         |  42 -
 .../pvp2x/exceptions/NoCredentialsException.java   |   2 +
 .../NoMandateDataAvailableException.java           |   2 +
 .../exceptions/NoMetadataInformationException.java |  39 -
 .../protocols/pvp2x/exceptions/PVP2Exception.java  |  61 --
 .../pvp2x/exceptions/QAANotAllowedException.java   |  40 -
 .../pvp2x/exceptions/QAANotSupportedException.java |  40 -
 .../pvp2x/exceptions/RequestDeniedException.java   |  39 -
 .../pvp2x/exceptions/ResponderErrorException.java  |  44 --
 .../exceptions/SAMLRequestNotSignedException.java  |  44 --
 .../pvp2x/exceptions/SAMLRequestNotSupported.java  |  40 -
 .../protocols/pvp2x/exceptions/SLOException.java   |  41 -
 .../exceptions/SchemaValidationException.java      |  52 --
 .../UnprovideableAttributeException.java           |  37 -
 .../filter/SchemaValidationException.java          |  43 --
 .../filter/SignatureValidationException.java       |  58 --
 .../protocols/pvp2x/exceptions/loginFormFull.html  | 851 ---------------------
 .../protocols/pvp2x/messages/InboundMessage.java   | 116 ---
 .../pvp2x/messages/InboundMessageInterface.java    |  38 -
 .../id/protocols/pvp2x/messages/MOARequest.java    |  66 --
 .../id/protocols/pvp2x/messages/MOAResponse.java   |  56 --
 .../metadata/IMOARefreshableMetadataProvider.java  |  38 -
 .../pvp2x/metadata/MOAMetadataProvider.java        | 615 +++------------
 .../pvp2x/metadata/SimpleMOAMetadataProvider.java  | 257 -------
 .../pvp2x/signer/AbstractCredentialProvider.java   | 218 ------
 .../signer/CredentialsNotAvailableException.java   |  44 --
 .../pvp2x/signer/IDPCredentialProvider.java        |  10 +-
 .../moa/id/protocols/pvp2x/signer/SAMLSigner.java  |  27 -
 .../pvp2x/utils/AssertionAttributeExtractor.java   | 292 -------
 .../protocols/pvp2x/utils/MOASAMLSOAPClient.java   |   1 +
 .../moa/id/protocols/pvp2x/utils/SAML2Utils.java   | 145 ----
 .../AbstractRequestSignedSecurityPolicyRule.java   | 187 -----
 .../pvp2x/validation/AuthnRequestValidator.java    |  62 --
 .../pvp2x/validation/ChainSAMLValidator.java       |   5 +-
 .../protocols/pvp2x/validation/ISAMLValidator.java |  31 -
 .../validation/MOAPVPSignedRequestPolicyRule.java  |  81 --
 .../validation/MOASAML2AuthRequestSignedRole.java  |  49 --
 .../pvp2x/validation/SAMLSignatureValidator.java   |   9 +-
 .../pvp2x/verification/EntityVerifier.java         | 158 ++--
 .../pvp2x/verification/SAMLVerificationEngine.java | 197 -----
 .../verification/SAMLVerificationEngineSP.java     |   5 +-
 .../pvp2x/verification/TrustEngineFactory.java     |  87 ---
 .../metadata/MetadataSignatureFilter.java          | 138 +---
 .../metadata/PVPEntityCategoryFilter.java          | 230 ------
 .../metadata/PVPMetadataFilterChain.java           |  54 --
 .../metadata/SchemaValidationFilter.java           | 106 ---
 .../moa/id/saml2/MetadataFilterChain.java          |  73 --
 .../storage/DBAuthenticationSessionStoreage.java   |   4 +-
 .../id/storage/IAuthenticationSessionStoreage.java |   4 +-
 .../gv/egovernment/moa/id/util/LoALevelMapper.java |  61 +-
 .../egovernment/moa/id/util/QAALevelVerifier.java  |  57 --
 .../main/resources/moaid.authentication.beans.xml  |  36 +-
 .../src/test/java/test/MOAIDTestCase.java          |   2 +-
 .../moa/id/auth/MOAIDAuthInitialiserTest.java      |   2 +-
 .../moa/id/commons/MOAIDAuthConstants.java         |   4 +
 .../commons/api/data/BPKDecryptionParameters.java  |   2 +-
 .../moa/id/commons/utils/ssl/SSLUtils.java         |   2 +-
 .../java/at/gv/egovernment/moa/util/FileUtils.java | 146 ----
 .../at/gv/egovernment/moa/util/KeyStoreUtils.java  | 223 ------
 .../at/gv/egovernment/moa/util/StreamUtils.java    | 197 -----
 .../test/at/gv/egovernment/moa/util/FileUtils.java |   4 +-
 .../gv/egovernment/moa/util/KeyStoreUtilsTest.java |   3 +-
 .../MOAIDGuiBilderConfigurationFactory.java        |  18 +-
 .../auth/frontend/builder/GUIFormBuilderImpl.java  |   2 +-
 ...cGUIBuilderConfigurationWithFileSystemLoad.java |   2 +-
 .../auth/frontend/velocity/VelocityLogAdapter.java |  99 ---
 .../auth/frontend/velocity/VelocityProvider.java   | 121 ---
 .../moa/id/auth/MOAContextCloseHandler.java        |   1 +
 .../moa/id/auth/MOAIDAuthSpringInitializer.java    |   1 +
 .../moa/id/auth/AuthenticationServer.java          |   7 +-
 .../CertInfoVerifyXMLSignatureRequestBuilder.java  |   2 +-
 .../modules/internal/tasks/GetForeignIDTask.java   |   2 +-
 .../tasks/InitializeBKUAuthenticationTask.java     |   2 +-
 .../CreateXMLSignatureResponseValidator.java       |   2 +-
 .../moa/id/auth/validator/parep/ParepUtils.java    |   2 +-
 .../tasks/SecondBKAMobileAuthTask.java             |   4 +-
 .../moa/id/auth/modules/eidas/Constants.java       |   2 +-
 .../MOAeIDASSAMLEngineConfigurationImpl.java       |   2 +-
 .../MOAeIDASSAMLInstanceConfigurationImpl.java     |   2 +-
 .../engine/MOAeIDASChainingMetadataProvider.java   | 111 ++-
 .../engine/MOAeIDASMetadataProviderDecorator.java  |   6 +-
 .../eidas/tasks/GenerateAuthnRequestTask.java      |   4 +-
 .../auth/modules/eidas/utils/SAMLEngineUtils.java  |   2 +-
 .../modules/eidas/utils/eIDASAttributeBuilder.java |   4 +-
 .../eidas/utils/eIDASAttributeProcessingUtils.java |   2 +-
 .../moa/id/protocols/eidas/EIDASProtocol.java      |  11 +-
 .../id/protocols/eidas/EidasMetaDataRequest.java   |  11 +-
 .../eIDASAttrNaturalPersonalIdentifier.java        |   2 +-
 ...ttrRepresentativeNaturalPersonalIdentifier.java |   4 +-
 .../eidas/eIDASAuthenticationRequest.java          |   6 +-
 .../eidas/validator/eIDASResponseValidator.java    |   2 +-
 .../elgamandates/ELGAMandatesAuthConstants.java    |   2 +-
 .../config/ELGAMandatesMetadataConfiguration.java  |  25 +-
 .../ELGAMandatesRequestBuilderConfiguration.java   |   4 +-
 .../controller/ELGAMandateMetadataController.java  |   8 +-
 .../tasks/ReceiveElgaMandateResponseTask.java      |  42 +-
 .../elgamandates/tasks/RequestELGAMandateTask.java |   8 +-
 .../utils/ELGAMandateServiceMetadataProvider.java  |  58 +-
 .../utils/ELGAMandatesCredentialProvider.java      |   4 +-
 .../id/protocols/oauth20/OAuth20Configuration.java |   2 +-
 .../attributes/OAuth20AttributeBuilder.java        |   6 +-
 .../oauth20/json/OAuth20SignatureUtil.java         |   2 +-
 .../oauth20/protocol/OAuth20AuthAction.java        |   4 +-
 .../oauth20/protocol/OAuth20Protocol.java          |   5 +-
 .../gv/egovernment/moa/id/auth/oauth/CertTest.java |   3 +-
 .../modules/sl20_auth/sl20/JsonSecurityUtils.java  |   4 +-
 .../ssotransfer/servlet/SSOTransferServlet.java    |   4 +-
 .../ssotransfer/task/RestoreSSOSessionTask.java    |   2 +-
 .../ssotransfer/utils/SSOContainerUtils.java       |  33 +-
 .../src/test/java/at/gv/egiz/tests/Tests.java      |   2 +-
 .../config/FederatedAuthMetadataConfiguration.java |  29 +-
 .../FederatedAuthnRequestBuilderConfiguration.java |   2 +-
 .../FederatedAuthMetadataController.java           |   8 +-
 .../tasks/CreateAuthnRequestTask.java              |  11 +-
 .../tasks/ReceiveAuthnResponseTask.java            |  43 +-
 .../utils/FederatedAuthCredentialProvider.java     |   4 +-
 .../moa/id/protocols/saml1/GetArtifactAction.java  |   4 +-
 .../saml1/GetAuthenticationDataService.java        |   4 +-
 .../protocols/saml1/SAML1AuthenticationData.java   |   4 +-
 .../protocols/saml1/SAML1AuthenticationServer.java |   4 +-
 .../moa/id/protocols/saml1/SAML1Protocol.java      |   5 +-
 .../egovernment/moa/id/monitoring/TestManager.java |   2 +-
 pom.xml                                            |  24 +-
 198 files changed, 1060 insertions(+), 11799 deletions(-)
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAKeyStoreX509CredentialAdapter.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOAPVPMetadataConfigurationFactory.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestBuildException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnResponseValidationException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotAllowedException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOASAML2AuthRequestSignedRole.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java
 delete mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java
 delete mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml
index 28c0a9fe4..59e03aa43 100644
--- a/id/ConfigWebTool/pom.xml
+++ b/id/ConfigWebTool/pom.xml
@@ -66,6 +66,16 @@
             <artifactId>moa-id-commons</artifactId>
         </dependency>
         
+        <dependency>
+        	<groupId>at.gv.egiz.eaaf</groupId>
+        	<artifactId>eaaf_module_pvp2_core</artifactId>
+        </dependency>
+        
+        <dependency>
+        	<groupId>at.gv.egiz.eaaf</groupId>
+  			<artifactId>eaaf-core</artifactId>
+        </dependency>
+        
         <dependency>
           	<groupId>MOA.id</groupId>
   					<artifactId>moa-id-webgui</artifactId>
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java
index f17ec82cb..0d416b8c0 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java
@@ -28,16 +28,16 @@ import java.util.List;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.metadata.RequestedAttribute;
 
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
 import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 
-public class AttributeListBuilder implements PVPConstants{
+public class AttributeListBuilder implements PVPAttributeDefinitions{
 
 	protected static RequestedAttribute buildReqAttribute(String name, String friendlyName, boolean required) {
 		RequestedAttribute attribute = SAML2Utils.createSAMLObject(RequestedAttribute.class);
 		attribute.setIsRequired(required);
 		attribute.setName(name);
-		attribute.setFriendlyName(friendlyName);
+		attribute.setFriendlyName(friendlyName); 
 		attribute.setNameFormat(Attribute.URI_REFERENCE);
 		return attribute;
 	}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
index e3de84b0b..730dfe764 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
@@ -30,8 +30,8 @@ import org.opensaml.saml2.metadata.provider.MetadataFilter;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.security.x509.BasicX509Credential;
 
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egovernment.moa.id.config.webgui.exception.SignatureValidationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
 
 public class MetaDataVerificationFilter implements MetadataFilter {
@@ -51,9 +51,9 @@ public class MetaDataVerificationFilter implements MetadataFilter {
 				throw new SignatureValidationException("Root element of metadata file has to be signed");
 			}
 			try {
-				processEntitiesDescriptor(entitiesDescriptor);
+				processEntitiesDescriptor(entitiesDescriptor); 
 				
-			} catch (MOAIDException e) {
+			} catch (EAAFException e) {
 				throw new SignatureValidationException("Invalid signature element in EntitiesDescriptor");
 			}
 			
@@ -66,13 +66,13 @@ public class MetaDataVerificationFilter implements MetadataFilter {
 				else
 					throw new SignatureValidationException("Root element of metadata file has to be signed", null);
 				
-			} catch (MOAIDException e) {
+			} catch (EAAFException e) {
 				throw new SignatureValidationException("Invalid signature element in EntityDescriptor", null);
 			}				
 		}
 	}
 	
-	private void processEntitiesDescriptor(EntitiesDescriptor desc) throws MOAIDException {
+	private void processEntitiesDescriptor(EntitiesDescriptor desc) throws EAAFException {
 		Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator();
 		
 		if(desc.getSignature() != null) {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java
index a25cc44ef..27673eafd 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java
@@ -32,8 +32,8 @@ import org.opensaml.ws.soap.soap11.Envelope;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.signature.SignatureTrustEngine;
 
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.AbstractRequestSignedSecurityPolicyRule;
 import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule;
 
 /**
  * @author tlenz
@@ -42,8 +42,8 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSigned
 public class PVPSOAPRequestSecurityPolicy extends
 		AbstractRequestSignedSecurityPolicyRule {
 
-	/**
-	 * @param trustEngine
+	/** 
+	 * @param trustEngine 
 	 * @param peerEntityRole
 	 */
 	public PVPSOAPRequestSecurityPolicy(SignatureTrustEngine trustEngine,
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index cfb39b15c..d249fa597 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -55,6 +55,7 @@ import org.springframework.context.ApplicationContext;
 import org.springframework.context.support.ClassPathXmlApplicationContext;
 import org.springframework.context.support.GenericApplicationContext;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.db.NewConfigurationDBRead;
 import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
 import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
@@ -64,7 +65,6 @@ import at.gv.egovernment.moa.id.configuration.Constants;
 import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter;
 import at.gv.egovernment.moa.id.configuration.config.usermanagement.FileBasedUserConfiguration;
 import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import iaik.asn1.structures.AlgorithmID;
 import iaik.x509.X509Certificate;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java
index 0fb41189d..8f3b8f479 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java
@@ -43,11 +43,11 @@ import javax.mail.internet.MimeMultipart;
 import org.apache.commons.io.IOUtils;
 import org.apache.log4j.Logger;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
 import at.gv.egovernment.moa.id.configuration.Constants;
 import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class MailHelper {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
index 7d411b161..9e0b8b1cd 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
@@ -44,11 +44,11 @@ import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
 
 import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.frontend.builder.AbstractServiceProviderSpecificGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
index f1d1c94af..6f9d233b1 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
@@ -60,6 +60,7 @@ import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
 import org.opensaml.xml.security.x509.X509Credential;
 import org.opensaml.xml.signature.Signature;
 
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
@@ -76,7 +77,6 @@ import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper;
 import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
 import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class IndexAction extends BasicAction {
@@ -401,19 +401,19 @@ public class IndexAction extends BasicAction {
 								{
 									String strAttributeName = attributes.get(x).getDOM().getAttribute("Name");
 									
-									if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) {
+									if (strAttributeName.equals(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME)) {
 										user.setFamilyName(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue());
 									}
 									
-									if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) {
+									if (strAttributeName.equals(PVPAttributeDefinitions.GIVEN_NAME_NAME)) {
 										user.setGivenName(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue());
 									}
 									
-									if (strAttributeName.equals(PVPConstants.MANDATE_TYPE_NAME)) {
+									if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_TYPE_NAME)) {
 										user.setIsmandateuser(true);
 									}
 									
-									if (strAttributeName.equals(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME)) {
+									if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME)) {
 										user.setInstitut(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue());
 									}		
 								}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index 79e7e9252..8b41823e1 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -47,13 +47,13 @@ import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException
 import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
 import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.SchemaValidationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.SignatureValidationException;
+import at.gv.egovernment.moa.id.config.webgui.validation.utils.SchemaValidationFilter;
 import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter;
 import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
 import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import iaik.x509.X509Certificate;
@@ -158,7 +158,7 @@ public class OAPVP2ConfigValidation {
 							
 							} catch (ConfigurationException e) {
 								log.warn("Configuration access FAILED!", e);
-							
+							 
 							}
 						
 							MetadataFilterChain filter = new MetadataFilterChain();
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java
index 0a3a9eef8..e9c8fa719 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java
@@ -35,9 +35,9 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 5d7071a19..3a0bdb8c0 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -261,11 +261,64 @@
 		<dependency>
 			<groupId>httpsclient</groupId>
 			<artifactId>httpsclient</artifactId>
-		</dependency>		
-	<dependency>
-  		<groupId>org.opensaml</groupId>
-  		<artifactId>opensaml</artifactId>
-  		<exclusions>
+		</dependency>
+		<dependency>
+  			<groupId>at.gv.egiz.eaaf</groupId>
+  			<artifactId>eaaf_module_pvp2_idp</artifactId>
+  			<exclusions>
+				<exclusion>
+					<groupId>org.slf4j</groupId>
+					<artifactId>log4j-over-slf4j</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.slf4j</groupId>
+					<artifactId>log4j-over-slf4j</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.apache.xerces</groupId>
+					<artifactId>*</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>xalan</groupId>
+					<artifactId>*</artifactId>
+				</exclusion>
+				<exclusion>
+					<artifactId>bcprov-jdk15on</artifactId>
+					<groupId>org.bouncycastle</groupId>
+				</exclusion>
+  			</exclusions>
+  		</dependency>
+		<dependency>
+  			<groupId>at.gv.egiz.eaaf</groupId>
+  			<artifactId>eaaf_module_pvp2_sp</artifactId>
+  			<exclusions>
+				<exclusion>
+					<groupId>org.slf4j</groupId>
+					<artifactId>log4j-over-slf4j</artifactId>
+				</exclusion>
+				<exclusion> 
+					<groupId>org.slf4j</groupId>
+					<artifactId>log4j-over-slf4j</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.apache.xerces</groupId>
+					<artifactId>*</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>xalan</groupId>
+					<artifactId>*</artifactId>
+				</exclusion>
+				<exclusion>
+					<artifactId>bcprov-jdk15on</artifactId>
+					<groupId>org.bouncycastle</groupId>
+				</exclusion>
+  			</exclusions>
+  		</dependency>
+						
+<!-- 		<dependency>
+  			<groupId>org.opensaml</groupId>
+  			<artifactId>opensaml</artifactId>
+  			<exclusions>
 				<exclusion>
 					<groupId>org.slf4j</groupId>
 					<artifactId>log4j-over-slf4j</artifactId>
@@ -309,7 +362,7 @@
 	<dependency>
 	    <groupId>org.apache.santuario</groupId>
 	    <artifactId>xmlsec</artifactId>
-	</dependency>
+	</dependency> -->
 
 		<!-- the core, which includes Streaming API, shared low-level abstractions (but NOT data-binding) -->
 		<dependency>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
index 54e459db1..2c1e47009 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
@@ -35,10 +35,7 @@ import at.gv.egiz.components.eventlog.api.EventConstants;
 public interface MOAIDEventConstants extends EventConstants {
 
 	//auth protocol specific information
-	public static final int AUTHPROTOCOL_TYPE = 3000;
 	
-	public static final int AUTHPROTOCOL_PVP_METADATA = 3100;
-	public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST = 3101;
 	public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE = 3102;
 	public static final int AUTHPROTOCOL_PVP_REQUEST_SLO = 3103;
 	public static final int AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY = 3104;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index e630455b4..8298b082b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -34,6 +34,7 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
+import at.gv.egiz.eaaf.modules.pvp2.PVPEventConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
@@ -63,8 +64,8 @@ public class MOAReversionLogger implements IRevisionLogger {
 			MOAIDEventConstants.TRANSACTION_DESTROYED,
 			MOAIDEventConstants.TRANSACTION_ERROR,
 			MOAIDEventConstants.TRANSACTION_IP,
-			MOAIDEventConstants.AUTHPROTOCOL_TYPE,
-			MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA,
+			IRevisionLogger.AUTHPROTOCOL_TYPE,
+			PVPEventConstants.AUTHPROTOCOL_PVP_METADATA,
 			
 			MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER,
 			MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java
deleted file mode 100644
index 6f98357e2..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth;
-
-/**
- * @author tlenz
- *
- */
-public interface IDestroyableObject {
-	/**
-	 * Manually deep destroy a Java object with all child objects like timers and threads 
-	 * 
-	 */
-	public void fullyDestroy();
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java
deleted file mode 100644
index 27d142f2c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth;
-
-/**
- * @author tlenz
- *
- */
-public interface IGarbageCollectorProcessing {
-
-	/**
-	 * This method gets executed by the MOA garbage collector at regular intervals.
-	 * 
-	 */
-	public void runGarbageCollector();
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java
deleted file mode 100644
index d918be463..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth;
-
-
-/**
- * 
- * @author tlenz
- *
- * Interface initialize a Object when the MOA-ID-Auth start-up process is fully completed
- *
- */
-public interface IPostStartupInitializable {
-
-	/**
-	 * This method is called once when MOA-ID-Auth start-up process is fully completed
-	 * 
-	 */
-	public void executeAfterStartup();
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java
index 52e30a2f0..f88267ad7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java
@@ -33,6 +33,7 @@ import org.springframework.scheduling.annotation.EnableScheduling;
 import org.springframework.scheduling.annotation.Scheduled;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
 import at.gv.egovernment.moa.logging.Logger;
 
 @Service("MOAGarbageCollector")
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 738f733a8..998817b19 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -50,6 +50,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
 import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -73,9 +74,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
 import at.gv.egovernment.moa.id.util.LoALevelMapper;
@@ -100,6 +99,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
 	@Autowired protected AuthConfiguration authConfig;
+	@Autowired private LoALevelMapper loaLevelMapper; 
 	
 	@Override
 	public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
@@ -124,7 +124,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 		try {
 			//check if SAML1 authentication module is in Classpath
 			Class<?> saml1RequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl");
-			IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").newInstance();			
+			//IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").newInstance();
+			IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").getConstructor(LoALevelMapper.class).newInstance(loaLevelMapper);
 			if (saml1RequstTemplate != null && 
 					saml1RequstTemplate.isInstance(pendingReq)) {				
 				//request is SAML1  --> invoke SAML1 protocol specific methods 
@@ -138,12 +139,12 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 				authdata = (MOAAuthenticationData) saml1authdata;
 							
 			} else {			
-				authdata = new MOAAuthenticationData();
+				authdata = new MOAAuthenticationData(loaLevelMapper);
 							
 			}
 						
 		} catch (ClassNotFoundException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) {			
-			authdata = new MOAAuthenticationData();
+			authdata = new MOAAuthenticationData(loaLevelMapper);
 			
 		}
 				
@@ -162,13 +163,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 			oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, pendingReq);
 				
 		Boolean isMinimalFrontChannelResp = pendingReq.getGenericData(
-				PVPTargetConfiguration.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, Boolean.class);
+				MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, Boolean.class);
 		if (isMinimalFrontChannelResp != null && isMinimalFrontChannelResp) {
 			//only set minimal response attributes			
 			authdata.setQAALevel(
-					pendingReq.getGenericData(PVPTargetConfiguration.DATAID_INTERFEDERATION_QAALEVEL, String.class));
+					pendingReq.getGenericData(MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, String.class));
 			authdata.setBPK(
-					pendingReq.getGenericData(PVPTargetConfiguration.DATAID_INTERFEDERATION_NAMEID, String.class));
+					pendingReq.getGenericData(MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, String.class));
 						
 		} else {
 			//build AuthenticationData from MOASession
@@ -297,18 +298,18 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 			if (MiscUtil.isNotEmpty(currentLoA)) {					
 				if (currentLoA.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
 					authData.setQAALevel(currentLoA);
-					authData.seteIDASLoA(LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(currentLoA));
+					authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(currentLoA));
 
 				} else if (currentLoA.startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) {
-					authData.setQAALevel(LoALevelMapper.getInstance().mapeIDASQAAToSTORKQAA(currentLoA));
+					authData.setQAALevel(loaLevelMapper.mapeIDASQAAToSTORKQAA(currentLoA));
 					authData.seteIDASLoA(currentLoA);
 										
-				} else {
-					Logger.debug("Found PVP QAA level. QAA mapping process starts ... ");				
-					String mappedStorkQAA = LoALevelMapper.getInstance().mapToQAALevel(currentLoA);
+				} else { 
+					Logger.debug("Found PVP SecClass. QAA mapping process starts ... ");				
+					String mappedStorkQAA = loaLevelMapper.mapSecClassToQAALevel(currentLoA);
 					if (MiscUtil.isNotEmpty(mappedStorkQAA)) {
-						authData.setQAALevel(currentLoA);
-						authData.seteIDASLoA(LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(currentLoA));
+						authData.setQAALevel(mappedStorkQAA);
+						authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(mappedStorkQAA));
 						
 					}										
 				}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
index a7f6e873f..4bc4a7e81 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -59,9 +59,9 @@ import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.NoSuchPaddingException;
 
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
index a1d31f5ae..e600505a2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
@@ -28,7 +28,7 @@ import java.util.List;
 import org.opensaml.saml2.core.Attribute;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.PVPAttributeConstants;
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
 import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -50,7 +50,7 @@ public class DynamicOAAuthParameterBuilder {
 				
 		for (Attribute attr : reqAttributes) {				
 			//get Target or BusinessService from request 
-			if (attr.getName().equals(PVPAttributeConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
+			if (attr.getName().equals(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
 				String attrValue = attr.getAttributeValues().get(0).getDOM().getTextContent();
 				if (attrValue.startsWith(Constants.URN_PREFIX_CDID)) {
 					//dynamicOA.setBusinessService(false);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
new file mode 100644
index 000000000..aa462c480
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
@@ -0,0 +1,114 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.stereotype.Service;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.idp.api.builder.ISubjectNameIdGenerator;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+@Service("MOASAML2SubjectNameIDGenerator")
+public class MOAIDSubjectNameIdGenerator implements ISubjectNameIdGenerator {
+	
+	@Override
+	public Pair<String, String> generateSubjectNameId(IAuthData authData, ISPConfiguration spConfig) throws PVP2Exception {
+		//build nameID and nameID Format from moasessio
+		if (authData instanceof IMOAAuthData && 
+				((IMOAAuthData)authData).isUseMandate()) {
+			String bpktype = null;
+			String bpk = null;
+			
+			Element mandate = ((IMOAAuthData)authData).getMandate();
+			if(mandate != null) {
+				Logger.debug("Read mandator bPK|baseID from full-mandate ... ");
+				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+				if(mandateObject == null) {
+					throw new NoMandateDataAvailableException();
+				}
+				CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+				PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson();
+				
+				IdentificationType id;
+				if(corporation != null && corporation.getIdentification().size() > 0)
+					id = corporation.getIdentification().get(0);
+	
+					
+				else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0)
+					id = pysicalperson.getIdentification().get(0);
+					
+				else {
+					Logger.error("Failed to generate IdentificationType");
+					throw new NoMandateDataAvailableException();		
+				}
+			
+				bpktype = id.getType();
+				bpk = id.getValue().getValue();
+								
+			} else {
+				Logger.debug("Read mandator bPK|baseID from PVP attributes ... ");
+				bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME, String.class);
+				bpktype = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, String.class);				
+				
+				if (StringUtils.isEmpty(bpk)) {
+					//no sourcePin is included --> search for bPK
+					bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_BPK_NAME, String.class);
+					
+					try {
+						if (bpk.contains(":"))
+							bpk = bpk.split(":")[1];
+						
+					} catch (Exception e) {
+						Logger.warn("Can not split bPK from mandator attribute!", e);
+						
+					}
+					
+					//set bPK-Type from configuration, because it MUST be equal to service-provider type
+					bpktype = spConfig.getAreaSpecificTargetIdentifier();
+										
+				} else {
+					//sourcePin is include --> check sourcePinType
+					if (StringUtils.isEmpty(bpktype))
+						bpktype = Constants.URN_PREFIX_BASEID;
+					
+				}				
+			}
+			
+			if (StringUtils.isEmpty(bpk) || StringUtils.isEmpty(bpktype)) {
+				throw new NoMandateDataAvailableException();
+				
+			}
+			
+			if (bpktype.equals(Constants.URN_PREFIX_BASEID)) {				
+				try {
+					return new BPKBuilder().generateAreaSpecificPersonIdentifier(bpk, spConfig.getAreaSpecificTargetIdentifier());
+										
+				} catch (BuildException e) {
+					Logger.warn("Can NOT generate SubjectNameId." , e);
+					throw new ResponderErrorException("pvp2.01", null);
+
+				}								
+				
+			} else
+				return Pair.newInstance(bpk, bpktype);
+									
+		} else
+			return Pair.newInstance(authData.getBPK(), authData.getBPKType());
+
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
deleted file mode 100644
index 8def0f860..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-
-import java.util.Set;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
-import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
-import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.ModuleRegistration;
-import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-@Component("RestartAuthProzessManagement")
-public class RestartAuthProzessManagement  extends AbstractAuthServletTask {
-
-	@Autowired ProcessEngine processEngine;
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
-	 */
-	@Override
-	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
-			throws TaskExecutionException {
-		try {			
-			//create a new execution context and copy all elements to new context
-			ExecutionContext newec = new ExecutionContextImpl(); 
-			Set<String> entries = executionContext.keySet();
-			for (String key : entries) {
-				newec.put(key, executionContext.get(key));
-				
-			}
-			
-			Logger.debug("Select new auth.-process and restart restart process-engine ... ");
-			
-			// select and create new process instance
-			String processDefinitionId = ModuleRegistration.getInstance().selectProcess(newec);
-			if (processDefinitionId == null) {
-				Logger.warn("No suitable authentication process found for SessionID " + pendingReq.getPendingRequestId());
-				throw new MOAIDException("process.02", new Object[] { pendingReq.getPendingRequestId() });
-			}			
-			
-			String processInstanceId = processEngine.createProcessInstance(processDefinitionId, newec);
-
-			// keep process instance id in moa session
-			((RequestImpl)pendingReq).setProcessInstanceId(processInstanceId);
-
-			// make sure pending request has been persisted before running the process
-			try {
-				requestStoreage.storePendingRequest(pendingReq);
-				
-			} catch (MOAIDException e) {
-				Logger.error("Database Error! MOASession is not stored!");
-				throw new MOAIDException("init.04", new Object[] { pendingReq.getPendingRequestId() });
-				
-			}
-			
-			Logger.info("Restart process-engine with auth.process:" + processDefinitionId);
-			
-			// start process
-			processEngine.start(pendingReq);
-			
-			
-		} catch (MOAIDException e) {
-			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
-			
-		} catch (Exception e) {
-			Logger.warn("RestartAuthProzessManagement has an internal error", e);
-			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
-			
-		}			
-		
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 10c271b6a..0e1e1bf12 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -33,6 +33,7 @@ import org.springframework.stereotype.Service;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -43,7 +44,6 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index f9aa1b83c..448e2a0f5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -44,6 +44,8 @@ import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
 import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -52,10 +54,8 @@ import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -169,11 +169,11 @@ public class IDPSingleLogOutServlet extends AbstractController {
 							
 						String redirectURL = null;
 						IRequest sloReq = sloContainer.getSloRequest();
-						if (sloReq != null && sloReq instanceof PVPTargetConfiguration) {
+						if (sloReq != null && sloReq instanceof PVPSProfilePendingRequest) {
 							//send SLO response to SLO request issuer
-							SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPTargetConfiguration)sloContainer.getSloRequest());
-							LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPTargetConfiguration)sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
-							redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, ((PVPTargetConfiguration)sloContainer.getSloRequest()).getRequest().getRelayState());
+							SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPSProfilePendingRequest)sloContainer.getSloRequest());
+							LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPSProfilePendingRequest)sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
+							redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, ((PVPSProfilePendingRequest)sloContainer.getSloRequest()).getRequest().getRelayState());
 															
 						} else {
 							//print SLO information directly
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
index 9380d3b64..a9be3f51d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
@@ -53,10 +53,10 @@ import java.util.Properties;
 
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.impl.idp.conf.AbstractConfigurationImpl;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap;
 import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.SpringProfileConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.util.config.EgovUtilPropertiesConfiguration;
 
@@ -187,7 +187,7 @@ public abstract class ConfigurationProviderImpl extends AbstractConfigurationImp
 					
 			//Initialize OpenSAML for STORK
 			Logger.info("Starting initialization of OpenSAML...");
-			MOADefaultBootstrap.bootstrap();
+			EAAFDefaultSAML2Bootstrap.bootstrap();
 			//DefaultBootstrap.bootstrap();
 			Logger.debug("OpenSAML successfully initialized");	  
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java
deleted file mode 100644
index 38f6948d3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.data;
-
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map.Entry;
-import java.util.Set;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-
-/**
- * @author tlenz
- *
- */
-public interface ISLOInformationContainer {
-
-	boolean hasFrontChannelOA();
-
-	Set<Entry<String, SLOInformationImpl>> getFrontChannelOASessionDescriptions();
-
-	void removeFrontChannelOA(String oaID);
-
-	Iterator<String> getNextBackChannelOA();
-
-	SLOInformationImpl getBackChannelOASessionDescripten(String oaID);
-
-	void removeBackChannelOA(String oaID);
-
-	/**
-	 * @return the sloRequest
-	 */
-	PVPTargetConfiguration getSloRequest();
-
-	/**
-	 * @param sloRequest the sloRequest to set
-	 */
-	void setSloRequest(PVPTargetConfiguration sloRequest);
-
-	/**
-	 * @return the sloFailedOAs
-	 */
-	List<String> getSloFailedOAs();
-
-	void putFailedOA(String oaID);
-	
-	public String getTransactionID();
-	
-	public String getSessionID();
-}
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
index ba3eba2e6..e0dd30db3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
@@ -29,10 +29,10 @@ import java.util.List;
 import org.w3c.dom.Element;
 
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DOMUtils;
@@ -68,6 +68,12 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 	private boolean interfederatedSSOSession;
 	private String interfederatedIDP;
 
+	private LoALevelMapper loaMapper;
+	
+	public MOAAuthenticationData(LoALevelMapper loaMapper) {	
+		this.loaMapper = loaMapper;
+		
+	}
 	
 	/**
 	 * @return
@@ -76,7 +82,7 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 	public String getQAALevel() {
 		if (this.QAALevel != null && 
 				this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) {
-			String mappedQAA = LoALevelMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel);
+			String mappedQAA = loaMapper.mapeIDASQAAToSTORKQAA(this.QAALevel);
 			if (MiscUtil.isNotEmpty(mappedQAA))
 				return mappedQAA;
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java
deleted file mode 100644
index 0b46345d3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.data;
-
-public class Pair<P1, P2> {
-	private final P1 first;
-	private final P2 second;
-	
-	private Pair(final P1 newFirst, final P2 newSecond) {
-		this.first = newFirst;
-		this.second = newSecond;
-	}
-	
-	public P1 getFirst() {
-		return this.first;
-	}
-	
-	public P2 getSecond() {
-		return this.second;
-	}
-	
-	public static <P1, P2> Pair<P1, P2> newInstance(final P1 newFirst, final P2 newSecond) {
-		return new Pair<P1, P2>(newFirst, newSecond);
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
deleted file mode 100644
index 5ff923bce..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
+++ /dev/null
@@ -1,190 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.data;
-
-import java.io.Serializable;
-
-import org.opensaml.saml2.metadata.SingleLogoutService;
-
-import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
-
-
-/**
- * @author tlenz
- *
- */
-public class SLOInformationImpl implements SLOInformationInterface, Serializable {
-	
-	private static final long serialVersionUID = 295577931870512387L;
-	private String sessionIndex = null;
-	private String nameID = null;
-	private String protocolType = null;
-	private String nameIDFormat = null;
-	private String binding = null;
-	private String serviceURL = null;
-	private String authURL = null;
-	private String spEntityID = null;
-	
-	public SLOInformationImpl(String authURL, String spEntityID, String sessionID, String nameID, String nameIDFormat, String protocolType) {
-		new SLOInformationImpl(authURL, spEntityID, sessionID, nameID, nameIDFormat, protocolType, null);
-	}
-	
-	public SLOInformationImpl(String authURL, String spEntityID, String sessionID, String nameID, String nameIDFormat, String protocolType, SingleLogoutService sloService) {
-		this.sessionIndex = sessionID;
-		this.nameID = nameID;
-		this.nameIDFormat = nameIDFormat;
-		this.protocolType = protocolType;
-		this.spEntityID = spEntityID;
-		
-		if (authURL.endsWith("/"))
-			this.authURL = authURL.substring(0, authURL.length()-1);
-		else
-			this.authURL = authURL;
-		
-		if (sloService != null) {
-			this.binding = sloService.getBinding();
-			this.serviceURL = sloService.getLocation();
-			
-		}				
-	}
-	
-	
-	/**
-	 * 
-	 */
-	public SLOInformationImpl() {
-		
-	}
-
-
-	
-	/**
-	 * @return the spEntityID
-	 */
-	public String getSpEntityID() {
-		return spEntityID;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getSessionIndex()
-	 */
-	@Override
-	public String getSessionIndex() {
-		return sessionIndex;
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIdentifier()
-	 */
-	@Override
-	public String getUserNameIdentifier() {
-		return nameID;
-		
-	}
-
-
-	/**
-	 * @param sessionIndex the sessionIndex to set
-	 */
-	public void setSessionIndex(String sessionIndex) {
-		this.sessionIndex = sessionIndex;
-	}
-
-
-	/**
-	 * @param nameID the nameID to set
-	 */
-	public void setUserNameIdentifier(String nameID) {
-		this.nameID = nameID;
-	}
-
-	
-
-	/**
-	 * @param protocolType the protocolType to set
-	 */
-	public void setProtocolType(String protocolType) {
-		this.protocolType = protocolType;
-	}
-
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getProtocolType()
-	 */
-	@Override
-	public String getProtocolType() {
-		return protocolType;
-	}
-
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIDFormat()
-	 */
-	@Override
-	public String getUserNameIDFormat() {
-		return this.nameIDFormat;
-	}
-
-
-	/**
-	 * @param nameIDFormat the nameIDFormat to set
-	 */
-	public void setNameIDFormat(String nameIDFormat) {
-		this.nameIDFormat = nameIDFormat;
-	}
-
-	/**
-	 * @return the binding
-	 */
-	public String getBinding() {
-		return binding;
-	}
-
-	/**
-	 * @return the serviceURL
-	 */
-	public String getServiceURL() {
-		return serviceURL;
-	}
-
-	/**
-	 * @return the authURL from requested IDP without ending /
-	 */
-	public String getAuthURL() {
-		return authURL;
-	}
-
-	/**
-	 * @param spEntityID the spEntityID to set
-	 */
-	public void setSpEntityID(String spEntityID) {
-		this.spEntityID = spEntityID;
-	}
-	
-	
-	
-	
-	
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java
deleted file mode 100644
index 78e8be452..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.data;
-
-public class Trible<P1, P2, P3> {
-	private final P1 first;
-	private final P2 second;
-	private final P3 third;
-	
-	private Trible(final P1 newFirst, final P2 newSecond, final P3 newThird) {
-		this.first = newFirst;
-		this.second = newSecond;
-		this.third = newThird;
-	}
-	
-	public P1 getFirst() {
-		return this.first;
-	}
-	
-	public P2 getSecond() {
-		return this.second;
-	}
-	
-	public P3 getThird() {
-		return this.third;
-	}
-	
-	public static <P1, P2, P3> Trible<P1, P2, P3> newInstance(final P1 newFirst, final P2 newSecond, final P3 newThird) {
-		return new Trible<P1, P2, P3>(newFirst, newSecond, newThird);
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 72b350991..c2dd7b4ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -41,6 +41,8 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -49,9 +51,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionSto
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -79,7 +79,7 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 		String pvpSLOIssuer = null;
 		String uniqueSessionIdentifier = "notSet";
 		String uniqueTransactionIdentifier = "notSet";
-		PVPTargetConfiguration pvpReq = null;		
+		PVPSProfilePendingRequest pvpReq = null;		
 		Logger.debug("Start technical Single LogOut process ... ");
 		
 		
@@ -87,9 +87,9 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 			uniqueSessionIdentifier = pendingReq.getUniqueSessionIdentifier();
 			uniqueTransactionIdentifier = pendingReq.getUniqueTransactionIdentifier();
 			
-			if (pendingReq instanceof PVPTargetConfiguration) {
-				pvpReq = ((PVPTargetConfiguration)pendingReq);
-				MOARequest samlReq = (MOARequest) pvpReq.getRequest();
+			if (pendingReq instanceof PVPSProfileRequest) {
+				pvpReq = ((PVPSProfilePendingRequest)pendingReq);
+				PVPSProfileRequest samlReq = (PVPSProfileRequest) pvpReq.getRequest();
 				LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
 				pvpSLOIssuer = logOutReq.getIssuer().getValue();
 			}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java
deleted file mode 100644
index dbfeb5e90..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.opemsaml;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.OutputStreamWriter;
-import java.io.Writer;
-
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
-import org.opensaml.common.binding.SAMLMessageContext;
-import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.transport.http.HTTPOutTransport;
-import org.opensaml.ws.transport.http.HTTPTransportUtils;
-
-import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class MOAIDHTTPPostEncoder extends HTTPPostEncoder {
-
-	private VelocityEngine velocityEngine;
-	private IGUIBuilderConfiguration guiConfig;
-	private GUIFormBuilderImpl guiBuilder;
-	
-	/**
-	 * @param engine
-	 * @param templateId
-	 */
-	public MOAIDHTTPPostEncoder(IGUIBuilderConfiguration guiConfig, GUIFormBuilderImpl guiBuilder, VelocityEngine engine) {
-		super(engine, null);
-		this.velocityEngine = engine;
-		this.guiConfig = guiConfig;
-		this.guiBuilder = guiBuilder;
-		
-	}
-
-    /**
-     * Base64 and POST encodes the outbound message and writes it to the outbound transport.
-     * 
-     * @param messageContext current message context
-     * @param endpointURL endpoint URL to which to encode message
-     * 
-     * @throws MessageEncodingException thrown if there is a problem encoding the message
-     */
-    protected void postEncode(SAMLMessageContext messageContext, String endpointURL) throws MessageEncodingException {
-        Logger.debug("Invoking Velocity template to create POST body");
-        InputStream is = null;
-        try {        	
-        	//build Velocity Context from GUI input paramters
-			VelocityContext context = guiBuilder.generateVelocityContextFromConfiguration(guiConfig);
-        	
-			//load template
-			is = guiBuilder.getTemplateInputStream(guiConfig);
-						
-			//populate velocity context with SAML2 parameters
-            populateVelocityContext(context, messageContext, endpointURL);
-
-            //populate transport parameter
-            HTTPOutTransport outTransport = (HTTPOutTransport) messageContext.getOutboundMessageTransport();
-            HTTPTransportUtils.addNoCacheHeaders(outTransport);
-            HTTPTransportUtils.setUTF8Encoding(outTransport);
-            HTTPTransportUtils.setContentType(outTransport, "text/html");
-
-            //evaluate template and write content to response
-            Writer out = new OutputStreamWriter(outTransport.getOutgoingStream(), "UTF-8");                        
-            velocityEngine.evaluate(context, out, "SAML2_POST_BINDING", new BufferedReader(new InputStreamReader(is)));            
-            out.flush();
-            
-        } catch (Exception e) {
-            Logger.error("Error invoking Velocity template", e);
-            throw new MessageEncodingException("Error creating output document", e);
-            
-        } finally {
-			if (is != null) {
-				try {
-					is.close();
-					
-				} catch (IOException e) {
-					Logger.error("Can NOT close GUI-Template InputStream.", e);
-				}
-			}
-        	
-		}
-    }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAKeyStoreX509CredentialAdapter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAKeyStoreX509CredentialAdapter.java
deleted file mode 100644
index 81afcfbc1..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAKeyStoreX509CredentialAdapter.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.opemsaml;
-
-import java.security.KeyStore;
-
-import org.opensaml.xml.security.x509.X509Credential;
-
-
-/**
- * @author tlenz
- *
- */
-public class MOAKeyStoreX509CredentialAdapter extends
-		org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter {
-
-	/**
-	 * @param store
-	 * @param alias
-	 * @param password
-	 */
-	public MOAKeyStoreX509CredentialAdapter(KeyStore store, String alias,
-			char[] password) {
-		super(store, alias, password);
-	}
-	
-	public Class<? extends X509Credential> getCredentialType() {
-		return X509Credential.class;
-	}
-	
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java
deleted file mode 100644
index acbb67b34..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.opemsaml;
-
-import org.opensaml.common.binding.SAMLMessageContext;
-import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
-import org.opensaml.ws.message.MessageContext;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class MOAStringRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder {
-
-	private String redirectURL = null;
-	
-	public void encode(MessageContext messageContext)
-			throws MessageEncodingException {
-		if (!(messageContext instanceof SAMLMessageContext)) {
-			Logger.error("Invalid message context type, this encoder only support SAMLMessageContext");
-			throw new MessageEncodingException(
-					"Invalid message context type, this encoder only support SAMLMessageContext");
-		}
-
-		//load default PVP security configurations
-		MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-		
-		SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext;
-
-		String endpointURL = getEndpointURL(samlMsgCtx).buildURL();
-
-		setResponseDestination(samlMsgCtx.getOutboundSAMLMessage(), endpointURL);
-
-		removeSignature(samlMsgCtx);
-
-		String encodedMessage = deflateAndBase64Encode(samlMsgCtx
-				.getOutboundSAMLMessage());
-
-		redirectURL = buildRedirectURL(samlMsgCtx, endpointURL,
-				encodedMessage);
-	}
-
-	/**
-	 * @return the redirectURL
-	 */
-	public String getRedirectURL() {
-		return redirectURL;
-	}
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index ac3828750..b2a2aad88 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -33,12 +33,12 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index c17f1a4dd..9e7f18842 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -51,6 +51,20 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.AuthResponseBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.PVP2AssertionBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.SoapBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
@@ -62,22 +76,11 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionSto
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.data.Trible;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -98,6 +101,8 @@ public class AttributQueryAction implements IAction {
 	
 	@Autowired private AttributQueryBuilder attributQueryBuilder;
 	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
+	@Autowired(required=true) IPVP2BasicConfiguration pvpBasicConfiguration;
+	@Autowired(required=true) PVP2AssertionBuilder assertionBuilder;
 	
 	private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList(
 			new String[]{PVPConstants.EID_STORK_TOKEN_NAME});	
@@ -114,11 +119,11 @@ public class AttributQueryAction implements IAction {
 	@Override
 	public SLOInformationInterface processRequest(IRequest pendingReq,
 			HttpServletRequest httpReq, HttpServletResponse httpResp,
-			IAuthData authData) throws MOAIDException {
+			IAuthData authData) throws EAAFException {
 		
-		if (pendingReq instanceof PVPTargetConfiguration && 
-				((PVPTargetConfiguration) pendingReq).getRequest() instanceof MOARequest && 
-				((MOARequest)((PVPTargetConfiguration) pendingReq).getRequest()).getSamlRequest() instanceof AttributeQuery) {
+		if (pendingReq instanceof PVPSProfilePendingRequest && 
+				((PVPSProfilePendingRequest) pendingReq).getRequest() instanceof PVPSProfileRequest && 
+				((PVPSProfileRequest)((PVPSProfilePendingRequest) pendingReq).getRequest()).getSamlRequest() instanceof AttributeQuery) {
 			
 			//set time reference
 			DateTime date = new DateTime();
@@ -136,7 +141,7 @@ public class AttributQueryAction implements IAction {
 						authenticationSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(moaSession.getSSOSessionID());
 			
 				AttributeQuery attrQuery = 
-						(AttributeQuery)((MOARequest)((PVPTargetConfiguration) pendingReq).getRequest()).getSamlRequest();
+						(AttributeQuery)((PVPSProfileRequest)((PVPSProfilePendingRequest) pendingReq).getRequest()).getSamlRequest();
 													
 				//build PVP 2.1 response-attribute information for this AttributQueryRequest
 				Trible<List<Attribute>, Date, String> responseInfo = 
@@ -148,10 +153,9 @@ public class AttributQueryAction implements IAction {
 				
 				//build PVP 2.1 assertion
 								
-				String issuerEntityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(
-						pendingReq.getAuthURL());
+				String issuerEntityID = pvpBasicConfiguration.getIDPEntityId(pendingReq.getAuthURL());
 				
-				Assertion assertion = PVP2AssertionBuilder.buildAssertion(issuerEntityID, 
+				Assertion assertion = assertionBuilder.buildAssertion(issuerEntityID, 
 						attrQuery, responseInfo.getFirst(), date, new DateTime(responseInfo.getSecond().getTime()), 
 						responseInfo.getThird(), authData.getSessionIndex());
 				
@@ -201,16 +205,16 @@ public class AttributQueryAction implements IAction {
 	 */
 	@Override
 	public String getDefaultActionName() {
-		return PVP2XProtocol.ATTRIBUTEQUERY;
+		return at.gv.egiz.eaaf.modules.pvp2.PVPConstants.ATTRIBUTEQUERY;
 	}
 	
 	private Trible<List<Attribute>, Date, String> buildResponseInformationForAttributQuery(IRequest pendingReq, 
-            AuthenticationSession session, List<Attribute> reqAttributes, InterfederationSessionStore nextIDPInformation) throws MOAIDException {		
+            AuthenticationSession session, List<Attribute> reqAttributes, InterfederationSessionStore nextIDPInformation) throws MOAIDException, AssertionAttributeExtractorExeption, AttributQueryException, AssertionValidationExeption {		
 		try {
 			//mark AttributeQuery as used if it exists
-			if ( pendingReq instanceof PVPTargetConfiguration && 
-					((PVPTargetConfiguration) pendingReq).getRequest() instanceof MOARequest &&
-					((PVPTargetConfiguration) pendingReq).getRequest().getInboundMessage() instanceof AttributeQuery) {				
+			if ( pendingReq instanceof PVPSProfileRequest && 
+					((PVPSProfilePendingRequest) pendingReq).getRequest() instanceof PVPSProfileRequest &&
+					((PVPSProfilePendingRequest) pendingReq).getRequest().getInboundMessage() instanceof AttributeQuery) {				
 				
 				authenticationSessionStorage.markOAWithAttributeQueryUsedFlag(session, pendingReq.getSPEntityId(), pendingReq.requestedModule());
 			}
@@ -218,7 +222,7 @@ public class AttributQueryAction implements IAction {
 			//build OnlineApplication dynamic from requested attributes (AttributeQuerry Request) and configuration
 			IOAAuthParameters spConfig = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(reqAttributes);
 			
-			//search federated IDP information for this MOASession
+			//search federated IDP information for this MOASession 
 			if (nextIDPInformation != null) {				
 				Logger.info("Find active federated IDP information."
 					+ ". --> Request next IDP:" + nextIDPInformation.getIdpurlprefix() 
@@ -354,9 +358,11 @@ public class AttributQueryAction implements IAction {
 	 * @return 
 	 * @return PVP attribute DAO, which contains all received information
 	 * @throws MOAIDException
+	 * @throws AttributQueryException 
+	 * @throws AssertionValidationExeption 
 	 */
 	public AssertionAttributeExtractor getAuthDataFromAttributeQuery(List<Attribute> reqQueryAttr,
-			String userNameID, IOAAuthParameters idpConfig, String spEntityID) throws MOAIDException{
+			String userNameID, IOAAuthParameters idpConfig, String spEntityID) throws MOAIDException, AttributQueryException, AssertionValidationExeption{
 		String idpEnityID = idpConfig.getPublicURLPrefix();
 		
 		try {		
@@ -407,7 +413,7 @@ public class AttributQueryAction implements IAction {
 						new Object[]{idpEnityID, "Receive AttributeQuery response-body include no PVP 2.1 response"});
 			
 			}
-				 										
+				 								 		
 		} catch (SOAPException e) {
 			throw new BuildException("builder.06", null, e);
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
deleted file mode 100644
index 43c860488..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ /dev/null
@@ -1,151 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.joda.time.DateTime;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.xml.security.SecurityException;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.idp.IAction;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-
-@Service("PVPAuthenticationRequestAction")
-public class AuthenticationAction implements IAction {
-	@Autowired IDPCredentialProvider pvpCredentials; 
-	@Autowired AuthConfiguration authConfig;
-	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
-	@Autowired(required=true) ApplicationContext springContext;
-	
-	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
-			HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
-		
-		PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req;
-		
-		//get basic information
-		MOARequest moaRequest = (MOARequest) pvpRequest.getRequest();
-		AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest();
-		EntityDescriptor peerEntity = moaRequest.getEntityMetadata(metadataProvider);		
-		
-		AssertionConsumerService consumerService = 
-				SAML2Utils.createSAMLObject(AssertionConsumerService.class);
-		consumerService.setBinding(pvpRequest.getBinding());
-		consumerService.setLocation(pvpRequest.getConsumerURL());
-				
-		DateTime date = new DateTime();
-		
-		SLOInformationImpl sloInformation = new SLOInformationImpl();
-
-		//change to entity value from entity name to IDP EntityID (URL)
-//		String issuerEntityID = pvpRequest.getAuthURL();
-//		if (issuerEntityID.endsWith("/"))
-//			issuerEntityID = issuerEntityID.substring(0, issuerEntityID.length()-1);
-
-		String issuerEntityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(
-				pvpRequest.getAuthURL());
-		
-		//build Assertion
-		Assertion assertion = PVP2AssertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData, 
-				peerEntity, date, consumerService, sloInformation);
-		
-		Response authResponse = AuthResponseBuilder.buildResponse(
-				metadataProvider, issuerEntityID, authnRequest, 
-				date, assertion, authConfig.isPVP2AssertionEncryptionActive());
-							
-		IEncoder binding = null;
-
-		if (consumerService.getBinding().equals(
-				SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
-			binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
-						
-		} else if (consumerService.getBinding().equals(
-				SAMLConstants.SAML2_POST_BINDING_URI)) {
-			binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
-			
-		}
-
-		if (binding == null) {
-			throw new BindingNotSupportedException(consumerService.getBinding());
-		}
-		
-		try {
-			binding.encodeRespone(httpReq, httpResp, authResponse, 
-					consumerService.getLocation(), moaRequest.getRelayState(),
-					pvpCredentials.getIDPAssertionSigningCredential(), req);
-
-			//set protocol type
-			sloInformation.setProtocolType(req.requestedModule());
-			sloInformation.setSpEntityID(req.getServiceProviderConfiguration().getUniqueIdentifier());
-			return sloInformation;
-			
-		} catch (MessageEncodingException e) {
-			Logger.error("Message Encoding exception", e);
-			throw new MOAIDException("pvp2.01", null, e);
-			
-		} catch (SecurityException e) {
-			Logger.error("Security exception", e);
-			throw new MOAIDException("pvp2.01", null, e);
-
-		}
-		
-	}
-
-	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
-			HttpServletResponse httpResp) {
-		return true;
-	}
-
-	public String getDefaultActionName() {
-		return "PVPAuthenticationRequestAction";
-		
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
deleted file mode 100644
index 76956b5a8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ /dev/null
@@ -1,93 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import com.google.common.net.MediaType;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.idp.IAction;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
-import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IDPPVPMetadataConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-@Service("pvpMetadataService")
-public class MetadataAction implements IAction {
-
-	
-
-	@Autowired private IRevisionLogger revisionsLogger; 
-	@Autowired private IDPCredentialProvider credentialProvider;
-	@Autowired private PVPMetadataBuilder metadatabuilder;
-	
-	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
-			HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
-		try {
-			revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA);
-			
-			//build metadata
-			IPVPMetadataBuilderConfiguration metadataConfig = 
-					new IDPPVPMetadataConfiguration(req.getAuthURLWithOutSlash(), credentialProvider);
-			
-			String metadataXML = metadatabuilder.buildPVPMetadata(metadataConfig);			
-			Logger.debug("METADATA: " + metadataXML);
-					
-			byte[] content = metadataXML.getBytes("UTF-8");
-			httpResp.setStatus(HttpServletResponse.SC_OK);
-			httpResp.setContentLength(content.length);
-			httpResp.setContentType(MediaType.XML_UTF_8.toString());
-			httpResp.getOutputStream().write(content);			
-			return null;
-			
-		} catch (Exception e) {
-			Logger.error("Failed to generate metadata", e);
-			throw new MOAIDException("pvp2.13", null);
-		} 
-	}
-
-	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
-			HttpServletResponse httpResp) {
-		return false;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
-	 */
-	@Override
-	public String getDefaultActionName() {
-		return "IDP - PVP Metadata action";
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
deleted file mode 100644
index 176b1af43..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ /dev/null
@@ -1,835 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x;
-
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.util.Arrays;
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-import org.joda.time.DateTime;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.AttributeQuery;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.LogoutRequest;
-import org.opensaml.saml2.core.LogoutResponse;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.Status;
-import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.core.StatusMessage;
-import org.opensaml.saml2.core.impl.AuthnRequestImpl;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.ws.security.SecurityPolicyException;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.x509.X509Credential;
-import org.opensaml.xml.signature.SignableXMLObject;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
-import at.gv.egiz.eaaf.core.exceptions.EAAFException;
-import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
-import at.gv.egiz.eaaf.core.exceptions.NoPassivAuthenticationException;
-import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
-import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
-import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityLogAdapter;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
- 
-@Controller
-public class PVP2XProtocol extends AbstractAuthProtocolModulController implements IModulInfo {
-
-	@Autowired IDPCredentialProvider pvpCredentials;
-	@Autowired SAMLVerificationEngineSP samlVerificationEngine;
-	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
-	
-	@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
-	
-	public static final String NAME = PVP2XProtocol.class.getName();
-	public static final String PATH = "id_pvp2x";
-
-	public static final String REDIRECT = "Redirect";
-	public static final String POST = "Post";
-	public static final String SOAP = "Soap";
-	public static final String METADATA = "Metadata";
-	public static final String ATTRIBUTEQUERY = "AttributeQuery";
-	public static final String SINGLELOGOUT = "SingleLogOut";
-	
-	public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
-			new String[] {
-					PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME
-			});
-	
-	static {			
-		new VelocityLogAdapter();
-		
-	}
-
-	public String getName() {
-		return NAME;
-	}
-
-	public String getPath() {
-		return PATH;
-	}
-	
-	public PVP2XProtocol() {
-		super();
-	} 
-		
-	//PVP2.x metadata end-point
-	@RequestMapping(value = "/pvp2/metadata", method = {RequestMethod.POST, RequestMethod.GET})
-	public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
-//		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
-//			Logger.info("PVP2.1 is deaktivated!");
-//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
-//			
-//		}
-		
-		//create pendingRequest object
-		PVPTargetConfiguration pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
-		pendingReq.initialize(req, authConfig);
-		pendingReq.setModule(NAME);
-		
-		revisionsLogger.logEvent(
-				pendingReq.getUniqueSessionIdentifier(), 
-				pendingReq.getUniqueTransactionIdentifier(), 
-				MOAIDEventConstants.TRANSACTION_IP, 
-				req.getRemoteAddr());
-				
-		MetadataAction metadataAction = applicationContext.getBean(MetadataAction.class);
-		metadataAction.processRequest(pendingReq, 
-				req, resp, null);
-		
-	}
-	
-	//PVP2.x IDP POST-Binding end-point
-	@RequestMapping(value = "/pvp2/post", method = {RequestMethod.POST})
-	public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
-//		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
-//			Logger.info("PVP2.1 is deaktivated!");
-//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
-//			
-//		}
-		
-		PVPTargetConfiguration pendingReq = null;
-		
-		try {
-			//create pendingRequest object
-			pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
-			pendingReq.initialize(req, authConfig);
-			pendingReq.setModule(NAME);
-			
-			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
-			revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());						
-			revisionsLogger.logEvent(
-					pendingReq.getUniqueSessionIdentifier(), 
-					pendingReq.getUniqueTransactionIdentifier(), 
-					MOAIDEventConstants.TRANSACTION_IP, 
-					req.getRemoteAddr());
-			
-			//get POST-Binding decoder implementation
-			InboundMessage msg = (InboundMessage) new PostBinding().decode(
-					req, resp, metadataProvider, false,
-					new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(pendingReq.getAuthURL())));
-			pendingReq.setRequest(msg);
-						
-			//preProcess Message
-			preProcess(req, resp, pendingReq);
-						
-		} catch (SecurityPolicyException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
-			
-		} catch (SecurityException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
-		
-		} catch (MOAIDException e) {
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw e;
-			
-		} catch (Throwable e) {			
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()});
-		}					
-	}
-	
-	//PVP2.x IDP Redirect-Binding end-point
-	@RequestMapping(value = "/pvp2/redirect", method = {RequestMethod.GET})
-	public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
-		if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) {
-			Logger.info("PVP2.1 is deaktivated!");
-			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
-			
-		}
-		PVPTargetConfiguration pendingReq = null;
-		try {
-			//create pendingRequest object
-			pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
-			pendingReq.initialize(req, authConfig);
-			pendingReq.setModule(NAME);
-			
-			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
-			revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());						
-			revisionsLogger.logEvent(
-					pendingReq.getUniqueSessionIdentifier(), 
-					pendingReq.getUniqueTransactionIdentifier(), 
-					MOAIDEventConstants.TRANSACTION_IP, 
-					req.getRemoteAddr());
-			
-			//get POST-Binding decoder implementation
-			InboundMessage msg = (InboundMessage) new RedirectBinding().decode(
-					req, resp, metadataProvider, false,
-					new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService(pendingReq.getAuthURL())));
-			pendingReq.setRequest(msg);
-			
-			//preProcess Message
-			preProcess(req, resp, pendingReq);
-						
-		} catch (SecurityPolicyException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
-			
-		} catch (SecurityException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
-			
-		} catch (MOAIDException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.info("Receive INVALID protocol request: " + samlRequest);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw e;
-						
-		} catch (Throwable e) {			
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-						
-			throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()});
-		}					
-	}
-	
-	
-	//PVP2.x IDP SOAP-Binding end-point
-	@RequestMapping(value = "/pvp2/soap", method = {RequestMethod.POST})
-	public void PVPIDPSOAPRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
-//		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
-//			Logger.info("PVP2.1 is deaktivated!");
-//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
-//			
-//		}
-				
-		PVPTargetConfiguration pendingReq = null;
-		try {
-			//create pendingRequest object
-			pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
-			pendingReq.initialize(req, authConfig);
-			pendingReq.setModule(NAME);
-			
-			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
-			revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());						
-			revisionsLogger.logEvent(
-					pendingReq.getUniqueSessionIdentifier(), 
-					pendingReq.getUniqueTransactionIdentifier(), 
-					MOAIDEventConstants.TRANSACTION_IP, 
-					req.getRemoteAddr());
-			
-			//get POST-Binding decoder implementation
-			InboundMessage msg = (InboundMessage) new SoapBinding().decode(
-					req, resp, metadataProvider, false,
-					new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(pendingReq.getAuthURL())));
-			pendingReq.setRequest(msg);
-			
-			//preProcess Message
-			preProcess(req, resp, pendingReq);
-						
-		} catch (SecurityPolicyException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-						
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
-			
-		} catch (SecurityException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
-		
-		} catch (MOAIDException e) {			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw e;
-						
-		} catch (Throwable e) {			
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()});
-		}					
-	}
-	
-	
-	
-	private void preProcess(HttpServletRequest request,
-			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable {
-			
-			InboundMessage msg = pendingReq.getRequest();
-		
-			if (MiscUtil.isEmpty(msg.getEntityID())) {
-				throw new InvalidProtocolRequestException("pvp2.20", new Object[] {}, "EntityId is null or empty");
-				
-			}
-			
-			if(!msg.isVerified()) {
-				samlVerificationEngine.verify(msg, 
-						TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
-				msg.setVerified(true);
-								
-			}
-							
-			if (msg instanceof MOARequest && 
-					((MOARequest)msg).getSamlRequest() instanceof AuthnRequest)
-				preProcessAuthRequest(request, response, pendingReq);
-			
-			else if (msg instanceof MOARequest && 
-					((MOARequest)msg).getSamlRequest() instanceof AttributeQuery)
-				preProcessAttributQueryRequest(request, response, pendingReq);
-
-			else if (msg instanceof MOARequest && 
-					((MOARequest)msg).getSamlRequest() instanceof LogoutRequest)
-				preProcessLogOut(request, response, pendingReq);
-			
-			else if (msg instanceof MOAResponse && 
-					((MOAResponse)msg).getResponse() instanceof LogoutResponse)
-				preProcessLogOut(request, response, pendingReq);
-			
-			else {
-				Logger.error("Receive unsupported PVP21 message");
-				throw new MOAIDException("Unsupported PVP21 message", new Object[] {});
-			}
-			
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_TYPE, PATH);
-			
-			//switch to session authentication
-			performAuthentication(request, response, pendingReq);								
-	}
-
-	public boolean generateErrorMessage(Throwable e,
-			HttpServletRequest request, HttpServletResponse response,
-			IRequest protocolRequest) throws Throwable {
-		
-		if(protocolRequest == null) {
-			throw e;
-		}
-		
-		if(!(protocolRequest instanceof PVPTargetConfiguration) ) {
-			throw e;
-		}
-		PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration)protocolRequest;
-		
-		Response samlResponse = 
-				SAML2Utils.createSAMLObject(Response.class);
-		Status status = SAML2Utils.createSAMLObject(Status.class);
-		StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
-		StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
-		
-		String moaError = null;
-		
-		if(e instanceof NoPassivAuthenticationException) {
-			statusCode.setValue(StatusCode.NO_PASSIVE_URI);
-			statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));	
-			
-		} else if (e instanceof NameIDFormatNotSupportedException) {
-			statusCode.setValue(StatusCode.INVALID_NAMEID_POLICY_URI);
-			statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
-
-		} else if (e instanceof SLOException) {
-			//SLOExecpetions only occurs if session information is lost
-			return false;
-			
-		} else if(e instanceof PVP2Exception) {
-			PVP2Exception ex = (PVP2Exception) e;
-			statusCode.setValue(ex.getStatusCodeValue());
-			String statusMessageValue = ex.getStatusMessageValue();
-			if(statusMessageValue != null) {
-				statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue));
-			}						
-			moaError = statusMessager.mapInternalErrorToExternalError(ex.getMessageId());
-			
-		} else {
-			statusCode.setValue(StatusCode.RESPONDER_URI);
-			statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
-			moaError = statusMessager.getResponseErrorCode(e);
-		}
-		
-		
-		if (MiscUtil.isNotEmpty(moaError)) {
-			StatusCode moaStatusCode = SAML2Utils.createSAMLObject(StatusCode.class);
-			moaStatusCode.setValue(moaError);
-			statusCode.setStatusCode(moaStatusCode);
-		}
-		
-		status.setStatusCode(statusCode);
-		if(statusMessage.getMessage() != null) {
-			status.setStatusMessage(statusMessage);
-		}
-		samlResponse.setStatus(status);
-		String remoteSessionID = SAML2Utils.getSecureIdentifier();
-		samlResponse.setID(remoteSessionID);
-
-		samlResponse.setIssueInstant(new DateTime());
-		Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
-		nissuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(
-				pvpRequest.getAuthURL()));
-		nissuer.setFormat(NameID.ENTITY);
-		samlResponse.setIssuer(nissuer);
-		
-		IEncoder encoder = null;
-		
-		if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {			
-			encoder = applicationContext.getBean("PVPRedirectBinding", RedirectBinding.class);
-						
-		} else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI))  {
-			encoder = applicationContext.getBean("PVPPOSTBinding", PostBinding.class);
-			
-		} else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI))  {
-			encoder = applicationContext.getBean("PVPSOAPBinding", SoapBinding.class);
-		}
-
-		if(encoder == null) {
-			// default to redirect binding
-			encoder = new RedirectBinding();
-		}
-
-		String relayState = null;
-		if (pvpRequest.getRequest() != null)
-			relayState = pvpRequest.getRequest().getRelayState();
-		
-		X509Credential signCred = pvpCredentials.getIDPAssertionSigningCredential();
-		
-		encoder.encodeRespone(request, response, samlResponse, pvpRequest.getConsumerURL(), 
-				relayState, signCred, protocolRequest);
-		return true;
-	}
-
-	public boolean validate(HttpServletRequest request,
-			HttpServletResponse response, IRequest pending) {
-		
-		return true;
-	}
-
-	
-	/**
-	 * PreProcess Single LogOut request
-	 * @param request
-	 * @param response
-	 * @param msg
-	 * @return
-	 * @throws EAAFException 
-	 * @throws MOAIDException 
-	 */
-	private void preProcessLogOut(HttpServletRequest request,
-			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws EAAFException {
-
-		InboundMessage inMsg = pendingReq.getRequest();		
-		MOARequest msg;
-		if (inMsg instanceof MOARequest && 
-				((MOARequest)inMsg).getSamlRequest() instanceof LogoutRequest) {
-			//preProcess single logout request from service provider
-			
-			msg = (MOARequest) inMsg;
-			
-			EntityDescriptor metadata = msg.getEntityMetadata(metadataProvider);
-			if(metadata == null) {
-				throw new NoMetadataInformationException();
-			}
-
-			String oaURL = metadata.getEntityID();
-			oaURL = StringEscapeUtils.escapeHtml(oaURL);
-			ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
-			
-			Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding());
-						
-			pendingReq.setSPEntityId(oaURL);
-			pendingReq.setOnlineApplicationConfiguration(oa);
-			pendingReq.setBinding(msg.getRequestBinding());
-			
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_SLO);
-			
-
-						
-		} else if (inMsg instanceof MOAResponse && 
-				((MOAResponse)inMsg).getResponse() instanceof LogoutResponse) {
-			//preProcess single logour response from service provider
-						
-			LogoutResponse resp = (LogoutResponse) (((MOAResponse)inMsg).getResponse());
-			
-			Logger.debug("PreProcess SLO Response from " + resp.getIssuer());
-			
-//			List<String> allowedPublicURLPrefix = authConfig.getIDPPublicURLPrefixes();
-//					AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
-			
-			boolean isAllowedDestination = false;			
-			try {
-				isAllowedDestination = MiscUtil.isNotEmpty(authConfig.validateIDPURL(new URL(resp.getDestination())));
-				
-			} catch (MalformedURLException e) {
-				Logger.info(resp.getDestination() + " is NOT valid. Reason: " + e.getMessage());
-				
-			}
-			
-//			for (String prefix : allowedPublicURLPrefix) {
-//				if (resp.getDestination().startsWith(
-//					prefix)) {
-//					isAllowedDestination = true;
-//					break;
-//				}
-//			}
-						
-			if (!isAllowedDestination) {
-				Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL");
-				throw new AssertionValidationExeption("PVP 2.1 single logout response destination does not match to IDP URL", null);
-				
-			}
-			
-			//TODO: check if relayState exists
-			inMsg.getRelayState();
-						
-						
-		} else 
-			throw new EAAFException("Unsupported request");
-		
-		
-		pendingReq.setRequest(inMsg);
-		pendingReq.setAction(SINGLELOGOUT);
-		
-		//Single LogOut Request needs no authentication 
-		pendingReq.setNeedAuthentication(false);
-		
-		//set protocol action, which should be executed
-		pendingReq.setAction(SingleLogOutAction.class.getName());
-	}
-	
-	/**
-	 * PreProcess AttributeQuery request 
-	 * @param request
-	 * @param response
-	 * @param pendingReq
-	 * @throws Throwable
-	 */
-	private void preProcessAttributQueryRequest(HttpServletRequest request,
-			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable {
-		MOARequest moaRequest = ((MOARequest)pendingReq.getRequest());
-		AttributeQuery attrQuery = (AttributeQuery) moaRequest.getSamlRequest();
-		moaRequest.setEntityID(attrQuery.getIssuer().getValue());
-		
-		//validate destination
-		String destinaten = attrQuery.getDestination();
-		if (!PVPConfiguration.getInstance().getIDPSSOSOAPService(HTTPUtils.extractAuthURLFromRequest(request)).equals(destinaten)) {
-			Logger.warn("AttributeQuery destination does not match IDP AttributeQueryService URL");
-			throw new AttributQueryException("AttributeQuery destination does not match IDP AttributeQueryService URL", null);
-			
-		}
-
-		//check if Issuer is an interfederation IDP		
-		IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(moaRequest.getEntityID(), IOAAuthParameters.class);
-		if (!oa.isInderfederationIDP()) {
-			Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs.");
-			throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null);
-			
-		}
-		
-		if (!oa.isOutboundSSOInterfederationAllowed()) {
-			Logger.warn("Interfederation IDP " + oa.getPublicURLPrefix() + " does not allow outgoing SSO interfederation.");
-			throw new AttributQueryException("Interfederation IDP does not allow outgoing SSO interfederation.", null);
-			
-		}
-					
-		//check active MOASession
-		String nameID = attrQuery.getSubject().getNameID().getValue();			
-		IAuthenticationSession session = authenticatedSessionStorage.getSessionWithUserNameID(nameID);
-		if (session == null) {
-			Logger.warn("AttributeQuery nameID does not match to an active single sign-on session.");
-			throw new AttributQueryException("auth.31", null);
-			
-		}
-		
-		//set preProcessed information into pending-request
-		pendingReq.setRequest(moaRequest);
-		pendingReq.setSPEntityId(moaRequest.getEntityID());
-		pendingReq.setOnlineApplicationConfiguration(oa);
-		pendingReq.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
-		
-		//Attribute-Query Request needs authentication, because session MUST be already authenticated 
-		pendingReq.setNeedAuthentication(false);
-				
-		//set protocol action, which should be executed after authentication
-		pendingReq.setAction(AttributQueryAction.class.getName());
-
-		//add moasession
-		pendingReq.setSSOSessionIdentifier(session.getSSOSessionID());
-				
-		//write revisionslog entry
-		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY);
-		
-		
-	}
-	
-	/**
-	 * PreProcess Authn request
-	 * @param request
-	 * @param response
-	 * @param pendingReq
-	 * @throws Throwable
-	 */
-	private void preProcessAuthRequest(HttpServletRequest request,
-			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable {
-
-		MOARequest moaRequest = ((MOARequest)pendingReq.getRequest());		
-		SignableXMLObject samlReq =  moaRequest.getSamlRequest();
-
-		if(!(samlReq instanceof AuthnRequest)) {
-			throw new MOAIDException("Unsupported request", new Object[] {});
-		}
-				
-		EntityDescriptor metadata = moaRequest.getEntityMetadata(metadataProvider);
-		if(metadata == null) {
-			throw new NoMetadataInformationException();
-		}
-		SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-		
-		AuthnRequest authnRequest = (AuthnRequest)samlReq;
-		
-		if (authnRequest.getIssueInstant() == null) {
-			Logger.warn("Unsupported request: No IssueInstant Attribute found.");
-			throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant Attribute found.", new Object[] {}, 
-					"Unsupported request: No IssueInstant Attribute found", pendingReq);
-			
-		}
-		
-		if (authnRequest.getIssueInstant().minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) {
-			Logger.warn("Unsupported request: No IssueInstant DateTime is not valid anymore.");
-			throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant DateTime is not valid anymore.", new Object[] {},
-					"Unsupported request: No IssueInstant DateTime is not valid anymore.", pendingReq);
-			
-		}
-			
-		//parse AssertionConsumerService
-		AssertionConsumerService consumerService = null;
-		if (MiscUtil.isNotEmpty(authnRequest.getAssertionConsumerServiceURL()) && 
-				MiscUtil.isNotEmpty(authnRequest.getProtocolBinding())) {
-			//use AssertionConsumerServiceURL from request
-
-			//check requested AssertionConsumingService URL against metadata
-			List<AssertionConsumerService> metadataAssertionServiceList = spSSODescriptor.getAssertionConsumerServices();
-			for (AssertionConsumerService service : metadataAssertionServiceList) {
-				if (authnRequest.getProtocolBinding().equals(service.getBinding())
-						&& authnRequest.getAssertionConsumerServiceURL().equals(service.getLocation())) {
-					consumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class);
-					consumerService.setBinding(authnRequest.getProtocolBinding());
-					consumerService.setLocation(authnRequest.getAssertionConsumerServiceURL());					
-					Logger.debug("Requested AssertionConsumerServiceURL is valid.");
-				}				
-			}
-			
-			if (consumerService == null) {				
-				throw new InvalidAssertionConsumerServiceException(authnRequest.getAssertionConsumerServiceURL());
-				
-			}
-
-
-		} else {
-			//use AssertionConsumerServiceIndex and select consumerService from metadata
-			Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
-			int assertionidx = 0;
-		
-			if(aIdx != null) {
-				assertionidx = aIdx.intValue();
-			
-			} else {				
-				assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor);
-				
-			}		
-			consumerService  = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
-			
-			if (consumerService == null) {			
-				throw new InvalidAssertionConsumerServiceException(aIdx);
-				
-			}			
-		}
-		
-		
-		//select AttributeConsumingService from request
-		AttributeConsumingService attributeConsumer = null;		
-		Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
-		int attributeIdx = 0;
-	
-		if(aIdx != null) {
-			attributeIdx = aIdx.intValue();
-		}
-		
-		if (spSSODescriptor.getAttributeConsumingServices() != null  && 
-				spSSODescriptor.getAttributeConsumingServices().size() > 0) {
-			attributeConsumer  = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
-		} 
-		
-		//validate AuthnRequest
-		AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq;
-		AuthnRequestValidator.validate(authReq);
-		
-//		String useMandate = request.getParameter(PARAM_USEMANDATE);
-//		if(useMandate != null) {
-//			if(useMandate.equals("true") && attributeConsumer != null) {
-//				if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
-//					throw new MandateAttributesNotHandleAbleException();
-//				}
-//			}
-//		}
-						
-		String oaURL = moaRequest.getEntityMetadata(metadataProvider).getEntityID();
-		oaURL = StringEscapeUtils.escapeHtml(oaURL);
-		ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
-		
-		Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());		
-
-		pendingReq.setSPEntityId(oaURL);
-		pendingReq.setOnlineApplicationConfiguration(oa);
-		pendingReq.setBinding(consumerService.getBinding());
-		pendingReq.setRequest(moaRequest);
-		pendingReq.setConsumerURL(consumerService.getLocation());
-		
-		//parse AuthRequest
-		pendingReq.setPassiv(authReq.isPassive());
-		pendingReq.setForce(authReq.isForceAuthn());
-		
-		//AuthnRequest needs authentication
-		pendingReq.setNeedAuthentication(true);
-
-		//set protocol action, which should be executed after authentication
-		pendingReq.setAction(AuthenticationAction.class.getName());
-		
-		//write revisionslog entry
-		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST);
-		
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index 67e7a47f3..cdd0b659e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -22,25 +22,9 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x;
 
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import org.opensaml.xml.encryption.EncryptionConstants;
-import org.opensaml.xml.signature.SignatureConstants;
-
-import at.gv.egiz.eaaf.core.api.data.PVPAttributeConstants;
-import at.gv.egovernment.moa.id.data.Trible;
-
-public interface PVPConstants extends PVPAttributeConstants {
+public interface PVPConstants extends at.gv.egiz.eaaf.modules.pvp2.PVPConstants {
 	
 	public static final String SSLSOCKETFACTORYNAME = "MOAMetaDataProvider";
-		
-	public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
-	public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256;
-	public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
-	public static final String DEFAULT_ASYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP;
-	
 	
 	public static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/citizenQAALevel/";
 	public static final String STORK_QAA_1_1 = "http://www.stork.gov.eu/1.0/citizenQAALevel/1";
@@ -52,84 +36,5 @@ public interface PVPConstants extends PVPAttributeConstants {
 	public static final String EIDAS_QAA_LOW = EIDAS_QAA_PREFIX + "low";
 	public static final String EIDAS_QAA_SUBSTANTIAL = EIDAS_QAA_PREFIX + "substantial";
 	public static final String EIDAS_QAA_HIGH = EIDAS_QAA_PREFIX + "high";
-	
-	public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/";
-	
-	
-	
-	
-	public static final String ENTITY_CATEGORY_ATTRIBITE = "http://macedir.org/entity-category";
-	public static final String EGOVTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/egovtoken";
-	public static final String CITIZENTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/citizentoken";
-	
-	/** 
-	 * 
-	 * Get required PVP attributes for egovtoken
-	 * First : PVP attribute name (OID) 
-	 * Second: FriendlyName
-	 * Third: Required
-	 * 
-	 */
-	public static final List<Trible<String, String, Boolean>> EGOVTOKEN_PVP_ATTRIBUTES = 
-			Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
-				private static final long serialVersionUID = 1L;
-				{	
-					//currently supported attributes
-					add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
-					add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
-					
-					//currently not supported attributes
-					add(Trible.newInstance(USERID_NAME, USERID_FRIENDLY_NAME, false));
-					add(Trible.newInstance(GID_NAME, GID_FRIENDLY_NAME, false));
-					add(Trible.newInstance(PARTICIPANT_ID_NAME, PARTICIPANT_ID_FRIENDLY_NAME, false));
-					add(Trible.newInstance(OU_GV_OU_ID_NAME, OU_GV_OU_ID_FRIENDLY_NAME, false));
-					add(Trible.newInstance(OU_NAME, OU_FRIENDLY_NAME, false));
-					add(Trible.newInstance(SECCLASS_NAME, SECCLASS_FRIENDLY_NAME, false));
-					
-					
-				}
-			});
-	
-	/** 
-	 * 
-	 * Get required PVP attributes for citizenToken
-	 * First : PVP attribute name (OID) 
-	 * Second: FriendlyName
-	 * Third: Required
-	 * 
-	 */
-	public static final List<Trible<String, String, Boolean>> CITIZENTOKEN_PVP_ATTRIBUTES = 
-			Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
-				private static final long serialVersionUID = 1L;
-				{	
-					//required attributes - eIDAS minimal-data set
-					add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
-					add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
-					add(Trible.newInstance(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true));
-					add(Trible.newInstance(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, true));
-					add(Trible.newInstance(BPK_NAME, BPK_FRIENDLY_NAME, true));
-					
-					
-					//not required attributes
-					add(Trible.newInstance(EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, false));
-					add(Trible.newInstance(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, false));
-					add(Trible.newInstance(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_TYPE_OID_NAME, MANDATE_TYPE_OID_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_NAME, MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_NAT_PER_BPK_NAME, MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_NAT_PER_GIVEN_NAME_NAME, MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_NAT_PER_FAMILY_NAME_NAME, MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_NAT_PER_BIRTHDATE_NAME, MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_LEG_PER_FULL_NAME_NAME, MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_PROF_REP_OID_NAME, MANDATE_PROF_REP_OID_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_PROF_REP_DESC_NAME, MANDATE_PROF_REP_DESC_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_REFERENCE_VALUE_NAME, MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false));
-					
-					
-										
-				}
-			});
-	
+		
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
deleted file mode 100644
index 279d88860..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ /dev/null
@@ -1,133 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x;
-
-import org.springframework.beans.factory.config.BeanDefinition;
-import org.springframework.context.annotation.Scope;
-import org.springframework.stereotype.Component;
-
-import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-
-@Component("PVPTargetConfiguration")
-@Scope(value = BeanDefinition.SCOPE_PROTOTYPE)
-public class PVPTargetConfiguration extends RequestImpl {
-
-	
-	public static final String DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP = "useMinimalFrontChannelResponse";
-	public static final String DATAID_INTERFEDERATION_NAMEID = "federatedNameID";
-	public static final String DATAID_INTERFEDERATION_QAALEVEL = "federatedQAALevel";	
-	
-	public static final String DATAID_INTERFEDERATION_REQUESTID = "authnReqID";
-	
-	private static final long serialVersionUID = 4889919265919638188L;
-	
-	
-	
-	InboundMessage request;
-	String binding;
-	String consumerURL;
-		
-	public InboundMessage getRequest() {
-		return request;
-	}
-
-	public void setRequest(InboundMessage request) {
-		this.request = request;
-	}
-
-	public String getBinding() {
-		return binding;
-	}
-
-	public void setBinding(String binding) {
-		this.binding = binding;
-	}
-
-	public String getConsumerURL() {
-		return consumerURL;
-	}
-
-	public void setConsumerURL(String consumerURL) {
-		this.consumerURL = consumerURL;
-		
-	}
-
-//	/* (non-Javadoc)
-//	 * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
-//	 */
-//	@Override
-//	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
-//
-//		Map<String, String> reqAttr = new HashMap<String, String>();
-//		for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
-//			reqAttr.put(el, "");
-//						
-//		try {			
-//			SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata(metadataProvider).getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-//			if (spSSODescriptor.getAttributeConsumingServices() != null && 
-//					spSSODescriptor.getAttributeConsumingServices().size() > 0) {
-//							
-//				Integer aIdx = null;
-//				if (getRequest() instanceof MOARequest && 
-//						((MOARequest)getRequest()).getSamlRequest() instanceof AuthnRequestImpl) {					
-//					AuthnRequestImpl authnRequest = (AuthnRequestImpl)((MOARequest)getRequest()).getSamlRequest();					
-//					aIdx = authnRequest.getAttributeConsumingServiceIndex();
-//					
-//				} else {
-//					Logger.error("MOARequest is NOT of type AuthnRequest");
-//				}
-//				
-//				int idx = 0;
-//
-//				AttributeConsumingService attributeConsumingService = null;
-//				
-//				if (aIdx != null) {
-//					idx = aIdx.intValue();
-//					attributeConsumingService = spSSODescriptor
-//							.getAttributeConsumingServices().get(idx);
-//					
-//				} else {
-//					List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
-//					for (AttributeConsumingService el : attrConsumingServiceList) {
-//						if (el.isDefault())
-//							attributeConsumingService = el;
-//					}				
-//				}
-//				
-//				for ( RequestedAttribute attr : attributeConsumingService.getRequestAttributes())
-//					reqAttr.put(attr.getName(), "");
-//			}
-//			
-//			//return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
-//			return reqAttr.keySet();
-//			
-//		} catch (NoMetadataInformationException e) {
-//			Logger.warn("NO metadata found for Entity " + getRequest().getEntityID());
-//			return null;
-//					
-//		}
-//		
-//	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index 6b945d692..ab88a765e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -44,7 +44,11 @@ import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.SLOException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
@@ -55,9 +59,6 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -86,12 +87,12 @@ public class SingleLogOutAction implements IAction {
 			HttpServletRequest httpReq, HttpServletResponse httpResp,
 			IAuthData authData) throws EAAFException {
 
-		PVPTargetConfiguration pvpReq = (PVPTargetConfiguration) req;  
+		PVPSProfilePendingRequest pvpReq = (PVPSProfilePendingRequest) req;  
 
-		if (pvpReq.getRequest() instanceof MOARequest &&
-				((MOARequest)pvpReq.getRequest()).getSamlRequest() instanceof LogoutRequest) {
+		if (pvpReq.getRequest() instanceof PVPSProfileRequest &&
+				((PVPSProfileRequest)pvpReq.getRequest()).getSamlRequest() instanceof LogoutRequest) {
 			Logger.debug("Process Single LogOut request");
-			MOARequest samlReq = (MOARequest) pvpReq.getRequest();
+			PVPSProfileRequest samlReq = (PVPSProfileRequest) pvpReq.getRequest();
 			LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
 
 			String ssoSessionId = 
@@ -141,10 +142,10 @@ public class SingleLogOutAction implements IAction {
 			Logger.debug("Starting technical SLO process ... ");
 			sloBuilder.toTechnicalLogout(sloInformationContainer, httpReq, httpResp, null);
 													
-		} else if (pvpReq.getRequest() instanceof MOAResponse &&
-				((MOAResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) {
+		} else if (pvpReq.getRequest() instanceof PVPSProfileResponse &&
+				((PVPSProfileResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) {
 			Logger.debug("Process Single LogOut response");
-			LogoutResponse logOutResp = (LogoutResponse) ((MOAResponse)pvpReq.getRequest()).getResponse();
+			LogoutResponse logOutResp = (LogoutResponse) ((PVPSProfileResponse)pvpReq.getRequest()).getResponse();
 
 			//Transaction tx = null;
 
@@ -236,11 +237,11 @@ public class SingleLogOutAction implements IAction {
 								storageSuccess = true;
 								String redirectURL = null;
 								IRequest sloReq = sloContainer.getSloRequest();
-								if (sloReq != null && sloReq instanceof PVPTargetConfiguration) {
+								if (sloReq != null && sloReq instanceof PVPSProfilePendingRequest) {
 									//send SLO response to SLO request issuer									
-									SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPTargetConfiguration)sloReq);
-									LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPTargetConfiguration)sloReq, sloContainer.getSloFailedOAs());
-									redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, ((PVPTargetConfiguration)sloReq).getRequest().getRelayState());
+									SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPSProfilePendingRequest)sloReq);
+									LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPSProfilePendingRequest)sloReq, sloContainer.getSloFailedOAs());
+									redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, ((PVPSProfilePendingRequest)sloReq).getRequest().getRelayState());
 
 								} else {
 									//print SLO information directly
@@ -324,7 +325,7 @@ public class SingleLogOutAction implements IAction {
 	 */
 	@Override
 	public String getDefaultActionName() {
-		return PVP2XProtocol.SINGLELOGOUT;
+		return PVPConstants.SINGLELOGOUT;
 	}
 
 	protected static String addURLParameter(String url, String paramname,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
deleted file mode 100644
index 71c5a46a4..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.common.binding.decoding.URIComparator;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
-import org.opensaml.xml.security.SecurityException;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
-
-public interface IDecoder {
-	public InboundMessageInterface decode(HttpServletRequest req, 
-			HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator)
-					throws MessageDecodingException, SecurityException, PVP2Exception;
-		
-	public boolean handleDecode(String action, HttpServletRequest req);
-	
-	public String getSAML2BindingName();
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
deleted file mode 100644
index 409f995fc..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-
-public interface IEncoder {
-	
-	/**
-	 * 
-	 * @param req The http request
-	 * @param resp The http response
-	 * @param request The SAML2 request object
-	 * @param targetLocation URL, where the request should be transmit
-	 * @param relayState token for session handling
-	 * @param credentials Credential to sign the request object
-	 * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null
-	 * @throws MessageEncodingException
-	 * @throws SecurityException
-	 * @throws PVP2Exception
-	 */
-	public void encodeRequest(HttpServletRequest req, 
-			HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) 
-					throws MessageEncodingException, SecurityException, PVP2Exception;
-	
-	/**
-	 * Encoder SAML Response
-	 * @param req The http request
-	 * @param resp The http response
-	 * @param response The SAML2 repsonse object
-	 * @param targetLocation URL, where the request should be transmit
-	 * @param relayState token for session handling
-	 * @param credentials Credential to sign the response object
-	 * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null
-	 * @throws MessageEncodingException
-	 * @throws SecurityException
-	 */
-	public void encodeRespone(HttpServletRequest req, 
-			HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) 
-					throws MessageEncodingException, SecurityException, PVP2Exception;
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
deleted file mode 100644
index 7bb64a106..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import org.opensaml.common.binding.decoding.URIComparator;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-public class MOAURICompare implements URIComparator {
-
-	/**
-	 * @param idpssoPostService
-	 */
-	
-	private String serviceURL = "";
-	
-	public MOAURICompare(String serviceURL) {
-		this.serviceURL = serviceURL;
-	}
-
-	public boolean compare(String uri1, String uri2) {				
-		if (this.serviceURL.equals(uri1))		
-			return true;
-		
-		else {
-			Logger.warn("PVP request destination-endpoint: " + uri1 
-					+ " does not match to IDP endpoint:" + serviceURL);
-			return false;
-			
-		}
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
deleted file mode 100644
index 998249028..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ /dev/null
@@ -1,240 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.common.binding.decoding.URIComparator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.security.SecurityPolicyResolver;
-import org.opensaml.ws.security.provider.BasicSecurityPolicy;
-import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver;
-import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.parse.BasicParserPool;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl;
-import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.opemsaml.MOAIDHTTPPostEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.validation.MOAPVPSignedRequestPolicyRule;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-@Service("PVPPOSTBinding")
-public class PostBinding implements IDecoder, IEncoder {
-	
-	@Autowired(required=true) AuthConfiguration authConfig;
-	@Autowired(required=true) GUIFormBuilderImpl guiBuilder;
-		
-	public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
-			RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)	
-			throws MessageEncodingException, SecurityException {
-	
-		try {
-//			X509Credential credentials = credentialProvider
-//					.getIDPAssertionSigningCredential();
-		
-			//load default PVP security configurations
-			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-			
-			//initialize POST binding encoder with template decoration
-			IGUIBuilderConfiguration guiConfig = 
-					new SPSpecificGUIBuilderConfigurationWithFileSystemLoad(
-							pendingReq, 
-							"pvp_postbinding_template.html", 
-							MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, 
-							null, 
-							authConfig.getRootConfigFileDir());								
-			MOAIDHTTPPostEncoder encoder = new MOAIDHTTPPostEncoder(guiConfig, guiBuilder,
-					VelocityProvider.getClassPathVelocityEngine());	
-			
-			//set OpenSAML2 process parameter into binding context dao
-			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
-					resp, true);
-			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-			SingleSignOnService service = new SingleSignOnServiceBuilder().buildObject();
-			service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
-			service.setLocation(targetLocation);;
-		
-			context.setOutboundSAMLMessageSigningCredential(credentials);
-			context.setPeerEntityEndpoint(service);
-			context.setOutboundSAMLMessage(request);
-			context.setOutboundMessageTransport(responseAdapter);
-			context.setRelayState(relayState);
-
-			encoder.encode(context);
-			
-//		} catch (CredentialsNotAvailableException e) {
-//			e.printStackTrace();
-//			throw new SecurityException(e);
-		} catch (Exception e) {
-			e.printStackTrace();
-			throw new SecurityException(e);
-		}
-	}
-
-	public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
-			StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
-			throws MessageEncodingException, SecurityException {
-
-		try {
-			//load default PVP security configurations
-			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-			
-			Logger.debug("create SAML POSTBinding response");
-			
-			//initialize POST binding encoder with template decoration
-			IGUIBuilderConfiguration guiConfig = 
-					new SPSpecificGUIBuilderConfigurationWithFileSystemLoad(
-							pendingReq, 
-							"pvp_postbinding_template.html", 
-							MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, 
-							null, 
-							authConfig.getRootConfigFileDir());								
-			MOAIDHTTPPostEncoder encoder = new MOAIDHTTPPostEncoder(guiConfig, guiBuilder,
-					VelocityProvider.getClassPathVelocityEngine());	
-			
-			//set OpenSAML2 process parameter into binding context dao			
-			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
-					resp, true);
-			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-			SingleSignOnService service = new SingleSignOnServiceBuilder()
-					.buildObject();
-			service.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
-			service.setLocation(targetLocation);
-			context.setOutboundSAMLMessageSigningCredential(credentials);			
-			context.setPeerEntityEndpoint(service);
-			// context.setOutboundMessage(authReq);
-			context.setOutboundSAMLMessage(response);
-			context.setOutboundMessageTransport(responseAdapter);
-			context.setRelayState(relayState);
-
-			encoder.encode(context);
-//		} catch (CredentialsNotAvailableException e) {
-//			e.printStackTrace();
-//			throw new SecurityException(e);
-		} catch (Exception e) {
-			e.printStackTrace();
-			throw new SecurityException(e);
-		}
-	}
-
-	public InboundMessageInterface decode(HttpServletRequest req,
-			HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
-			SecurityException {
-
-		HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
-		BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-		messageContext
-				.setInboundMessageTransport(new HttpServletRequestAdapter(req));
-		//set metadata descriptor type
-		if (isSPEndPoint) {
-			messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-			decode.setURIComparator(comparator);
-			
-		} else {
-			messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-			decode.setURIComparator(comparator);
-		}
-							
-		messageContext.setMetadataProvider(metadataProvider);
-		
-		//set security policy context
-		BasicSecurityPolicy policy = new BasicSecurityPolicy();
-		policy.getPolicyRules().add(
-				new MOAPVPSignedRequestPolicyRule(metadataProvider,
-						TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider),
-						messageContext.getPeerEntityRole()));		
-		SecurityPolicyResolver secResolver = new StaticSecurityPolicyResolver(policy);
-		messageContext.setSecurityPolicyResolver(secResolver);
-		
-		decode.decode(messageContext);
-		
-		InboundMessage msg = null;		
-		if (messageContext.getInboundMessage() instanceof RequestAbstractType) {			
-			RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
-					.getInboundMessage();			
-			msg = new MOARequest(inboundMessage, getSAML2BindingName());
-			msg.setEntityID(inboundMessage.getIssuer().getValue());
-			
-		} else if (messageContext.getInboundMessage() instanceof StatusResponseType){
-			StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage();
-			msg = new MOAResponse(inboundMessage);
-			msg.setEntityID(inboundMessage.getIssuer().getValue());
-			
-		} else
-			//create empty container if request type is unknown
-			msg = new InboundMessage();
-				
-		if (messageContext.getPeerEntityMetadata() != null)
-			msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
-		
-		else {
-			if (MiscUtil.isEmpty(msg.getEntityID()))
-				Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
-		}
-				
-
-		msg.setVerified(true);
-		msg.setRelayState(messageContext.getRelayState());
-		
-		return msg;
-	}
-
-	public boolean handleDecode(String action, HttpServletRequest req) {
-		return (req.getMethod().equals("POST") && action.equals(PVP2XProtocol.POST));
-	}
-	
-	public String getSAML2BindingName() {
-		return SAMLConstants.SAML2_POST_BINDING_URI;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
deleted file mode 100644
index caebd456b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ /dev/null
@@ -1,244 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.common.binding.decoding.URIComparator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder;
-import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
-import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.security.SecurityPolicyResolver;
-import org.opensaml.ws.security.provider.BasicSecurityPolicy;
-import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver;
-import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.parse.BasicParserPool;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.validation.MOASAML2AuthRequestSignedRole;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-@Service("PVPRedirectBinding")
-public class RedirectBinding implements IDecoder, IEncoder {
-	
-	public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
-			RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
-			throws MessageEncodingException, SecurityException {
-		
-//		try {
-//			X509Credential credentials = credentialProvider
-//					.getIDPAssertionSigningCredential();
-
-			//load default PVP security configurations
-			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-			
-			Logger.debug("create SAML RedirectBinding response");
-			
-			HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
-			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
-					resp, true);
-			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-			SingleSignOnService service = new SingleSignOnServiceBuilder()
-					.buildObject();
-			service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			service.setLocation(targetLocation);
-			context.setOutboundSAMLMessageSigningCredential(credentials);
-			context.setPeerEntityEndpoint(service);
-			context.setOutboundSAMLMessage(request);
-			context.setOutboundMessageTransport(responseAdapter);
-			context.setRelayState(relayState);
-
-			encoder.encode(context);
-//		} catch (CredentialsNotAvailableException e) {
-//			e.printStackTrace();
-//			throw new SecurityException(e);
-//		}
-	}
-
-	public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
-			StatusResponseType response, String targetLocation, String relayState, 
-			Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException {
-//		try {
-//			X509Credential credentials = credentialProvider
-//					.getIDPAssertionSigningCredential();
-
-			//load default PVP security configurations
-			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-			
-			Logger.debug("create SAML RedirectBinding response");
-			
-			HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
-			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
-					resp, true);
-			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-			SingleSignOnService service = new SingleSignOnServiceBuilder()
-					.buildObject();
-			service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			service.setLocation(targetLocation);
-			context.setOutboundSAMLMessageSigningCredential(credentials);
-			context.setPeerEntityEndpoint(service);
-			context.setOutboundSAMLMessage(response);
-			context.setOutboundMessageTransport(responseAdapter);
-			context.setRelayState(relayState);
-			
-			encoder.encode(context);
-//		} catch (CredentialsNotAvailableException e) {
-//			e.printStackTrace();
-//			throw new SecurityException(e);
-//		}
-	}
-
-	public InboundMessageInterface decode(HttpServletRequest req,
-			HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
-			SecurityException {
-
-		HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
-				new BasicParserPool());
-		
-		BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-		messageContext
-				.setInboundMessageTransport(new HttpServletRequestAdapter(req));
-		
-		//set metadata descriptor type
-		if (isSPEndPoint) {
-			messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-			decode.setURIComparator(comparator);
-			
-		} else {
-			messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-			decode.setURIComparator(comparator);
-		}
-							
-		messageContext.setMetadataProvider(metadataProvider);
-				
-		SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
-				TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
-		MOASAML2AuthRequestSignedRole signedRole = new MOASAML2AuthRequestSignedRole();
-		BasicSecurityPolicy policy = new BasicSecurityPolicy();
-		policy.getPolicyRules().add(signedRole);
-		policy.getPolicyRules().add(signatureRule);		
-		SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
-				policy);		
-		messageContext.setSecurityPolicyResolver(resolver);
-		
-		//set metadata descriptor type
-		if (isSPEndPoint)
-			messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-		else
-			messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-		
-		try {		
-			decode.decode(messageContext);		
-
-			//check signature
-			signatureRule.evaluate(messageContext);
-			
-		} catch (SecurityException e) {
-			if (MiscUtil.isEmpty(messageContext.getInboundMessageIssuer())) {
-				throw e;
-			
-			}
-			
-			if (metadataProvider instanceof IMOARefreshableMetadataProvider) {
-				Logger.debug("PVP2X message validation FAILED. Reload metadata for entityID: " + messageContext.getInboundMessageIssuer());
-				if (!((IMOARefreshableMetadataProvider) metadataProvider).refreshMetadataProvider(messageContext.getInboundMessageIssuer()))
-					throw e;
-				
-				else {
-					Logger.trace("PVP2X metadata reload finished. Check validate message again.");
-					decode.decode(messageContext);		
-
-					//check signature
-					signatureRule.evaluate(messageContext);					
-										
-				}
-				Logger.trace("Second PVP2X message validation finished");
-				
-			} else {
-				throw e;
-				
-			}
-		}		
-					
-		InboundMessage msg = null;
-		if (messageContext.getInboundMessage() instanceof RequestAbstractType) {			
-			RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
-					.getInboundMessage();			
-			msg = new MOARequest(inboundMessage, getSAML2BindingName());
-			
-			
-		} else if (messageContext.getInboundMessage() instanceof StatusResponseType){
-			StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage();			
-			msg = new MOAResponse(inboundMessage);
-			
-		} else 
-			//create empty container if request type is unknown
-			msg = new InboundMessage();
-
-		if (messageContext.getPeerEntityMetadata() != null)
-			msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
-		
-		else
-			Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
-		
-		msg.setVerified(true);
-		msg.setRelayState(messageContext.getRelayState());
-		
-		return msg;
-	}
-
-	public boolean handleDecode(String action, HttpServletRequest req) {
-		return ((action.equals(PVP2XProtocol.REDIRECT) || action.equals(PVP2XProtocol.SINGLELOGOUT)) 
-				&& req.getMethod().equals("GET"));
-	}
-	
-	public String getSAML2BindingName() {
-		return SAMLConstants.SAML2_REDIRECT_BINDING_URI;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
deleted file mode 100644
index 2b4374a64..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ /dev/null
@@ -1,176 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.common.binding.decoding.URIComparator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.soap.soap11.Envelope;
-import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder;
-import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.parse.BasicParserPool;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.signature.SignableXMLObject;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-@Service("PVPSOAPBinding")
-public class SoapBinding implements IDecoder, IEncoder {
-
-	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
-	@Autowired private IDPCredentialProvider credentialProvider;
-	
-	public InboundMessageInterface decode(HttpServletRequest req,
-			HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
-			SecurityException, PVP2Exception {
-		HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool());
-		BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = 
-				new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-		messageContext
-				.setInboundMessageTransport(new HttpServletRequestAdapter(
-						req));		
-		messageContext.setMetadataProvider(metadataProvider);
-
-		//TODO: update in a futher version: 
-		//      requires a special SignedSOAPRequestPolicyRole because 
-		//		messageContext.getInboundMessage() is not directly signed
-		
-		//set security context
-//		BasicSecurityPolicy policy = new BasicSecurityPolicy();
-//		policy.getPolicyRules().add(
-//				new MOAPVPSignedRequestPolicyRule(
-//						TrustEngineFactory.getSignatureKnownKeysTrustEngine(),
-//						SPSSODescriptor.DEFAULT_ELEMENT_NAME));		
-//		SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
-//				policy);			
-//		messageContext.setSecurityPolicyResolver(resolver);
-		
-		//decode message
-		soapDecoder.decode(messageContext);
-		
-		Envelope inboundMessage = (Envelope) messageContext
-				.getInboundMessage();
-		
-		if (inboundMessage.getBody() != null) {		
-			List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects();
-		
-			if (!xmlElemList.isEmpty()) {
-				SignableXMLObject attrReq = (SignableXMLObject) xmlElemList.get(0);			
-				MOARequest request = new MOARequest(attrReq, getSAML2BindingName());				
-				
-				if (messageContext.getPeerEntityMetadata() != null)
-					request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
-				
-				else if (attrReq instanceof RequestAbstractType) {
-					RequestAbstractType attributeRequest = (RequestAbstractType) attrReq;
-					try {						
-						if (MiscUtil.isNotEmpty(attributeRequest.getIssuer().getValue()) && 
-								metadataProvider.getRole(
-										attributeRequest.getIssuer().getValue(), 
-										SPSSODescriptor.DEFAULT_ELEMENT_NAME) != null)
-							request.setEntityID(attributeRequest.getIssuer().getValue());
-						
-					} catch (Exception e) {
-						Logger.warn("No Metadata found with EntityID " + attributeRequest.getIssuer().getValue());
-					}					
-				} 
-				
-				request.setVerified(false);			
-				return request;
-						
-			} 
-		}
-		
-		Logger.error("Receive empty PVP 2.1 attributequery request.");
-		throw new AttributQueryException("Receive empty PVP 2.1 attributequery request.", null);
-	}
-
-	public boolean handleDecode(String action, HttpServletRequest req) {
-		return (req.getMethod().equals("POST") && 
-				(action.equals(PVP2XProtocol.SOAP) || action.equals(PVP2XProtocol.ATTRIBUTEQUERY)));
-	}
-
-	public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
-			RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
-			throws MessageEncodingException, SecurityException, PVP2Exception {
-		
-	}
-
-	public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
-			StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
-			throws MessageEncodingException, SecurityException, PVP2Exception {
-//		try {
-//			Credential credentials = credentialProvider
-//					.getIDPAssertionSigningCredential();
-			
-			//load default PVP security configurations
-			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-			
-			HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
-			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
-					resp, true);
-			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-			context.setOutboundSAMLMessageSigningCredential(credentials);
-			context.setOutboundSAMLMessage(response);
-			context.setOutboundMessageTransport(responseAdapter);
-			
-			encoder.encode(context);
-//		} catch (CredentialsNotAvailableException e) {
-//			e.printStackTrace();
-//			throw new SecurityException(e);
-//		}
-	}
-	
-	public String getSAML2BindingName() {
-		return SAMLConstants.SAML2_SOAP11_BINDING_URI;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
index f3af12a2c..b5f77ce1a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
@@ -49,14 +49,15 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.Document;
 
+import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.SamlAttributeGenerator;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -104,7 +105,7 @@ public class AttributQueryBuilder {
 			String endpoint, List<Attribute> requestedAttributes) throws AttributQueryException {
 		
 		
-		try {
+		try { 
 		
 			AttributeQuery query = new AttributeQueryBuilder().buildObject();
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
deleted file mode 100644
index 78ddab488..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.joda.time.DateTime;
-import org.opensaml.Configuration;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.EncryptedAssertion;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.encryption.Encrypter;
-import org.opensaml.saml2.encryption.Encrypter.KeyPlacement;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.security.MetadataCredentialResolver;
-import org.opensaml.security.MetadataCriteria;
-import org.opensaml.xml.encryption.EncryptionException;
-import org.opensaml.xml.encryption.EncryptionParameters;
-import org.opensaml.xml.encryption.KeyEncryptionParameters;
-import org.opensaml.xml.security.CriteriaSet;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.criteria.EntityIDCriteria;
-import org.opensaml.xml.security.criteria.UsageCriteria;
-import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
-import org.opensaml.xml.security.x509.X509Credential;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class AuthResponseBuilder {
-
-	public static Response buildResponse(MetadataProvider metadataProvider, String issuerEntityID, RequestAbstractType req, DateTime date, Assertion assertion, boolean enableEncryption) throws InvalidAssertionEncryptionException, ConfigurationException {
-		Response authResponse = SAML2Utils.createSAMLObject(Response.class);
-
-		Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
-		
-		nissuer.setValue(issuerEntityID);
-		nissuer.setFormat(NameID.ENTITY);
-		authResponse.setIssuer(nissuer);
-		authResponse.setInResponseTo(req.getID());
-
-		//set responseID
-		String remoteSessionID = SAML2Utils.getSecureIdentifier();
-		authResponse.setID(remoteSessionID);
-		
-		
-		//SAML2 response required IssueInstant
-		authResponse.setIssueInstant(date);
-		
-		authResponse.setStatus(SAML2Utils.getSuccessStatus());
-				
-		//check, if metadata includes an encryption key				
-		MetadataCredentialResolver mdCredResolver = 
-				new MetadataCredentialResolver(metadataProvider);
-	
-		CriteriaSet criteriaSet = new CriteriaSet();
-		criteriaSet.add( new EntityIDCriteria(req.getIssuer().getValue()) );
-		criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
-		criteriaSet.add( new UsageCriteria(UsageType.ENCRYPTION) );
-	
-		X509Credential encryptionCredentials = null;
-		try {
-			encryptionCredentials = (X509Credential) mdCredResolver.resolveSingle(criteriaSet);
-				
-		} catch (SecurityException e2) {
-			Logger.warn("Can not extract the Assertion Encryption-Key from metadata", e2);
-			throw new InvalidAssertionEncryptionException();
-			
-		}
-			
-		if (encryptionCredentials != null && enableEncryption) {
-			//encrypt SAML2 assertion
-				
-			try {
-				
-				EncryptionParameters dataEncParams = new EncryptionParameters();
-				dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE);
-								
-				List<KeyEncryptionParameters> keyEncParamList = new ArrayList<KeyEncryptionParameters>();
-				KeyEncryptionParameters  keyEncParam = new KeyEncryptionParameters();
-			
-				keyEncParam.setEncryptionCredential(encryptionCredentials);
-				keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE);
-				KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration()
-						.getKeyInfoGeneratorManager().getDefaultManager()
-						.getFactory(encryptionCredentials);
-				keyEncParam.setKeyInfoGenerator(kigf.newInstance());
-				keyEncParamList.add(keyEncParam);
-											
-				Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList); 
-				//samlEncrypter.setKeyPlacement(KeyPlacement.INLINE);
-				samlEncrypter.setKeyPlacement(KeyPlacement.PEER);
-				
-				EncryptedAssertion encryptAssertion = null;
-				
-				encryptAssertion = samlEncrypter.encrypt(assertion);
-				
-				authResponse.getEncryptedAssertions().add(encryptAssertion);
-				
-			} catch (EncryptionException e1) {
-				Logger.warn("Can not encrypt the PVP2 assertion", e1);
-				throw new InvalidAssertionEncryptionException();
-					
-			} 
-
-		} else {
-			authResponse.getAssertions().add(assertion);
-				
-		}
-		
-		return authResponse;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
deleted file mode 100644
index d2a63c72f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
+++ /dev/null
@@ -1,171 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeValue;
-import org.opensaml.xml.Configuration;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.schema.XSInteger;
-import org.opensaml.xml.schema.XSString;
-import org.opensaml.xml.schema.impl.XSIntegerBuilder;
-import org.opensaml.xml.schema.impl.XSStringBuilder;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-
-public class CitizenTokenBuilder {
-
-	public static XMLObject buildAttributeStringValue(String value) {
-		XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
-		XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
-		stringValue.setValue(value);
-		return stringValue;
-	}
-	
-	public static XMLObject buildAttributeIntegerValue(int value) {
-		XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME);
-		XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
-		integerValue.setValue(value);
-		return integerValue;
-	}
-	
-	public static Attribute buildStringAttribute(String friendlyName, 
-			String name, String value) {
-		Attribute attribute = 
-				SAML2Utils.createSAMLObject(Attribute.class);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setName(name);
-		attribute.getAttributeValues().add(buildAttributeStringValue(value));
-		return attribute;
-	}
-	
-	public static Attribute buildIntegerAttribute(String friendlyName, 
-			String name, int value) {
-		Attribute attribute = 
-				SAML2Utils.createSAMLObject(Attribute.class);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setName(name);
-		attribute.getAttributeValues().add(buildAttributeIntegerValue(value));
-		return attribute;
-	}
-	
-	public static Attribute buildPVPVersion(String value) {
-		return buildStringAttribute("PVP-VERSION",
-				"urn:oid:1.2.40.0.10.2.1.1.261.10", value);
-	}
-	
-	public static Attribute buildSecClass(int value) {
-		return buildIntegerAttribute("SECCLASS",
-				"", value);
-	}
-	
-	public static Attribute buildPrincipalName(String value) {
-		return buildStringAttribute("PRINCIPAL-NAME",
-				"urn:oid:1.2.40.0.10.2.1.1.261.20", value);
-	}
-	
-	public static Attribute buildGivenName(String value) {
-		return buildStringAttribute("GIVEN-NAME",
-				"urn:oid:2.5.4.42", value);
-	}
-	
-	public static Attribute buildBirthday(String value) {
-		return buildStringAttribute("BIRTHDATE",
-				"urn:oid:1.2.40.0.10.2.1.1.55", value);
-	}
-	
-	public static Attribute buildBPK(String value) {
-		return buildStringAttribute("BPK",
-				"urn:oid:1.2.40.0.10.2.1.1.149", value);
-	}
-	
-	public static Attribute buildEID_CITIZEN_QAALEVEL(int value) {
-		return buildIntegerAttribute("EID-CITIZEN-QAA-LEVEL",
-				"urn:oid:1.2.40.0.10.2.1.1.261.94", value);
-	}
-	
-	public static Attribute buildEID_ISSUING_NATION(String value) {
-		return buildStringAttribute("EID-ISSUING-NATION",
-				"urn:oid:1.2.40.0.10.2.1.1.261.32", value);
-	}
-	
-	public static Attribute buildEID_SECTOR_FOR_IDENTIFIER(String value) {
-		return buildStringAttribute("EID-SECTOR-FOR-IDENTIFIER",
-				"urn:oid:1.2.40.0.10.2.1.1.261.34", value);
-	}
-	
-	
-//	public static AttributeStatement buildCitizenToken(MOARequest obj,
-//			AuthenticationSession authSession) {
-//		AttributeStatement statement = 
-//				SAML2Utils.createSAMLObject(AttributeStatement.class);
-//
-//		//TL: AuthData generation is moved out from VerifyAuthBlockServlet
-//		try {
-//
-//			//TODO: LOAD oaParam from request and not from MOASession in case of SSO
-//			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
-//					.getOnlineApplicationParameter(authSession.getPublicOAURLPrefix());
-//		
-//			AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession,
-//					oaParam,
-//					authSession.getTarget());
-//			
-//			Attribute pvpVersion = buildPVPVersion("2.1");
-//			Attribute secClass = buildSecClass(3);
-//			Attribute principalName = buildPrincipalName(authData.getFamilyName());
-//			Attribute givenName = buildGivenName(authData.getGivenName());
-//			Attribute birthdate = buildBirthday(authData.getDateOfBirth());
-//			
-//			//TL: getIdentificationValue holds the baseID  --> change to pBK
-//			Attribute bpk = buildBPK(authData.getBPK());
-//			
-//			Attribute eid_citizen_qaa = buildEID_CITIZEN_QAALEVEL(3);
-//			Attribute eid_issuing_nation = buildEID_ISSUING_NATION("AT");
-//			Attribute eid_sector_for_id = buildEID_SECTOR_FOR_IDENTIFIER(authData.getIdentificationType());
-//			
-//			statement.getAttributes().add(pvpVersion);
-//			statement.getAttributes().add(secClass);
-//			statement.getAttributes().add(principalName);
-//			statement.getAttributes().add(givenName);
-//			statement.getAttributes().add(birthdate);
-//			statement.getAttributes().add(bpk);
-//			statement.getAttributes().add(eid_citizen_qaa);
-//			statement.getAttributes().add(eid_issuing_nation);
-//			statement.getAttributes().add(eid_sector_for_id);
-//			
-//			return statement;
-//			
-//		} catch (ConfigurationException e) {
-//			
-//			// TODO: check Exception Handling
-//			return null;
-//		} catch (BuildException e) {
-//			
-//			// TODO: check Exception Handling
-//			return null;
-//		}
-//		
-//
-//	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
deleted file mode 100644
index 07da57d2a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
+++ /dev/null
@@ -1,207 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.ServiceLoader;
-
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
-import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-
-public class PVPAttributeBuilder {
-	
-	private static IAttributeGenerator<Attribute> generator = new SamlAttributeGenerator();
-	
-	private static HashMap<String, IAttributeBuilder> builders;
-	
-	private static ServiceLoader<IAttributeBuilder> attributBuilderLoader = 
-			ServiceLoader.load(IAttributeBuilder.class);
-	
-	private static void addBuilder(IAttributeBuilder builder) {
-		builders.put(builder.getName(), builder);
-	}
-	
-	static {
-		builders = new HashMap<String, IAttributeBuilder>();
-		
-		Logger.info("Loading protocol attribut-builder modules:");
-		if (attributBuilderLoader != null ) {		
-			Iterator<IAttributeBuilder> moduleLoaderInterator = attributBuilderLoader.iterator();
-			while (moduleLoaderInterator.hasNext()) {
-				try {
-					IAttributeBuilder modul = moduleLoaderInterator.next();
-					Logger.info("Loading attribut-builder Modul Information: " + modul.getName());
-					addBuilder(modul);
-					
-				} catch(Throwable e) {
-					Logger.error("Check configuration! " + "Some attribute-builder modul" + 
-							" is not a valid IAttributeBuilder", e);
-				}	
-			}
-		}
-		
-		Logger.info("Loading attribute-builder modules done");
-				
-	}
-	
-	
-	/**
-	 * Get a specific attribute builder
-	 * 
-	 * @param name Attribute-builder friendly name
-	 * 
-	 * @return Attribute-builder with this name or null if builder does not exists
-	 */
-	public static IAttributeBuilder getAttributeBuilder(String name) {
-		return builders.get(name);
-		
-	}
-	
-	public static Attribute buildAttribute(String name, ISPConfiguration  oaParam,
-			IAuthData authData) throws PVP2Exception, AttributeBuilderException {
-		if (builders.containsKey(name)) {
-			try {
-				return builders.get(name).build(oaParam, authData, generator);
-			}
-			catch (AttributeBuilderException e) {
-				if (e instanceof UnavailableAttributeException) {
-					throw e;
-				} else if (e instanceof InvalidDateFormatAttributeException) {
-					throw new InvalidDateFormatException();
-				} else if (e instanceof NoMandateDataAttributeException) {
-					throw new NoMandateDataAvailableException();
-				} else {
-					throw new UnprovideableAttributeException(name);
-				}
-			}
-		}
-		return null;
-	}
-	
-	public static Attribute buildEmptyAttribute(String name) {
-		if (builders.containsKey(name)) {
-			return builders.get(name).buildEmpty(generator);
-		}
-		return null;
-	}
-
-	public static Attribute buildAttribute(String name, String value) {
-		if (builders.containsKey(name)) {
-			return builders.get(name).buildEmpty(generator);
-		}
-		return null;
-	}
-	
-	
-	
-	public static List<Attribute> buildSupportedEmptyAttributes() {
-		List<Attribute> attributes = new ArrayList<Attribute>();
-		Iterator<IAttributeBuilder> builderIt = builders.values().iterator();
-		while (builderIt.hasNext()) {
-			IAttributeBuilder builder = builderIt.next();
-			Attribute emptyAttribute = builder.buildEmpty(generator);
-			if (emptyAttribute != null) {
-				attributes.add(emptyAttribute);
-			}
-		}
-		return attributes;
-	}
-	
-	public static RequestedAttribute buildReqAttribute(String name, String friendlyName, boolean required) {
-		RequestedAttribute attribute = SAML2Utils.createSAMLObject(RequestedAttribute.class);
-		attribute.setIsRequired(required);
-		attribute.setName(name);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setNameFormat(Attribute.URI_REFERENCE);
-		return attribute;
-	}
-	
-	/**
-	 * Build a set of PVP Response-Attributes
-	 * <br><br>
-	 * <b>INFO:</b> If a specific attribute can not be build, a info is logged, but no execpetion is thrown.
-	 * Therefore, the return List must not include all requested attributes.    
-	 * 
-	 * @param authData AuthenticationData <code>IAuthData</code> which is used to build the attribute values, but never <code>null</code>
-	 * @param reqAttributenName List of PVP attribute names which are requested, but never <code>null</code>
-	 * @return List of PVP attributes, but never <code>null</code>
-	 */
-	public static List<Attribute> buildSetOfResponseAttributes(IAuthData authData, 
-			Collection<String> reqAttributenName) {
-		List<Attribute> attrList = new ArrayList<Attribute>();
-		if (reqAttributenName != null) {		
-			Iterator<String> it = reqAttributenName.iterator();
-			while (it.hasNext()) {
-				String reqAttributName = it.next();
-				try {
-					Attribute attr = PVPAttributeBuilder.buildAttribute(
-							reqAttributName, null, authData);
-					if (attr == null) {
-						Logger.info(
-								"Attribute generation failed! for "
-										+ reqAttributName);
-					
-					} else {
-						attrList.add(attr);
-					
-					}
-									
-				} catch (PVP2Exception e) {
-					Logger.info(
-							"Attribute generation failed! for "
-									+ reqAttributName);
-				
-				} catch (Exception e) {
-					Logger.warn(
-							"General Attribute generation failed! for "
-									+ reqAttributName, e);
-				
-				}
-			}
-		}
-		
-		return attrList;
-	}
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
deleted file mode 100644
index a55e873b5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import java.security.NoSuchAlgorithmException;
-
-import javax.servlet.http.HttpServletResponse;
-
-import org.joda.time.DateTime;
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.NameIDPolicy;
-import org.opensaml.saml2.core.NameIDType;
-import org.opensaml.saml2.core.RequestedAuthnContext;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.SubjectConfirmationData;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.xml.security.SecurityException;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-@Service("PVPAuthnRequestBuilder")
-public class PVPAuthnRequestBuilder {
-	
-	@Autowired(required=true) ApplicationContext springContext;
-	
-	/**
-	 * Build a PVP2.x specific authentication request
-	 * 
-	 * @param pendingReq Currently processed pendingRequest 
-	 * @param config AuthnRequest builder configuration, never null
-	 * @param idpEntity SAML2 EntityDescriptor of the IDP, which receive this AuthnRequest, never null
-	 * @param httpResp
-	 * @throws NoSuchAlgorithmException 
-	 * @throws SecurityException 
-	 * @throws PVP2Exception 
-	 * @throws MessageEncodingException 
-	 */
-	public void buildAuthnRequest(IRequest pendingReq, IPVPAuthnRequestBuilderConfiguruation config, 
-			HttpServletResponse httpResp) throws NoSuchAlgorithmException, MessageEncodingException, PVP2Exception, SecurityException {
-		//get IDP Entity element from config
-		EntityDescriptor idpEntity = config.getIDPEntityDescriptor();
-		
-		AuthnRequest authReq = SAML2Utils
-				.createSAMLObject(AuthnRequest.class);
-		
-		//select SingleSignOn Service endpoint from IDP metadata
-		SingleSignOnService endpoint = null;  
-		for (SingleSignOnService sss : 
-				idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
-			
-			// use POST binding as default if it exists 
-			if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { 
-				endpoint = sss; 
-				
-			} else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) 
-					&& endpoint == null )
-				endpoint = sss;
-			
-		}
-		
-		if (endpoint == null) {
-			Logger.warn("Building AuthnRequest FAILED: > Requested IDP " + idpEntity.getEntityID() 
-					+ " does not support POST or Redirect Binding.");
-			throw new AuthnRequestBuildException("sp.pvp2.00", new Object[]{config.getSPNameForLogging(), idpEntity.getEntityID()});
-			
-		} else
-			authReq.setDestination(endpoint.getLocation());
-		
-		
-		//set basic AuthnRequest information
-		String reqID = config.getRequestID();
-		if (MiscUtil.isNotEmpty(reqID))
-			authReq.setID(reqID);
-		
-		else {
-			SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
-			authReq.setID(gen.generateIdentifier());
-			
-		}
-		
-		authReq.setIssueInstant(new DateTime());
-		
-		//set isPassive flag
-		if (config.isPassivRequest() == null)
-			authReq.setIsPassive(false);
-		else
-			authReq.setIsPassive(config.isPassivRequest());
-
-		//set EntityID of the service provider
-		Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
-		issuer.setFormat(NameIDType.ENTITY);
-		issuer.setValue(config.getSPEntityID());
-		authReq.setIssuer(issuer);
-
-		//set AssertionConsumerService ID
-		if (config.getAssertionConsumerServiceId() != null)
-			authReq.setAssertionConsumerServiceIndex(config.getAssertionConsumerServiceId());
-		
-		//set NameIDPolicy
-		if (config.getNameIDPolicyFormat() != null) {
-			NameIDPolicy policy = SAML2Utils.createSAMLObject(NameIDPolicy.class);
-			policy.setAllowCreate(config.getNameIDPolicyAllowCreation());
-			policy.setFormat(config.getNameIDPolicyFormat());
-			authReq.setNameIDPolicy(policy);
-		}
-		
-		//set requested QAA level
-		if (config.getAuthnContextClassRef() != null) {
-			RequestedAuthnContext reqAuthContext = SAML2Utils.createSAMLObject(RequestedAuthnContext.class);		
-			AuthnContextClassRef authnClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
-		
-			authnClassRef.setAuthnContextClassRef(config.getAuthnContextClassRef());
-			
-			if (config.getAuthnContextComparison() == null)
-				reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
-			else
-				reqAuthContext.setComparison(config.getAuthnContextComparison());
-			
-			reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);					
-			authReq.setRequestedAuthnContext(reqAuthContext);
-		}
-						
-		//set request Subject element
-		if (MiscUtil.isNotEmpty(config.getSubjectNameID())) {
-			Subject reqSubject = SAML2Utils.createSAMLObject(Subject.class);
-			NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
-			
-			subjectNameID.setValue(config.getSubjectNameID());
-			if (MiscUtil.isNotEmpty(config.getSubjectNameIDQualifier()))
-				subjectNameID.setNameQualifier(config.getSubjectNameIDQualifier());
-			
-			if (MiscUtil.isNotEmpty(config.getSubjectNameIDFormat()))
-				subjectNameID.setFormat(config.getSubjectNameIDFormat());
-			else
-				subjectNameID.setFormat(NameID.TRANSIENT);
-			
-			reqSubject.setNameID(subjectNameID);
-						
-			if (config.getSubjectConformationDate() != null) {
-				SubjectConfirmation subjectConformation = SAML2Utils.createSAMLObject(SubjectConfirmation.class);
-				SubjectConfirmationData subjectConformDate = SAML2Utils.createSAMLObject(SubjectConfirmationData.class);			
-				subjectConformation.setSubjectConfirmationData(subjectConformDate);
-				reqSubject.getSubjectConfirmations().add(subjectConformation );
-							
-				if (config.getSubjectConformationMethode() != null)
-					subjectConformation.setMethod(config.getSubjectConformationMethode());
-								
-				subjectConformDate.setDOM(config.getSubjectConformationDate());
-								
-			}
-						
-			authReq.setSubject(reqSubject );
-						
-		}
-		
-		//TODO: implement requested attributes
-		//maybe: config.getRequestedAttributes();
-		
-		//select message encoder
-		IEncoder binding = null;
-		if (endpoint.getBinding().equals(
-				SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
-			binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
-														
-		} else if (endpoint.getBinding().equals(
-				SAMLConstants.SAML2_POST_BINDING_URI)) {
-			binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
-			
-		}
-		
-		//encode message
-		binding.encodeRequest(null, httpResp, authReq, 
-				endpoint.getLocation(), pendingReq.getPendingRequestId(), config.getAuthnRequestSigningCredential(), pendingReq);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
deleted file mode 100644
index e2ac50e5e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
+++ /dev/null
@@ -1,442 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import java.io.IOException;
-import java.io.StringWriter;
-import java.util.List;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.TransformerFactoryConfigurationError;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.joda.time.DateTime;
-import org.opensaml.Configuration;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.ContactPerson;
-import org.opensaml.saml2.metadata.EntitiesDescriptor;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.KeyDescriptor;
-import org.opensaml.saml2.metadata.LocalizedString;
-import org.opensaml.saml2.metadata.NameIDFormat;
-import org.opensaml.saml2.metadata.Organization;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.saml2.metadata.RoleDescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.ServiceName;
-import org.opensaml.saml2.metadata.SingleLogoutService;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.xml.io.Marshaller;
-import org.opensaml.xml.io.MarshallingException;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.SecurityHelper;
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
-import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
-import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureException;
-import org.opensaml.xml.signature.Signer;
-import org.springframework.stereotype.Service;
-import org.w3c.dom.Document;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-
-@Service("PVPMetadataBuilder")
-public class PVPMetadataBuilder {
-
-	X509KeyInfoGeneratorFactory keyInfoFactory = null;
-	
-	/**
-	 * 
-	 */
-	public PVPMetadataBuilder() {
-		keyInfoFactory = new X509KeyInfoGeneratorFactory();
-		keyInfoFactory.setEmitEntityIDAsKeyName(true);
-		keyInfoFactory.setEmitEntityCertificate(true);
-		
-	}
-	
-	
-	/**
-	 * 
-	 * Build PVP 2.1 conform SAML2 metadata
-	 * 
-	 * @param config 
-	 * 				PVPMetadataBuilder configuration
-	 * 
-	 * @return PVP metadata as XML String
-	 * @throws SecurityException 
-	 * @throws ConfigurationException 
-	 * @throws CredentialsNotAvailableException 
-	 * @throws TransformerFactoryConfigurationError 
-	 * @throws MarshallingException 
-	 * @throws TransformerException 
-	 * @throws ParserConfigurationException 
-	 * @throws IOException 
-	 * @throws SignatureException 
-	 */
-	public String buildPVPMetadata(IPVPMetadataBuilderConfiguration config) throws CredentialsNotAvailableException, ConfigurationException, SecurityException, TransformerFactoryConfigurationError, MarshallingException, TransformerException, ParserConfigurationException, IOException, SignatureException {				
-		DateTime date = new DateTime();
-		EntityDescriptor entityDescriptor = SAML2Utils
-				.createSAMLObject(EntityDescriptor.class);
-		
-		//set entityID
-		entityDescriptor.setEntityID(config.getEntityID());		
-								
-		//set contact and organisation information
-		List<ContactPerson> contactPersons = config.getContactPersonInformation();
-		if (contactPersons != null)
-			entityDescriptor.getContactPersons().addAll(contactPersons);
-		
-		Organization organisation = config.getOrgansiationInformation();
-		if (organisation != null)
-			entityDescriptor.setOrganization(organisation);
-
-		//set IDP metadata
-		if (config.buildIDPSSODescriptor()) {
-			RoleDescriptor idpSSODesc = generateIDPMetadata(config);
-			if (idpSSODesc != null)
-				entityDescriptor.getRoleDescriptors().add(idpSSODesc);
-						
-		}
-		
-		//set SP metadata for interfederation
-		if (config.buildSPSSODescriptor()) {
-			RoleDescriptor spSSODesc = generateSPMetadata(config);
-			if (spSSODesc != null)
-				entityDescriptor.getRoleDescriptors().add(spSSODesc);
-		
-		}
-
-		//set metadata signature parameters
-		Credential metadataSignCred = config.getMetadataSigningCredentials();		
-		Signature signature = AbstractCredentialProvider.getIDPSignature(metadataSignCred);
-		SecurityHelper.prepareSignatureParams(signature, metadataSignCred, null, null);
-				
-		//initialize XML document builder
-		DocumentBuilder builder;
-		DocumentBuilderFactory factory = DocumentBuilderFactory
-				.newInstance();
-
-		builder = factory.newDocumentBuilder();
-		Document document = builder.newDocument();
-		
-
-		//build entities descriptor
-		if (config.buildEntitiesDescriptorAsRootElement()) {
-			EntitiesDescriptor entitiesDescriptor = 
-					SAML2Utils.createSAMLObject(EntitiesDescriptor.class);					
-			entitiesDescriptor.setName(config.getEntityFriendlyName());
-			entitiesDescriptor.setID(SAML2Utils.getSecureIdentifier());							
-			entitiesDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil()));			
-			entitiesDescriptor.getEntityDescriptors().add(entityDescriptor);
-			
-			//load default PVP security configurations
-			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-			entitiesDescriptor.setSignature(signature);
-			
-			
-			//marshall document
-			Marshaller out = Configuration.getMarshallerFactory()
-					.getMarshaller(entitiesDescriptor);
-			out.marshall(entitiesDescriptor, document);
-						
-		} else {
-			entityDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil()));
-			entityDescriptor.setID(SAML2Utils.getSecureIdentifier());
-			
-			entityDescriptor.setSignature(signature);
-			
-			
-			
-			//marshall document
-			Marshaller out = Configuration.getMarshallerFactory()
-					.getMarshaller(entityDescriptor);
-			out.marshall(entityDescriptor, document);
-			
-		}
-		
-		//sign metadata
-		Signer.signObject(signature);
-
-		//transform metadata object to XML string
-		Transformer transformer = TransformerFactory.newInstance()
-				.newTransformer();
-
-		StringWriter sw = new StringWriter();
-		StreamResult sr = new StreamResult(sw);
-		DOMSource source = new DOMSource(document);
-		transformer.transform(source, sr);
-		sw.close();
-
-		return sw.toString();
-	}
-	
-	
-	private RoleDescriptor generateSPMetadata(IPVPMetadataBuilderConfiguration config) throws CredentialsNotAvailableException, SecurityException, ConfigurationException {		
-		SPSSODescriptor spSSODescriptor = SAML2Utils.createSAMLObject(SPSSODescriptor.class);
-		spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
-		spSSODescriptor.setAuthnRequestsSigned(config.wantAuthnRequestSigned());
-		spSSODescriptor.setWantAssertionsSigned(config.wantAssertionSigned());
-	
-		KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
-		
-		//Set AuthRequest Signing certificate
-		Credential authcredential = config.getRequestorResponseSigningCredentials();
-		if (authcredential == null) {
-			Logger.warn("SP Metadata generation FAILED! --> Builder has NO request signing-credential. ");			
-			return null;
-						
-		} else {			
-			KeyDescriptor signKeyDescriptor = SAML2Utils
-					.createSAMLObject(KeyDescriptor.class);
-			signKeyDescriptor.setUse(UsageType.SIGNING);
-			signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential));	
-			spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
-			
-		}
-		
-		//Set assertion encryption credentials		
-		Credential authEncCredential = config.getEncryptionCredentials();			
-
-		if (authEncCredential != null) {
-			KeyDescriptor encryKeyDescriptor = SAML2Utils
-					.createSAMLObject(KeyDescriptor.class);
-			encryKeyDescriptor.setUse(UsageType.ENCRYPTION);
-			encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential));	
-			spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor);
-			
-		} else {
-			Logger.warn("No Assertion Encryption-Key defined. This setting is not recommended!");
-			
-		}
-
-		//check nameID formates
-		if (config.getSPAllowedNameITTypes() == null || config.getSPAllowedNameITTypes().size() == 0) {
-			Logger.warn("SP Metadata generation FAILED! --> Builder has NO provideable SAML2 nameIDFormats. ");
-			return null;
-			
-		} else {
-			for (String format : config.getSPAllowedNameITTypes()) {
-				NameIDFormat nameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
-				nameIDFormat.setFormat(format);		
-				spSSODescriptor.getNameIDFormats().add(nameIDFormat);
-						 	
-			}			
-		}
-		
-
-		//add POST-Binding assertion consumer services
-		if (MiscUtil.isNotEmpty(config.getSPAssertionConsumerServicePostBindingURL())) {
-			AssertionConsumerService postassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class);		
-			postassertionConsumerService.setIndex(0);
-			postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
-			postassertionConsumerService.setLocation(config.getSPAssertionConsumerServicePostBindingURL());	
-			postassertionConsumerService.setIsDefault(true);
-			spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService);
-			
-		}
-		
-		//add POST-Binding assertion consumer services
-		if (MiscUtil.isNotEmpty(config.getSPAssertionConsumerServiceRedirectBindingURL())) {
-			AssertionConsumerService redirectassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class);		
-			redirectassertionConsumerService.setIndex(1);
-			redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			redirectassertionConsumerService.setLocation(config.getSPAssertionConsumerServiceRedirectBindingURL());
-			spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService);
-			
-		}
-		
-		//validate WebSSO endpoints
-		if (spSSODescriptor.getAssertionConsumerServices().size() == 0) {
-			Logger.warn("SP Metadata generation FAILED! --> NO SAML2 AssertionConsumerService endpoint found. ");
-			return null;
-			
-		}
-		
-		//add POST-Binding SLO descriptor
-		if (MiscUtil.isNotEmpty(config.getSPSLOPostBindingURL())) {
-			SingleLogoutService postSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);			
-			postSLOService.setLocation(config.getSPSLOPostBindingURL());
-			postSLOService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
-			spSSODescriptor.getSingleLogoutServices().add(postSLOService);
-			
-		}
-		
-		//add POST-Binding SLO descriptor
-		if (MiscUtil.isNotEmpty(config.getSPSLORedirectBindingURL())) {
-			SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);			
-			redirectSLOService.setLocation(config.getSPSLORedirectBindingURL());
-			redirectSLOService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			spSSODescriptor.getSingleLogoutServices().add(redirectSLOService);
-			
-		}
-		
-		//add POST-Binding SLO descriptor
-		if (MiscUtil.isNotEmpty(config.getSPSLOSOAPBindingURL())) {
-			SingleLogoutService soapSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);			
-			soapSLOService.setLocation(config.getSPSLOSOAPBindingURL());
-			soapSLOService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
-			spSSODescriptor.getSingleLogoutServices().add(soapSLOService);
-			
-		}
-		
-		
-		//add required attributes
-		List<RequestedAttribute> reqSPAttr = config.getSPRequiredAttributes();
-		AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class);		
-			
-		attributeService.setIndex(0);
-		attributeService.setIsDefault(true);
-		ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class);
-		serviceName.setName(new LocalizedString("Default Service", "en"));
-		attributeService.getNames().add(serviceName);
-
-		if (reqSPAttr != null && reqSPAttr.size() > 0) {
-			Logger.debug("Add " + reqSPAttr.size() + " attributes to SP metadata");
-			attributeService.getRequestAttributes().addAll(reqSPAttr);
-			
-		} else {
-			Logger.debug("SP metadata contains NO requested attributes.");
-			
-		}
-			
-		spSSODescriptor.getAttributeConsumingServices().add(attributeService);
-						
-		return spSSODescriptor;
-	}
-	
-	private IDPSSODescriptor generateIDPMetadata(IPVPMetadataBuilderConfiguration config) throws ConfigurationException, CredentialsNotAvailableException, SecurityException {					
-		//check response signing credential
-		Credential responseSignCred = config.getRequestorResponseSigningCredentials();
-		if (responseSignCred == null) {
-			Logger.warn("IDP Metadata generation FAILED! --> Builder has NO Response signing credential. ");			
-			return null;
-			
-		}
-
-		//check nameID formates
-		if (config.getIDPPossibleNameITTypes() == null || config.getIDPPossibleNameITTypes().size() == 0) {
-			Logger.warn("IDP Metadata generation FAILED! --> Builder has NO provideable SAML2 nameIDFormats. ");
-			return null;
-			
-		}
-				
-		// build SAML2 IDP-SSO descriptor element
-		IDPSSODescriptor idpSSODescriptor = SAML2Utils
-				.createSAMLObject(IDPSSODescriptor.class);
-
-		idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
-
-		//set ass default value, because PVP 2.x specification defines this feature as MUST
-		idpSSODescriptor.setWantAuthnRequestsSigned(config.wantAuthnRequestSigned());			
-		
-		// add WebSSO descriptor for POST-Binding
-		if (MiscUtil.isNotEmpty(config.getIDPWebSSOPostBindingURL())) {
-			SingleSignOnService postSingleSignOnService = SAML2Utils.createSAMLObject(SingleSignOnService.class);
-			postSingleSignOnService.setLocation(config.getIDPWebSSOPostBindingURL());
-			postSingleSignOnService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
-			idpSSODescriptor.getSingleSignOnServices().add(postSingleSignOnService);
-						
-		}
-		
-		// add WebSSO descriptor for Redirect-Binding
-		if (MiscUtil.isNotEmpty(config.getIDPWebSSORedirectBindingURL())) {
-			SingleSignOnService postSingleSignOnService = SAML2Utils.createSAMLObject(SingleSignOnService.class);
-			postSingleSignOnService.setLocation(config.getIDPWebSSORedirectBindingURL());
-			postSingleSignOnService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			idpSSODescriptor.getSingleSignOnServices().add(postSingleSignOnService);
-						
-		}
-		
-		//add Single LogOut POST-Binding endpoing
-		if (MiscUtil.isNotEmpty(config.getIDPSLOPostBindingURL())) {
-			SingleLogoutService postSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);			
-			postSLOService.setLocation(config.getIDPSLOPostBindingURL());
-			postSLOService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
-			idpSSODescriptor.getSingleLogoutServices().add(postSLOService);
-			
-		}
-		
-		//add Single LogOut Redirect-Binding endpoing
-		if (MiscUtil.isNotEmpty(config.getIDPSLORedirectBindingURL())) {
-			SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);			
-			redirectSLOService.setLocation(config.getIDPSLORedirectBindingURL());
-			redirectSLOService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			idpSSODescriptor.getSingleLogoutServices().add(redirectSLOService);
-			
-		}
-		
-		//validate WebSSO endpoints
-		if (idpSSODescriptor.getSingleSignOnServices().size() == 0) {
-			Logger.warn("IDP Metadata generation FAILED! --> NO SAML2 SingleSignOnService endpoint found. ");
-			return null;
-			
-		}
-				
-		//set assertion signing key
-		KeyDescriptor signKeyDescriptor = SAML2Utils
-				.createSAMLObject(KeyDescriptor.class);
-		signKeyDescriptor.setUse(UsageType.SIGNING);
-		KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
-		signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(config.getRequestorResponseSigningCredentials()));
-		idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
-
-		//set IDP attribute set
-		idpSSODescriptor.getAttributes().addAll(config.getIDPPossibleAttributes());
-			
-		//set providable nameID formats
-		for (String format : config.getIDPPossibleNameITTypes()) {
-			NameIDFormat nameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
-			nameIDFormat.setFormat(format);		
-			idpSSODescriptor.getNameIDFormats().add(nameIDFormat);
-						
-		}
-			
-		return idpSSODescriptor;
-		
-	}
-		
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index a1d7f5d3a..53606b341 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -75,37 +75,39 @@ import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.exception.BindingNotSupportedException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.StringRedirectDeflateEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.opemsaml.MOAStringRedirectDeflateEncoder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -120,14 +122,15 @@ public class SingleLogOutBuilder {
 	@Autowired(required=true) ApplicationContext springContext;
 	@Autowired private IDPCredentialProvider credentialProvider;
 	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
-	@Autowired private IGUIFormBuilder guiBuilder;
+	@Autowired private IGUIFormBuilder guiBuilder; 
 	@Autowired(required=true) protected IRevisionLogger revisionsLogger;
 	@Autowired private ITransactionStorage transactionStorage;
+	@Autowired(required=true) IPVP2BasicConfiguration pvpBasicConfiguration;
 
 	public static final int SLOTIMEOUT = 30 * 1000; //30 sec
 	
 	public void toTechnicalLogout(ISLOInformationContainer sloContainer, 
-			HttpServletRequest httpReq, HttpServletResponse httpResp, String authUrl) throws MOAIDException {		
+			HttpServletRequest httpReq, HttpServletResponse httpResp, String authUrl) throws EAAFException {		
 		Logger.trace("Starting Service-Provider logout process ... ");		
 		revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_STARTED);		
 		
@@ -174,7 +177,7 @@ public class SingleLogOutBuilder {
 		}
 						
 		IRequest pendingReq = null;		
-		PVPTargetConfiguration pvpReq = null;
+		PVPSProfilePendingRequest pvpReq = null;
 		//start service provider front channel logout process
 		try {
 			if (sloContainer.hasFrontChannelOA()) {
@@ -221,9 +224,9 @@ public class SingleLogOutBuilder {
 								
 			} else {
 				pendingReq = sloContainer.getSloRequest();
-				if (pendingReq != null && pendingReq instanceof PVPTargetConfiguration) {
+				if (pendingReq != null && pendingReq instanceof PVPSProfilePendingRequest) {
 					//send SLO response to SLO request issuer
-					pvpReq = (PVPTargetConfiguration)pendingReq;
+					pvpReq = (PVPSProfilePendingRequest)pendingReq;
 					SingleLogoutService sloService = getResponseSLODescriptor(pvpReq);
 					LogoutResponse message = buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs());
 					sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, pvpReq.getRequest().getRelayState(), pvpReq);
@@ -321,10 +324,11 @@ public class SingleLogOutBuilder {
 	 * @param httpResp
 	 * @param relayState
 	 * @return 
+	 * @throws CredentialsNotAvailableException 
 	 */
 	public String getFrontChannelSLOMessageURL(String serviceURL, String bindingType,
 			RequestAbstractType sloReq, HttpServletRequest httpReq,
-			HttpServletResponse httpResp, String relayState) throws MOAIDException {
+			HttpServletResponse httpResp, String relayState) throws MOAIDException, CredentialsNotAvailableException {
 		
 		try {
 			X509Credential credentials = credentialProvider
@@ -332,7 +336,7 @@ public class SingleLogOutBuilder {
 
 			Logger.debug("create SAML RedirectBinding response");
 			
-			MOAStringRedirectDeflateEncoder encoder = new MOAStringRedirectDeflateEncoder();			
+			StringRedirectDeflateEncoder encoder = new StringRedirectDeflateEncoder();			
 			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
 			SingleLogoutService service = new SingleLogoutServiceBuilder()
 					.buildObject();
@@ -356,7 +360,7 @@ public class SingleLogOutBuilder {
 
 	public String getFrontChannelSLOMessageURL(SingleLogoutService service,
 			StatusResponseType sloResp, HttpServletRequest httpReq,
-			HttpServletResponse httpResp, String relayState) throws MOAIDException {
+			HttpServletResponse httpResp, String relayState) throws MOAIDException, CredentialsNotAvailableException {
 		
 		try {
 			X509Credential credentials = credentialProvider
@@ -364,7 +368,7 @@ public class SingleLogOutBuilder {
 
 			Logger.debug("create SAML RedirectBinding response");
 			
-			MOAStringRedirectDeflateEncoder encoder = new MOAStringRedirectDeflateEncoder();			
+			StringRedirectDeflateEncoder encoder = new StringRedirectDeflateEncoder();			
 			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
 			context.setOutboundSAMLMessageSigningCredential(credentials);
 			context.setPeerEntityEndpoint(service);
@@ -384,7 +388,7 @@ public class SingleLogOutBuilder {
 	
 	public void sendFrontChannelSLOMessage(SingleLogoutService consumerService, 
 			LogoutResponse sloResp, HttpServletRequest req, HttpServletResponse resp, 
-			String relayState, PVPTargetConfiguration pvpReq) throws MOAIDException {
+			String relayState, PVPSProfilePendingRequest pvpReq) throws MOAIDException, PVP2Exception, CredentialsNotAvailableException {
 		IEncoder binding = null;
 		if (consumerService.getBinding().equals(
 				SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
@@ -417,7 +421,7 @@ public class SingleLogOutBuilder {
 	}
 	
 	
-	public LogoutRequest buildSLORequestMessage(SLOInformationInterface sloDescr) throws ConfigurationException, MOAIDException {
+	public LogoutRequest buildSLORequestMessage(SLOInformationInterface sloDescr) throws EAAFException {
 		LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class);
 		
 		SecureRandomIdentifierGenerator gen;
@@ -433,7 +437,7 @@ public class SingleLogOutBuilder {
 
 		DateTime now = new DateTime();
 		Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
-		issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(sloDescr.getAuthURL()));
+		issuer.setValue(pvpBasicConfiguration.getIDPEntityId(sloDescr.getAuthURL()));
 		issuer.setFormat(NameID.ENTITY);
 		sloReq.setIssuer(issuer);		
 		sloReq.setIssueInstant(now);
@@ -477,7 +481,7 @@ public class SingleLogOutBuilder {
 		return sloReq;		
 	}
 	
-	public LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest, String firstLevelStatusCode) throws ConfigurationException, MOAIDException {
+	public LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPSProfilePendingRequest spRequest, String firstLevelStatusCode) throws EAAFException {
 		LogoutResponse sloResp = buildBasicResponse(sloService, spRequest);
 		
 		Status status = SAML2Utils.createSAMLObject(Status.class);
@@ -494,7 +498,7 @@ public class SingleLogOutBuilder {
 		return sloResp;
 	}
 	
-	public LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPTargetConfiguration spRequest, List<String> failedOAs) throws MOAIDException {		
+	public LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPSProfilePendingRequest spRequest, List<String> failedOAs) throws EAAFException {		
 		LogoutResponse sloResp = buildBasicResponse(sloService, spRequest);
 		
 		Status status;
@@ -519,11 +523,10 @@ public class SingleLogOutBuilder {
 		
 	}
 	
-	private LogoutResponse buildBasicResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException, MOAIDException {
+	private LogoutResponse buildBasicResponse(SingleLogoutService sloService, PVPSProfilePendingRequest spRequest) throws EAAFException {
 		LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class);		
 		Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);		
-		issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(
-				spRequest.getAuthURLWithOutSlash()));
+		issuer.setValue(pvpBasicConfiguration.getIDPEntityId(spRequest.getAuthURLWithOutSlash()));
 		issuer.setFormat(NameID.ENTITY);
 		sloResp.setIssuer(issuer);		
 		sloResp.setIssueInstant(new DateTime());		
@@ -540,9 +543,9 @@ public class SingleLogOutBuilder {
 			
 		}			
 
-		if (spRequest.getRequest() instanceof MOARequest &&
-				((MOARequest)spRequest.getRequest()).getSamlRequest() instanceof LogoutRequest) {
-			LogoutRequest sloReq =  (LogoutRequest) ((MOARequest)spRequest.getRequest()).getSamlRequest();
+		if (spRequest.getRequest() instanceof PVPSProfileRequest &&
+				((PVPSProfileRequest)spRequest.getRequest()).getSamlRequest() instanceof LogoutRequest) {
+			LogoutRequest sloReq =  (LogoutRequest) ((PVPSProfileRequest)spRequest.getRequest()).getSamlRequest();
 			sloResp.setInResponseTo(sloReq.getID());
 			
 		}
@@ -592,8 +595,8 @@ public class SingleLogOutBuilder {
 
 	}
 	
-	public SingleLogoutService getResponseSLODescriptor(PVPTargetConfiguration spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException {
-		MOARequest moaReq = (MOARequest) spRequest.getRequest();
+	public SingleLogoutService getResponseSLODescriptor(PVPSProfilePendingRequest spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException {
+		PVPSProfileRequest moaReq = (PVPSProfileRequest) spRequest.getRequest();
 		EntityDescriptor metadata = moaReq.getEntityMetadata(metadataProvider);
 		SSODescriptor ssodesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
 		
@@ -655,7 +658,8 @@ public class SingleLogOutBuilder {
 											oa.getUserNameID(), 
 											oa.getUserNameIDFormat(), 
 											oa.getProtocolType(),
-											sloDesc));
+											sloDesc.getBinding(),
+											sloDesc.getLocation()));
 						
 							else
 								container.getActiveFrontChannalOAs().put(oa.getOaurlprefix(), 
@@ -666,7 +670,8 @@ public class SingleLogOutBuilder {
 											oa.getUserNameID(), 
 											oa.getUserNameIDFormat(), 
 											oa.getProtocolType(),
-											sloDesc));
+											sloDesc.getBinding(),
+											sloDesc.getLocation()));
 							
 						} catch (NOSLOServiceDescriptorException e) {
 							container.putFailedOA(oa.getOaurlprefix());
@@ -707,7 +712,8 @@ public class SingleLogOutBuilder {
 										el.getUserNameID(), 
 										NameID.TRANSIENT, 
 										PVP2XProtocol.NAME,
-										sloDesc));
+										sloDesc.getBinding(),
+										sloDesc.getLocation()));
 						
 					} catch (NOSLOServiceDescriptorException e) {
 						container.putFailedOA(el.getIdpurlprefix());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
deleted file mode 100644
index 056e2bba0..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ /dev/null
@@ -1,543 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion;
-
-import java.security.MessageDigest;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-import org.joda.time.DateTime;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeQuery;
-import org.opensaml.saml2.core.AttributeStatement;
-import org.opensaml.saml2.core.Audience;
-import org.opensaml.saml2.core.AudienceRestriction;
-import org.opensaml.saml2.core.AuthnContext;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.AuthnStatement;
-import org.opensaml.saml2.core.Conditions;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.RequestedAuthnContext;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.SubjectConfirmationData;
-import org.opensaml.saml2.core.impl.AuthnRequestImpl;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.NameIDFormat;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.w3c.dom.Element;
-
-import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
-import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
-import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
-import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egiz.eaaf.core.impl.utils.Random;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.id.util.LoALevelMapper;
-import at.gv.egovernment.moa.id.util.MandateBuilder;
-import at.gv.egovernment.moa.id.util.QAALevelVerifier;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class PVP2AssertionBuilder implements PVPConstants {
-	
-	/**
-	 * Build a PVP assertion as response for a SAML2 AttributeQuery request
-	 * 
-	 * @param issuerEntityID EnitiyID, which should be used for this IDP response 
-	 * @param attrQuery AttributeQuery request from Service-Provider
-	 * @param attrList List of PVP response attributes
-	 * @param now Current time 
-	 * @param validTo ValidTo time of the assertion
-	 * @param qaaLevel QAA level of the authentication
-	 * @param sessionIndex SAML2 SessionIndex, which should be included	 * 
-	 * @return PVP 2.1 Assertion
-	 * @throws ConfigurationException
-	 */
-	public static Assertion buildAssertion(String issuerEntityID, AttributeQuery attrQuery,
-			List<Attribute> attrList, DateTime now, DateTime validTo, String qaaLevel, String sessionIndex) throws ConfigurationException {
-			
-		AuthnContextClassRef authnContextClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
-		authnContextClassRef.setAuthnContextClassRef(qaaLevel);
-		
-		NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
-		subjectNameID.setFormat(attrQuery.getSubject().getNameID().getFormat());
-		subjectNameID.setValue(attrQuery.getSubject().getNameID().getValue());
-		
-		SubjectConfirmationData subjectConfirmationData = null;
-		
-		return buildGenericAssertion(issuerEntityID, attrQuery.getIssuer().getValue(), now, 
-				authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex,
-				validTo);
-	}
-	
-	
-	/**
-	 * Build a PVP 2.1 assertion as response of a SAML2 AuthnRequest
-	 * 
-	 * @param issuerEntityID EnitiyID, which should be used for this IDP response 
-	 * @param pendingReq Current processed pendingRequest DAO
-	 * @param authnRequest Current processed PVP AuthnRequest
-	 * @param authData AuthenticationData of the user, which is already authenticated
-	 * @param peerEntity SAML2 EntityDescriptor of the service-provider, which receives the response
-	 * @param date TimeStamp
-	 * @param assertionConsumerService SAML2 endpoint of the service-provider, which should be used
-	 * @param sloInformation Single LogOut information DAO
-	 * @return
-	 * @throws MOAIDException
-	 */
-	public static Assertion buildAssertion(String issuerEntityID, PVPTargetConfiguration pendingReq, AuthnRequest authnRequest,
-			IAuthData authData, EntityDescriptor peerEntity, DateTime date, 
-			AssertionConsumerService assertionConsumerService, SLOInformationImpl sloInformation)
-			throws MOAIDException {
-
-		RequestedAuthnContext reqAuthnContext = authnRequest
-				.getRequestedAuthnContext();
-
-		AuthnContextClassRef authnContextClassRef = SAML2Utils
-				.createSAMLObject(AuthnContextClassRef.class);
-		
-		ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
-		
-		if (reqAuthnContext == null) {
-			 authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
-			
-		} else {
-
-			boolean eIDAS_qaa_found = false;
-	
-			List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
-					.getAuthnContextClassRefs();
-		
-			if (reqAuthnContextClassRefIt.size() == 0) {			 
-				QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), EAAFConstants.EIDAS_QAA_HIGH);
-			
-				eIDAS_qaa_found = true;
-				authnContextClassRef.setAuthnContextClassRef(EAAFConstants.EIDAS_QAA_HIGH);
-			 
-			} else {
-				for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
-					String qaa_uri = authnClassRef.getAuthnContextClassRef();
-					
-					if (qaa_uri.trim().startsWith(STORK_QAA_PREFIX)) {
-						Logger.debug("Find STORK QAA leven in AuthnRequest. Starting mapping to eIDAS level ... ");
-						qaa_uri = LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(qaa_uri.trim());
-						
-					}
-					
-					if (qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_HIGH)
-							|| qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_SUBSTANTIAL)
-							|| qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_LOW)) {
-					
-						 if (authData.isForeigner()) {
-							 QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), oaParam.getMinimumLevelOfAssurence());
-							 
-							 eIDAS_qaa_found = true;
-							 authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
-							 
-						 } else {
-							 
-							 QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), 
-									 qaa_uri.trim());
-							 
-							 eIDAS_qaa_found = true;
-							 authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
-							 							 
-						 }
-						 break;
-					 }
-				 }
-			 }
-	
-			if (!eIDAS_qaa_found)
-				throw new QAANotSupportedException(EAAFConstants.EIDAS_QAA_HIGH);
-				
-		}
-		
-
-
-		SPSSODescriptor spSSODescriptor = peerEntity
-				.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-				
-		//add Attributes to Assertion
-		List<Attribute> attrList = new ArrayList<Attribute>();
-		if (spSSODescriptor.getAttributeConsumingServices() != null && 
-				spSSODescriptor.getAttributeConsumingServices().size() > 0) {
-		
-			Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
-			int idx = 0;
-
-			AttributeConsumingService attributeConsumingService = null;						
-			if (aIdx != null) {
-				idx = aIdx.intValue();
-				attributeConsumingService = spSSODescriptor
-						.getAttributeConsumingServices().get(idx);
-				
-			} else {
-				List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
-				for (AttributeConsumingService el : attrConsumingServiceList) {
-					if (el.isDefault())
-						attributeConsumingService = el;
-				}				
-			}
-			
-			/* 
-			 * TODO: maybe use first AttributeConsumingService if no is selected 
-			 * in request or on service is marked as default
-			 * 
-			 */
-			if (attributeConsumingService == null ) {
-				List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
-				if (attrConsumingServiceList != null && !attrConsumingServiceList.isEmpty())
-					attributeConsumingService = attrConsumingServiceList.get(0);
-								
-			}
-			
-			
-			if (attributeConsumingService != null) {						
-				Iterator<RequestedAttribute> it = attributeConsumingService
-						.getRequestAttributes().iterator();
-				while (it.hasNext()) {
-					RequestedAttribute reqAttribut = it.next();
-					try {
-						Attribute attr = PVPAttributeBuilder.buildAttribute(
-								reqAttribut.getName(), oaParam, authData);
-						if (attr == null) {
-							if (reqAttribut.isRequired()) {
-								throw new UnprovideableAttributeException(
-										reqAttribut.getName());
-							}
-						} else {
-							attrList.add(attr);
-						}
-					
-					} catch (UnavailableAttributeException e) {
-						Logger.info(
-								"Attribute generation for "
-										+ reqAttribut.getFriendlyName() + " not possible.");
-						if (reqAttribut.isRequired()) {
-							throw new UnprovideableAttributeException(
-									reqAttribut.getName());
-						}
-						
-					
-					} catch (PVP2Exception e) {
-						Logger.info(
-								"Attribute generation failed! for "
-										+ reqAttribut.getFriendlyName());
-						if (reqAttribut.isRequired()) {
-							throw new UnprovideableAttributeException(
-									reqAttribut.getName());
-						}
-						
-					} catch (Exception e) {
-						Logger.warn(
-								"General Attribute generation failed! for "
-										+ reqAttribut.getFriendlyName(), e);
-						if (reqAttribut.isRequired()) {
-							throw new UnprovideableAttributeException(
-									reqAttribut.getName());
-						}
-						
-					}
-				}
-			}
-		}
-		
-		NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
-		
-		//build nameID and nameID Format from moasession
-		//TODO: nameID generation
-		if (authData instanceof IMOAAuthData && 
-				((IMOAAuthData)authData).isUseMandate()) {
-			String bpktype = null;
-			String bpk = null;
-			
-			Element mandate = ((IMOAAuthData)authData).getMandate();
-			if(mandate != null) {
-				Logger.debug("Read mandator bPK|baseID from full-mandate ... ");
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if(mandateObject == null) {
-					throw new NoMandateDataAvailableException();
-				}
-				CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
-				PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson();
-				
-				IdentificationType id;
-				if(corporation != null && corporation.getIdentification().size() > 0)
-					id = corporation.getIdentification().get(0);
-	
-					
-				else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0)
-					id = pysicalperson.getIdentification().get(0);
-					
-				else {
-					Logger.error("Failed to generate IdentificationType");
-					throw new NoMandateDataAvailableException();		
-				}
-			
-				bpktype = id.getType();
-				bpk = id.getValue().getValue();
-								
-			} else {
-				Logger.debug("Read mandator bPK|baseID from PVP attributes ... ");
-				bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME, String.class);
-				bpktype = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, String.class);				
-				
-				if (MiscUtil.isEmpty(bpk)) {
-					//no sourcePin is included --> search for bPK
-					bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_BPK_NAME, String.class);
-					
-					try {
-						if (bpk.contains(":"))
-							bpk = bpk.split(":")[1];
-						
-					} catch (Exception e) {
-						Logger.warn("Can not split bPK from mandator attribute!", e);
-						
-					}
-					
-					//set bPK-Type from configuration, because it MUST be equal to service-provider type
-					bpktype = oaParam.getAreaSpecificTargetIdentifier();
-										
-				} else {
-					//sourcePin is include --> check sourcePinType
-					if (MiscUtil.isEmpty(bpktype))
-						bpktype = Constants.URN_PREFIX_BASEID;
-					
-				}				
-			}
-			
-			if (MiscUtil.isEmpty(bpk) || MiscUtil.isEmpty(bpktype)) {
-				throw new NoMandateDataAvailableException();
-				
-			}
-			
-			if (bpktype.equals(Constants.URN_PREFIX_BASEID)) {				
-				Pair<String, String> calcbPK = new BPKBuilder().generateAreaSpecificPersonIdentifier(bpk, oaParam.getAreaSpecificTargetIdentifier());								
-				subjectNameID.setValue(calcbPK.getFirst());
-				subjectNameID.setNameQualifier(calcbPK.getSecond());
-				
-				
-			} else {
-				subjectNameID.setNameQualifier(bpktype);
-				subjectNameID.setValue(bpk);
-			}
-					
-		} else {
-			subjectNameID.setNameQualifier(authData.getBPKType());
-			subjectNameID.setValue(authData.getBPK());
-		}
-		
-		String nameIDFormat = NameID.TRANSIENT;
-		
-		//get NameIDFormat from request		
-		AuthnRequest authnReq = (AuthnRequestImpl) authnRequest;
-		if (authnReq.getNameIDPolicy() != null && 
-				MiscUtil.isNotEmpty(authnReq.getNameIDPolicy().getFormat())) {
-			nameIDFormat = authnReq.getNameIDPolicy().getFormat();
-			
-		} else {
-			//get NameIDFormat from metadata
-			List<NameIDFormat> metadataNameIDFormats = spSSODescriptor.getNameIDFormats();
-			
-			if (metadataNameIDFormats != null) {
-				
-				for (NameIDFormat el : metadataNameIDFormats) {
-					if (NameID.PERSISTENT.equals(el.getFormat())) {
-						nameIDFormat = NameID.PERSISTENT;
-						break;
-						
-					} else if (NameID.TRANSIENT.equals(el.getFormat()) ||
-							NameID.UNSPECIFIED.equals(el.getFormat()))
-						break;
-					
-				}				
-			}
-		}
-	
-		if (NameID.TRANSIENT.equals(nameIDFormat) || NameID.UNSPECIFIED.equals(nameIDFormat)) {
-			String random = Random.nextRandom();
-			String nameID = subjectNameID.getValue();
-			
-			try {
-				MessageDigest md = MessageDigest.getInstance("SHA-1");
-				byte[] hash = md.digest((nameID + random).getBytes("ISO-8859-1"));			
-				subjectNameID.setValue(Base64Utils.encode(hash));
-				subjectNameID.setNameQualifier(null);
-				subjectNameID.setFormat(NameID.TRANSIENT);
-				
-			} catch (Exception e) {
-				Logger.warn("PVP2 subjectNameID error", e);
-				throw new MOAIDException("pvp2.13", null, e);
-			}
-			
-		} else 
-			subjectNameID.setFormat(nameIDFormat);
-			
-
-		String sessionIndex = null;
-					
-		//if request is a reauthentication and NameIDFormat match reuse old session information
-		if (MiscUtil.isNotEmpty(authData.getNameID()) && 
-				MiscUtil.isNotEmpty(authData.getNameIDFormat()) && 
-				nameIDFormat.equals(authData.getNameIDFormat())) {
-			subjectNameID.setValue(authData.getNameID());
-			sessionIndex = authData.getSessionIndex();
-			
-		}
-		
-		//
-		if (MiscUtil.isEmpty(sessionIndex))
-			sessionIndex = SAML2Utils.getSecureIdentifier();
-									
-		SubjectConfirmationData subjectConfirmationData = SAML2Utils
-				.createSAMLObject(SubjectConfirmationData.class);
-		subjectConfirmationData.setInResponseTo(authnRequest.getID());
-		subjectConfirmationData.setNotOnOrAfter(new DateTime(authData.getSsoSessionValidTo().getTime()));
-//		subjectConfirmationData.setNotBefore(date);
-		
-		//set 'recipient' attribute in subjectConformationData 
-		subjectConfirmationData.setRecipient(assertionConsumerService.getLocation());
-		
-		//set IP address of the user machine as 'Address' attribute in subjectConformationData 
-		String usersIPAddress = pendingReq.getGenericData(
-				PVPTargetConfiguration.DATAID_REQUESTER_IP_ADDRESS, String.class);
-		if (MiscUtil.isNotEmpty(usersIPAddress))
-			subjectConfirmationData.setAddress(usersIPAddress);
-		
-		//set SLO information
-		sloInformation.setUserNameIdentifier(subjectNameID.getValue());
-		sloInformation.setNameIDFormat(subjectNameID.getFormat());
-		sloInformation.setSessionIndex(sessionIndex);
-		
-		return buildGenericAssertion(issuerEntityID, peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter());
-	}
-	
-	/**
-	 * 
-	 * @param issuer IDP EntityID
-	 * @param entityID Service Provider EntityID
-	 * @param date 
-	 * @param authnContextClassRef
-	 * @param attrList
-	 * @param subjectNameID
-	 * @param subjectConfirmationData
-	 * @param sessionIndex
-	 * @param isValidTo
-	 * @return
-	 * @throws ConfigurationException
-	 */
-	
-	public static Assertion buildGenericAssertion(String issuer, String entityID, DateTime date, 
-			AuthnContextClassRef authnContextClassRef, List<Attribute> attrList, 
-			NameID subjectNameID, SubjectConfirmationData subjectConfirmationData, 
-			String sessionIndex, DateTime isValidTo) throws ConfigurationException {
-		Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
-		
-		AuthnContext authnContext = SAML2Utils
-				.createSAMLObject(AuthnContext.class);
-		authnContext.setAuthnContextClassRef(authnContextClassRef);
-
-		AuthnStatement authnStatement = SAML2Utils
-				.createSAMLObject(AuthnStatement.class);
-		
-		authnStatement.setAuthnInstant(date);
-		authnStatement.setSessionIndex(sessionIndex);
-		authnStatement.setAuthnContext(authnContext);
-
-		assertion.getAuthnStatements().add(authnStatement);
-		
-		AttributeStatement attributeStatement = SAML2Utils
-				.createSAMLObject(AttributeStatement.class);		
-		attributeStatement.getAttributes().addAll(attrList);		
-		if (attributeStatement.getAttributes().size() > 0) {
-			assertion.getAttributeStatements().add(attributeStatement);
-		}
-		
-		Subject subject = SAML2Utils.createSAMLObject(Subject.class);
-		subject.setNameID(subjectNameID);
-		
-		SubjectConfirmation subjectConfirmation = SAML2Utils
-				.createSAMLObject(SubjectConfirmation.class);
-		subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
-		subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
-
-		subject.getSubjectConfirmations().add(subjectConfirmation);
-
-		Conditions conditions = SAML2Utils.createSAMLObject(Conditions.class);
-		AudienceRestriction audienceRestriction = SAML2Utils
-				.createSAMLObject(AudienceRestriction.class);
-		Audience audience = SAML2Utils.createSAMLObject(Audience.class);
-		
-		audience.setAudienceURI(entityID);
-		audienceRestriction.getAudiences().add(audience);
-		conditions.setNotBefore(date);		
-		conditions.setNotOnOrAfter(isValidTo);
-				
-		conditions.getAudienceRestrictions().add(audienceRestriction);
-
-		assertion.setConditions(conditions);
-
-		Issuer issuerObj = SAML2Utils.createSAMLObject(Issuer.class);
-				
-		if (issuer.endsWith("/"))
-			issuer = issuer.substring(0, issuer.length()-1);
-		issuerObj.setValue(issuer);
-		issuerObj.setFormat(NameID.ENTITY);
-		
-		assertion.setIssuer(issuerObj);
-		assertion.setSubject(subject);
-		assertion.setID(SAML2Utils.getSecureIdentifier());
-		assertion.setIssueInstant(date);
-		
-		return assertion;		
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
deleted file mode 100644
index 6ccacd6c8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
+++ /dev/null
@@ -1,88 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeValue;
-import org.opensaml.xml.Configuration;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.schema.XSInteger;
-import org.opensaml.xml.schema.XSString;
-import org.opensaml.xml.schema.impl.XSIntegerBuilder;
-import org.opensaml.xml.schema.impl.XSStringBuilder;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-
-public class SamlAttributeGenerator implements IAttributeGenerator<Attribute> {
-	
-	private XMLObject buildAttributeStringValue(String value) {
-		XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
-		XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
-		stringValue.setValue(value);
-		return stringValue;
-	}
-	
-	private XMLObject buildAttributeIntegerValue(int value) {
-		XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME);
-		XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
-		integerValue.setValue(value);
-		return integerValue;
-	}
-	
-	public Attribute buildStringAttribute(final String friendlyName, final String name, final String value) {
-		Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setName(name);
-		attribute.setNameFormat(Attribute.URI_REFERENCE);
-		attribute.getAttributeValues().add(buildAttributeStringValue(value));
-		return attribute;
-	}
-	
-	public Attribute buildIntegerAttribute(final String friendlyName, final String name, final int value) {
-		Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setName(name);
-		attribute.setNameFormat(Attribute.URI_REFERENCE);
-		attribute.getAttributeValues().add(buildAttributeIntegerValue(value));
-		return attribute;
-	}
-	
-	public Attribute buildEmptyAttribute(final String friendlyName, final String name) {
-		Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setName(name);
-		attribute.setNameFormat(Attribute.URI_REFERENCE);
-		return attribute;
-	}
-
-	public Attribute buildLongAttribute(String friendlyName, String name, long value) {
-		Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setName(name);
-		attribute.setNameFormat(Attribute.URI_REFERENCE);
-		attribute.getAttributeValues().add(buildAttributeIntegerValue((int) value));
-		return attribute;
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
index c0fb5bf5b..d4c94e5c5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
@@ -32,11 +32,12 @@ import org.opensaml.saml2.metadata.Organization;
 import org.opensaml.saml2.metadata.RequestedAttribute;
 import org.opensaml.xml.security.credential.Credential;
 
+import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -48,16 +49,18 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
 	private static final int VALIDUNTIL_IN_HOURS = 24;
 	
 	private String authURL;
-	private IDPCredentialProvider credentialProvider;
+	private AbstractCredentialProvider credentialProvider;
+	private PVPConfiguration pvpBasicConfiguration;
 	
-	public IDPPVPMetadataConfiguration(String authURL, IDPCredentialProvider credentialProvider) {
+	public IDPPVPMetadataConfiguration(String authURL, AbstractCredentialProvider pvpIDPCredentials, PVPConfiguration pvpBasicConfiguration) {
 		this.authURL = authURL;
-		this.credentialProvider = credentialProvider;
+		this.credentialProvider = pvpIDPCredentials;
+		this.pvpBasicConfiguration = pvpBasicConfiguration;
 				
 	}
 	
 	public String getDefaultActionName() {
-		return (PVP2XProtocol.METADATA);
+		return (PVPConstants.METADATA);
 	}
 
 	/* (non-Javadoc)
@@ -98,7 +101,7 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
 	@Override
 	public String getEntityID() {
 		try {
-			return PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL);
+			return pvpBasicConfiguration.getIDPSSOMetadataService(authURL);
 		
 		} catch (ConfigurationException e) {
 			Logger.error("Can not load Metadata entry: EntityID", e);
@@ -113,7 +116,7 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
 	@Override
 	public String getEntityFriendlyName() {
 		try {
-			return PVPConfiguration.getInstance().getIDPIssuerName();
+			return pvpBasicConfiguration.getIDPIssuerName();
 			
 		} catch (ConfigurationException e) {
 			Logger.error("Can not load Metadata entry: EntityID friendlyName.", e);
@@ -129,7 +132,7 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
 	@Override
 	public List<ContactPerson> getContactPersonInformation() {
 		try {
-			return PVPConfiguration.getInstance().getIDPContacts();
+			return pvpBasicConfiguration.getIDPContacts();
 			
 		} catch (ConfigurationException e) {
 			Logger.warn("Can not load Metadata entry: Contect Person", e);
@@ -145,7 +148,7 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
 	@Override
 	public Organization getOrgansiationInformation() {
 		try {
-			return PVPConfiguration.getInstance().getIDPOrganisation();
+			return pvpBasicConfiguration.getIDPOrganisation();
 			
 		} catch (ConfigurationException e) {
 			Logger.warn("Can not load Metadata entry: Organisation", e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java
deleted file mode 100644
index 814a2387d..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.config;
-
-import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.xml.security.credential.Credential;
-import org.w3c.dom.Element;
-
-/**
- * @author tlenz
- *
- */
-public interface IPVPAuthnRequestBuilderConfiguruation {
-
-	/**
-	 * Defines a unique name for this PVP Service-provider, which is used for logging
-	 * 
-	 * @return
-	 */
-	public String getSPNameForLogging();
-	
-	/**
-	 * If true, the SAML2 isPassive flag is set in the AuthnRequest
-	 * 
-	 * @return
-	 */
-	public Boolean isPassivRequest();
-
-	/**
-	 * Define the ID of the AssertionConsumerService, 
-	 * which defines the required attributes in service-provider metadata.
-	 * 
-	 * @return
-	 */
-	public Integer getAssertionConsumerServiceId();
-
-	/**
-	 * Define the SAML2 EntityID of the service provider.
-	 * 
-	 * @return
-	 */
-	public String getSPEntityID();
-
-	/**
-	 * Define the SAML2 NameIDPolicy
-	 * 
-	 * @return Service-Provider EntityID, but never null
-	 */
-	public String getNameIDPolicyFormat();
-
-	/**
-	 * Define the AuthnContextClassRefernece of this request
-	 * 
-	 * Example: 
-	 * 			http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3 
-	 * 			http://www.stork.gov.eu/1.0/citizenQAALevel/4
-	 *          
-	 * 
-	 * @return
-	 */
-	public String getAuthnContextClassRef();
-
-	/**
-	 * Define the AuthnContextComparison model, which should be used
-	 * 
-	 * @return
-	 */
-	public AuthnContextComparisonTypeEnumeration getAuthnContextComparison();
-	
-	
-	/**
-	 * Define the credential, which should be used to sign the AuthnRequest
-	 * 
-	 * @return
-	 */
-	public Credential getAuthnRequestSigningCredential();
-	
-	
-	/**
-	 * Define the SAML2 EntityDescriptor of the IDP, which should receive the AuthnRequest
-	 * 
-	 * @return Credential, but never null.
-	 */
-	public EntityDescriptor getIDPEntityDescriptor();
-
-	/**
-	 * Set the SAML2 NameIDPolicy allow-creation flag
-	 * 
-	 * @return EntityDescriptor, but never null.
-	 */
-	public boolean getNameIDPolicyAllowCreation();
-
-	
-	/**
-	 * Set the requested SubjectNameID
-	 * 
-	 * @return SubjectNameID, or null if no SubjectNameID should be used
-	 */
-	public String getSubjectNameID();
-
-	/**
-	 * Define the qualifier of the <code>SubjectNameID</code>
-	 * <br><br>
-	 * Like: 'urn:publicid:gv.at:cdid+BF'
-	 * 
-	 * @return qualifier, or null if no qualifier should be set
-	 */
-	public String getSubjectNameIDQualifier();
-	
-	/**
-	 * Define the format of the subjectNameID, which is included in authn-request
-	 * 
-	 * 
-	 * @return nameIDFormat, of SAML2 'transient' if nothing is defined
-	 */
-	public String getSubjectNameIDFormat();
-
-	/**
-	 * Define a SP specific SAML2 requestID
-	 * 
-	 * @return requestID, or null if the requestID should be generated automatically
-	 */
-	public String getRequestID();
-
-	/**
-	 * Defines the 'method' attribute in 'SubjectConformation' element 
-	 * 
-	 * @return method, or null if no method should set
-	 */
-	public String getSubjectConformationMethode();
-
-	/**
-	 * Define the information, which should be added as 'subjectConformationDate' 
-	 * in 'SubjectConformation' element 
-	 * 
-	 * @return subjectConformation information or null if no subjectConformation should be set
-	 */
-	public Element getSubjectConformationDate();
-
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java
deleted file mode 100644
index 3a8404cae..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java
+++ /dev/null
@@ -1,238 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.config;
-
-import java.util.List;
-
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.metadata.ContactPerson;
-import org.opensaml.saml2.metadata.Organization;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.xml.security.credential.Credential;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-
-/**
- * @author tlenz
- *
- */
-public interface IPVPMetadataBuilderConfiguration {
-
-	
-	/**
-	 * Defines a unique name for this PVP Service-provider, which is used for logging
-	 * 
-	 * @return
-	 */
-	public String getSPNameForLogging();
-	
-	/**
-	 * Set metadata valid area
-	 * 
-	 * @return valid until in hours [h]
-	 */
-	public int getMetadataValidUntil();
-	
-	/**
-	 * Build a SAML2 Entities element as metadata root element
-	 * 
-	 * @return true, if the metadata should start with entities element 
-	 */
-	public boolean buildEntitiesDescriptorAsRootElement();
-	
-	/**
-	 * 
-	 * 
-	 * @return true, if an IDP SSO-descriptor element should be generated 
-	 */
-	public boolean buildIDPSSODescriptor();
-	
-	/**
-	 * 
-	 * 
-	 * @return true, if an SP SSO-descriptor element should be generated 
-	 */
-	public boolean buildSPSSODescriptor();
-	
-	/**
-	 * Set the PVP entityID for this SAML2 metadata.
-	 * The entityID must be an URL and must be start with the public-URL prefix of the server
-	 * 
-	 * @return PVP entityID postfix as String
-	 */
-	public String getEntityID();
-	
-	/**
-	 * Set a friendlyName for this PVP entity
-	 * 
-	 * @return 
-	 */
-	public String getEntityFriendlyName();
-	
-	/**
-	 * Set the contact information for this metadata entity
-	 * 
-	 * @return
-	 */
-	public List<ContactPerson> getContactPersonInformation();
-	
-	/**
-	 * Set organisation information for this metadata entity
-	 * 
-	 * @return
-	 */
-	public Organization getOrgansiationInformation();
-	
-
-	/**
-	 * Set the credential for metadata signing
-	 * 
-	 * @return
-	 * @throws CredentialsNotAvailableException 
-	 */
-	public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException;
-	
-	/**
-	 * Set the credential for request/response signing
-	 * IDP metadata: this credential is used for SAML2 response signing
-	 * SP metadata: this credential is used for SAML2 response signing
-	 * 
-	 * @return
-	 * @throws CredentialsNotAvailableException 
-	 */
-	public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException;
-	
-	/**
-	 * Set the credential for response encryption
-	 * 
-	 * @return
-	 * @throws CredentialsNotAvailableException 
-	 */
-	public Credential getEncryptionCredentials() throws CredentialsNotAvailableException;
-	
-	/**
-	 * Set the IDP Post-Binding URL for WebSSO 
-	 * 
-	 * @return
-	 */
-	public String getIDPWebSSOPostBindingURL();
-	
-	/**
-	 * Set the IDP Redirect-Binding URL for WebSSO 
-	 * 
-	 * @return
-	 */
-	public String getIDPWebSSORedirectBindingURL();
-	
-	/**
-	 * Set the IDP Post-Binding URL for Single LogOut 
-	 * 
-	 * @return
-	 */
-	public String getIDPSLOPostBindingURL();
-	
-	/**
-	 * Set the IDP Redirect-Binding URL for Single LogOut 
-	 * 
-	 * @return
-	 */
-	public String getIDPSLORedirectBindingURL();
-	
-	/**
-	 * Set the SP Post-Binding URL for for the Assertion-Consumer Service
-	 * 
-	 * @return
-	 */
-	public String getSPAssertionConsumerServicePostBindingURL();
-	
-	/**
-	 * Set the SP Redirect-Binding URL for the Assertion-Consumer Service 
-	 * 
-	 * @return
-	 */
-	public String getSPAssertionConsumerServiceRedirectBindingURL();
-	
-	/**
-	 * Set the SP Post-Binding URL for Single LogOut 
-	 * 
-	 * @return
-	 */
-	public String getSPSLOPostBindingURL();
-	
-	/**
-	 * Set the SP Redirect-Binding URL for Single LogOut 
-	 * 
-	 * @return
-	 */
-	public String getSPSLORedirectBindingURL();
-	
-	/**
-	 * Set the SP SOAP-Binding URL for Single LogOut 
-	 * 
-	 * @return
-	 */
-	public String getSPSLOSOAPBindingURL();
-	
-	
-	/**
-	 * Set all SAML2 attributes which could be provided by this IDP
-	 * 
-	 * @return
-	 */
-	public List<Attribute> getIDPPossibleAttributes();
-	
-	/**
-	 * Set all nameID types which could be provided by this IDP
-	 * 
-	 * @return a List of SAML2 nameID types
-	 */
-	public List<String> getIDPPossibleNameITTypes();
-	
-	/**
-	 * Set all SAML2 attributes which are required by the SP
-	 * 
-	 * @return
-	 */
-	public List<RequestedAttribute> getSPRequiredAttributes();
-	
-	/**
-	 * Set all nameID types which allowed from the SP
-	 * 
-	 * @return a List of SAML2 nameID types
-	 */
-	public List<String> getSPAllowedNameITTypes();
-	
-	/**
-	 * Set the 'wantAssertionSigned' attribute in SP metadata
-	 * 
-	 * @return
-	 */
-	public boolean wantAssertionSigned();
-	
-	/**
-	 * Set the 'wantAuthnRequestSigned' attribute
-	 * 
-	 * @return
-	 */
-	public boolean wantAuthnRequestSigned();
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
deleted file mode 100644
index b731e2a95..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.config;
-
-import org.opensaml.Configuration;
-import org.opensaml.DefaultBootstrap;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.saml2.binding.encoding.BaseSAML2MessageEncoder;
-import org.opensaml.xml.ConfigurationException;
-
-/**
- * @author tlenz
- *
- */
-public class MOADefaultBootstrap extends DefaultBootstrap {
-
-    public static synchronized void bootstrap() throws ConfigurationException {
-
-        initializeXMLSecurity();
-
-        initializeXMLTooling();
-
-        initializeArtifactBuilderFactories();
-
-        initializeGlobalSecurityConfiguration();
-        
-        initializeParserPool();
-        
-        initializeESAPI();
-        
-    }
-  
-    public static void initializeDefaultPVPConfiguration() {
-    	initializeGlobalSecurityConfiguration();
-    	
-    }
-    
-    /**
-     * Initializes the default global security configuration.
-     */
-    protected static void initializeGlobalSecurityConfiguration() {
-        Configuration.setGlobalSecurityConfiguration(MOADefaultSecurityConfigurationBootstrap.buildDefaultConfig());
-    }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java
deleted file mode 100644
index f878b95d3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java
+++ /dev/null
@@ -1,152 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.config;
-
-import org.opensaml.xml.encryption.EncryptionConstants;
-import org.opensaml.xml.security.BasicSecurityConfiguration;
-import org.opensaml.xml.security.DefaultSecurityConfigurationBootstrap;
-import org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory;
-import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorManager;
-import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
-import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
-import org.opensaml.xml.signature.SignatureConstants;
-
-/**
- * @author tlenz
- *
- */
-public class MOADefaultSecurityConfigurationBootstrap extends
-		DefaultSecurityConfigurationBootstrap {
-	
-	public static BasicSecurityConfiguration buildDefaultConfig() {
-		BasicSecurityConfiguration config = new BasicSecurityConfiguration();
-
-		populateSignatureParams(config);
-		populateEncryptionParams(config);
-		populateKeyInfoCredentialResolverParams(config);
-		populateKeyInfoGeneratorManager(config);
-		populateKeyParams(config);
-
-		return config;
-	}
-
-	protected static void populateKeyInfoGeneratorManager(
-			BasicSecurityConfiguration config) {
-		NamedKeyInfoGeneratorManager namedManager = new NamedKeyInfoGeneratorManager();
-		config.setKeyInfoGeneratorManager(namedManager);
-
-		namedManager.setUseDefaultManager(true);
-		KeyInfoGeneratorManager defaultManager = namedManager
-				.getDefaultManager();
-
-		BasicKeyInfoGeneratorFactory basicFactory = new BasicKeyInfoGeneratorFactory();
-		basicFactory.setEmitPublicKeyValue(true);
-
-		X509KeyInfoGeneratorFactory x509Factory = new X509KeyInfoGeneratorFactory();
-		x509Factory.setEmitEntityCertificate(true);
-
-		defaultManager.registerFactory(basicFactory);
-		defaultManager.registerFactory(x509Factory);
-	}
-	
-	protected static void populateSignatureParams(
-			BasicSecurityConfiguration config) {
-		
-		//use SHA256 instead of SHA1
-		config.registerSignatureAlgorithmURI("RSA",
-				SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
-	
-		config.registerSignatureAlgorithmURI("DSA",
-				"http://www.w3.org/2000/09/xmldsig#dsa-sha1");
-		
-		//use SHA256 instead of SHA1
-		config.registerSignatureAlgorithmURI("EC",
-				SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256);
-
-		//use SHA256 instead of SHA1
-		config.registerSignatureAlgorithmURI("AES",
-				SignatureConstants.ALGO_ID_MAC_HMAC_SHA256);
-		
-		
-		config.registerSignatureAlgorithmURI("DESede",
-				SignatureConstants.ALGO_ID_MAC_HMAC_SHA256);
-
-		config.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
-		config.setSignatureHMACOutputLength(null);
-		
-		//use SHA256 instead of SHA1
-		config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256);
-	}
-
-	protected static void populateEncryptionParams(
-			BasicSecurityConfiguration config) {
-		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128),
-				"http://www.w3.org/2001/04/xmlenc#aes128-cbc");
-		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192),
-				"http://www.w3.org/2001/04/xmlenc#aes192-cbc");
-		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256),
-				"http://www.w3.org/2001/04/xmlenc#aes256-cbc");
-		
-		//support GCM mode
-		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128), 
-				EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM);
-		
-		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192), 
-				EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192_GCM);
-		
-		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256), 
-				EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM);
-		
-		
-		config.registerDataEncryptionAlgorithmURI("DESede",
-				Integer.valueOf(168),
-				"http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
-		config.registerDataEncryptionAlgorithmURI("DESede",
-				Integer.valueOf(192),
-				"http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
-
-		config.registerKeyTransportEncryptionAlgorithmURI("RSA", null, "AES",
-				"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
-		
-		config.registerKeyTransportEncryptionAlgorithmURI("RSA", null,
-				"DESede", "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
-
-		config.registerKeyTransportEncryptionAlgorithmURI("AES",
-				Integer.valueOf(128), null,
-				"http://www.w3.org/2001/04/xmlenc#kw-aes128");
-		config.registerKeyTransportEncryptionAlgorithmURI("AES",
-				Integer.valueOf(192), null,
-				"http://www.w3.org/2001/04/xmlenc#kw-aes192");
-		config.registerKeyTransportEncryptionAlgorithmURI("AES",
-				Integer.valueOf(256), null,
-				"http://www.w3.org/2001/04/xmlenc#kw-aes256");
-		config.registerKeyTransportEncryptionAlgorithmURI("DESede",
-				Integer.valueOf(168), null,
-				"http://www.w3.org/2001/04/xmlenc#kw-tripledes");
-		config.registerKeyTransportEncryptionAlgorithmURI("DESede",
-				Integer.valueOf(192), null,
-				"http://www.w3.org/2001/04/xmlenc#kw-tripledes");
-
-		config.setAutoGeneratedDataEncryptionKeyAlgorithmURI("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOAPVPMetadataConfigurationFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOAPVPMetadataConfigurationFactory.java
new file mode 100644
index 000000000..54940a9d3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOAPVPMetadataConfigurationFactory.java
@@ -0,0 +1,21 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataConfigurationFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
+
+@Service("MOAPVPMetadataConfigurationFactory")
+public class MOAPVPMetadataConfigurationFactory implements IPVPMetadataConfigurationFactory {
+
+	@Autowired(required=true) PVPConfiguration pvpBasicConfiguration;
+	
+	@Override
+	public IPVPMetadataBuilderConfiguration generateMetadataBuilderConfiguration(String authURL,
+			AbstractCredentialProvider pvpIDPCredentials) {
+			return new IDPPVPMetadataConfiguration(authURL, pvpIDPCredentials, pvpBasicConfiguration);
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index 81eca3765..5f39af7a4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -22,9 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x.config;
 
-import java.io.IOException;
 import java.net.URL;
-import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@@ -43,29 +41,19 @@ import org.opensaml.saml2.metadata.OrganizationName;
 import org.opensaml.saml2.metadata.OrganizationURL;
 import org.opensaml.saml2.metadata.SurName;
 import org.opensaml.saml2.metadata.TelephoneNumber;
+import org.springframework.stereotype.Service;
 
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
-import iaik.x509.X509Certificate;
 
-public class PVPConfiguration {
+@Service("MOAPVP2Configuration")
+public class PVPConfiguration implements IPVP2BasicConfiguration {
 	
-	private static PVPConfiguration instance;
-
-	public static PVPConfiguration getInstance() {
-		if (instance == null) {
-			instance = new PVPConfiguration();
-		}
-		return instance;
-	}
-
 	public static final String PVP2_METADATA = 	"/pvp2/metadata";
 	public static final String PVP2_IDP_REDIRECT = 	"/pvp2/redirect";
 	public static final String PVP2_IDP_POST = 		"/pvp2/post";
@@ -90,22 +78,7 @@ public class PVPConfiguration {
 	public static final String IDP_CONTACT_PHONE = "phone";	
 	
 	private static String moaIDVersion = null;
-	
-	//PVP2 generalpvpconfigdb;
-	//Properties props;
-	//String rootDir = null;
-	
-	private PVPConfiguration() {
-//		 try {
-//			//generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig();
-//			//props = AuthConfigurationProviderFactory.getInstance().getGeneralPVP2ProperiesConfig();
-//			//rootDir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir();				
-//						
-//		} catch (ConfigurationException e) {
-//			e.printStackTrace();
-//		}
-	}
-	
+		
 	public List<String> getIDPPublicPath() throws ConfigurationException {
 		List<String> publicPath = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
 		List<String> returnvalue = new ArrayList<String>();
@@ -144,6 +117,12 @@ public class PVPConfiguration {
 		return publicURLPrefix + PVP2_METADATA;
 	}
 	
+	@Override
+	public String getIDPEntityId(String authURL) throws ConfigurationException {
+		return getIDPSSOMetadataService(authURL);
+		
+	}
+	
 	public String getIDPIssuerName() throws ConfigurationException {
 		
 		if (moaIDVersion == null) {
@@ -153,47 +132,6 @@ public class PVPConfiguration {
 		return AuthConfigurationProviderFactory.getInstance().getConfigurationWithKey(
 				MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_SERVICENAMME) + moaIDVersion;
 	}
-	
-	public iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) {
-				
-		try {
-			Logger.trace("Load metadata signing certificate for online application " + entityID);
-			ISPConfiguration  oaParam = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);		
-			if (oaParam == null) {
-				Logger.info("Online Application with ID " + entityID + " not found!");
-				return null;
-			}
-		
-			String pvp2MetadataCertificateString = 
-					oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);		 
-			if (MiscUtil.isEmpty(pvp2MetadataCertificateString)) {
-				Logger.info("Online Application with ID " + entityID + " include not PVP2X metadata signing certificate!");
-				return null;
-				
-			}	
-			
-			X509Certificate cert = new X509Certificate(Base64Utils.decode(pvp2MetadataCertificateString, false));
-			Logger.debug("Metadata signing certificate is loaded for ("+entityID+") is loaded.");
-			return cert;
-			
-		} catch (CertificateException e) {
-			Logger.warn("Metadata signer certificate is not parsed.", e);
-			return null;
-			
-		} catch (ConfigurationException e) {
-			Logger.error("Configuration is not accessable.", e);
-			return null;
-			
-		} catch (IOException e) {
-			Logger.warn("Metadata signer certificate is not decodeable.", e);
-			return null;
-			
-		} catch (EAAFConfigurationException e) {
-			Logger.error("Configuration is not accessable.", e);
-			return null;
-			
-		}
-	}
 
 	public List<ContactPerson> getIDPContacts() throws ConfigurationException {
 		List<ContactPerson> list = new ArrayList<ContactPerson>();
@@ -356,4 +294,5 @@ public class PVPConfiguration {
 		
 		
 	}
+
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java
deleted file mode 100644
index 69ca4e8f5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class AssertionAttributeExtractorExeption extends PVP2Exception {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -6459000942830951492L;
-
-	public AssertionAttributeExtractorExeption(String attributeName) {
-		super("Parse PVP2.1 assertion FAILED: Attribute " + attributeName 
-				+ " can not extract.", null);
-	}
-	
-	public AssertionAttributeExtractorExeption(String messageId,
-			Object[] parameters) {
-		super(messageId, parameters);
-	}
-
-	public AssertionAttributeExtractorExeption() {
-		super("Parse PVP2.1 assertion FAILED. Interfederation not possible", null); 
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java
deleted file mode 100644
index 1e029f567..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-
-/**
- * @author tlenz
- *
- */
-public class AssertionValidationExeption extends PVP2Exception {
-
-	private static final long serialVersionUID = -3987805399122286259L;
-
-	public AssertionValidationExeption(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-	}
-
-	/**
-	 * @param string
-	 * @param object
-	 * @param e
-	 */
-	public AssertionValidationExeption(String string, Object[] parameters,
-			Throwable e) {
-		super(string, parameters, e);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java
deleted file mode 100644
index 9008a7183..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class AttributQueryException extends PVP2Exception {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -4302422507173728748L;
-
-	public AttributQueryException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-	}
-	
-	public AttributQueryException(String messageId, Object[] parameters, Throwable e) {
-		super(messageId, parameters, e);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestBuildException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestBuildException.java
deleted file mode 100644
index eebaf6c9e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestBuildException.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class AuthnRequestBuildException extends PVP2Exception {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -1375451065455859354L;
-
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public AuthnRequestBuildException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-	}
-
-	public AuthnRequestBuildException(String messageId, Object[] parameters, Throwable e) {
-		super(messageId, parameters, e);
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnResponseValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnResponseValidationException.java
deleted file mode 100644
index 957f9af1d..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnResponseValidationException.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class AuthnResponseValidationException extends PVP2Exception {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 8023812861029406575L;
-
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public AuthnResponseValidationException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-	}
-	
-	public AuthnResponseValidationException(String messageId, Object[] parameters, Throwable e) {
-		super(messageId, parameters, e);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java
deleted file mode 100644
index 9f4c7fed3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class BindingNotSupportedException extends PVP2Exception {
-
-	public BindingNotSupportedException(String binding) {
-		super("pvp2.11", new Object[] {binding});
-		this.statusCodeValue = StatusCode.UNSUPPORTED_BINDING_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -7227603941387879360L;
-
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
deleted file mode 100644
index 392569366..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class InvalidAssertionConsumerServiceException extends PVP2Exception {
-
-	public InvalidAssertionConsumerServiceException(int idx) {
-		super("pvp2.00", new Object[]{idx});
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-	}
-
-	/**
-	 * 
-	 */
-	public InvalidAssertionConsumerServiceException(String wrongURL) {
-		super("pvp2.23", new Object[]{wrongURL});
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-		
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 7861790149343943091L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java
deleted file mode 100644
index b49070bd6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class InvalidAssertionEncryptionException extends PVP2Exception {
-
-	private static final long serialVersionUID = 6513388841485355549L;
-
-	public InvalidAssertionEncryptionException() {
-		super("pvp2.16", new Object[]{});
-		this.statusCodeValue = StatusCode.RESPONDER_URI;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
deleted file mode 100644
index 252539bf5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class InvalidDateFormatException extends PVP2Exception {
-
-	public InvalidDateFormatException() {
-		super("pvp2.02", null);
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -6867976890237846085L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
index 15a0ccf72..0e48dfbd6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
@@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
 
 import org.opensaml.saml2.core.StatusCode;
 
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+
 public class MandateAttributesNotHandleAbleException extends PVP2Exception {
 
 	public MandateAttributesNotHandleAbleException() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java
index 204e1c2a5..94e1874a5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java
@@ -22,6 +22,8 @@
  */
 package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
 
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+
 /**
  * @author tlenz
  *
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
deleted file mode 100644
index c82e6bdf1..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
-
-public class NameIDFormatNotSupportedException extends AuthnRequestValidatorException {
-
-	public NameIDFormatNotSupportedException(String nameIDFormat) {
-		super("pvp2.12", new Object[] {nameIDFormat}, "NameID format not supported");
-		statusCodeValue = StatusCode.INVALID_NAMEID_POLICY_URI;
-
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -2270762519437873336L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
index 333ef9765..58c2a032d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
@@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
 
 import org.opensaml.saml2.core.StatusCode;
 
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+
 public class NoCredentialsException extends PVP2Exception {
 
 	public static final String MOA_IDP_TARGET = "MOA-ID";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
index ce80ac5cb..821813b69 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
@@ -22,6 +22,8 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
 
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+
 public class NoMandateDataAvailableException  extends PVP2Exception {
 
 	public NoMandateDataAvailableException() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java
deleted file mode 100644
index 50a1af6ad..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class NoMetadataInformationException extends PVP2Exception {
-
-	public NoMetadataInformationException() {
-		super("pvp2.15", null);
-		this.statusCodeValue = StatusCode.UNKNOWN_PRINCIPAL_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -4608068445208032193L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
deleted file mode 100644
index 00fb97151..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-public abstract class PVP2Exception extends MOAIDException {
-
-	protected String statusCodeValue = StatusCode.RESPONDER_URI;
-	protected String statusMessageValue = null;
-	
-	public PVP2Exception(String messageId, Object[] parameters,
-			Throwable wrapped) {
-		super(messageId, parameters, wrapped);
-		this.statusMessageValue = this.getMessage();
-	}
-
-	public PVP2Exception(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-		this.statusMessageValue = this.getMessage();
-	}
-	
-	
-	public String getStatusCodeValue() {
-		return (this.statusCodeValue);
-	}
-	
-	public String getStatusMessageValue() {
-		return (this.statusMessageValue);
-	}
-	
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 7669537952484421069L;
-
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotAllowedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotAllowedException.java
deleted file mode 100644
index 63f42cbe5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotAllowedException.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-
-public class QAANotAllowedException extends PVP2Exception {
-
-	public QAANotAllowedException(String qaa_auth, String qaa_request) {
-		super("pvp2.17", new Object[] {qaa_auth, qaa_request});
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -3964192953884089323L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java
deleted file mode 100644
index fdf1063c0..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-
-public class QAANotSupportedException extends PVP2Exception {
-
-	public QAANotSupportedException(String qaa) {
-		super("pvp2.05", new Object[] {qaa});
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -3964192953884089323L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java
deleted file mode 100644
index 8f12f3cce..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class RequestDeniedException extends PVP2Exception {
-
-	public RequestDeniedException() {
-		super("pvp2.14", null);
-		this.statusCodeValue = StatusCode.REQUEST_DENIED_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 4415896615794730553L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java
deleted file mode 100644
index fe921f8b5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class ResponderErrorException extends PVP2Exception {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -425416760138285446L;
-
-	public ResponderErrorException(String messageId, Object[] parameters,
-			Throwable wrapped) {
-		super(messageId, parameters, wrapped);
-		this.statusCodeValue = StatusCode.RESPONDER_URI;
-	}
-	
-	public ResponderErrorException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-		this.statusCodeValue = StatusCode.RESPONDER_URI;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
deleted file mode 100644
index 65def4602..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class SAMLRequestNotSignedException extends PVP2Exception {
-
-	public SAMLRequestNotSignedException() {
-		super("pvp2.07", null);
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-	}
-	
-	public SAMLRequestNotSignedException(Throwable e) {
-		super("pvp2.07", null, e);
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 1L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
deleted file mode 100644
index 8a386c951..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-
-public class SAMLRequestNotSupported extends PVP2Exception {
-
-	public SAMLRequestNotSupported() {
-		super("pvp2.09", null);
-		this.statusCodeValue = StatusCode.REQUEST_UNSUPPORTED_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 1244883178458802767L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java
deleted file mode 100644
index 9f1b6168e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class SLOException extends PVP2Exception {
-	private static final long serialVersionUID = -5284624715788385022L;
-
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public SLOException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-		// TODO Auto-generated constructor stub
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java
deleted file mode 100644
index fc4ed1f28..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class SchemaValidationException extends PVP2Exception {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public SchemaValidationException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-	}
-	
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public SchemaValidationException(String messageId, Object[] parameters, Throwable e) {
-		super(messageId, parameters, e);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
deleted file mode 100644
index a8bfe1070..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class UnprovideableAttributeException extends PVP2Exception {
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 3972197758163647157L;
-
-	public UnprovideableAttributeException(String attributeName) {
-		super("pvp2.10", new Object[] {attributeName});
-		this.statusCodeValue = StatusCode.UNKNOWN_ATTR_PROFILE_URI;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java
deleted file mode 100644
index 8da5edeed..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter;
-
-import org.opensaml.saml2.metadata.provider.FilterException;
-
-/**
- * @author tlenz
- *
- */
-public class SchemaValidationException extends FilterException {
-
-	/**
-	 * @param string
-	 */
-	public SchemaValidationException(String string) {
-		super(string);
-		
-	}
-
-	private static final long serialVersionUID = 1L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java
deleted file mode 100644
index 86a6a777b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter;
-
-import org.opensaml.saml2.metadata.provider.FilterException;
-
-/**
- * @author tlenz
- *
- */
-public class SignatureValidationException extends FilterException {
-
-	/**
-	 * @param string
-	 */
-	public SignatureValidationException(String string) {
-		super(string);
-		
-	}
-
-	/**
-	 * @param e
-	 */
-	public SignatureValidationException(Exception e) {
-		super(e);
-	}
-
-	/**
-	 * @param string
-	 * @param object
-	 */
-	public SignatureValidationException(String string, Exception e) {
-		super(string, e);
-	}
-
-	private static final long serialVersionUID = 1L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html
deleted file mode 100644
index 5ae76ed96..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html
+++ /dev/null
@@ -1,851 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
-
-<!-- MOA-ID 2.x BKUSelection Layout CSS -->
-<style type="text/css">
-@media screen and (min-width: 650px) {
-	body {
-		margin: 0;
-		padding: 0;
-		color: #000;
-		background-color: #fff;
-		text-align: center;
-		background-color: #6B7B8B;
-	}
-	#localBKU p {
-		font-size: 0.7em;
-	}
-	#localBKU input {
-		font-size: 0.7em;
-		/*border-radius: 5px;*/
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.85em;
-		/*border-radius: 7px;*/
-		margin-bottom: 25px;
-		min-width: 80px;
-	}
-	#mandateLogin {
-		font-size: 0.85em;
-	}
-	#bku_header h2 {
-		font-size: 0.8em;
-	}
-	#page {
-		display: block;
-		border: 2px solid rgb(0, 0, 0);
-		width: 650px;
-		height: 440px;
-		margin: 0 auto;
-		margin-top: 5%;
-		position: relative;
-		border-radius: 25px;
-		background: rgb(255, 255, 255);
-	}
-	#page1 {
-		text-align: center;
-	}
-	#main {
-		/*	clear:both; */
-		position: relative;
-		margin: 0 auto;
-		width: 250px;
-		text-align: center;
-	}
-	.OA_header {
-		/*	  background-color: white;*/
-		font-size: 20pt;
-		margin-bottom: 25px;
-		margin-top: 25px;
-	}
-	#leftcontent {
-		/*float:left; */
-		width: 250px;
-		margin-bottom: 25px;
-		text-align: left;
-		border: 1px solid rgb(0, 0, 0);
-	}
-	#selectArea {
-		font-size: 15px;
-		padding-bottom: 65px;
-	}
-	#leftcontent {
-		width: 300px;
-		margin-top: 30px;
-	}
-	#bku_header {
-		height: 5%;
-		padding-bottom: 3px;
-		padding-top: 3px;
-	}
-	#bkulogin {
-		overflow: hidden;
-		min-width: 190px;
-		min-height: 180px;
-		/*height: 260px;*/
-	}
-	h2#tabheader {
-		font-size: 1.1em;
-		padding-left: 2%;
-		padding-right: 2%;
-		position: relative;
-	}
-	.setAssertionButton_full {
-		background: #efefef;
-		cursor: pointer;
-		margin-top: 15px;
-		width: 100px;
-		height: 30px
-	}
-	#leftbutton {
-		width: 30%;
-		float: left;
-		margin-left: 40px;
-	}
-	#rightbutton {
-		width: 30%;
-		float: right;
-		margin-right: 45px;
-		text-align: right;
-	}
-	button {
-		height: 25px;
-		width: 75px;
-		margin-bottom: 10px;
-	}
-	#validation {
-		position: absolute;
-		bottom: 0px;
-		margin-left: 270px;
-		padding-bottom: 10px;
-	}
-}
-
-@media screen and (max-width: 205px) {
-	#localBKU p {
-		font-size: 0.6em;
-	}
-	#localBKU input {
-		font-size: 0.6em;
-		min-width: 60px;
-		/* max-width: 65px; */
-		min-height: 1.0em;
-		/* border-radius: 5px; */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.7em;
-		min-width: 55px;
-		/*min-height: 1.1em;
-          border-radius: 5px;*/
-		margin-bottom: 2%
-	}
-	#mandateLogin {
-		font-size: 0.65em;
-	}
-	#bku_header h2 {
-		font-size: 0.8em;
-		margin-top: -0.4em;
-		padding-top: 0.4em;
-	}
-	#bkulogin {
-		min-height: 150px;
-	}
-}
-
-@media screen and (max-width: 249px) and (min-width: 206px) {
-	#localBKU p {
-		font-size: 0.7em;
-	}
-	#localBKU input {
-		font-size: 0.7em;
-		min-width: 70px;
-		/*    max-width: 75px;    */
-		min-height: 0.95em;
-		/*  border-radius: 6px;    */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.75em;
-		min-width: 60px;
-		/*    min-height: 0.95em;
-          border-radius: 6px;    */
-		margin-bottom: 5%
-	}
-	#mandateLogin {
-		font-size: 0.75em;
-	}
-	#bku_header h2 {
-		font-size: 0.9em;
-		margin-top: -0.45em;
-		padding-top: 0.45em;
-	}
-	#bkulogin {
-		min-height: 180px;
-	}
-}
-
-@media screen and (max-width: 299px) and (min-width: 250px) {
-	#localBKU p {
-		font-size: 0.9em;
-	}
-	#localBKU input {
-		font-size: 0.8em;
-		min-width: 70px;
-		/*    max-width: 75px;      */
-		/*    border-radius: 6px;  */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.85em;
-		/*     min-height: 1.05em;
-          border-radius: 7px;        */
-		margin-bottom: 10%;
-	}
-	#mandateLogin {
-		font-size: 1em;
-	}
-	#bku_header h2 {
-		font-size: 1.0em;
-		margin-top: -0.50em;
-		padding-top: 0.50em;
-	}
-}
-
-@media screen and (max-width: 399px) and (min-width: 300px) {
-	#localBKU p {
-		font-size: 0.9em;
-	}
-	#localBKU input {
-		font-size: 0.8em;
-		min-width: 70px;
-		/*     max-width: 75px;     */
-		/*    border-radius: 6px;       */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.9em;
-		/*       min-height: 1.2em;
-          border-radius: 8px;          */
-		margin-bottom: 10%;
-		max-width: 80px;
-	}
-	#mandateLogin {
-		font-size: 1em;
-	}
-	#bku_header h2 {
-		font-size: 1.1em;
-		margin-top: -0.55em;
-		padding-top: 0.55em;
-	}
-}
-
-@media screen and (max-width: 649px) and (min-width: 400px) {
-	#localBKU p {
-		font-size: 0.9em;
-	}
-	#localBKU input {
-		font-size: 0.8em;
-		min-width: 70px;
-		/*     max-width: 80px;       */
-		/*     border-radius: 6px;          */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 1.0em;
-		/*      min-height: 1.3em;
-         border-radius: 10px;         */
-		margin-bottom: 10%;
-		max-width: 85px;
-	}
-	#mandateLogin {
-		font-size: 1.2em;
-	}
-	#bku_header h2 {
-		font-size: 1.3em;
-		margin-top: -0.65em;
-		padding-top: 0.65em;
-	}
-}
-
-@media screen and (max-width: 649px) {
-	body {
-		margin: 0;
-		padding: 0;
-		color: #000;
-		text-align: center;
-		font-size: 100%;
-		background-color: #MAIN_BACKGOUNDCOLOR#;
-	}
-	#page {
-		visibility: hidden;
-		margin-top: 0%;
-	}
-	#page1 {
-		visibility: hidden;
-	}
-	#main {
-		visibility: hidden;
-	}
-	#validation {
-		visibility: hidden;
-		display: none;
-	}
-	.OA_header {
-		margin-bottom: 0px;
-		margin-top: 0px;
-		font-size: 0pt;
-		visibility: hidden;
-	}
-	#leftcontent {
-		visibility: visible;
-		margin-bottom: 0px;
-		text-align: left;
-		border: none;
-		vertical-align: middle;
-		min-height: 173px;
-		min-width: 204px;
-	}
-	#bku_header {
-		height: 10%;
-		min-height: 1.2em;
-		margin-top: 1%;
-	}
-	h2#tabheader {
-		padding-left: 2%;
-		padding-right: 2%;
-		position: relative;
-		top: 50%;
-	}
-	#bkulogin {
-		min-width: 190px;
-		min-height: 155px;
-	}
-	.setAssertionButton_full {
-		background: #efefef;
-		cursor: pointer;
-		margin-top: 15px;
-		width: 70px;
-		height: 25px;
-	}
-	input[type=button] {
-		/*          height: 11%;  */
-		width: 70%;
-	}
-}
-
-			
-			@media screen and (max-width: 649px) {
-				
-        body {
-					margin:0;
-					padding:0;
-					color : #000;
-			  	text-align: center;
-          font-size: 100%;
-			  	background-color: #MAIN_BACKGOUNDCOLOR#;
-				}
-        				
-			  #page {
-			     visibility: hidden;
-			     margin-top: 0%;
-			  }
-			  
-			  #page1 {
-			    visibility: hidden;
-			  }
-			  
-			  #main {
-			    visibility: hidden;
-			  }
-        
-        #validation {
-          visibility: hidden;
-          display: none;
-        }
-			  
-			  .OA_header {
-			    margin-bottom: 0px;
-			    margin-top: 0px;
-			    font-size: 0pt;
-			    visibility: hidden;
-			  }
-			
-			  #leftcontent {
-			    visibility: visible;
-			    margin-bottom: 0px;
-			    text-align: left;
-			    border:none;
-          vertical-align: middle;
-          min-height: 173px;
-          min-width: 204px;
-          
-			  }
-			  
-        #bku_header {
-          height: 10%;
-          min-height: 1.2em;
-          margin-top: 1%;
-        }
-        
-        h2#tabheader{
-          padding-left: 2%;
-          padding-right: 2%;
-          position: relative;
-          top: 50%;
-			  }
-        
-       	#bkulogin {	
-          min-width: 190px;
-          min-height: 155px;	
-			 }
-        
-			 .setAssertionButton_full {
-			     	background: #efefef;
-				    cursor: pointer;
-				    margin-top: 15px;
-			      width: 70px;
-			      height: 25px;
-			 }
-       
-        input[type=button] {
-/*          height: 11%;  */
-          width: 70%;
-        }
-			}
-			      
-			* {
-				margin: 0;
-				padding: 0;
-        font-family: #FONTTYPE#;
-			}
-							      			
-			#selectArea {
-				padding-top: 10px;
-				padding-bottom: 55px;
-				padding-left: 10px;
-			}
-			
-			.setAssertionButton {
-				background: #efefef;
-				cursor: pointer;
-				margin-top: 15px;
-			  width: 70px;
-			  height: 25px;
-			}
-			
-			#leftbutton  {
-				width: 35%; 
-				float:left; 
-				margin-left: 15px;
-			}
-			
-			#rightbutton {
-				width: 35%; 
-				float:right; 
-				margin-right: 25px; 
-				text-align: right;
-			}
-			
-      #mandateLogin {
-        padding-bottom: 4%;
-        padding-top: 4%;
-        height: 10%;
-        position: relative;
-        text-align: center;
-			}
-      
-      .verticalcenter {
-        vertical-align: middle;
-      }
-      
-      #mandateLogin div {
-        clear: both;
-        margin-top: -1%;
-        position: relative;
-        top: 50%;
-      }
-      
-      #bkuselectionarea {
-          position: relative;
-          display: block;
-      }
-      
-      #localBKU {
-        padding-left: 5%;
-        padding-right: 2%;
-        padding-bottom: 4%;
-        padding-top: 4%;
-        position: relative;
-        clear: both;        
-			}
-          			
-			#bkukarte {
-				float:left;
-				text-align:center;
-				width:40%;
-        min-height: 70px;
-        padding-left: 5%;
-        padding-top: 2%;
-			}
-			
-			#bkuhandy {
-				float:right;
-				text-align:center;
-				width:40%;
-        min-height: 90px;
-        padding-right: 5%;
-        padding-top: 2%;
-			}
-			
-      .bkuimage {
-        width: 90%;
-        height: auto;
-      }
-      
-			#mandate{
-				text-align:center;
-				padding : 5px 5px 5px 5px;
-			}
-      
-/*		input[type=button], .sendButton {
-				background: #BUTTON_BACKGROUNDCOLOR#;
-        color: #BUTTON_COLOR#;
-/*				border:1px solid #000;  */
-/*				cursor: pointer;
-/*        box-shadow: 3px 3px 3px #222222;  */
-/*			}
-			
-/*      button:hover, button:focus, button:active, 
-      .sendButton:hover , .sendButton:focus, .sendButton:active,
-      #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
-				background: #BUTTON_BACKGROUNDCOLOR_FOCUS#;
-        color: #BUTTON_COLOR#;
-/*				border:1px solid #000;                */
-/*				cursor: pointer;
-/*        box-shadow: -1px -1px 3px #222222;  */
-/*			}
-      
-*/
-input {
-	/*border:1px solid #000;*/
-	cursor: pointer;
-}
-
-#localBKU input {
-	/*        color: #BUTTON_COLOR#;  */
-	border: 0px;
-	display: inline-block;
-}
-
-#localBKU input:hover,#localBKU input:focus,#localBKU input:active {
-	text-decoration: underline;
-}
-
-#installJava,#BrowserNOK {
-	clear: both;
-	font-size: 0.8em;
-	padding: 4px;
-}
-
-.selectText {
-	
-}
-
-.selectTextHeader {
-	
-}
-
-.sendButton {
-	width: 30%;
-	margin-bottom: 1%;
-}
-
-#leftcontent a {
-	text-decoration: none;
-	color: #000;
-	/*	display:block;*/
-	padding: 4px;
-}
-
-#leftcontent a:hover,#leftcontent a:focus,#leftcontent a:active {
-	text-decoration: underline;
-	color: #000;
-}
-
-.infobutton {
-	background-color: #005a00;
-	color: white;
-	font-family: serif;
-	text-decoration: none;
-	padding-top: 2px;
-	padding-right: 4px;
-	padding-bottom: 2px;
-	padding-left: 4px;
-	font-weight: bold;
-}
-
-.hell {
-	background-color: #MAIN_BACKGOUNDCOLOR#;
-	color: #MAIN_COLOR#;
-}
-
-.dunkel {
-	background-color: #HEADER_BACKGROUNDCOLOR#;
-	color: #HEADER_COLOR#;
-}
-
-.main_header {
-	color: black;
-	font-size: 32pt;
-	position: absolute;
-	right: 10%;
-	top: 40px;
-}
-</style>
-<!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
-<script type="text/javascript">
-		function isIE() {
-			return (/MSIE (\d+\.\d+);/.test(navigator.userAgent));
-		}
-		function isFullscreen() {
-			try {
-				return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height));
-			} catch (e) {
-				return false;
-			}
-		}
-		function isActivexEnabled() {
-			var supported = null;
-			try {
-				supported = !!new ActiveXObject("htmlfile");
-			} catch (e) {
-				supported = false;
-			}
-			return supported;
-		}
-		function isMetro() {
-			if (!isIE())
-				return false;
-			return !isActivexEnabled() && isFullscreen();
-		}
-		window.onload=function() {
-			document.getElementById("localBKU").style.display="block";
-			return;
-		}
-		function bkuOnlineClicked() {
-			if (isMetro())
-				document.getElementById("metroDetected").style.display="block";
-			document.getElementById("localBKU").style.display="block";
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-						
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#ONLINE#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-/* 			iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-			iFrameURL += "&MOASessionID=" + "#SESSIONID#";
-			generateIFrame(iFrameURL);
-		}
-		function bkuHandyClicked() {
-			document.getElementById("localBKU").style.display="none";
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-			
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#HANDY#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-/* 			iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-			iFrameURL += "&MOASessionID=" + "#SESSIONID#";
-			generateIFrame(iFrameURL);
-		}
-		function storkClicked() {
-			document.getElementById("localBKU").style.display="none"; 
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-			
-			var ccc = "AT";
-			var countrySelection = document.getElementById("cccSelection");
-			if (countrySelection !=  null) {
-				ccc = document.getElementById("cccSelection").value;
-			}
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#ONLINE#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-			iFrameURL += "&CCC=" + ccc;
-/* 			iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-			iFrameURL += "&MOASessionID=" + "#SESSIONID#";
-			generateIFrame(iFrameURL);
-		}
-		function generateIFrame(iFrameURL) {
-			var el = document.getElementById("bkulogin");
-      var width = el.clientWidth;
-      var heigth = el.clientHeight - 20;
-			var parent = el.parentNode;
-            
-      iFrameURL += "&heigth=" + heigth;
-      iFrameURL += "&width=" + width;
-      
-			var iframe = document.createElement("iframe");
-			iframe.setAttribute("src", iFrameURL);
-			iframe.setAttribute("width", el.clientWidth - 1);
-			iframe.setAttribute("height", el.clientHeight - 1);
-			iframe.setAttribute("frameborder", "0");
-			iframe.setAttribute("scrolling", "no");
-			iframe.setAttribute("title", "Login");
-			parent.replaceChild(iframe, el);
-		}
-		function setMandateSelection() {
-			document.getElementById("moaidform").action = "#AUTH_URL#";
-			document.getElementById("useMandate").value = "false";
-			var checkbox = document.getElementById("mandateCheckBox");
-			if (checkbox !=  null) {
-				if (document.getElementById("mandateCheckBox").checked) {
-					document.getElementById("useMandate").value = "true";
-				}
-			}
-		}
-		function onChangeChecks() {
-      if (top.innerWidth < 650) {
-         document.getElementById("moaidform").setAttribute("target","_parent");
-      } else {
-         document.getElementById("moaidform").removeAttribute("target");
-      }
-      
-    }
-/* 		function setSSOSelection() {
-			document.getElementById("useSSO").value = "false";
-			var checkbox = document.getElementById("SSOCheckBox");
-			if (checkbox !=  null) {
-				if (document.getElementById("SSOCheckBox").checked) {
-					document.getElementById("useSSO").value = "true";
-				}
-			}
-		} */
-		
-/* 		function checkMandateSSO() {
-			var sso = document.getElementById("SSOCheckBox");
-			var mandate = document.getElementById("mandateCheckBox");
-			
-			
-			if (sso.checked && mandate.checked) {
-				alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!")
-				mandate.checked = false;
-				sso.checked = false;
-				return true;
-			} else {
-				return false;
-			}
-		} */
-	</script>
-<title>Anmeldung mittels Bürgerkarte oder Handy-Signatur</title>
-</head>
-<body onload="onChangeChecks();" onresize="onChangeChecks();">
-	<div id="page">
-		<div id="page1" class="case selected-case" role="main">
-			<h2 class="OA_header" role="heading">Anmeldung an: #OAName#</h2>
-			<div id="main">
-				<div id="leftcontent" class="hell" role="application">
-					<div id="bku_header" class="dunkel">
-						<h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2>
-					</div>
-					<div id="bkulogin" class="hell" role="form">
-						<div id="mandateLogin" style="">
-							<div>
-								<input tabindex="1" type="checkbox" name="Mandate"
-									id="mandateCheckBox" class="verticalcenter" role="checkbox"
-									onClick='document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);'#MANDATECHECKED#>
-								<label for="mandateCheckBox" class="verticalcenter">in
-									Vertretung anmelden</label>
-								<!--a      href="info_mandates.html" 
-                        target="_blank"
-                        class="infobutton verticalcenter" 
-                        tabindex="5">i</a-->
-							</div>
-						</div>
-						<div id="bkuselectionarea">
-							<div id="bkukarte">
-								<img class="bkuimage" src="#CONTEXTPATH#/img/online-bku.png"
-									alt="OnlineBKU" /> <input name="bkuButtonOnline" type="button"
-									onClick="bkuOnlineClicked();" tabindex="2" role="button"
-									value="Karte" />
-							</div>
-							<div id="bkuhandy">
-								<img class="bkuimage" src="#CONTEXTPATH#/img/mobile-bku.png"
-									alt="HandyBKU" /> <input name="bkuButtonHandy" type="button"
-									onClick="bkuHandyClicked();" tabindex="3" role="button"
-									value="HANDY" />
-							</div>
-						</div>
-						<div id="localBKU">
-							<form method="get" id="moaidform" action="#AUTH_URL#"
-								class="verticalcenter" target="_parent">
-								<input type="hidden" name="bkuURI" value="#LOCAL#"> <input
-									type="hidden" name="useMandate" id="useMandate"> <input
-									type="hidden" name="SSO" id="useSSO"> <input
-									type="hidden" name="CCC" id="ccc"> <input type="hidden"
-									name="MODUL" value="#MODUL#"> <input type="hidden"
-									name="ACTION" value="#ACTION#"> <input type="hidden"
-									name="MOASessionID" value="#SESSIONID#"> <input
-									type="submit" value=">lokale Bürgerkartenumgebung" tabindex="4"
-									role="button" class="hell">
-								<!--p>
-                    <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small>								                                  
-                  </p-->								                                  
-                </form>								                                                          
-              </div>
-              <div id="stork" align="center" style="#STORKVISIBLE#">
-                <h2 id="tabheader" class="dunkel">Home Country Selection</h2>
-                <p>
-                  <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" >
-                    <option value="BE">Belgi&euml;/Belgique</option>
-                    <option value="EE">Eesti</option>
-                    <option value="ES">Espa&ntilde;a</option>
-                    <option value="IS">&Iacute;sland</option>
-                    <option value="IT">Italia</option>
-                    <option value="LI">Liechtenstein</option>
-                    <option value="LT">Lithuania</option>
-                    <option value="PT">Portugal</option>
-                    <option value="SI">Slovenija</option>
-                    <option value="FI">Suomi</option>
-                    <option value="SE">Sverige</option>
-                  </select>
-                  <button name="bkuButton" type="button" onClick="storkClicked();">Proceed</button>
-                  <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a>
-                </p>
-              </div>
-
-						<div id="metroDetected" style="display: none">
-							<p>Anscheinend verwenden Sie Internet Explorer im
-								Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den
-								Optionen um die Karten-Anmeldung starten zu können.</p>
-						</div>
-					</div>
-				</div>
-			</div>
-		</div>
-		<div id="validation">
-			<a href="http://validator.w3.org/check?uri="> <img
-				style="border: 0; width: 88px; height: 31px"
-				src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
-			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
-				style="border: 0; width: 88px; height: 31px"
-				src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
-				alt="CSS ist valide!" />
-			</a>
-		</div>
-	</div>
-</body>
-</html>
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
deleted file mode 100644
index 8c8345bbf..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
-
-import java.io.Serializable;
-
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class InboundMessage implements InboundMessageInterface, Serializable{
-
-	private static final long serialVersionUID = 2395131650841669663L;
-	
-	private Element samlMessage = null;
-	private boolean verified = false;
-	private String entityID = null;
-	private String relayState = null;
-	
-	
-	public EntityDescriptor getEntityMetadata(MetadataProvider metadataProvider) throws NoMetadataInformationException {
-		try {
-			if (metadataProvider == null)
-				throw new NullPointerException("No PVP MetadataProvider found.");
-			
-			return metadataProvider.getEntityDescriptor(this.entityID);
-			
-		} catch (MetadataProviderException e) {
-			Logger.warn("No Metadata for EntitiyID " + entityID);
-			throw new NoMetadataInformationException();
-		}			
-	}
-	
-	/**
-	 * @param entitiyID the entitiyID to set
-	 */
-	public void setEntityID(String entitiyID) {
-		this.entityID = entitiyID;
-	}
-	
-	public void setVerified(boolean verified) {
-		this.verified = verified;
-	}
-		
-	/**
-	 * @param relayState the relayState to set
-	 */
-	public void setRelayState(String relayState) {
-		this.relayState = relayState;
-	}
-	
-	public void setSAMLMessage(Element msg) {
-		this.samlMessage = msg;
-	}
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getRelayState()
-	 */
-	@Override
-	public String getRelayState() {
-		return relayState;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getEntityID()
-	 */
-	@Override
-	public String getEntityID() {
-		return entityID;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#isVerified()
-	 */
-	@Override
-	public boolean isVerified() {
-		return verified;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getInboundMessage()
-	 */
-	@Override
-	public Element getInboundMessage() {
-		return samlMessage;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java
deleted file mode 100644
index 60a6f069a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
-
-import org.w3c.dom.Element;
-
-/**
- * @author tlenz
- *
- */
-public interface InboundMessageInterface {
-	
-	public String getRelayState();
-	public String getEntityID();
-	public boolean isVerified();
-	public Element getInboundMessage();
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
deleted file mode 100644
index 7679e74a6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
-
-
-import org.opensaml.Configuration;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.xml.io.Unmarshaller;
-import org.opensaml.xml.io.UnmarshallerFactory;
-import org.opensaml.xml.io.UnmarshallingException;
-import org.opensaml.xml.signature.SignableXMLObject;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.logging.Logger;
-
-public class MOARequest extends InboundMessage{
-	
-	private static final long serialVersionUID = 8613921176727607896L;
-
-	private String binding = null;
-	
-	public MOARequest(SignableXMLObject inboundMessage, String binding) {
-		setSAMLMessage(inboundMessage.getDOM());
-		this.binding = binding;
-		
-	}
-	
-	public String getRequestBinding() {
-		return binding;
-	}
-	
-	public SignableXMLObject getSamlRequest() {
-		UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
-		Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage());
-		
-		try {
-			return (SignableXMLObject) unmashaller.unmarshall(getInboundMessage());
-			
-		} catch (UnmarshallingException e) {
-			Logger.warn("AuthnRequest Unmarshaller error", e);
-			return null;
-		}
-		
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java
deleted file mode 100644
index f2512b122..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
-
-import org.opensaml.Configuration;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.xml.io.Unmarshaller;
-import org.opensaml.xml.io.UnmarshallerFactory;
-import org.opensaml.xml.io.UnmarshallingException;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.logging.Logger;
-
-public class MOAResponse extends InboundMessage {
-		
-	private static final long serialVersionUID = -1133012928130138501L;
-
-	public MOAResponse(StatusResponseType response) {
-		setSAMLMessage(response.getDOM());
-	}
-
-	public StatusResponseType getResponse() {		
-		UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
-		Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage());
-		
-		try {
-			return (StatusResponseType) unmashaller.unmarshall(getInboundMessage());
-			
-		} catch (UnmarshallingException e) {
-			Logger.warn("AuthnResponse Unmarshaller error", e);
-			return null;
-		}
-		
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java
deleted file mode 100644
index 3da4dc18a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
-
-/**
- * @author tlenz
- *
- */
-public interface IMOARefreshableMetadataProvider {
-
-	/**
-	 * Refresh a entity or load a entity in a metadata provider 
-	 * 
-	 * @param entityID
-	 * @return true, if refresh is success, otherwise false
-	 */
-	public boolean refreshMetadataProvider(String entityID);
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 7d43732a6..1fa17c683 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -23,401 +23,91 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
 
 import java.io.IOException;
+import java.net.MalformedURLException;
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
-import java.util.Timer;
 
-import javax.xml.namespace.QName;
-
-import org.opensaml.saml2.metadata.EntitiesDescriptor;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.RoleDescriptor;
-import org.opensaml.saml2.metadata.provider.BaseMetadataProvider;
-import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
-import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
-import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.parse.BasicParserPool;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
-import at.gv.egovernment.moa.id.auth.IDestroyableObject;
-import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PVPEntityCategoryFilter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPEntityCategoryFilter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataSignatureFilter;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 @Service("PVPMetadataProvider")
-public class MOAMetadataProvider extends SimpleMOAMetadataProvider
-	implements ObservableMetadataProvider, IGarbageCollectorProcessing, 
-	IMOARefreshableMetadataProvider, IDestroyableObject {
+public class MOAMetadataProvider extends AbstractChainingMetadataProvider {
 
-	//private static final int METADATA_GARBAGE_TIMEOUT_SEC = 604800;  //7 days   
-	
-//	private static MOAMetadataProvider instance = null;
-	MetadataProvider internalProvider = null;
-	private Timer timer = null; 
-	private static Object mutex = new Object();
-	//private Map<String, Date> lastAccess = null;
-	
-	
-	public MOAMetadataProvider() {
-		internalProvider = new ChainingMetadataProvider();	
-		//lastAccess = new HashMap<String, Date>();
+	@Autowired(required=true) AuthConfiguration moaAuthConfig;
 		
-	}
-	
-//	public static MOAMetadataProvider getInstance() {
-//		if (instance == null) {
-//			synchronized (mutex) {
-//				if (instance == null) {
-//					instance = new MOAMetadataProvider();
-//					
-//					//add this to MOA garbage collector
-//					MOAGarbageCollector.addModulForGarbageCollection(instance);
-//										
-//				}
-//			}
-//		}
-//		return instance;
-//	}
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
-	 */
 	@Override
-	public void runGarbageCollector() {
-		synchronized (mutex) {
-			
-			/**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
-			try {
-				Logger.trace("Check consistence of PVP2X metadata");	
-				addAndRemoveMetadataProvider();
-					
-			} catch (ConfigurationException | EAAFConfigurationException e) {
-				Logger.error("Access to MOA-ID configuration FAILED.", e);
-					
-			}
-		}
+	protected String getMetadataURL(String entityId) throws EAAFConfigurationException {
+		ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityId);
+		if (oaParam != null)
+			return oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
 		
-	}
-	
-	
-//	private static void reInitialize() {
-//		synchronized (mutex) {
-//			
-//			/**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
-//			if (instance != null)
-//				try {
-//					Logger.trace("Check consistence of PVP2X metadata");	
-//					instance.addAndRemoveMetadataProvider();
-//					
-//				} catch (ConfigurationException e) {
-//					Logger.error("Access to MOA-ID configuration FAILED.", e);
-//					
-//				}
-//			else
-//				Logger.info("MOAMetadataProvider is not loaded.");
-//		}
-//	}
-	
-	public void fullyDestroy() {
-		internalDestroy();
+		else {		
+			Logger.debug("Can not process PVP2X metadata: NO onlineApplication with Id: " + entityId);
+			return null;
 			
+		}
+							
 	}
 	
-
-
 	@Override
-	public synchronized boolean refreshMetadataProvider(String entityID) {
-		try {			
-			//check if metadata provider is already loaded
-			try {
-				if (internalProvider.getEntityDescriptor(entityID) != null)
-					return true;
-				
-			} catch (MetadataProviderException e) {}
-			
+	protected MetadataProvider createNewMetadataProvider(String entityId) throws EAAFConfigurationException, IOException, CertificateException {
+		ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityId);
+		if (oaParam != null) {
+			String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);		
+			String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
+			if (MiscUtil.isNotEmpty(certBase64)) {
+				byte[] cert = Base64Utils.decode(certBase64, false);
+				String oaFriendlyName = oaParam.getUniqueIdentifier();
+														
+				return createNewSimpleMetadataProvider(metadataURL, 								 
+						buildMetadataFilterChain(oaParam, metadataURL, cert), 
+						oaFriendlyName,
+						getTimer(),
+						new BasicParserPool(),
+						createHttpClient(metadataURL));
 			
-			//reload metadata provider 
-			ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityID);
-			if (oaParam != null) {
-				String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
-				if (MiscUtil.isNotEmpty(metadataURL)) {
-					Map<String, HTTPMetadataProvider> actuallyLoadedProviders = getAllActuallyLoadedProviders();
-
-					// check if MetadataProvider is actually loaded
-					if (actuallyLoadedProviders.containsKey(metadataURL)) {
-						actuallyLoadedProviders.get(metadataURL).refresh();						
-						Logger.info("PVP2X metadata for onlineApplication: " 
-								+ entityID + " is refreshed.");
-						return true;
-						
-					} else {
-						//load new Metadata Provider
-						String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
-						if (MiscUtil.isNotEmpty(certBase64)) {
-						byte[] cert = Base64Utils.decode(certBase64, false);
-						String oaFriendlyName = oaParam.getUniqueIdentifier();
-					
-						if (timer == null)
-							timer = new Timer(true);
-						
-						ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;						
-						MetadataProvider newMetadataProvider = createNewMoaMetadataProvider(metadataURL, 								 
-								buildMetadataFilterChain(oaParam, metadataURL, cert), 
-								oaFriendlyName,
-								timer,
-								new BasicParserPool());
-						
-						chainProvider.addMetadataProvider(newMetadataProvider);
-						
-						emitChangeEvent();
-						
-						Logger.info("PVP2X metadata for onlineApplication: " 
-								+ entityID + " is added.");
-						return true;
-						
-						} else
-							Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata certificate for OA with Id: " + entityID);
-						
-					}
-															
-				} else
-					Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata URL for OA with Id: " + entityID);
-								
 			} else
-				Logger.debug("Can not refresh PVP2X metadata: NO onlineApplication with Id: " + entityID);
-				
-						
-		} catch (MetadataProviderException e) {
-			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
-					+ entityID + " FAILED.", e);
-			
-		} catch (IOException e) {
-			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
-					+ entityID + " FAILED.", e);
-			
-		} catch (CertificateException e) {
-			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
-					+ entityID + " FAILED.", e);
+				Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata certificate for OA with Id: " + entityId);
 			
-		} catch (ConfigurationException e) {
-			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
-					+ entityID + " FAILED.", e);
-			
-		} catch (EAAFConfigurationException e) {			
-			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
-					+ entityID + " FAILED.", e);
-		}
-		
-		return false;
-		
-	}
-	
-	private Map<String, HTTPMetadataProvider> getAllActuallyLoadedProviders() {
-		Map<String, HTTPMetadataProvider> loadedproviders = new HashMap<String, HTTPMetadataProvider>();
-		ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
-		
-		//make a Map of all actually loaded HTTPMetadataProvider
-		List<MetadataProvider> providers = chainProvider.getProviders();
-		for (MetadataProvider provider : providers) {
-			if (provider instanceof HTTPMetadataProvider) {
-				HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
-				loadedproviders.put(httpprovider.getMetadataURI(), httpprovider);
-
-			}
 		}
 		
-		return loadedproviders;		
-	}
-	
-	
-	private void addAndRemoveMetadataProvider() throws ConfigurationException, EAAFConfigurationException {
-		if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
-			Logger.info("Reload MOAMetaDataProvider.");
-			
-			/*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
-			 *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/ 
-			Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
-			ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
-			
-			//get all actually loaded metadata providers
-			Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
+		Logger.debug("Can not process PVP2X metadata: NO onlineApplication with Id: " + entityId);
+		return null;			
 						
-			/* TODO: maybe add metadata provider destroy after timeout.
-			 *       But could be a problem if one Metadataprovider load an EntitiesDescriptor 
-			 *       with more the multiple EntityDescriptors. If one of this EntityDesciptors 
-			 *       are expired the full EntitiesDescriptor is removed. 
-			 *       
-			 *       Timeout requires a better solution in this case! 
-			 */
-//			Date now = new Date();
-//			Date expioredate = new Date(now.getTime() - (METADATA_GARBAGE_TIMEOUT_SEC * 1000));
-//			Logger.debug("Starting PVP Metadata garbag collection (Expioredate:" 
-//					+ expioredate + ")");
-									
-			//load all PVP2 OAs form ConfigurationDatabase and 
-			//compare actually loaded Providers with configured PVP2 OAs
-			Map<String, String> allOAs = authConfig.getConfigurationWithWildCard(
-					MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES 
-					+ ".%." 
-					+ MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
-			
-			if (allOAs != null) {
-				Iterator<Entry<String, String>> oaInterator = allOAs.entrySet().iterator();
-				while (oaInterator.hasNext()) {
-					Entry<String, String> oaKeyPair = oaInterator.next();
-					
-					ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
-					if (oaParam != null) {
-						String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
-						
-						HTTPMetadataProvider httpProvider = null;				
-						try {
-							if (MiscUtil.isNotEmpty(metadataurl)) {						
-								if (loadedproviders.containsKey(metadataurl)) {									
-									//	PVP2 OA is actually loaded, to nothing
-									providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
-									loadedproviders.remove(metadataurl);
-							
-							
-									//INFO: load metadata dynamically if they are requested 
-//								} else if ( MiscUtil.isNotEmpty(metadataurl) &&
-//										!providersinuse.containsKey(metadataurl) ) {
-//									//PVP2 OA is new, add it to MOAMetadataProvider
-//									String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
-//									if (MiscUtil.isNotEmpty(certBase64)) {
-//										byte[] cert = Base64Utils.decode(certBase64, false);
-//										String oaFriendlyName = oaParam.getFriendlyName();
-//									
-//									
-//										Logger.info("Loading metadata for: " + oaFriendlyName);
-//										httpProvider = createNewHTTPMetaDataProvider(
-//												metadataurl, 												
-//												buildMetadataFilterChain(oaParam, metadataurl, cert),
-//												oaFriendlyName);
-//							
-//										if (httpProvider != null)
-//											providersinuse.put(metadataurl, httpProvider);
-//									}
-						
-								}
-							}
-						} catch (Throwable e) {
-							Logger.error(
-							"Failed to add Metadata (unhandled reason: "
-									+ e.getMessage(), e);
-					
-							if (httpProvider != null) {
-								Logger.debug("Destroy failed Metadata provider");
-								httpProvider.destroy();
-							}
-					
-						}	
-					}
-				}
-			}
-			
-			//remove all actually loaded MetadataProviders with are not in ConfigurationDB any more
-			Collection<HTTPMetadataProvider> notusedproviders = loadedproviders.values();
-			for (HTTPMetadataProvider provider : notusedproviders) {
-				String metadataurl = provider.getMetadataURI();
-				
-				try {
-					
-					provider.destroy();
-					
-					/*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
-					 *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
-					//chainProvider.removeMetadataProvider(provider);
-					
-					Logger.info("Remove not used MetadataProvider with MetadataURL " + metadataurl);
-					
-				} catch (Throwable e) {
-					Logger.error("HTTPMetadataProvider with URL " + metadataurl 
-							+ " can not be removed from the list of actually loaded Providers.", e);
-					
-				}
-				
-			}
-			
-			try {
-				chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values()));
-				
-				emitChangeEvent();
-								
-			} catch (MetadataProviderException e) {
-				Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy", e);
-				
-			}
-			
-			
-			
-		} else {
-			Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
-		}
-		
 	}
 	
-	
-	public void internalDestroy() {
-		if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
-			Logger.info("Destrorying PVP-Authentication MetaDataProvider.");
-			ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;				
-			
-			List<MetadataProvider> providers = chainProvider.getProviders();
-			for (MetadataProvider provider : providers) {
-				if (provider instanceof HTTPMetadataProvider) {
-					HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
-					Logger.debug("Destroy HTTPMetadataProvider +" + httpprovider.getMetadataURI());
-					httpprovider.destroy();
-					
-				} else {
-					Logger.warn("MetadataProvider can not be destroyed.");
-				}
-			}
-				
-			internalProvider = new ChainingMetadataProvider();
-			
-			if (timer != null)
-				timer.cancel();
-			
-		} else {
-			Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
-		}
-	}
-	
-	@Deprecated
-	/**
-	 * Load all PVP metadata from OA configuration
-	 * 
-	 * This method is deprecated because OA metadata should be loaded dynamically 
-	 * if the corresponding OA is requested.
-	 */
-	private void loadAllPVPMetadataFromKonfiguration() throws EAAFConfigurationException {
-		ChainingMetadataProvider chainProvider = new ChainingMetadataProvider();
-		Logger.info("Loading metadata");		
-		Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
-		Map<String, String> allOAs = authConfig.getConfigurationWithWildCard(
+	@Override
+	protected List<String> getAllMetadataURLsFromConfiguration() throws EAAFConfigurationException {
+		List<String> metadataURLs = new ArrayList<String>();
+		
+		Map<String, String> allOAs = moaAuthConfig.getConfigurationWithWildCard(
 				MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES 
 				+ ".%." 
 				+ MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
@@ -430,71 +120,56 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 				ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
 				if (oaParam != null) {
 					String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
-					String oaFriendlyName = oaParam.getUniqueIdentifier();
-					MetadataProvider httpProvider = null;
-			
-					try {
-						String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
-						if (MiscUtil.isNotEmpty(certBase64) && MiscUtil.isNotEmpty(metadataurl)) {
-							byte[] cert = Base64Utils.decode(certBase64, false);
-							
-							
-							if (timer == null)
-								timer = new Timer(true);
-							
-							Logger.info("Loading metadata for: " + oaFriendlyName);					
-							if (!providersinuse.containsKey(metadataurl)) {					
-								httpProvider = createNewMoaMetadataProvider(
-										metadataurl, 
-										buildMetadataFilterChain(oaParam, metadataurl, cert),
-										oaFriendlyName,
-										timer,
-										new BasicParserPool());
+					if (MiscUtil.isNotEmpty(metadataurl))
+						metadataURLs.add(metadataurl);
+					else
+						Logger.trace("OA: " + oaParam.getUniqueIdentifier() + " has NO PVP2 metadata URL");
 					
-								if (httpProvider != null)
-									providersinuse.put(metadataurl, httpProvider);
-						
-							} else {
-								Logger.info(metadataurl + " are already added.");
-							}
-					
-						} else {
-							Logger.info(oaFriendlyName
-									+ " is not a PVP2 Application skipping");
-						}
-					} catch (Throwable e) {
-						Logger.error(
-								"Failed to add Metadata (unhandled reason: "
-										+ e.getMessage(), e);
-				
-						if (httpProvider != null && httpProvider instanceof BaseMetadataProvider) {
-							Logger.debug("Destroy failed Metadata provider");
-							((BaseMetadataProvider)httpProvider).destroy();
-							
-						}
-					}			
-				}
+				} else
+					Logger.warn("Something is suspect! OA is in Set of OAs, but no specific OA configuration is found.");
 			}
 			
-		} else 
-			Logger.info("No Online-Application configuration found. PVP 2.1 metadata provider initialization failed!");
-				
-		try {
-			chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values()));
+		} else
+			Logger.debug("No OA configuration found.");
+														
+		return metadataURLs;
+	}
 			
-		} catch (MetadataProviderException e) {
-			Logger.error(
-					"Failed to add Metadata (unhandled reason: "
-							+ e.getMessage(), e);
+	private HttpClient createHttpClient(String metadataURL) {					
+		MOAHttpClient httpClient = new MOAHttpClient();		
+		HttpClientParams httpClientParams = new HttpClientParams();
+		httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+		httpClient.setParams(httpClientParams);
+		
+		if (metadataURL.startsWith("https:")) {
+			try {
+				//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
+				MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+						PVPConstants.SSLSOCKETFACTORYNAME, 
+						moaAuthConfig.getTrustedCACertificates(),
+						null,
+						AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
+						moaAuthConfig.isTrustmanagerrevoationchecking(),
+						moaAuthConfig.getRevocationMethodOrder(),
+						moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+								AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
+				
+				httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+
+			} catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) {
+				Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
+				
+			}
 		}
 		
-		internalProvider = chainProvider;
+		return httpClient;
 				
 	}
-		
-	private PVPMetadataFilterChain buildMetadataFilterChain(ISPConfiguration oaParam, String metadataURL, byte[] certificate) throws CertificateException, ConfigurationException {
-		PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
-		filterChain.getFilters().add(new SchemaValidationFilter());
+	
+	private MetadataFilterChain buildMetadataFilterChain(ISPConfiguration oaParam, String metadataURL, byte[] certificate) throws CertificateException{
+		MetadataFilterChain filterChain = new MetadataFilterChain();		
+		filterChain.getFilters().add(new SchemaValidationFilter(moaAuthConfig.isPVPSchemaValidationActive()));
+		filterChain.getFilters().add(new MetadataSignatureFilter(metadataURL, certificate));
 		filterChain.getFilters().add(
 				new PVPEntityCategoryFilter(authConfig.getBasicMOAIDConfigurationBoolean(
 						AuthConfiguration.PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER, 
@@ -511,116 +186,4 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 		return filterChain;		
 	}
 		
-	public boolean requireValidMetadata() {
-		return internalProvider.requireValidMetadata();
-	}
-
-	public void setRequireValidMetadata(boolean requireValidMetadata) {
-		internalProvider.setRequireValidMetadata(requireValidMetadata);
-	}
-
-	public MetadataFilter getMetadataFilter() {
-		return internalProvider.getMetadataFilter();
-	}
-
-	public void setMetadataFilter(MetadataFilter newFilter)
-			throws MetadataProviderException {
-		internalProvider.setMetadataFilter(newFilter);
-	}
-
-	public XMLObject getMetadata() throws MetadataProviderException {
-		return internalProvider.getMetadata();
-	}
-
-	public EntitiesDescriptor getEntitiesDescriptor(String entitiesID)
-			throws MetadataProviderException {
-		EntitiesDescriptor entitiesDesc = null;
-		try {
-			entitiesDesc = internalProvider.getEntitiesDescriptor(entitiesID);
-		
-			if (entitiesDesc == null) {
-				Logger.debug("Can not find PVP metadata for entityID: " + entitiesID 
-						+ " Start refreshing process ...");
-				if (refreshMetadataProvider(entitiesID))
-					return internalProvider.getEntitiesDescriptor(entitiesID);
-									
-			}			
-			
-		} catch (MetadataProviderException e) {
-			Logger.debug("Can not find PVP metadata for entityID: " + entitiesID 
-					+ " Start refreshing process ...");
-			if (refreshMetadataProvider(entitiesID))
-				return internalProvider.getEntitiesDescriptor(entitiesID);
-			
-		}	
-		
-		return entitiesDesc;
-	}
-
-	public EntityDescriptor getEntityDescriptor(String entityID)
-			throws MetadataProviderException {
-		EntityDescriptor entityDesc = null;
-		try {
-			entityDesc = internalProvider.getEntityDescriptor(entityID);
-			if (entityDesc == null) {
-				Logger.debug("Can not find PVP metadata for entityID: " + entityID 
-						+ " Start refreshing process ...");
-				if (refreshMetadataProvider(entityID))
-					return internalProvider.getEntityDescriptor(entityID);
-									
-			}
-			
-		} catch (MetadataProviderException e) {
-			Logger.debug("Can not find PVP metadata for entityID: " + entityID 
-					+ " Start refreshing process ...");
-			if (refreshMetadataProvider(entityID))
-				return internalProvider.getEntityDescriptor(entityID);
-			
-		}
-		
-//		if (entityDesc != null)
-//			lastAccess.put(entityID, new Date());
-		
-		return entityDesc;
-	}
-
-	public List<RoleDescriptor> getRole(String entityID, QName roleName)
-			throws MetadataProviderException {		
-		List<RoleDescriptor> result = internalProvider.getRole(entityID, roleName);
-		
-//		if (result != null)
-//			lastAccess.put(entityID, new Date());
-		
-		return result; 
-	}
-
-	public RoleDescriptor getRole(String entityID, QName roleName,
-			String supportedProtocol) throws MetadataProviderException {
-		RoleDescriptor result = internalProvider.getRole(entityID, roleName, supportedProtocol);
-		
-//		if (result != null)
-//			lastAccess.put(entityID, new Date());
-		
-		return result; 
-	}
-
-	/* (non-Javadoc)
-	 * @see org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers()
-	 */
-	@Override
-	public List<Observer> getObservers() {
-		return ((ChainingMetadataProvider) internalProvider).getObservers();
-	}
-
-	protected void emitChangeEvent() {
-		if ((getObservers() == null) || (getObservers().size() == 0)) {
-			return;
-		}
-
-		List<Observer> tempObserverList = new ArrayList<Observer>(getObservers());
-		for (ObservableMetadataProvider.Observer observer : tempObserverList)
-			if (observer != null)
-				observer.onEvent(this);
-	}
-	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
deleted file mode 100644
index c87b7515f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
+++ /dev/null
@@ -1,257 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
-
-import java.io.File;
-import java.net.MalformedURLException;
-import java.util.Timer;
-
-import javax.net.ssl.SSLHandshakeException;
-
-import org.apache.commons.httpclient.MOAHttpClient;
-import org.apache.commons.httpclient.params.HttpClientParams;
-import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
-import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.xml.parse.ParserPool;
-import org.springframework.beans.factory.annotation.Autowired;
-
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
-import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
-
-/**
- * @author tlenz
- *
- */
-public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
-	
-	private static final String URI_PREFIX_HTTP = "http:";
-	private static final String URI_PREFIX_HTTPS = "https:";
-	private static final String URI_PREFIX_FILE = "file:";
-	
-	
-	@Autowired 
-	//protected IConfiguration authConfig;
-	protected AuthConfiguration authConfig;
-	
-	/**
-	 * Create a single SAML2 MOA specific metadata provider
-	 * 
-	 * @param metadataLocation where the metadata should be loaded, but never null. If the location starts with http(s):, than a http
-	 *  based metadata provider is used. If the location starts with file:, than a filesystem based metadata provider is used
-	 * @param filter Filters, which should be used to validate the metadata
-	 * @param IdForLogging Id, which is used for Logging
-	 * @param timer {@link Timer} which is used to schedule metadata refresh operations
-	 * 
-	 * @return SAML2 Metadata Provider, or null if the metadata provider can not initialized
-	 */
-	protected MetadataProvider createNewMoaMetadataProvider(String metadataLocation, MetadataFilter filter, 
-			String IdForLogging, Timer timer, ParserPool pool) {
-		if (metadataLocation.startsWith(URI_PREFIX_HTTP) || metadataLocation.startsWith(URI_PREFIX_HTTPS)) 
-			return createNewHTTPMetaDataProvider(metadataLocation, filter, IdForLogging, timer, pool);
-		
-		else {
-			String absoluteMetadataLocation;
-			try {
-				absoluteMetadataLocation = FileUtils.makeAbsoluteURL(
-						metadataLocation,
-						authConfig.getConfigurationRootDirectory().toURL().toString());
-				
-				if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) {
-					File metadataFile = new File(absoluteMetadataLocation);
-					if (metadataFile.exists())
-						return createNewFileSystemMetaDataProvider(metadataFile, filter, IdForLogging, timer, pool);
-					
-					else {
-						Logger.warn("SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist");
-						return null;
-					}
-					
-				}	
-				
-				
-			} catch (MalformedURLException e) {
-				Logger.warn("SAML2 metadata URL is invalid: " + metadataLocation, e);
-				
-			}
-							
-		}
-		
-		Logger.warn("SAML2 metadata has an unsupported metadata location prefix: " + metadataLocation);		
-		return null;
-		
-	}
-	
-	
-	/**
-	 * Create a single SAML2 filesystem based metadata provider
-	 * 
-	 * @param metadataFile File, where the metadata should be loaded
-	 * @param filter Filters, which should be used to validate the metadata
-	 * @param IdForLogging Id, which is used for Logging
-	 * @param timer {@link Timer} which is used to schedule metadata refresh operations
-	 * @param pool 
-	 * 
-	 * @return SAML2 Metadata Provider
-	 */	
-	private MetadataProvider createNewFileSystemMetaDataProvider(File metadataFile, MetadataFilter filter, String IdForLogging, Timer timer, ParserPool pool) {
-		FilesystemMetadataProvider fileSystemProvider = null;
-		try {
-			fileSystemProvider = new FilesystemMetadataProvider(timer, metadataFile);
-			fileSystemProvider.setParserPool(pool);
-			fileSystemProvider.setRequireValidMetadata(true);
-			fileSystemProvider.setMinRefreshDelay(1000*60*15); //15 minutes
-			fileSystemProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
-			//httpProvider.setRefreshDelayFactor(0.1F);
-			
-			fileSystemProvider.setMetadataFilter(filter);
-			fileSystemProvider.initialize();
-			
-			fileSystemProvider.setRequireValidMetadata(true);
-			
-			return fileSystemProvider;
-						
-		} catch (Exception e) {
-			Logger.warn(
-					"Failed to load Metadata file for "
-							+ IdForLogging + "[ "
-							+ "File: " + metadataFile.getAbsolutePath()
-							+ " Msg: " + e.getMessage() + " ]", e);
-			
-			
-			Logger.warn("Can not initialize SAML2 metadata provider from filesystem: " + metadataFile.getAbsolutePath()
-					+ " Reason: " + e.getMessage(), e);
-			
-			if (fileSystemProvider != null)
-				fileSystemProvider.destroy();
-			
-		}
-				
-		return null;
-				
-	}
-	
-	
-	
-	/**
-	 * Create a single SAML2 HTTP metadata provider
-	 * 
-	 * @param metadataURL URL, where the metadata should be loaded
-	 * @param filter Filters, which should be used to validate the metadata
-	 * @param IdForLogging Id, which is used for Logging
-	 * @param timer {@link Timer} which is used to schedule metadata refresh operations
-	 * @param pool 
-	 * 
-	 * @return SAML2 Metadata Provider
-	 */
-	private MetadataProvider createNewHTTPMetaDataProvider(String metadataURL, MetadataFilter filter, String IdForLogging, Timer timer, ParserPool pool) {
-		HTTPMetadataProvider httpProvider = null;
-		//Timer timer= null;
-		MOAHttpClient httpClient = null;
-		try {			
-			httpClient = new MOAHttpClient();
-			
-			HttpClientParams httpClientParams = new HttpClientParams();
-			httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
-			httpClient.setParams(httpClientParams);
-			
-			if (metadataURL.startsWith("https:")) {
-				try {
-					//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
-					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
-							PVPConstants.SSLSOCKETFACTORYNAME, 
-							authConfig.getTrustedCACertificates(),
-							null,
-							AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
-							authConfig.isTrustmanagerrevoationchecking(),
-							authConfig.getRevocationMethodOrder(),
-							authConfig.getBasicMOAIDConfigurationBoolean(
-									AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
-					
-					httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
-
-				} catch (MOAHttpProtocolSocketFactoryException e) {
-					Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
-					
-				}
-			}
-			
-//			timer = new Timer(true);
-			httpProvider = new HTTPMetadataProvider(timer, httpClient, 
-					metadataURL);
-			httpProvider.setParserPool(pool);
-			httpProvider.setRequireValidMetadata(true);
-			httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
-			httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
-			//httpProvider.setRefreshDelayFactor(0.1F);
-			
-			httpProvider.setMetadataFilter(filter);
-			httpProvider.initialize();
-			
-			httpProvider.setRequireValidMetadata(true);
-			
-			return httpProvider;
-						
-		} catch (Throwable e) {			
-			if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
-				Logger.warn("SSL-Server certificate for metadata " 
-						+ metadataURL + " not trusted.", e);
-				
-			} if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {				
-				Logger.warn("Signature verification for metadata" 
-						+ metadataURL + " FAILED.", e);
-			
-			} if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
-				Logger.warn("Schema validation for metadata " 
-						+ metadataURL + " FAILED.", e);								
-			}
-			
-			Logger.warn(
-					"Failed to load Metadata file for "
-							+ IdForLogging + "[ "
-							+ e.getMessage() + " ]", e);
-						
-			if (httpProvider != null) {
-				Logger.debug("Destroy failed Metadata provider");
-				httpProvider.destroy();
-			}
-			
-//			if (timer != null) {
-//				Logger.debug("Destroy Timer.");
-//				timer.cancel();
-//			}
-
-			
-		}
-		
-		return null;	
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
deleted file mode 100644
index dd94e0093..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
+++ /dev/null
@@ -1,218 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
-
-import java.security.KeyStore;
-import java.security.PrivateKey;
-import java.security.interfaces.ECPrivateKey;
-import java.security.interfaces.RSAPrivateKey;
-
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.x509.X509Credential;
-import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureConstants;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.opemsaml.MOAKeyStoreX509CredentialAdapter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public abstract class AbstractCredentialProvider {
-	
-	private KeyStore keyStore = null;
-	
-	/**
-	 * Get a friendlyName for this keyStore implementation
-	 * This friendlyName is used for logging
-	 * 
-	 * @return keyStore friendlyName
-	 */
-	public abstract String getFriendlyName();
-	
-	/**
-	 * Get KeyStore
-	 * 
-	 * @return URL to the keyStore
-	 * @throws ConfigurationException 
-	 */
-	public abstract String getKeyStoreFilePath() throws ConfigurationException;
-	
-	/**
-	 * Get keyStore password
-	 * 
-	 * @return Password of the keyStore
-	 */
-	public abstract String getKeyStorePassword();
-	
-	/**
-	 * Get alias of key for metadata signing
-	 * 
-	 * @return key alias
-	 */
-	public abstract String getMetadataKeyAlias();
-	
-	/**
-	 * Get password of key for metadata signing
-	 * 
-	 * @return key password
-	 */
-	public abstract String getMetadataKeyPassword();
-	
-	/**
-	 * Get alias of key for request/response signing
-	 * 
-	 * @return key alias
-	 */
-	public abstract String getSignatureKeyAlias();
-	
-	/**
-	 * Get password of key for request/response signing
-	 * 
-	 * @return key password
-	 */
-	public abstract String getSignatureKeyPassword();
-	
-	/**
-	 * Get alias of key for IDP response encryption
-	 * 
-	 * @return key alias
-	 */
-	public abstract String getEncryptionKeyAlias();
-	
-	/**
-	 * Get password of key for IDP response encryption
-	 * 
-	 * @return key password
-	 */
-	public abstract String getEncryptionKeyPassword();
-	
-	
-	public X509Credential getIDPMetaDataSigningCredential()
-			throws CredentialsNotAvailableException {
-		try {
-			
-			if (keyStore == null)
-				keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), 
-						getKeyStorePassword());
-
-			MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter(
-					keyStore, getMetadataKeyAlias(), getMetadataKeyPassword().toCharArray());
-
-			credentials.setUsageType(UsageType.SIGNING);
-			if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
-				Logger.error(getFriendlyName() + " Metadata Signing credentials is not found or contains no PrivateKey.");
-				throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: "
-						+ getMetadataKeyAlias() + ") is not found or contains no PrivateKey."});
-				
-			}
-			return credentials;
-		} catch (Exception e) {
-			Logger.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials");
-			e.printStackTrace();
-			throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
-		}
-	}
-
-	public X509Credential getIDPAssertionSigningCredential()
-			throws CredentialsNotAvailableException {
-		try {
-			if (keyStore == null)
-				keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), 
-						getKeyStorePassword());
-
-			MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter(
-					keyStore, getSignatureKeyAlias(), getSignatureKeyPassword().toCharArray());
-			
-			credentials.setUsageType(UsageType.SIGNING);
-			if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
-				Logger.error(getFriendlyName() + " Assertion Signing credentials is not found or contains no PrivateKey.");
-				throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: "
-						+ getSignatureKeyAlias() + ") is not found or contains no PrivateKey."});
-				
-			}
-			
-			return (X509Credential) credentials;
-		} catch (Exception e) {
-			Logger.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials");
-			e.printStackTrace();
-			throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
-		}
-	}
-	
-	public X509Credential getIDPAssertionEncryptionCredential()
-			throws CredentialsNotAvailableException {
-		try {
-			if (keyStore == null)
-				keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), 
-						getKeyStorePassword());
-
-			//if no encryption key is configured return null
-			if (MiscUtil.isEmpty(getEncryptionKeyAlias()))
-				return null;
-			
-			MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter(
-					keyStore, getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray());
-			
-			credentials.setUsageType(UsageType.ENCRYPTION);
-			
-			if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
-				Logger.error(getFriendlyName() + " Assertion Encryption credentials is not found or contains no PrivateKey.");
-				throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Encryption credentials (Alias: "
-						+ getEncryptionKeyAlias() + ") is not found or contains no PrivateKey."});
-				
-			}
-			
-			return (X509Credential) credentials;
-			
-		} catch (Exception e) {
-			Logger.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials");
-			e.printStackTrace();
-			throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
-		}
-	}
-	
-	public static Signature getIDPSignature(Credential credentials) {		
-		PrivateKey privatekey = credentials.getPrivateKey();		
-		Signature signer = SAML2Utils.createSAMLObject(Signature.class);
-		
-		if (privatekey instanceof RSAPrivateKey) {
-			signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
-			
-		} else if (privatekey instanceof ECPrivateKey) {
-			signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256);
-
-		} else {
-			Logger.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId() + " credential.");
-			
-			
-		}
-
-		signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);		
-		signer.setSigningCredential(credentials);
-		return signer;
-		
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
deleted file mode 100644
index 85de666c9..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-public class CredentialsNotAvailableException extends MOAIDException {
-
-	public CredentialsNotAvailableException(String messageId,
-			Object[] parameters) {
-		super(messageId, parameters);
-	}
-
-	public CredentialsNotAvailableException(String messageId,
-			Object[] parameters, Throwable e) {
-		super(messageId, parameters, e);
-	}
-	
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -2564476345552842599L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
index ebaef348c..389d97b18 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
@@ -25,14 +25,14 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
 import java.util.Properties;
 
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
-@Service("IDPCredentialProvider")
+//@Service("PVPIDPCredentialProvider")
 public class IDPCredentialProvider extends AbstractCredentialProvider {	
 	public static final String IDP_JAVAKEYSTORE = "idp.ks.file";
 	public static final String IDP_KS_PASS = "idp.ks.kspassword";
@@ -54,7 +54,7 @@ public class IDPCredentialProvider extends AbstractCredentialProvider {
 	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath()
 	 */
 	@Override
-	public String getKeyStoreFilePath() throws ConfigurationException {
+	public String getKeyStoreFilePath() throws EAAFException {
 		if (props == null)
 			props = authConfig.getGeneralPVP2ProperiesConfig();
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java
deleted file mode 100644
index ef64efb56..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
-
-public class SAMLSigner {
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
deleted file mode 100644
index 9d585bc86..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ /dev/null
@@ -1,292 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeStatement;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnStatement;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.xml.XMLObject;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class AssertionAttributeExtractor {
-	
-	private Assertion assertion = null;
-	private Map<String, List<String>> attributs = new HashMap<String, List<String>>();
-	//private PersonalAttributeList storkAttributes = new PersonalAttributeList();
-		
-	private final List<String> minimalMDSAttributeNamesList = Arrays.asList(
-			PVPConstants.PRINCIPAL_NAME_NAME, 
-			PVPConstants.GIVEN_NAME_NAME,
-			PVPConstants.BIRTHDATE_NAME,
-			PVPConstants.BPK_NAME);
-
-	private final List<String> minimalIDLAttributeNamesList = Arrays.asList(
-			PVPConstants.EID_IDENTITY_LINK_NAME,			
-			PVPConstants.EID_SOURCE_PIN_NAME,
-			PVPConstants.EID_SOURCE_PIN_TYPE_NAME);
-	
-	/**
-	 * Parse the SAML2 Response element and extracts included information
-	 * <br><br>
-	 * <b>INFO:</b> Actually, only the first SAML2 Assertion of the SAML2 Response is used!
-	 * 
-	 * @param samlResponse SAML2 Response
-	 * @throws AssertionAttributeExtractorExeption
-	 */
-	public AssertionAttributeExtractor(StatusResponseType samlResponse) throws AssertionAttributeExtractorExeption {
-		if (samlResponse != null && samlResponse instanceof Response) {
-			List<Assertion> assertions = ((Response) samlResponse).getAssertions();			
-			if (assertions.size() == 0) 
-				throw new AssertionAttributeExtractorExeption("Assertion");
-				
-			else if (assertions.size() > 1)
-				Logger.warn("Found more then ONE PVP2.1 assertions. Only the First is used.");
-			
-			assertion = assertions.get(0);
-
-			if (assertion.getAttributeStatements() != null &&
-					assertion.getAttributeStatements().size() > 0) {
-				AttributeStatement attrStat = assertion.getAttributeStatements().get(0);
-				for (Attribute attr : attrStat.getAttributes()) {
-					if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) {							
-						List<String> storkAttrValues = new ArrayList<String>();
-						for (XMLObject el : attr.getAttributeValues())
-							storkAttrValues.add(el.getDOM().getTextContent());
-						
-//						PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(), 
-//								false, storkAttrValues , "Available");
-//						storkAttributes.put(attr.getName(), storkAttr );
-						
-					} else {
-						List<String> attrList = new ArrayList<String>();
-						for (XMLObject el : attr.getAttributeValues())
-							attrList.add(el.getDOM().getTextContent());
-
-						attributs.put(attr.getName(), attrList);
-												
-					}
-			}
-				
-			}
-						
-		} else 
-			throw new AssertionAttributeExtractorExeption();		
-	}
-
-	/**
-	 * Get all SAML2 attributes from first SAML2 AttributeStatement element
-	 * 
-	 * @return List of SAML2 Attributes
-	 */
-	public List<Attribute> getAllResponseAttributesFromFirstAttributeStatement() {
-		return assertion.getAttributeStatements().get(0).getAttributes();
-		
-	}
-	
-	/**
-	 * Get all SAML2 attributes of specific SAML2 AttributeStatement element
-	 * 
-	 * @param attrStatementID List ID of the AttributeStatement element
-	 * @return List of SAML2 Attributes
-	 */
-	public List<Attribute> getAllResponseAttributes(int attrStatementID) {
-		return assertion.getAttributeStatements().get(attrStatementID).getAttributes();
-		
-	}
-	
-	/**
-	 * check attributes from assertion with minimal required attribute list
-	 * @return
-	 */
-	public boolean containsAllRequiredAttributes() {
-		return containsAllRequiredAttributes(minimalMDSAttributeNamesList) 
-				|| containsAllRequiredAttributes(minimalIDLAttributeNamesList);
-		
-	}
-	
-	/**
-	 * check attributes from assertion with attributeNameList
-	 * bPK or enc_bPK are always needed
-	 * 
-	 * @param List of attributes which are required
-	 * 
-	 * @return
-	 */
-	public boolean containsAllRequiredAttributes(Collection<String> attributeNameList) {		
-		
-		//first check if a bPK or an encrypted bPK is available
-		boolean flag = true;
-		for (String attr : attributeNameList) {
-			if (!attributs.containsKey(attr)) {
-				flag = false;					
-				Logger.debug("Assertion contains no Attribute " + attr);
-									
-			}
-					
-		}
-		
-		if (flag)
-			return flag;
-		
-		else {			
-			Logger.debug("Assertion contains no all minimum attributes from: " + attributeNameList.toString());
-			return false;
-			
-		}		
-	}
-	
-	public boolean containsAttribute(String attributeName) {
-		return attributs.containsKey(attributeName);
-		
-	}
-	
-	public String getSingleAttributeValue(String attributeName) {
-		if (attributs.containsKey(attributeName) && attributs.get(attributeName).size() > 0)
-			return attributs.get(attributeName).get(0);
-		else
-			return null;
-		
-	}
-	
-	public List<String> getAttributeValues(String attributeName) {
-		return attributs.get(attributeName);
-		
-	}
-	
-	/**
-	 * Return all include PVP attribute names
-	 * 
-	 * @return
-	 */
-	public Set<String> getAllIncludeAttributeNames() {
-		return attributs.keySet();
-		
-	}
-	
-//	public PersonalAttributeList getSTORKAttributes() {
-//		return storkAttributes;
-//	}
-	
-	
-	public String getNameID() throws AssertionAttributeExtractorExeption {		
-		if (assertion.getSubject() != null) {
-			Subject subject = assertion.getSubject();
-			
-			if (subject.getNameID() != null) {
-				if (MiscUtil.isNotEmpty(subject.getNameID().getValue()))					
-					return subject.getNameID().getValue();			
-				
-				else
-					Logger.error("SAML2 NameID Element is empty.");
-			}
-		}
-			
-		throw new AssertionAttributeExtractorExeption("nameID");
-	}
-	
-	public String getSessionIndex() throws AssertionAttributeExtractorExeption {		
-		AuthnStatement authn = getAuthnStatement();
-		
-		if (MiscUtil.isNotEmpty(authn.getSessionIndex()))
-			return authn.getSessionIndex();
-		
-		else
-			throw new AssertionAttributeExtractorExeption("SessionIndex");		
-	}
-
-	/**
-	 * @return
-	 * @throws AssertionAttributeExtractorExeption 
-	 */
-	public String getQAALevel() throws AssertionAttributeExtractorExeption {
-		AuthnStatement authn = getAuthnStatement();
-		if (authn.getAuthnContext() != null && authn.getAuthnContext().getAuthnContextClassRef() != null) {
-			AuthnContextClassRef qaaClass = authn.getAuthnContext().getAuthnContextClassRef();
-			
-			if (MiscUtil.isNotEmpty(qaaClass.getAuthnContextClassRef()))
-				return qaaClass.getAuthnContextClassRef();
-			
-			else
-				throw new AssertionAttributeExtractorExeption("AuthnContextClassRef (QAALevel)");			
-		}
-		
-		throw new AssertionAttributeExtractorExeption("AuthnContextClassRef");		
-	}
-	
-	public Assertion getFullAssertion() {
-		return assertion;
-	}
-	
-	
-	/**
-	 * Get the Assertion validTo period
-	 * 
-	 * Primarily, the 'SessionNotOnOrAfter' attribute in the SAML2 'AuthnStatment' element is used.
-	 * If this is empty, this method returns value of  SAML 'Conditions' element. 
-	 * 
-	 * @return Date, until this SAML2 assertion is valid
-	 */
-	public Date getAssertionNotOnOrAfter() {
-		if (getFullAssertion().getAuthnStatements() != null 
-				&& getFullAssertion().getAuthnStatements().size() > 0) {
-			for (AuthnStatement el : getFullAssertion().getAuthnStatements()) {
-				if (el.getSessionNotOnOrAfter() != null)
-					return (el.getSessionNotOnOrAfter().toDate());
-			}
-			
-		} 
-		
-		return getFullAssertion().getConditions().getNotOnOrAfter().toDate();
-					
-	}
-	
-	private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption {
-		List<AuthnStatement> authnList = assertion.getAuthnStatements();
-		if (authnList.size() == 0)
-			throw new AssertionAttributeExtractorExeption("AuthnStatement");
-		
-		else if (authnList.size() > 1)
-			Logger.warn("Found more then ONE AuthnStatements in PVP2.1 assertions. Only the First is used.");
-		
-		return authnList.get(0);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
index e02ecb662..d7ada1f36 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
@@ -35,6 +35,7 @@ import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.parse.BasicParserPool;
 import org.opensaml.xml.security.SecurityException;
 
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
deleted file mode 100644
index 29dd70545..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
+++ /dev/null
@@ -1,145 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
-
-import java.io.IOException;
-import java.security.NoSuchAlgorithmException;
-import java.util.List;
-
-import javax.xml.namespace.QName;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.TransformerException;
-
-import org.opensaml.Configuration;
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
-import org.opensaml.saml2.core.Status;
-import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.ws.soap.soap11.Body;
-import org.opensaml.ws.soap.soap11.Envelope;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.XMLObjectBuilderFactory;
-import org.opensaml.xml.io.Marshaller;
-import org.opensaml.xml.io.MarshallingException;
-import org.w3c.dom.Document;
-
-import at.gv.egiz.eaaf.core.impl.utils.Random;
-
-public class SAML2Utils {
-
-	public static <T> T createSAMLObject(final Class<T> clazz) {
-		try {
-			XMLObjectBuilderFactory builderFactory = Configuration
-					.getBuilderFactory();
-
-			QName defaultElementName = (QName) clazz.getDeclaredField(
-					"DEFAULT_ELEMENT_NAME").get(null);
-			@SuppressWarnings("unchecked")
-			T object = (T) builderFactory.getBuilder(defaultElementName)
-					.buildObject(defaultElementName);
-			return object;
-		} catch (Throwable e) {
-			e.printStackTrace();
-			return null;
-		}
-	}
-
-	public static String getSecureIdentifier() {
-		return "_".concat(Random.nextHexRandom16());
-		
-		/*Bug-Fix: There are open problems with RandomNumberGenerator via Java SPI and Java JDK 8.121 
-		*          Generation of a 16bit Random identifier FAILES with an  Caused by: java.lang.ArrayIndexOutOfBoundsException
-		*          Caused by: java.lang.ArrayIndexOutOfBoundsException
-							  at iaik.security.random.o.engineNextBytes(Unknown Source)
-							  at iaik.security.random.SecRandomSpi.engineNextBytes(Unknown Source)
-						      at java.security.SecureRandom.nextBytes(SecureRandom.java:468)
-						      at org.opensaml.common.impl.SecureRandomIdentifierGenerator.generateIdentifier(SecureRandomIdentifierGenerator.java:62)
-						      at org.opensaml.common.impl.SecureRandomIdentifierGenerator.generateIdentifier(SecureRandomIdentifierGenerator.java:56)
-						      at at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils.getSecureIdentifier(SAML2Utils.java:69)        
-		*/		
-		//return idGenerator.generateIdentifier();
-	}
-	
-	private static SecureRandomIdentifierGenerator idGenerator;
-	
-	private static DocumentBuilder builder;
-	static {
-		DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-		factory.setNamespaceAware(true);
-		try {
-			builder = factory.newDocumentBuilder();
-		} catch (ParserConfigurationException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-		try {
-			idGenerator = new SecureRandomIdentifierGenerator();
-		} catch(NoSuchAlgorithmException e) {
-			e.printStackTrace();
-		}
-	}
-
-	public static Document asDOMDocument(XMLObject object) throws IOException,
-			MarshallingException, TransformerException {
-		Document document = builder.newDocument();
-		Marshaller out = Configuration.getMarshallerFactory().getMarshaller(
-				object);
-		out.marshall(object, document);
-		return document;
-	}
-
-	public static Status getSuccessStatus() {
-		Status status = SAML2Utils.createSAMLObject(Status.class);
-		StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
-		statusCode.setValue(StatusCode.SUCCESS_URI);
-		status.setStatusCode(statusCode);
-		return status;
-	}
-	
-	public static int getDefaultAssertionConsumerServiceIndex(SPSSODescriptor spSSODescriptor) {
-		
-		List<AssertionConsumerService> assertionConsumerList = spSSODescriptor.getAssertionConsumerServices();
-		
-		for (AssertionConsumerService el : assertionConsumerList) {
-			if (el.isDefault())
-				return el.getIndex();
-			
-		}
-		
-		return 0;
-	}
-	
-    public static Envelope buildSOAP11Envelope(XMLObject payload) {
-        XMLObjectBuilderFactory bf = Configuration.getBuilderFactory();
-        Envelope envelope = (Envelope) bf.getBuilder(Envelope.DEFAULT_ELEMENT_NAME).buildObject(Envelope.DEFAULT_ELEMENT_NAME);
-        Body body = (Body) bf.getBuilder(Body.DEFAULT_ELEMENT_NAME).buildObject(Body.DEFAULT_ELEMENT_NAME);
-         
-        body.getUnknownXMLObjects().add(payload);
-        envelope.setBody(body);
-         
-        return envelope;
-    }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java
deleted file mode 100644
index 86ca591ee..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import javax.xml.namespace.QName;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.Validator;
-
-import org.opensaml.common.SignableSAMLObject;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.common.xml.SAMLSchemaBuilder;
-import org.opensaml.security.MetadataCriteria;
-import org.opensaml.security.SAMLSignatureProfileValidator;
-import org.opensaml.ws.message.MessageContext;
-import org.opensaml.ws.security.SecurityPolicyException;
-import org.opensaml.ws.security.SecurityPolicyRule;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.security.CriteriaSet;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.criteria.EntityIDCriteria;
-import org.opensaml.xml.security.criteria.UsageCriteria;
-import org.opensaml.xml.signature.SignatureTrustEngine;
-import org.opensaml.xml.validation.ValidationException;
-import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-public abstract class AbstractRequestSignedSecurityPolicyRule implements SecurityPolicyRule {
-
-	private SignatureTrustEngine trustEngine = null;
-	private QName peerEntityRole = null;
-	/**
-	 * @param peerEntityRole 
-	 * 
-	 */
-	public AbstractRequestSignedSecurityPolicyRule(SignatureTrustEngine trustEngine, QName peerEntityRole) {
-		this.trustEngine = trustEngine;
-		this.peerEntityRole = peerEntityRole;
-		
-	}
-	
-	
-	/**
-	 * Reload the PVP metadata for a given entity
-	 * 
-	 * @param entityID for which the metadata should be refreshed.
-	 * @return true if the refresh was successful, otherwise false
-	 */
-	protected abstract boolean refreshMetadataProvider(String entityID);
-	
-	
-	protected abstract SignableSAMLObject getSignedSAMLObject(XMLObject inboundData);
-	
-	/* (non-Javadoc)
-	 * @see org.opensaml.ws.security.SecurityPolicyRule#evaluate(org.opensaml.ws.message.MessageContext)
-	 */
-	@Override
-	public void evaluate(MessageContext context) throws SecurityPolicyException {
-		try {
-			verifySignature(context);
-			
-		} catch (SecurityPolicyException e) {
-			if (MiscUtil.isEmpty(context.getInboundMessageIssuer())) {
-				throw e;
-			
-			}			
-			Logger.debug("PVP2X message validation FAILED. Reload metadata for entityID: " + context.getInboundMessageIssuer());
-			if (!refreshMetadataProvider(context.getInboundMessageIssuer()))
-				throw e;
-			
-			else {
-				Logger.trace("PVP2X metadata reload finished. Check validate message again.");					
-				verifySignature(context);
-										
-			}
-			Logger.trace("Second PVP2X message validation finished");
-			
-		}
-
-		
-	}
-
-	private void verifySignature(MessageContext context) throws SecurityPolicyException {
-		SignableSAMLObject samlObj = getSignedSAMLObject(context.getInboundMessage());			
-		if (samlObj != null && samlObj.getSignature() != null) {
-						
-			SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
-			try {
-				profileValidator.validate(samlObj.getSignature());		    
-				performSchemaValidation(samlObj.getDOM());
-		    
-			} catch (ValidationException e) {
-				Logger.warn("Signature is not conform to SAML signature profile", e);
-				throw new SecurityPolicyException("Signature is not conform to SAML signature profile");
-		    
-			} catch (SchemaValidationException e) {
-				Logger.warn("Signature is not conform to SAML signature profile", e);
-				throw new SecurityPolicyException("Signature is not conform to SAML signature profile");
-			
-			}
-			
-			
-			
-			CriteriaSet criteriaSet = new CriteriaSet();
-			criteriaSet.add( new EntityIDCriteria(context.getInboundMessageIssuer()) );
-			criteriaSet.add( new MetadataCriteria(peerEntityRole, SAMLConstants.SAML20P_NS) );
-			criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
-						
-			try {
-				if (!trustEngine.validate(samlObj.getSignature(), criteriaSet)) {
-					throw new SecurityPolicyException("Signature validation FAILED.");
-					
-				}
-				Logger.debug("PVP message signature valid.");
-				
-			} catch (org.opensaml.xml.security.SecurityException e) {
-				Logger.info("PVP2x message signature validation FAILED. Message:" + e.getMessage());
-				throw new SecurityPolicyException("Signature validation FAILED.");
-				
-			}
-			
-		} else {
-			throw new SecurityPolicyException("PVP Message is not signed.");
-			
-		}
-				
-	}
-	
-	private void performSchemaValidation(Element source) throws SchemaValidationException {
-			
-		String err = null;
-		try {
-			Schema test = SAMLSchemaBuilder.getSAML11Schema();
-			Validator val = test.newValidator();		
-			val.validate(new DOMSource(source));
-			Logger.debug("Schema validation check done OK");
-			return;
-			
-		} catch (SAXException e) {
-			err = e.getMessage();
-			if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
-				Logger.warn("Schema validation FAILED with exception:", e);
-			else
-				Logger.warn("Schema validation FAILED with message: "+ e.getMessage());
-							
-		} catch (Exception e) {
-			err = e.getMessage();
-			if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
-				Logger.warn("Schema validation FAILED with exception:", e);
-			else
-				Logger.warn("Schema validation FAILED with message: "+ e.getMessage());
-						
-		}
-			
-		throw new SchemaValidationException("pvp2.22", new Object[]{err});
-			
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
deleted file mode 100644
index 7b7ba6883..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.NameIDPolicy;
-
-import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
-import at.gv.egovernment.moaspss.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class AuthnRequestValidator {
-
-	public static void validate(AuthnRequest req) throws AuthnRequestValidatorException{
-
-		//validate NameIDPolicy
-		NameIDPolicy nameIDPolicy = req.getNameIDPolicy();
-		if (nameIDPolicy != null) {
-			String nameIDFormat = nameIDPolicy.getFormat();
-			if (nameIDFormat != null) {
-				if ( !(NameID.TRANSIENT.equals(nameIDFormat) ||
-						NameID.PERSISTENT.equals(nameIDFormat) ||
-						NameID.UNSPECIFIED.equals(nameIDFormat)) ) {
-				
-					throw new NameIDFormatNotSupportedException(nameIDFormat);
-					
-				}
-				
-			} else
-				Logger.trace("Find NameIDPolicy, but NameIDFormat is 'null'");							
-		} else
-			Logger.trace("AuthnRequest includes no 'NameIDPolicy'");
-			
-		
-		
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
index a9f9b206e..91de943d5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
@@ -28,7 +28,8 @@ import java.util.List;
 
 import org.opensaml.saml2.core.RequestAbstractType;
 
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.ISAMLValidator;
 
 public class ChainSAMLValidator implements ISAMLValidator {
 
@@ -39,7 +40,7 @@ private List<ISAMLValidator> validator = new ArrayList<ISAMLValidator>();
 	}
 	
 	public void validateRequest(RequestAbstractType request)
-			throws MOAIDException {
+			throws EAAFException {
 		Iterator<ISAMLValidator> validatorIterator = validator.iterator();
 		while(validatorIterator.hasNext()) {
 			ISAMLValidator validator = validatorIterator.next();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java
deleted file mode 100644
index 4f697d986..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import org.opensaml.saml2.core.RequestAbstractType;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-public interface ISAMLValidator {
-	public void validateRequest(RequestAbstractType request) throws MOAIDException;
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java
deleted file mode 100644
index 7b3f890e9..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SignableSAMLObject;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.signature.SignatureTrustEngine;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class MOAPVPSignedRequestPolicyRule extends
-		AbstractRequestSignedSecurityPolicyRule {
-
-	private IMOARefreshableMetadataProvider metadataProvider = null;
-	
-	/**
-	 * @param metadataProvider 
-	 * @param trustEngine
-	 * @param peerEntityRole
-	 */
-	public MOAPVPSignedRequestPolicyRule(MetadataProvider metadataProvider, SignatureTrustEngine trustEngine,
-			QName peerEntityRole) {
-		super(trustEngine, peerEntityRole);
-		if (metadataProvider instanceof IMOARefreshableMetadataProvider)
-			this.metadataProvider = (IMOARefreshableMetadataProvider) metadataProvider;
-				
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#refreshMetadataProvider(java.lang.String)
-	 */
-	@Override
-	protected boolean refreshMetadataProvider(String entityID) {
-		if (metadataProvider != null)
-			return metadataProvider.refreshMetadataProvider(entityID);
-		
-		return false;
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#getSignedSAMLObject(org.opensaml.xml.XMLObject)
-	 */
-	@Override
-	protected SignableSAMLObject getSignedSAMLObject(XMLObject inboundData) {
-		if (inboundData instanceof SignableSAMLObject)
-			return (SignableSAMLObject) inboundData;
-		
-		else
-			return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOASAML2AuthRequestSignedRole.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOASAML2AuthRequestSignedRole.java
deleted file mode 100644
index efcf21b50..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOASAML2AuthRequestSignedRole.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import org.opensaml.common.binding.SAMLMessageContext;
-import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule;
-import org.opensaml.ws.transport.http.HTTPInTransport;
-import org.opensaml.xml.util.DatatypeHelper;
-
-/**
- * @author tlenz
- *
- */
-public class MOASAML2AuthRequestSignedRole extends SAML2AuthnRequestsSignedRule {
-
-	@Override
-    protected boolean isMessageSigned(SAMLMessageContext messageContext) {        
-        // This handles HTTP-Redirect and HTTP-POST-SimpleSign bindings.
-        HTTPInTransport inTransport = (HTTPInTransport) messageContext.getInboundMessageTransport();
-        String sigParam = inTransport.getParameterValue("Signature");
-        boolean isSigned = !DatatypeHelper.isEmpty(sigParam);
-        
-        String sigAlgParam = inTransport.getParameterValue("SigAlg");
-        boolean isSigAlgExists = !DatatypeHelper.isEmpty(sigAlgParam);
-        
-        return isSigned && isSigAlgExists;
-               
-    }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
index 952a6024a..9abaf9330 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
@@ -27,13 +27,14 @@ import org.opensaml.saml2.core.RequestAbstractType;
 import org.opensaml.security.SAMLSignatureProfileValidator;
 import org.opensaml.xml.validation.ValidationException;
 
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.ISAMLValidator;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.SAMLRequestNotSignedException;
 
 public class SAMLSignatureValidator implements ISAMLValidator {
 
 	public void validateRequest(RequestAbstractType request)
-			throws MOAIDException {
+			throws EAAFException {
 		if (request.getSignature() == null) {
 			throw new SAMLRequestNotSignedException();
 		}
@@ -48,7 +49,7 @@ public class SAMLSignatureValidator implements ISAMLValidator {
 	}
 
 	public static void validateSignable(SignableSAMLObject signableObject)
-			throws MOAIDException {
+			throws EAAFException {
 		if (signableObject.getSignature() == null) {
 			throw new SAMLRequestNotSignedException();
 		}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
index d89d04664..e8aa93d43 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
@@ -23,7 +23,7 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
 
 import java.io.IOException;
-import java.util.List;
+import java.security.cert.CertificateException;
 
 import org.opensaml.saml2.metadata.EntitiesDescriptor;
 import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -36,79 +36,34 @@ import org.opensaml.xml.validation.ValidationException;
 
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.SAMLRequestNotSignedException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.x509.X509Certificate;
 
 public class EntityVerifier {
 
-	public static byte[] fetchSavedCredential(String entityID) {
-//		List<OnlineApplication> oaList = ConfigurationDBRead
-//				.getAllActiveOnlineApplications();
-		try { 
-			ISPConfiguration oa = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);
-		
-			if (oa == null) {
-				Logger.debug("No OnlineApplication with EntityID: " + entityID);
-				return null;
-				
-			}
-			
-			String certBase64 = oa.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
-			if (MiscUtil.isNotEmpty(certBase64)) {
-				return Base64Utils.decode(certBase64, false);
-			
-			}
-			
-		} catch (ConfigurationException | EAAFConfigurationException e) {
-			Logger.error("Access MOA-ID configuration FAILED.", e);
-			
-		} catch (IOException e) {
-			Logger.warn("Decoding PVP2X metadata certificate FAILED.", e);
-			
-		}
-		
-		return null;
-	}
-
 	public static void verify(EntityDescriptor entityDescriptor)
-			throws MOAIDException {
-		if (entityDescriptor.getSignature() == null) {
-			throw new SAMLRequestNotSignedException();
-		}
-
-		try {
-			SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
-			sigValidator.validate(entityDescriptor.getSignature());
-		} catch (ValidationException e) {
-			Logger.error("Failed to validate Signature", e);
-			throw new SAMLRequestNotSignedException(e);
-		}
-
+			throws EAAFException {
+		
 		Credential credential = getSPTrustedCredential(entityDescriptor.getEntityID());
 		if (credential == null) {
 			throw new NoCredentialsException(entityDescriptor.getEntityID());
 		}
-
-		SignatureValidator sigValidator = new SignatureValidator(credential);
-		try {
-			sigValidator.validate(entityDescriptor.getSignature());
-		} catch (ValidationException e) {
-			Logger.error("Failed to verfiy Signature", e);
-			throw new SAMLRequestNotSignedException(e);
-		}
+		
+		verify(entityDescriptor, credential);
+	
 	}
 
 	public static void verify(EntityDescriptor entityDescriptor, Credential cred)
-			throws MOAIDException {
+			throws EAAFException {
 		if (entityDescriptor.getSignature() == null) {
 			throw new SAMLRequestNotSignedException();
 		}
@@ -131,7 +86,7 @@ public class EntityVerifier {
 	}
 
 	public static void verify(EntitiesDescriptor entityDescriptor,
-			Credential cred) throws MOAIDException {
+			Credential cred) throws EAAFException {
 		if (entityDescriptor.getSignature() == null) {
 			throw new SAMLRequestNotSignedException();
 		}
@@ -153,55 +108,11 @@ public class EntityVerifier {
 			throw new SAMLRequestNotSignedException(e);
 		}
 	}
-
-	public static void verify(EntitiesDescriptor entityDescriptor)
-			throws MOAIDException {
-		if (entityDescriptor.getSignature() == null) {
-			throw new SAMLRequestNotSignedException();
-		}
-
-		try {
-			SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
-			sigValidator.validate(entityDescriptor.getSignature());
-		} catch (ValidationException e) {
-			Logger.error("Failed to validate Signature", e);
-			throw new SAMLRequestNotSignedException(e);
-		}
-
-		List<EntityDescriptor> entities = entityDescriptor
-				.getEntityDescriptors();
-
-		if (entities.size() > 0) {
-
-			if (entities.size() > 1) {
-				Logger.warn("More then one EntityID in Metadatafile with Name "
-						+ entityDescriptor.getName()
-						+ " defined. Actually only the first"
-						+ " entryID is used to select the certificate to perform Metadata verification.");
-			}
-
-			Credential credential = getSPTrustedCredential(entities.get(0).getEntityID());
-
-			if (credential == null) {
-				throw new NoCredentialsException("moaID IDP");
-			}
-
-			SignatureValidator sigValidator = new SignatureValidator(credential);
-			try {
-				sigValidator.validate(entityDescriptor.getSignature());
-
-			} catch (ValidationException e) {
-				Logger.error("Failed to verfiy Signature", e);
-				throw new SAMLRequestNotSignedException(e);
-			}
-		}
-	}
-	
+		
 	public static Credential getSPTrustedCredential(String entityID)
 			throws CredentialsNotAvailableException {
 
-		iaik.x509.X509Certificate cert = PVPConfiguration.getInstance()
-				.getTrustEntityCertificate(entityID);
+		iaik.x509.X509Certificate cert = getTrustEntityCertificate(entityID);
 		
 		if (cert == null) {
 			throw new CredentialsNotAvailableException("ServiceProvider Certificate can not be loaded from Database", null);
@@ -214,5 +125,46 @@ public class EntityVerifier {
 
 		return credential;
 	}
+	
+	private static iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) {
+		
+		try {
+			Logger.trace("Load metadata signing certificate for online application " + entityID);
+			ISPConfiguration  oaParam = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);		
+			if (oaParam == null) {
+				Logger.info("Online Application with ID " + entityID + " not found!");
+				return null;
+			}
+		
+			String pvp2MetadataCertificateString = 
+					oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);		 
+			if (MiscUtil.isEmpty(pvp2MetadataCertificateString)) {
+				Logger.info("Online Application with ID " + entityID + " include not PVP2X metadata signing certificate!");
+				return null;
+				
+			}	
+			
+			X509Certificate cert = new X509Certificate(Base64Utils.decode(pvp2MetadataCertificateString, false));
+			Logger.debug("Metadata signing certificate is loaded for ("+entityID+") is loaded.");
+			return cert;
+			
+		} catch (CertificateException e) {
+			Logger.warn("Metadata signer certificate is not parsed.", e);
+			return null;
+			
+		} catch (ConfigurationException e) {
+			Logger.error("Configuration is not accessable.", e);
+			return null;
+			
+		} catch (IOException e) {
+			Logger.warn("Metadata signer certificate is not decodeable.", e);
+			return null;
+			
+		} catch (EAAFConfigurationException e) {
+			Logger.error("Configuration is not accessable.", e);
+			return null;
+			
+		}
+	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
deleted file mode 100644
index 50bc7fb68..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ /dev/null
@@ -1,197 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
-
-import javax.xml.namespace.QName;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.Validator;
-
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.common.xml.SAMLSchemaBuilder;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.security.MetadataCriteria;
-import org.opensaml.security.SAMLSignatureProfileValidator;
-import org.opensaml.xml.security.CriteriaSet;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.criteria.EntityIDCriteria;
-import org.opensaml.xml.security.criteria.UsageCriteria;
-import org.opensaml.xml.signature.SignatureTrustEngine;
-import org.opensaml.xml.validation.ValidationException;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
-
-import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-@Service("SAMLVerificationEngine")
-public class SAMLVerificationEngine {
-		
-	@Autowired(required=true) MOAMetadataProvider metadataProvider;
-	
-	public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
-		try {		
-			if (msg instanceof MOARequest &&  
-					((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType)
-				verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine);
-		
-			else
-				verifyIDPResponse(((MOAResponse)msg).getResponse(), sigTrustEngine);
-			
-		} catch (InvalidProtocolRequestException e) {
-			if (MiscUtil.isEmpty(msg.getEntityID())) {
-				throw e;
-			
-			}			
-			Logger.debug("PVP2X message validation FAILED. Relead metadata for entityID: " + msg.getEntityID());
-						
-			if (metadataProvider == null || !metadataProvider.refreshMetadataProvider(msg.getEntityID()))
-				throw e;
-			
-			else {
-				Logger.trace("PVP2X metadata reload finished. Check validate message again.");
-					
-				if (msg instanceof MOARequest && 
-						((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType)
-					verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine);
-				
-				else
-					verifyIDPResponse(((MOAResponse)msg).getResponse(), sigTrustEngine);
-										
-			}
-			Logger.trace("Second PVP2X message validation finished");
-		}		
-	}
-	
-	public void verifyIDPResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine) throws InvalidProtocolRequestException{
-		verifyResponse(samlObj, sigTrustEngine, IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-		
-	}
-	
-	public void verifySLOResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException {
-		verifyResponse(samlObj, sigTrustEngine, SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-		
-	}
-	
-	private void verifyResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine, QName defaultElementName)  throws InvalidProtocolRequestException{
-		SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
-		try {
-		    profileValidator.validate(samlObj.getSignature());
-		    performSchemaValidation(samlObj.getDOM());
-		    
-		} catch (ValidationException e) {
-			 Logger.warn("Signature is not conform to SAML signature profile", e);
-			 throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature is not conform to SAML signature profile");
-		
-		} catch (SchemaValidationException e) {			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, "SAML response does not fit XML scheme");
-		
-		}
-
-		CriteriaSet criteriaSet = new CriteriaSet();
-		criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) );
-		criteriaSet.add( new MetadataCriteria(defaultElementName, SAMLConstants.SAML20P_NS) );
-		criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
-
-		try {
-		    if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
-		    	throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML response");
-		    }
-		} catch (org.opensaml.xml.security.SecurityException e) {
-		    Logger.warn("PVP2x message signature validation FAILED.", e);
-		    throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML response");
-		}
-	}
-	
-	public void verifyRequest(RequestAbstractType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException {
-		SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
-		try {
-		    profileValidator.validate(samlObj.getSignature());		    
-		    performSchemaValidation(samlObj.getDOM());
-		    
-		} catch (ValidationException e) {
-		    Logger.warn("Signature is not conform to SAML signature profile", e);
-		    throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Scheme validation FAILED on SAML request");
-		    
-		} catch (SchemaValidationException e) {			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, "Scheme verification FAILED on SAML request");
-			
-		}
-
-		CriteriaSet criteriaSet = new CriteriaSet();
-		criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) );
-		criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
-		criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
-
-		try {
-		    if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
-		        throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML request");
-		    }
-		} catch (org.opensaml.xml.security.SecurityException e) {
-			Logger.warn("PVP2x message signature validation FAILED.", e);
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML request");
-		}
-	}
-		
-	protected void performSchemaValidation(Element source) throws SchemaValidationException {
-		
-		String err = null;
-		try {
-			Schema test = SAMLSchemaBuilder.getSAML11Schema();
-			Validator val = test.newValidator();		
-			val.validate(new DOMSource(source));
-			Logger.debug("Schema validation check done OK");
-			return;
-		
-		} catch (SAXException e) {
-			err = e.getMessage();
-			if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
-				Logger.warn("Schema validation FAILED with exception:", e);
-			else
-				Logger.warn("Schema validation FAILED with message: "+ e.getMessage());
-						
-		} catch (Exception e) {
-			err = e.getMessage();
-			if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
-				Logger.warn("Schema validation FAILED with exception:", e);
-			else
-				Logger.warn("Schema validation FAILED with message: "+ e.getMessage());
-						
-		}
-		
-		throw new SchemaValidationException("pvp2.22", new Object[]{err});
-		
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
index 385fe90fb..d1d8c9368 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
@@ -47,11 +47,12 @@ import org.opensaml.xml.validation.ValidationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SAMLVerificationEngine;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
deleted file mode 100644
index 3ea124db6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
+++ /dev/null
@@ -1,87 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.security.MetadataCredentialResolver;
-import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
-import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
-import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
-import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
-import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
-import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
-import org.opensaml.xml.signature.SignatureTrustEngine;
-import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
-//import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine;
-//import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver;
-
-public class TrustEngineFactory {
-
-//	public static SignatureTrustEngine getSignatureTrustEngine() {
-//		try {
-//			MetadataPKIXValidationInformationResolver mdResolver = new MetadataPKIXValidationInformationResolver(
-//					MOAMetadataProvider.getInstance());
-//
-//			List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
-//			keyInfoProvider.add(new DSAKeyValueProvider());
-//			keyInfoProvider.add(new RSAKeyValueProvider());
-//			keyInfoProvider.add(new InlineX509DataProvider());
-//
-//			KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
-//					keyInfoProvider);
-//
-//			PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine(
-//					mdResolver, keyInfoResolver);
-//
-//			return engine;
-//
-//		} catch (Exception e) {
-//			e.printStackTrace();
-//			return null;
-//		}
-//	}
-
-	public static SignatureTrustEngine getSignatureKnownKeysTrustEngine(MetadataProvider provider) {
-		MetadataCredentialResolver resolver;
-
-		resolver = new MetadataCredentialResolver(provider);
-
-		List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
-		keyInfoProvider.add(new DSAKeyValueProvider());
-		keyInfoProvider.add(new RSAKeyValueProvider());
-		keyInfoProvider.add(new InlineX509DataProvider());
-
-		KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
-				keyInfoProvider);
-
-		ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(
-				resolver, keyInfoResolver);
-
-		return engine;
-
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
index 589713c4b..57f1c2f9a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
@@ -23,23 +23,20 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
 
 import java.security.cert.CertificateException;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
 
 import org.opensaml.saml2.metadata.EntitiesDescriptor;
 import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.security.credential.Credential;
 import org.opensaml.xml.security.x509.BasicX509Credential;
 
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.AbstractMetadataSignatureFilter;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
 import at.gv.egovernment.moa.logging.Logger;
 import iaik.x509.X509Certificate;
 
-public class MetadataSignatureFilter implements MetadataFilter {
+public class MetadataSignatureFilter extends AbstractMetadataSignatureFilter {
 	
 	private String metadataURL;
 	private BasicX509Credential savedCredential;
@@ -52,111 +49,52 @@ public class MetadataSignatureFilter implements MetadataFilter {
 		savedCredential.setEntityCertificate(cert);
 	}
 	
-	public void processEntityDescriptorr(EntityDescriptor desc) throws MOAIDException {
-		
-//		String entityID = desc.getEntityID();
-		
-		EntityVerifier.verify(desc);
-	}
-	
-	public void processEntitiesDescriptor(EntitiesDescriptor desc) throws MOAIDException {
-		Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator();
-		
-		if(desc.getSignature() != null) {
-			EntityVerifier.verify(desc, this.savedCredential);
+	@Override
+	protected void verify(EntityDescriptor desc) throws PVP2MetadataException {
+		try {
+			EntityVerifier.verify(desc);
+			
+		} catch (EAAFException e) {
+			Logger.info("PVP2 metadata verification FAILED for entity: " + desc.getEntityID()
+					+ " Reason: " + e.getMessage());
+			throw new PVP2MetadataException("PVP2 metadata verification FAILED for entity: " + desc.getEntityID(), null, e);
 		}
 		
-		while(entID.hasNext()) {
-			processEntitiesDescriptor(entID.next());
-		}
-				
-		Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator();
+	}
 
-		List<EntityDescriptor> verifiedEntIT = new ArrayList<EntityDescriptor>();
-		
-		//check every Entity
-		
-		while(entIT.hasNext()) {
-			
-			EntityDescriptor entity = entIT.next();
-			
-			String entityID = entity.getEntityID();
-			
-			//CHECK if Entity also match MetaData signature.
-			/*This check is necessary to prepend declaration of counterfeit OA metadata!!*/
-			Logger.debug("Validate metadata for entityID: " + entityID + " ..... ");
-			byte[] entityCert = EntityVerifier.fetchSavedCredential(entityID);
-						
-			if (entityCert != null) {
+	@Override
+	protected void verify(EntitiesDescriptor desc) throws PVP2MetadataException {
+		try {
+			EntityVerifier.verify(desc, this.savedCredential);
 			
-				X509Certificate cert;
-				try {
-					cert = new X509Certificate(entityCert);
-					BasicX509Credential entityCrendential = new BasicX509Credential();
-					entityCrendential.setEntityCertificate(cert);
-	
-					EntityVerifier.verify(desc, entityCrendential);
-					
-					//add entity to verified entity-list					
-					verifiedEntIT.add(entity);
-					Logger.debug("Metadata for entityID: " + entityID + " valid");
-					
-					
-				} catch (Exception e) {
-
-					//remove entity of signature can not be verified.
-					Logger.info("Entity " + entityID + " is removed from metadata " 
-							+ desc.getName() + ". Entity verification error: " + e.getMessage());
-//					throw new MOAIDException("The App", null, e);
-				}
-				
-			} else {
-				//remove entity if it is not registrated as OA
-				Logger.info("Entity " + entityID + " is removed from metadata " 
-						+ desc.getName() + ". Entity is not registrated or no certificate is found!");				
-//				throw new NoCredentialsException("NO Certificate found for OA " + entityID);
-			}
+		} catch (EAAFException e) {
+			Logger.info("PVP2 metadata verification FAILED for metadata from URL: " + metadataURL
+				+ " Reason: " + e.getMessage());
+			throw new PVP2MetadataException("PVP2 metadata verification FAILED for metadata from URL: " + metadataURL, null, e);
 			
-			//TODO: insert to support signed Entity-Elements
-			//processEntityDescriptorr(entIT.next());
-		}		
+		}
 		
-		//set only verified entity elements
-		desc.getEntityDescriptors().clear();
-		desc.getEntityDescriptors().addAll(verifiedEntIT);
 	}
-	
-	public void doFilter(XMLObject metadata) throws SignatureValidationException {
+
+	@Override
+	protected void verify(EntityDescriptor entity, EntitiesDescriptor entities) throws PVP2MetadataException {		
 		try {
-			if (metadata instanceof EntitiesDescriptor) {
-				EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
-				if(entitiesDescriptor.getSignature() == null) {
-					throw new MOAIDException("Root element of metadata file has to be signed", null);
-				}
-				processEntitiesDescriptor(entitiesDescriptor);
-				
-				
-				if (entitiesDescriptor.getEntityDescriptors().size() == 0) {
-					throw new MOAIDException("No valid entity in metadata "
-							+ entitiesDescriptor.getName() + ". Metadata is not loaded.", null);
-				}
-				
-				
-			} else if (metadata instanceof EntityDescriptor) {
-				EntityDescriptor entityDescriptor = (EntityDescriptor) metadata;
-				processEntityDescriptorr(entityDescriptor);
+			if (entity.isSigned()) {
+				Logger.debug("EntityDescriptor: " + entity.getEntityID() + " is signed. Starting signature verification ... ");
+				EntityVerifier.verify(entity);
 				
 			} else {
-				throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
+				Logger.debug("EntityDescriptor: " + entity.getEntityID() + " is not signed. Verify EntitiesDescriptor by using 'Entity' certificate ...  ");
+				Credential entityCredential = EntityVerifier.getSPTrustedCredential(entity.getEntityID());
+				EntityVerifier.verify(entities, entityCredential);
+				
 			}
 			
+		} catch (EAAFException e) {
+			Logger.info("PVP2 metadata verification FAILED for metadata from URL: " + metadataURL
+				+ " Reason: " + e.getMessage());
+			throw new PVP2MetadataException("PVP2 metadata verification FAILED for metadata from URL: " + metadataURL, null, e);
 			
-			
-			Logger.info("Metadata signature policy check done OK");
-		} catch (MOAIDException e) {
-			Logger.warn("Metadata signature policy check FAILED.", e);
-			throw new SignatureValidationException(e);
 		}
 	}
-
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
deleted file mode 100644
index caabfea30..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
+++ /dev/null
@@ -1,230 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.common.Extensions;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.EntitiesDescriptor;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.LocalizedString;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.ServiceName;
-import org.opensaml.saml2.metadata.provider.FilterException;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.samlext.saml2mdattr.EntityAttributes;
-import org.opensaml.xml.XMLObject;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.Trible;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moaspss.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class PVPEntityCategoryFilter implements MetadataFilter {
-
-
-	private boolean isUsed = false;
-	
-	/**
-	 * Filter to map PVP EntityCategories into a set of single PVP attributes 
-	 * 
-	 * @param isUsed if true PVP EntityCategories are mapped, otherwise they are ignored
-	 * 
-	 */
-	public PVPEntityCategoryFilter(boolean isUsed) {
-		this.isUsed = isUsed;
-	}
-	
-	
-	/* (non-Javadoc)
-	 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
-	 */
-	@Override
-	public void doFilter(XMLObject metadata) throws FilterException {
-		
-		if (isUsed) {
-			Logger.trace("Map PVP EntityCategory to single PVP Attributes ... ");
-			String entityId = null;
-			try {
-				if (metadata instanceof EntitiesDescriptor) {
-					Logger.trace("Find EnitiesDescriptor ... ");
-					EntitiesDescriptor entitiesDesc = (EntitiesDescriptor) metadata;
-					if (entitiesDesc.getEntityDescriptors() != null) {
-						for (EntityDescriptor el : entitiesDesc.getEntityDescriptors()) 
-							resolveEntityCategoriesToAttributes(el);
-						
-					}
-									
-				} else if (metadata instanceof EntityDescriptor) {
-					Logger.trace("Find EntityDescriptor");
-					resolveEntityCategoriesToAttributes((EntityDescriptor)metadata);
-					
-					
-				} else
-					throw new MOAIDException("Invalid Metadata file Root element is no Entities- or EntityDescriptor", null);
-				
-				
-				
-			} catch (Exception e) {
-				Logger.warn("SAML2 Metadata processing FAILED: Can not resolve EntityCategories for metadata: " + entityId, e);
-				
-			}
-			
-		} else
-			Logger.trace("Filter to map PVP EntityCategory to single PVP Attributes is deactivated");
-		
-	}
-
-	private void resolveEntityCategoriesToAttributes(EntityDescriptor metadata) {
-		Logger.debug("Resolving EntityCategorie for Entity: " + metadata.getEntityID() + " ...");
-		Extensions extensions = metadata.getExtensions();
-		if (extensions != null) {
-			List<XMLObject> listOfExt = extensions.getUnknownXMLObjects();
-			if (listOfExt != null && !listOfExt.isEmpty()) {
-				Logger.trace("Find #" + listOfExt.size() + " 'Extension' elements ");
-				for (XMLObject el : listOfExt) {
-					Logger.trace("Find ExtensionElement: " + el.getElementQName().toString());
-					if (el instanceof EntityAttributes) {
-						EntityAttributes entityAttrElem = (EntityAttributes)el;
-						if (entityAttrElem.getAttributes() != null) {
-							Logger.trace("Find EntityAttributes. Start attribute processing ...");
-							for (Attribute entityAttr : entityAttrElem.getAttributes()) {
-								if (entityAttr.getName().equals(PVPConstants.ENTITY_CATEGORY_ATTRIBITE)) {
-									if (!entityAttr.getAttributeValues().isEmpty()) {
-										String entityAttrValue = entityAttr.getAttributeValues().get(0).getDOM().getTextContent();
-										if (PVPConstants.EGOVTOKEN.equals(entityAttrValue)) {
-											Logger.debug("Find 'EGOVTOKEN' EntityAttribute. Adding single pvp attributes ... ");
-											addAttributesToEntityDescriptor(metadata, 
-													buildAttributeList(PVPConstants.EGOVTOKEN_PVP_ATTRIBUTES), 
-													entityAttrValue);
-											
-																													
-										} else if (PVPConstants.CITIZENTOKEN.equals(entityAttrValue)) {
-											Logger.debug("Find 'CITIZENTOKEN' EntityAttribute. Adding single pvp attributes ... ");
-											addAttributesToEntityDescriptor(metadata, 
-													buildAttributeList(PVPConstants.CITIZENTOKEN_PVP_ATTRIBUTES), 
-													entityAttrValue);
-											
-										} else
-											Logger.info("EntityAttributeValue: " + entityAttrValue + " is UNKNOWN!");
-																			
-									} else
-										Logger.info("EntityAttribute: No attribute value");
-																		
-								} else 
-									Logger.info("EntityAttribute: " + entityAttr.getName() + " is NOT supported");
-								
-							}
-										
-						} else
-							Logger.info("Can NOT resolve EntityAttributes! Reason: Only EntityAttributes are supported!");
-						
-					}					
-				}
-				
-			} else
-				Logger.trace("'Extension' element is 'null' or empty");
-			
-		} else
-			Logger.trace("No 'Extension' element found");
-				
-	}
-	
-	/**
-	 * @param metadata
-	 * @param attrList
-	 */
-	private void addAttributesToEntityDescriptor(EntityDescriptor metadata, List<RequestedAttribute> attrList, String entityAttr) {
-		SPSSODescriptor spSSODesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-		if (spSSODesc != null) {
-			if (spSSODesc.getAttributeConsumingServices() == null || 
-					spSSODesc.getAttributeConsumingServices().isEmpty()) {
-				Logger.trace("No 'AttributeConsumingServices' found. Added it ...");
-				
-				AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class);						
-				attributeService.setIndex(0);
-				attributeService.setIsDefault(true);
-				ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class);
-				serviceName.setName(new LocalizedString("Default Service", "en"));
-				attributeService.getNames().add(serviceName);
-				
-				if (attrList != null && !attrList.isEmpty()) {
-					attributeService.getRequestAttributes().addAll(attrList);
-					Logger.info("Add  " + attrList.size() + " attributes for 'EntityAttribute': " + entityAttr);
-					
-				}
-				
-				spSSODesc.getAttributeConsumingServices().add(attributeService);
-				
-			} else {
-				Logger.debug("Find 'AttributeConsumingServices'. Starting updating process ... ");
-				for (AttributeConsumingService el : spSSODesc.getAttributeConsumingServices()) {
-					Logger.debug("Update 'AttributeConsumingService' with Index: " + el.getIndex());
-					
-					//load currently requested attributes
-					List<String> currentlyReqAttr = new ArrayList<String>();
-					for (RequestedAttribute reqAttr : el.getRequestAttributes())
-						currentlyReqAttr.add(reqAttr.getName());
-						
-
-					//check against EntityAttribute List
-					for (RequestedAttribute entityAttrListEl : attrList) {
-						if (!currentlyReqAttr.contains(entityAttrListEl.getName())) {
-							el.getRequestAttributes().add(entityAttrListEl);
-							
-						} else
-							Logger.debug("'AttributeConsumingService' already contains attr: " + entityAttrListEl.getName());
-						
-					}
-					
-				}
-				
-			}
-			
-		} else
-			Logger.info("Can ONLY add 'EntityAttributes' to 'SPSSODescriptor'");
-		
-	}
-
-	private List<RequestedAttribute> buildAttributeList(List<Trible<String, String, Boolean>> attrSet) {
-		List<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>();
-		for (Trible<String, String, Boolean> el : attrSet)
-			requestedAttributes.add(PVPAttributeBuilder.buildReqAttribute(el.getFirst(), el.getSecond(), el.getThird()));	
-					
-		return requestedAttributes;
-		
-		
-	}
-	 	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
deleted file mode 100644
index 4c1da747b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
-
-import java.security.cert.CertificateException;
-
-import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
-
-/**
- * @author tlenz
- *
- */
-public class PVPMetadataFilterChain extends MetadataFilterChain {
-
-		
-	/**
-	 * @throws CertificateException 
-	 * 
-	 */
-	public PVPMetadataFilterChain(String url, byte[] certificate) throws CertificateException {
-		addDefaultFilters(url, certificate);
-	}
-	
-	public void addDefaultFilters(String url, byte[] certificate) throws CertificateException {
-		addFilter(new MetadataSignatureFilter(url, certificate));
-		
-	}
-
-
-
-
-
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
deleted file mode 100644
index 83a2b61d2..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
-
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.Validator;
-
-import org.opensaml.common.xml.SAMLSchemaBuilder;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.xml.XMLObject;
-import org.xml.sax.SAXException;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class SchemaValidationFilter implements MetadataFilter {
-
-	private boolean isActive = true;
-	
-	public SchemaValidationFilter() {
-		try {
-			isActive = AuthConfigurationProviderFactory.getInstance().isPVPSchemaValidationActive();
-			
-		} catch (ConfigurationException e) {
-			e.printStackTrace();
-		}
-	}
-	
-	/**
-	 * 
-	 */
-	public SchemaValidationFilter(boolean useSchemaValidation) {
-		this.isActive = useSchemaValidation;
-	}
-	
-	
-	/* (non-Javadoc)
-	 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
-	 */
-	@Override
-	public void doFilter(XMLObject arg0) throws SchemaValidationException {
-		
-		String errString = null;
-		
-		if (isActive) {
-			try {
-				Schema test = SAMLSchemaBuilder.getSAML11Schema();
-				Validator val = test.newValidator();
-				DOMSource source = new DOMSource(arg0.getDOM());		
-				val.validate(source);
-				Logger.info("Metadata Schema validation check done OK");
-				return;
-			
-			} catch (SAXException e) {
-				if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
-					Logger.warn("Metadata Schema validation FAILED with exception:", e);
-				else
-					Logger.warn("Metadata Schema validation FAILED with message: "+ e.getMessage());
-
-				errString = e.getMessage();
-				
-			} catch (Exception e) {
-				if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
-					Logger.warn("Metadata Schema validation FAILED with exception:", e);
-				else
-					Logger.warn("Metadata Schema validation FAILED with message: "+ e.getMessage());
-				
-				errString = e.getMessage();
-				
-			}
-			
-			throw new SchemaValidationException("Metadata Schema validation FAILED with message: "+ errString);
-			
-		} else		
-			Logger.info("Metadata Schema validation check is DEACTIVATED!");
-		
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java
deleted file mode 100644
index e7412a0fc..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.saml2;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.opensaml.saml2.metadata.provider.FilterException;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.xml.XMLObject;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class MetadataFilterChain implements MetadataFilter {
-
-	private List<MetadataFilter> filters = new ArrayList<MetadataFilter>();
-		
-	/**
-	 * Return all actually used Metadata filters
-	 * 
-	 * @return List of Metadata filters
-	 */
-	public List<MetadataFilter> getFilters() {
-		return filters;
-	}
-	
-	/**
-	 * Add a new Metadata filter to filterchain
-	 * 
-	 * @param filter 
-	 */
-	public void addFilter(MetadataFilter filter) {
-		filters.add(filter);
-	}
-	
-	
-	/* (non-Javadoc)
-	 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
-	 */
-	@Override
-	public void doFilter(XMLObject arg0) throws FilterException {
-		for (MetadataFilter filter : filters) {
-			Logger.trace("Use MOAMetadataFilter " + filter.getClass().getName());
-			filter.doFilter(arg0);
-		}
-
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
index c5f02e7de..f303adfe5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
@@ -44,6 +44,8 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -60,8 +62,6 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.commons.utils.JsonMapper;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.data.EncryptedData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.util.SessionEncrytionUtil;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
index ff9c4e358..5f2ec046a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
@@ -28,6 +28,8 @@ import java.util.List;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -38,8 +40,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionSto
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 
 /**
  * @author tlenz
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
index 3e3d9dafc..10e22c806 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
@@ -25,6 +25,9 @@ package at.gv.egovernment.moa.id.util;
 import java.io.IOException;
 import java.util.Properties;
 
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
 import at.gv.egovernment.moa.id.data.AuthenticationRole;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -33,7 +36,8 @@ import at.gv.egovernment.moa.util.MiscUtil;
  * @author tlenz
  *
  */
-public class LoALevelMapper {
+@Service("MOAIDLoALevelMapper")
+public class LoALevelMapper implements ILoALevelMapper{
 
 	private static final String PVP_SECCLASS_PREFIX = "http://www.ref.gv.at/ns/names/agiz/pvp/";
 	private static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/";
@@ -46,18 +50,8 @@ public class LoALevelMapper {
 	private static final String MAPPING_EIDAS_PREFIX = "eidas_";
 	
 	private Properties mapping = null;
-	
-	private static LoALevelMapper instance = null;
-	
-	public static LoALevelMapper getInstance() {
-		if (instance == null) {
-			instance = new LoALevelMapper();			
-		}
-		
-		return instance;
-	}
-	
-	private LoALevelMapper() {
+			
+	public LoALevelMapper() {
 		try {
 			mapping = new Properties();
 			mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE));
@@ -72,6 +66,43 @@ public class LoALevelMapper {
 		
 	}
 
+	public String mapToeIDASLoA(String qaa) {
+		if (qaa.startsWith(STORK_QAA_PREFIX))
+			return mapSTORKQAAToeIDASQAA(qaa);
+		
+		else if (qaa.startsWith(PVP_SECCLASS_PREFIX))
+			return mapSTORKQAAToeIDASQAA(mapSecClassToQAALevel(qaa));
+					
+		else if (qaa.startsWith(MAPPING_EIDAS_PREFIX))
+			return qaa;
+		
+		else {
+			Logger.info("QAA: " + qaa + " is NOT supported by LoA level mapper");
+			return null;
+			
+		}
+		
+	}
+	
+	public String mapToSecClass(String qaa) {
+		if (qaa.startsWith(STORK_QAA_PREFIX))
+			return mapStorkQAAToSecClass(qaa);
+		
+		else if (qaa.startsWith(MAPPING_EIDAS_PREFIX))
+			return mapStorkQAAToSecClass(mapeIDASQAAToSTORKQAA(qaa));
+					
+		else if (qaa.startsWith(PVP_SECCLASS_PREFIX))
+			return qaa;
+		
+		else {
+			Logger.info("QAA: " + qaa + " is NOT supported by LoA level mapper");
+			return null;
+			
+		}
+		
+	}
+	
+	
 	/**
 	 * Map STORK QAA level to eIDAS QAA level
 	 * 
@@ -118,7 +149,7 @@ public class LoALevelMapper {
 	 * @param STORK-QAA level
 	 * @return PVP SecClass pvpQAALevel
 	 */	
-	public String mapToSecClass(String storkQAALevel) {
+	public String mapStorkQAAToSecClass(String storkQAALevel) {
 		if (mapping != null) {
 			String input = storkQAALevel.substring(STORK_QAA_PREFIX.length());			
 			String mappedQAA = mapping.getProperty(MAPPING_SECCLASS_PREFIX + input);
@@ -137,7 +168,7 @@ public class LoALevelMapper {
 	 * @param PVP SecClass pvpQAALevel
 	 * @return STORK-QAA level
 	 */	
-	public String mapToQAALevel(String pvpQAALevel) {
+	public String mapSecClassToQAALevel(String pvpQAALevel) {
 		if (mapping != null) {
 			String input = pvpQAALevel.substring(PVP_SECCLASS_PREFIX.length());			
 			String mappedQAA = mapping.getProperty(input);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
deleted file mode 100644
index ca71ad946..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.util;
-
-import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotAllowedException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class QAALevelVerifier {
-
-	public static void verifyQAALevel(String qaaAuth, String qaaRequest) throws QAANotAllowedException {
-		
-		if (EAAFConstants.EIDAS_QAA_LOW.equals(qaaRequest) && 
-					(EAAFConstants.EIDAS_QAA_LOW.equals(qaaAuth) || 
-							EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaAuth) ||
-									EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth))
-				) 
-			Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
-		
-		else if (EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaRequest) && 
-					(EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaAuth) ||
-								EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth))
-				) 
-			Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
-		
-		else if (EAAFConstants.EIDAS_QAA_HIGH.equals(qaaRequest) && EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth)) 
-			Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
-		
-		else 
-			throw new QAANotAllowedException(qaaAuth, qaaRequest);
-		
-	}
-}
diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
index d8565112b..5ccacf350 100644
--- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
+++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
@@ -22,6 +22,30 @@
 	<context:component-scan base-package="at.gv.egovernment.moa.id.auth.servlet" />
 	<context:component-scan base-package="at.gv.egovernment.moa.id.protocols" />
  
+ 	<bean id="PVPIDPCredentialProvider"
+ 				class="at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider" />
+ 
+ 	<bean id="PVP2XProtocol"
+ 				class="at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol">
+		<property name="pvpIDPCredentials">
+			<ref bean="PVPIDPCredentialProvider" />
+		</property>
+ 	</bean>
+ 
+  	<bean id="pvpMetadataService"
+ 				class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.MetadataAction">
+		<property name="pvpIDPCredentials">
+			<ref bean="PVPIDPCredentialProvider" />
+		</property>
+ 	</bean>
+ 
+   	<bean id="PVPAuthenticationRequestAction"
+ 				class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AuthenticationAction">
+		<property name="pvpIDPCredentials">
+			<ref bean="PVPIDPCredentialProvider" />
+		</property>
+ 	</bean>
+ 
 	<bean id="MOAID_AuthenticationManager" 
 				class="at.gv.egovernment.moa.id.moduls.AuthenticationManager"/>
 
@@ -50,6 +74,12 @@
 	<bean id="MOAGarbageCollector" 
 				class="at.gv.egovernment.moa.id.auth.MOAGarbageCollector"/>
 
+	<bean id="MOAIDLoALevelMapper" 
+				class="at.gv.egovernment.moa.id.util.LoALevelMapper"/>
+
+	<bean id="MOASAML2SubjectNameIDGenerator"
+				class="at.gv.egovernment.moa.id.auth.builder.MOAIDSubjectNameIdGenerator" />
+				
 <!-- 	<bean id="taskExecutor" class="org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor">
     <property name="corePoolSize" value="5" />
     <property name="maxPoolSize" value="10" />
@@ -64,11 +94,7 @@
 	<bean id="EvaluateBKUSelectionTask" 
 				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.EvaluateBKUSelectionTask"
 				scope="prototype"/>
-				
-	<bean id="RestartAuthProzessManagement" 
-				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.RestartAuthProzessManagement"
-				scope="prototype"/>				
-			
+										
 	<bean id="GenerateSSOConsentEvaluatorFrameTask" 
 				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GenerateSSOConsentEvaluatorFrameTask"
 				scope="prototype"/>
diff --git a/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java b/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
index b3a9d367f..b0494534a 100644
--- a/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
+++ b/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
@@ -54,9 +54,9 @@ import javax.xml.transform.TransformerException;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.impl.utils.StreamUtils;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.StreamUtils;
 import at.gv.egovernment.moa.util.XPathUtils;
 import iaik.ixsil.algorithms.Transform;
 import iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXML;
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java
index 1cd54d61b..299bbee23 100644
--- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java
@@ -50,8 +50,8 @@ import java.security.KeyStore;
 import java.util.Enumeration;
 
 import test.at.gv.egovernment.moa.id.UnitTestCase;
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import at.gv.egovernment.moa.id.util.SSLUtils;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
 
 /**
  * @author Paul Ivancsics
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
index 3f6227402..663f712ef 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
@@ -194,5 +194,9 @@ public class MOAIDAuthConstants extends MOAIDConstants{
   @Deprecated
   public static final String AUTHPROCESS_DATA_TARGETFRIENDLYNAME = "authProces_TargetFriendlyName";
   
+  public static final String DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP = "useMinimalFrontChannelResponse";
+  public static final String DATAID_INTERFEDERATION_NAMEID = "federatedNameID";
+  public static final String DATAID_INTERFEDERATION_QAALEVEL = "federatedQAALevel";		
+  public static final String DATAID_INTERFEDERATION_REQUESTID = "authnReqID";
 
 }
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java
index cb81fe79e..5fec08053 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java
@@ -34,8 +34,8 @@ import java.security.UnrecoverableKeyException;
 
 import org.apache.commons.lang3.SerializationUtils;
 
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
 
 
 /**
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
index abf2d211c..e6efca4ea 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -58,8 +58,8 @@ import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManager;
 
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
 import at.gv.egovernment.moaspss.logging.LoggingContext;
 import at.gv.egovernment.moaspss.logging.LoggingContextManager;
 import iaik.pki.DefaultPKIConfiguration;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
deleted file mode 100644
index 8d6aea164..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
+++ /dev/null
@@ -1,146 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.io.BufferedInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.net.URL;
-
-/**
- * Utility for accessing files on the file system, and for reading from input streams.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class FileUtils {
-  
-  /**
-   * Reads a file, given by URL, into a byte array.
-   * @param urlString file URL
-   * @return file content
-   * @throws IOException on any exception thrown
-   */
-  public static byte[] readURL(String urlString) throws IOException {	  
-    URL url = new URL(urlString);
-    InputStream in = new BufferedInputStream(url.openStream());
-    byte[] content = StreamUtils.readStream(in);
-    in.close();
-    return content;
-  }
-
-  /**
-   * Reads a file from a resource.
-   * @param name resource name
-   * @return file content as a byte array
-   * @throws IOException on any exception thrown
-   */
-  public static byte[] readResource(String name) throws IOException {
-    ClassLoader cl = FileUtils.class.getClassLoader();
-    BufferedInputStream in = new BufferedInputStream(cl.getResourceAsStream(name));
-    byte[] content = StreamUtils.readStream(in);
-    in.close();
-    return content;
-  }
-  /**
-   * Reads a file from a resource.
-   * @param name filename
-   * @param encoding character encoding
-   * @return file content
-   * @throws IOException on any exception thrown
-   */
-  public static String readResource(String name, String encoding) throws IOException {
-    byte[] content = readResource(name);
-    return new String(content, encoding);
-  }
-  
-	/**
-	 * Returns the absolute URL of a given url which is relative to the parameter root
-	 * @param url
-	 * @param root
-	 * @return String
-	 */
-	public static String makeAbsoluteURL(String url, String root) {
-		//if url is relative to rootConfigFileDirName make it absolute 					
-		
-    File keyFile;
-    String newURL = url;
-
-		if(null == url) return  null;
-    
-    if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("file:/") || url.startsWith("ftp:/")) {
-    	return url;
-    } else {
-      // check if absolute - if not make it absolute
-      keyFile = new File(url);
-      if (!keyFile.isAbsolute()) {
-        keyFile = new File(root, url);
-
-        if (keyFile.toString().startsWith("file:"))
-        	newURL = keyFile.toString();
-        
-        else
-        	newURL = keyFile.toURI().toString();
-        
-      }
-      return newURL;
-    }
-	}  
-	
-	
-	 private static void copy( InputStream fis, OutputStream fos )
-	  {
-	    try
-	    {
-	      byte[] buffer = new byte[ 0xFFFF ];
-	      for ( int len; (len = fis.read(buffer)) != -1; )
-	        fos.write( buffer, 0, len );
-	    }
-	    catch( IOException e ) {
-	      System.err.println( e );
-	    }
-	    finally {
-	      if ( fis != null )
-	        try { fis.close(); } catch ( IOException e ) { e.printStackTrace(); }
-	      if ( fos != null )
-	        try { fos.close(); } catch ( IOException e ) { e.printStackTrace(); }
-	    }
-	  }
-	 
-	 public static void copyFile(File src, File dest)
-	  {
-	    try
-	    {
-	      copy( new FileInputStream( src ), new FileOutputStream( dest ) );
-	    }
-	    catch( IOException e ) {
-	      e.printStackTrace();
-	    }
-	  }
-  
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java
deleted file mode 100644
index 38dcafcc0..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import iaik.x509.X509Certificate;
-
-import java.io.BufferedInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.cert.Certificate;
-
-/**
- * Utility for creating and loading key stores.
- * 
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class KeyStoreUtils {
-	
-	/**
-	 * JAVA KeyStore
-	 */
-	private static final String KEYSTORE_TYPE_JKS = "JKS";
-	
-	/**
-	 * PKCS12 KeyStore
-	 */
-	private static final String KEYSTORE_TYPE_PKCS12 = "PKCS12";
-	
-	
-
-  /**
-   * Loads a key store from file.
-   * 
-   * @param keystoreType key store type
-   * @param urlString URL of key store
-   * @param password password protecting the key store
-   * @return key store loaded
-   * @throws IOException thrown while reading the key store from file
-   * @throws GeneralSecurityException thrown while creating the key store
-   */
-  public static KeyStore loadKeyStore(
-    String keystoreType,
-    String urlString,
-    String password)
-    throws IOException, GeneralSecurityException {
-
-    URL keystoreURL = new URL(urlString);
-    InputStream in = keystoreURL.openStream();
-    return loadKeyStore(keystoreType, in, password);
-  }
-  /**
-   * Loads a key store from an <code>InputStream</code>, and
-   * closes the <code>InputStream</code>.
-   * 
-   * @param keystoreType key store type
-   * @param in input stream
-   * @param password password protecting the key store
-   * @return key store loaded
-   * @throws IOException thrown while reading the key store from the stream
-   * @throws GeneralSecurityException thrown while creating the key store
-   */
-  public static KeyStore loadKeyStore(
-    String keystoreType,
-    InputStream in,
-    String password)
-    throws IOException, GeneralSecurityException {
-
-    char[] chPassword = null;
-    if (password != null)
-      chPassword = password.toCharArray();
-    KeyStore ks = KeyStore.getInstance(keystoreType);
-    ks.load(in, chPassword);
-    in.close();
-    return ks;
-  }
-  /**
-   * Creates a key store from X509 certificate files, aliasing them with
-   * the index in the <code>String[]</code>, starting with <code>"0"</code>.
-   * 
-   * @param keyStoreType key store type
-   * @param certFilenames certificate filenames
-   * @return key store created
-   * @throws IOException thrown while reading the certificates from file
-   * @throws GeneralSecurityException thrown while creating the key store
-   */
-  public static KeyStore createKeyStore(
-    String keyStoreType,
-    String[] certFilenames)
-    throws IOException, GeneralSecurityException {
-
-    KeyStore ks = KeyStore.getInstance(keyStoreType);
-    ks.load(null, null);
-    for (int i = 0; i < certFilenames.length; i++) {
-      Certificate cert = loadCertificate(certFilenames[i]);
-      ks.setCertificateEntry("" + i, cert);
-    }
-    return ks;
-  }
-//  /**
-//   * Creates a key store from a directory containg X509 certificate files, 
-//   * aliasing them with the index in the <code>String[]</code>, starting with <code>"0"</code>.
-//   * All the files in the directory are considered to be certificates.
-//   * 
-//   * @param keyStoreType key store type
-//   * @param certDirURLString file URL of directory containing certificate filenames
-//   * @return key store created
-//   * @throws IOException thrown while reading the certificates from file
-//   * @throws GeneralSecurityException thrown while creating the key store
-//   */
-//  public static KeyStore createKeyStoreFromCertificateDirectory(
-//    String keyStoreType,
-//    String certDirURLString)
-//    throws IOException, GeneralSecurityException {
-//
-//    URL certDirURL = new URL(certDirURLString);
-//    String certDirname = certDirURL.getFile();
-//    File certDir = new File(certDirname);
-//    String[] certFilenames = certDir.list();
-//    String separator =
-//      (certDirname.endsWith(File.separator) ? "" : File.separator);
-//    for (int i = 0; i < certFilenames.length; i++) {
-//      certFilenames[i] = certDirname + separator + certFilenames[i];
-//    }
-//    return createKeyStore(keyStoreType, certFilenames);
-//  }
-
-  /**
-   * Loads an X509 certificate from file.
-   * @param certFilename filename
-   * @return the certificate loaded
-   * @throws IOException thrown while reading the certificate from file
-   * @throws GeneralSecurityException thrown while creating the certificate
-   */
-  private static Certificate loadCertificate(String certFilename)
-    throws IOException, GeneralSecurityException {
-
-    FileInputStream in = new FileInputStream(certFilename);
-    Certificate cert = new X509Certificate(in);
-    in.close();
-    return cert;
-  }
-  
- 
-	/**
-	 * Loads a keyStore without knowing the keyStore type
-	 * @param keyStorePath URL to the keyStore
-	 * @param password Password protecting the keyStore
-	 * @return keyStore loaded
-	 * @throws KeyStoreException thrown if keyStore cannot be loaded
-	 * @throws FileNotFoundException 
-	 * @throws IOException 
-	 */
-  public static KeyStore loadKeyStore(String keyStorePath, String password) throws KeyStoreException, IOException{
-		
-		//InputStream is = new FileInputStream(keyStorePath);
-	  	URL keystoreURL = new URL(keyStorePath);
-	    InputStream in = keystoreURL.openStream();
-		InputStream isBuffered = new BufferedInputStream(in);				
-		return loadKeyStore(isBuffered, password);
-		
-	}
-	
-	/**
-	 * Loads a keyStore without knowing the keyStore type
-	 * @param in input stream
-	 * @param password Password protecting the keyStore
-	 * @return keyStore loaded
-	 * @throws KeyStoreException thrown if keyStore cannot be loaded
-	 * @throws FileNotFoundException 
-	 * @throws IOException 
-	 */
-public static KeyStore loadKeyStore(InputStream is, String password) throws KeyStoreException, IOException{		
-		is.mark(1024*1024);
-		KeyStore ks = null;
-		try {
-			try {				
-				ks = loadKeyStore(KEYSTORE_TYPE_PKCS12, is, password);
-			} catch (IOException e2) {
-				is.reset();				
-				ks = loadKeyStore(KEYSTORE_TYPE_JKS, is, password);
-			}
-		} catch(Exception e) {			
-			e.printStackTrace();
-			//throw new KeyStoreException(e);
-		}
-		return ks;	
-						
-	}
-  
-	
-
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java
deleted file mode 100644
index e4ccd127f..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java
+++ /dev/null
@@ -1,197 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.PrintStream;
-
-/**
- * Utility methods for streams.
- * 
- * @author Patrick Peck
- * @version $Id$
- */
-public class StreamUtils {
-  
-  /**
-   * Compare the contents of two <code>InputStream</code>s.
-   * 
-   * @param is1 The 1st <code>InputStream</code> to compare.
-   * @param is2 The 2nd <code>InputStream</code> to compare.
-   * @return boolean <code>true</code>, if both streams contain the exactly the
-   * same content, <code>false</code> otherwise.
-   * @throws IOException An error occurred reading one of the streams.
-   */
-  public static boolean compareStreams(InputStream is1, InputStream is2) 
-    throws IOException {
-      
-    byte[] buf1 = new byte[256];
-    byte[] buf2 = new byte[256];
-    int length1;
-    int length2;
-  
-    try {
-      while (true) {
-        length1 = is1.read(buf1);
-        length2 = is2.read(buf2);
-        
-        if (length1 != length2) {
-          return false;
-        }
-        if (length1 <= 0) {
-          return true;
-        }
-        if (!compareBytes(buf1, buf2, length1)) {
-          return false;
-        }
-      }
-    } catch (IOException e) {
-      throw e;
-    } finally {
-      // close both streams
-      try {
-        is1.close();
-        is2.close();
-      } catch (IOException e) {
-        // ignore this
-      }
-    }
-  }
-  
-  /**
-   * Compare two byte arrays, up to a given maximum length.
-   * 
-   * @param b1 1st byte array to compare.
-   * @param b2 2nd byte array to compare.
-   * @param length The maximum number of bytes to compare.
-   * @return <code>true</code>, if the byte arrays are equal, <code>false</code>
-   * otherwise.
-   */
-  private static boolean compareBytes(byte[] b1, byte[] b2, int length) {
-    if (b1.length != b2.length) {
-      return false;
-    }
-  
-    for (int i = 0; i < b1.length && i < length; i++) {
-      if (b1[i] != b2[i]) {
-        return false;
-      }
-    }
-  
-    return true;
-  }
-
-  /**
-   * Reads a byte array from a stream.
-   * @param in The <code>InputStream</code> to read.
-   * @return The bytes contained in the given <code>InputStream</code>.
-   * @throws IOException on any exception thrown
-   */
-  public static byte[] readStream(InputStream in) throws IOException {
-
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    copyStream(in, out, null);
-		  
-		/*  
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    int b;
-    while ((b = in.read()) >= 0)
-      out.write(b);
-    
-    */
-    in.close();
-    return out.toByteArray();
-  }
-
-  /**
-   * Reads a <code>String</code> from a stream, using given encoding.
-   * @param in The <code>InputStream</code> to read.
-   * @param encoding The character encoding to use for converting the bytes
-   * of the <code>InputStream</code> into a <code>String</code>.
-   * @return The content of the given <code>InputStream</code> converted into
-   * a <code>String</code>.
-   * @throws IOException on any exception thrown
-   */
-  public static String readStream(InputStream in, String encoding) throws IOException {
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    copyStream(in, out, null);
-
-    /*
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    int b;
-    while ((b = in.read()) >= 0)
-      out.write(b);
-      */
-    in.close();
-    return out.toString(encoding);
-  }
-  
-  /**
-   * Reads all data (until EOF is reached) from the given source to the 
-   * destination stream. If the destination stream is null, all data is dropped.
-   * It uses the given buffer to read data and forward it. If the buffer is 
-   * null, this method allocates a buffer.
-   *
-   * @param source The stream providing the data.
-   * @param destination The stream that takes the data. If this is null, all
-   *                    data from source will be read and discarded.
-   * @param buffer The buffer to use for forwarding. If it is null, the method
-   *               allocates a buffer.
-   * @exception IOException If reading from the source or writing to the 
-   *                        destination fails.
-   */
-  private static void copyStream(InputStream source, OutputStream destination, byte[] buffer) throws IOException {
-    if (source == null) {
-      throw new NullPointerException("Argument \"source\" must not be null.");
-    }
-    if (buffer == null) {
-      buffer = new byte[8192];
-    }
-    
-    if (destination != null) {
-      int bytesRead;
-      while ((bytesRead = source.read(buffer)) >= 0) {
-        destination.write(buffer, 0, bytesRead);
-      }
-    } else {
-      while (source.read(buffer) >= 0);
-    }    
-  }
-  
-  /**
-   * Gets the stack trace of the <code>Throwable</code> passed in as a string.
-   * @param t The <code>Throwable</code>.
-   * @return a String representing the stack trace of the <code>Throwable</code>.
-   */
-  public static String getStackTraceAsString(Throwable t)
-  {
-    ByteArrayOutputStream stackTraceBIS = new ByteArrayOutputStream();
-    t.printStackTrace(new PrintStream(stackTraceBIS));
-    return new String(stackTraceBIS.toByteArray());
-  }
-}
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/FileUtils.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/FileUtils.java
index 8941ab4cf..c52f52fa8 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/FileUtils.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/FileUtils.java
@@ -26,13 +26,13 @@ import java.io.BufferedInputStream;
 import java.io.FileInputStream;
 import java.io.IOException;
 
-import at.gv.egovernment.moa.util.StreamUtils;
+import at.gv.egiz.eaaf.core.impl.utils.StreamUtils;
 
 /**
  * @author tlenz
  *
  */
-public class FileUtils extends at.gv.egovernment.moa.util.FileUtils {
+public class FileUtils extends at.gv.egiz.eaaf.core.impl.utils.FileUtils {
 
   /**
   * Reads a file, given by URL, into a String.
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
index be5581139..6d341b88b 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
@@ -34,8 +34,7 @@ import java.security.Security;
 import java.security.cert.X509Certificate;
 import java.util.Enumeration;
 
-import at.gv.egovernment.moa.util.KeyStoreUtils;
-
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import junit.framework.TestCase;
 
 /**
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java
index 98f7fccf5..f32b90eb0 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java
@@ -1,8 +1,14 @@
 package at.gv.egovernment.moa.id.auth.frontend;
 
+import java.net.MalformedURLException;
+import java.net.URI;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
 import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfigurationFactory;
 import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 
 public class MOAIDGuiBilderConfigurationFactory implements IGUIBuilderConfigurationFactory {
 
@@ -13,5 +19,15 @@ public class MOAIDGuiBilderConfigurationFactory implements IGUIBuilderConfigurat
 
 	}
 
-	
+	@Override
+	public IGUIBuilderConfiguration getSPSpecificSAML2PostConfiguration(IRequest pendingReq, String viewName, URI configRootDir) 
+			throws MalformedURLException {
+		return new SPSpecificGUIBuilderConfigurationWithFileSystemLoad(
+				pendingReq, 
+				viewName, 
+				MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, 
+				null, 
+				configRootDir.toURL().toString());
+		
+	}	
 }
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
index 2ce4488a8..1bacc93c7 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
@@ -44,7 +44,7 @@ import org.springframework.stereotype.Service;
 import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
 import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
 import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
index 6092c8d5d..3e2bdda10 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
@@ -32,8 +32,8 @@ import java.net.URISyntaxException;
 import java.net.URL;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java
deleted file mode 100644
index 3d5c5ed2f..000000000
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java
+++ /dev/null
@@ -1,99 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.auth.frontend.velocity;
-
-import org.apache.velocity.app.Velocity;
-import org.apache.velocity.runtime.RuntimeServices;
-import org.apache.velocity.runtime.log.LogChute;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-public class VelocityLogAdapter implements LogChute {
-
-	public VelocityLogAdapter() {
-		try
-	    {
-	      /*
-	       *  register this class as a logger with the Velocity singleton
-	       *  (NOTE: this would not work for the non-singleton method.)
-	       */
-	      Velocity.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, this );
-	      Velocity.init();
-	    }
-	    catch (Exception e)
-	    {
-	      Logger.error("Failed to register Velocity logger");
-	    }
-	}
-	
-	public void init(RuntimeServices arg0) throws Exception {
-	}
-
-	public boolean isLevelEnabled(int arg0) {
-		switch(arg0) {
-		case LogChute.DEBUG_ID:
-			return Logger.isDebugEnabled();
-		case LogChute.TRACE_ID:
-			return Logger.isTraceEnabled();
-		default:
-			return true;
-		}
-	}
-
-	public void log(int arg0, String arg1) {
-		switch(arg0) {
-		case LogChute.DEBUG_ID:
-			Logger.debug(arg1);
-			break;
-		case LogChute.TRACE_ID:
-			Logger.trace(arg1);
-			break;
-		case LogChute.INFO_ID:
-			Logger.info(arg1);
-			break;
-		case LogChute.WARN_ID:
-			Logger.warn(arg1);
-			break;
-		case LogChute.ERROR_ID:
-		default:
-			Logger.error(arg1);
-			break;
-		}
-	}
-
-	public void log(int arg0, String arg1, Throwable arg2) {
-		switch(arg0) {
-		case LogChute.DEBUG_ID:
-		case LogChute.TRACE_ID:
-		case LogChute.INFO_ID:
-		case LogChute.WARN_ID:
-			Logger.warn(arg1, arg2);
-			break;
-		case LogChute.ERROR_ID:
-		default:
-			Logger.error(arg1, arg2);
-			break;
-		}
-	}
-	
-}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java
deleted file mode 100644
index 015d8e321..000000000
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java
+++ /dev/null
@@ -1,121 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-/**
- * 
- */
-package at.gv.egovernment.moa.id.auth.frontend.velocity;
-
-import org.apache.velocity.app.Velocity;
-import org.apache.velocity.app.VelocityEngine;
-import org.apache.velocity.runtime.RuntimeConstants;
-
-/**
- * Gets a Velocity Engine
- * 
- * @author bzwattendorfer
- *
- */
-public class VelocityProvider {
-
-	private static VelocityEngine velocityEngine = null;
-	
-	/**
-	 * Gets velocityEngine from Classpath
-	 * @return VelocityEngine
-	 * @throws Exception
-	 */
-	public static VelocityEngine getClassPathVelocityEngine() throws Exception {
-		if (velocityEngine == null) {
-			velocityEngine = getBaseVelocityEngine();
-			velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
-			velocityEngine.setProperty("classpath.resource.loader.class",
-					"org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");                
-			velocityEngine.init();
-			
-		}
-		
-		return velocityEngine;
-	}
-	
-	/**
-	 * Gets VelocityEngine from File
-	 * @param rootPath File Path to template file
-	 * @return VelocityEngine
-	 * @throws Exception
-	 */
-	public static VelocityEngine getFileVelocityEngine(String rootPath) throws Exception {
-		if (velocityEngine == null) {
-			velocityEngine = getBaseVelocityEngine();
-			velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "file");
-			velocityEngine.setProperty("file.resource.loader.class",
-					"org.apache.velocity.runtime.resource.loader.FileResourceLoader");
-			velocityEngine.setProperty("file.resource.loader.path", rootPath);
-        
-			velocityEngine.init();
-			
-		}
-		
-		return velocityEngine;
-	}
-	
-	/**
-	 * Gets a basic VelocityEngine
-	 * @return VelocityEngine
-	 */
-	private static VelocityEngine getBaseVelocityEngine() {
-		VelocityEngine velocityEngine = new VelocityEngine();
-        velocityEngine.setProperty(RuntimeConstants.INPUT_ENCODING, "UTF-8");
-        velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
-//        velocityEngine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
-//				"org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
-        velocityEngine.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, new VelocityLogAdapter() );
-        
-        return velocityEngine;
-	}
-	
-}
diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java
index f99013082..59779060f 100644
--- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java
+++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java
@@ -37,6 +37,7 @@ import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
 import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.IDestroyableObject;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
index d32ce972a..1eb354778 100644
--- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
+++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
@@ -23,6 +23,7 @@ import org.springframework.web.context.support.ServletContextResource;
 import org.springframework.web.servlet.DispatcherServlet;
 
 import at.gv.egiz.components.spring.api.SpringLoader;
+import at.gv.egiz.eaaf.core.api.IPostStartupInitializable;
 import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 2b2a8cab6..ef3e71874 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -26,7 +26,9 @@ import org.w3c.dom.NodeList;
 import org.xml.sax.SAXException;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
@@ -65,14 +67,12 @@ import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.logging.SpecificTraceLogger;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.DateTimeUtils;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 import at.gv.egovernment.moaspss.logging.LogMsg;
@@ -1033,7 +1033,8 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 		session.setForeigner(false);
 
 		//set QAA Level four in case of card authentifcation
-		session.setQAALevel(PVPConstants.STORK_QAA_1_4);
+		session.setQAALevel(PVPConstants.EIDAS_QAA_HIGH);
+		
 		
 		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED);
 		
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
index a904242e1..8e80fbbbb 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
@@ -49,9 +49,9 @@ package at.gv.egovernment.moa.id.auth.builder;
 import java.io.IOException;
 import java.text.MessageFormat;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.FileUtils;
 
 /**
  * Builder for the <code>&lt;VerifyXMLSignatureRequest&gt;</code> structure
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
index ec1de6155..37f24ea72 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
@@ -138,7 +138,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
 				moasession.setIdentityLink(identitylink);
 
 				// set QAA Level four in case of card authentifcation
-				moasession.setQAALevel(PVPConstants.STORK_QAA_1_4);
+				moasession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH);
 
 				authServer.getForeignAuthenticationData(moasession);
 				
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
index b170d9e89..ab53671f2 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
@@ -34,6 +34,7 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -44,7 +45,6 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 44c3992d0..96be0279a 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -57,6 +57,7 @@ import org.jaxen.SimpleNamespaceContext;
 import org.w3c.dom.Element;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
@@ -71,7 +72,6 @@ import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.logging.SpecificTraceLogger;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
index 7bb07df74..b3327a3d5 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
@@ -63,13 +63,13 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.BoolUtils;
 import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
index 9ce987956..90810a7f4 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
@@ -38,6 +38,7 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
@@ -47,7 +48,6 @@ import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 
 /**
  * @author tlenz
@@ -94,7 +94,7 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
 		moaSession.setForeigner(false);
 		
 		moaSession.setBkuURL("http://egiz.gv.at/BKA_MobileAuthTest");			
-		moaSession.setQAALevel(PVPConstants.STORK_QAA_1_4);
+		moaSession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH);
 			
 		try {
 			String idlurl = FileUtils.makeAbsoluteURL(moaAuthConfig.getMonitoringTestIdentityLinkURL(), moaAuthConfig.getRootConfigFileDir());				
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 74cf665ca..bad1f4e41 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -31,7 +31,7 @@ import org.apache.xml.security.signature.XMLSignature;
 import org.opensaml.xml.encryption.EncryptionConstants;
 import org.opensaml.xml.signature.SignatureConstants;
 
-import at.gv.egovernment.moa.id.data.Trible;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
 
 /**
  * @author tlenz
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
index d743b57e3..5e4745f7c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
@@ -35,12 +35,12 @@ import java.util.List;
 import java.util.Map;
 import java.util.Properties;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.samlengineconfig.BinaryParameter;
 import eu.eidas.samlengineconfig.EngineInstance;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
index 384d6be0b..f7a6ff495 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
@@ -34,10 +34,10 @@ import java.util.List;
 import java.util.Map.Entry;
 import java.util.Properties;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import eu.eidas.samlengineconfig.ConfigurationParameter;
 import eu.eidas.samlengineconfig.InstanceConfiguration;
 import eu.eidas.samlengineconfig.StringParameter;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index 94cd04ca7..aca818532 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -1,5 +1,6 @@
 package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
 
+import java.net.MalformedURLException;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.HashMap;
@@ -11,6 +12,9 @@ import java.util.Timer;
 
 import javax.xml.namespace.QName;
 
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
 import org.opensaml.saml2.metadata.EntitiesDescriptor;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.RoleDescriptor;
@@ -22,45 +26,39 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
 import org.opensaml.xml.XMLObject;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.IDestroyableObject;
-import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
-import at.gv.egovernment.moa.id.auth.IPostStartupInitializable;
+import at.gv.egiz.eaaf.core.api.IDestroyableObject;
+import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
+import at.gv.egiz.eaaf.core.api.IPostStartupInitializable;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
-import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.engine.AbstractProtocolEngine;
 
 @Service("eIDASMetadataProvider")
-public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider implements ObservableMetadataProvider, 
-	IGarbageCollectorProcessing, IDestroyableObject, IMOARefreshableMetadataProvider, IPostStartupInitializable{
+public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider implements ObservableMetadataProvider, 
+	IGarbageCollectorProcessing, IDestroyableObject, IRefreshableMetadataProvider, IPostStartupInitializable{
 
-	private Timer timer = null;
+	@Autowired(required=true) IConfiguration basicConfig;
+	
+	private Timer timer = null; 
 	
 	private MetadataProvider internalProvider;
 	private Map<String, Date> lastAccess = null;
 	
-	
-//	public static MOAeIDASChainingMetadataProvider getInstance() {
-//		if (instance == null) {
-//			synchronized (mutex) {
-//				if (instance == null) {
-//					instance = new MOAeIDASChainingMetadataProvider();
-//					MOAGarbageCollector.addModulForGarbageCollection(instance);
-//				}
-//			}
-//		}
-//		return instance;
-//	}
-	
-	
 	public MOAeIDASChainingMetadataProvider() {
 		internalProvider = new ChainingMetadataProvider();
 		lastAccess = new HashMap<String, Date>();
@@ -83,18 +81,25 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
 	}
 	
 	protected void initializeEidasMetadataFromFileSystem() throws ConfigurationException {
-		Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX);
-		if (!metadataToLoad.isEmpty()) {
-			Logger.info("Load static configurated eIDAS metadata ... ");			
-			for (String metaatalocation : metadataToLoad.values()) {
-				String absMetadataLocation = FileUtils.makeAbsoluteURL(metaatalocation, authConfig.getRootConfigFileDir());				
-				Logger.info("  Load eIDAS metadata from: " + absMetadataLocation);
-				refreshMetadataProvider(absMetadataLocation);
+		try {
+			Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX);
+			if (!metadataToLoad.isEmpty()) {
+				Logger.info("Load static configurated eIDAS metadata ... ");			
+				for (String metaatalocation : metadataToLoad.values()) {
+					String absMetadataLocation = FileUtils.makeAbsoluteURL(metaatalocation, authConfig.getConfigurationRootDirectory());				
+					Logger.info("  Load eIDAS metadata from: " + absMetadataLocation);
+					refreshMetadataProvider(absMetadataLocation);
 				
+				}
+			
+				Logger.info("Load static configurated eIDAS metadata finished ");
 			}
 			
-			Logger.info("Load static configurated eIDAS metadata finished ");
-		}		
+		} catch (MalformedURLException e) {
+			Logger.warn("MOA-ID configuration error." , e);
+			throw new ConfigurationException("MOA-ID configuration error.", null, e);
+			
+		}
 	}
 	
 	
@@ -238,9 +243,10 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
 		filter.addFilter(new MOASPMetadataSignatureFilter(
 				authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE)));
 		
-		return createNewMoaMetadataProvider(metadataURL, filter, 
+		return createNewSimpleMetadataProvider(metadataURL, filter, 
 					"eIDAS metadata-provider", 
-					timer, AbstractProtocolEngine.getSecuredParserPool());
+					timer, AbstractProtocolEngine.getSecuredParserPool(),
+					createHttpClient(metadataURL));
 			
 	}
 
@@ -421,5 +427,40 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
 			if (observer != null)
 				observer.onEvent(this);
 	}
+	
+	private HttpClient createHttpClient(String metadataURL) {					
+		MOAHttpClient httpClient = new MOAHttpClient();		
+		HttpClientParams httpClientParams = new HttpClientParams();
+		httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+		httpClient.setParams(httpClientParams);
+		
+		if (metadataURL.startsWith("https:")) {
+			try {
+				if (basicConfig instanceof AuthConfiguration) {
+					AuthConfiguration moaAuthConfig = (AuthConfiguration) basicConfig;
+					//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
+					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+							PVPConstants.SSLSOCKETFACTORYNAME, 
+							moaAuthConfig.getTrustedCACertificates(),
+							null,
+							AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
+							moaAuthConfig.isTrustmanagerrevoationchecking(),
+							moaAuthConfig.getRevocationMethodOrder(),
+							moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+									AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
+				
+					httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+					
+				}
+
+			} catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) {
+				Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
+				
+			}
+		}
+		
+		return httpClient;
+				
+	}
 
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
index 9adc221e5..3851ead2d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
@@ -31,7 +31,7 @@ import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
 import eu.eidas.auth.engine.ProtocolEngineI;
 import eu.eidas.auth.engine.metadata.MetadataFetcherI;
 import eu.eidas.auth.engine.metadata.MetadataSignerI;
@@ -65,8 +65,8 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataFetcherI {
 	 * @return true if refresh was successful, otherwise false
 	 */
 	public boolean refreshMetadata(String entityId) {
-		if (this.metadataprovider instanceof IMOARefreshableMetadataProvider )
-			return ((IMOARefreshableMetadataProvider)this.metadataprovider).refreshMetadataProvider(entityId);		
+		if (this.metadataprovider instanceof IRefreshableMetadataProvider )
+			return ((IRefreshableMetadataProvider)this.metadataprovider).refreshMetadataProvider(entityId);		
 		else
 			return false;
 		
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index a87d971d8..0e8bf2a5a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -47,10 +47,11 @@ import com.google.common.net.MediaType;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
@@ -61,7 +62,6 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
 import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.EidasStringUtil;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 8e840e2c1..6d20caa4b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -32,6 +32,7 @@ import org.opensaml.common.xml.SAMLSchemaBuilder;
 import org.opensaml.xml.ConfigurationException;
 import org.opensaml.xml.XMLConfigurator;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAExtendedSWSigner;
 import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
@@ -41,7 +42,6 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProvid
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
 import eu.eidas.auth.commons.attribute.AttributeRegistries;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
index 8add8e206..1b1b15567 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
@@ -35,10 +35,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java
index 30e1e4505..3075ab9cf 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java
@@ -25,8 +25,8 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import at.gv.egiz.eaaf.core.impl.data.Trible;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
-import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index ce5f4dc6b..42ca6e507 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -47,10 +47,10 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
@@ -87,7 +87,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
 	public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE";
 	
     public static final String NAME = EIDASProtocol.class.getName();
-    public static final String PATH = "eidas";	
+    public static final String PATH = "id_eidas";	
 
     @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
     
@@ -105,9 +105,10 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
         return NAME;
     }
 
-    public String getPath() {
-        return PATH;
-    }
+	@Override
+	public String getAuthProtocolIdentifier() {
+		return PATH;
+	}
 
 	//eIDAS metadata end-point
 	@RequestMapping(value = "/eidas/metadata", method = {RequestMethod.GET})
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index bbd132a3b..bfdb46a11 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -32,6 +32,8 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IAction;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
@@ -39,9 +41,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.utils.NewMoaEidasMetadata;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.engine.ProtocolEngineI;
 import eu.eidas.auth.engine.metadata.ContactData;
@@ -59,6 +59,7 @@ public class EidasMetaDataRequest implements IAction {
      
 	@Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
 	@Autowired(required=true) AuthConfiguration authConfig;
+	@Autowired(required=true) IPVP2BasicConfiguration pvpConfiguration;
 	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
@@ -150,10 +151,10 @@ public class EidasMetaDataRequest implements IAction {
         //add organisation information from PVP metadata information        
         Organization pvpOrganisation = null;
 		try {
-			pvpOrganisation = PVPConfiguration.getInstance().getIDPOrganisation();			
+			pvpOrganisation = pvpConfiguration.getIDPOrganisation();			
 			eu.eidas.auth.engine.metadata.ContactData.Builder technicalContact = ContactData.builder();
 			
-			List<ContactPerson> contacts = PVPConfiguration.getInstance().getIDPContacts();
+			List<ContactPerson> contacts = pvpConfiguration.getIDPContacts();
 			if (contacts != null && contacts.size() >= 1) {
 				ContactPerson contact = contacts.get(0);
 				technicalContact.givenName(contact.getGivenName().getName());
@@ -187,7 +188,7 @@ public class EidasMetaDataRequest implements IAction {
 			metadataConfigBuilder.supportContact(ContactData.builder(technicalContact.build()).build());
 			
 									
-		} catch (ConfigurationException | NullPointerException e) {
+		} catch (NullPointerException | EAAFException e) {
 			Logger.warn("Can not load Organisation or Contact from Configuration", e);
 			
 		}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java
index 14b1d06b6..5a8fcb846 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java
@@ -28,9 +28,9 @@ import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils;
-import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
index 6c3bfc569..1176ba251 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
@@ -28,10 +28,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index 82d0facd4..f6a67db9d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -41,15 +41,15 @@ import at.gv.egiz.eaaf.core.api.idp.IAction;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeBuilder;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.commons.EidasStringUtil;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java
index 24d24db2c..5dcd9499e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java
@@ -23,12 +23,12 @@
 package at.gv.egovernment.moa.id.protocols.eidas.validator;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.protocol.IAuthenticationResponse;
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
index 7ca4590bb..72c95d9c7 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
@@ -26,7 +26,7 @@ import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 
-import at.gv.egovernment.moa.id.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 
 /**
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
index 5743590f9..482d8ef85 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
@@ -33,14 +33,14 @@ import org.opensaml.saml2.metadata.Organization;
 import org.opensaml.saml2.metadata.RequestedAttribute;
 import org.opensaml.xml.security.credential.Credential;
 
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -51,11 +51,12 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon
 	
 	private String authURL;
 	private ELGAMandatesCredentialProvider credentialProvider;
+	private IPVP2BasicConfiguration pvpConfiguration;
 	
-	public ELGAMandatesMetadataConfiguration(String authURL, ELGAMandatesCredentialProvider credentialProvider) {
+	public ELGAMandatesMetadataConfiguration(String authURL, ELGAMandatesCredentialProvider credentialProvider, IPVP2BasicConfiguration pvpConfiguration) {
 		this.authURL = authURL;
 		this.credentialProvider = credentialProvider;
-				
+		this.pvpConfiguration = pvpConfiguration;
 	}
 	
 	
@@ -118,9 +119,9 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon
 	@Override
 	public List<ContactPerson> getContactPersonInformation() {
 		try {
-			return PVPConfiguration.getInstance().getIDPContacts();
+			return pvpConfiguration.getIDPContacts();
 			
-		} catch (ConfigurationException e) {
+		} catch (EAAFException e) {
 			Logger.warn("Can not load Metadata entry: Contect Person", e);
 			return null;
 			
@@ -134,9 +135,9 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon
 	@Override
 	public Organization getOrgansiationInformation() {
 		try {
-			return PVPConfiguration.getInstance().getIDPOrganisation();
+			return pvpConfiguration.getIDPOrganisation();
 			
-		} catch (ConfigurationException e) {
+		} catch (EAAFException e) {
 			Logger.warn("Can not load Metadata entry: Organisation", e);
 			return null;
 			
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
index b67d263fc..6954b9feb 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
@@ -38,9 +38,9 @@ import org.opensaml.xml.security.credential.Credential;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
index aaed6655b..d52cd750a 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
@@ -36,12 +36,13 @@ import com.google.common.net.MediaType;
 
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesMetadataConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -54,6 +55,7 @@ public class ELGAMandateMetadataController extends AbstractController {
 	@Autowired PVPMetadataBuilder metadatabuilder;
 	@Autowired AuthConfiguration authConfig;
 	@Autowired ELGAMandatesCredentialProvider credentialProvider; 
+	@Autowired IPVP2BasicConfiguration pvpConfiguration;
 	
 	public ELGAMandateMetadataController() {
 		super();
@@ -76,7 +78,7 @@ public class ELGAMandateMetadataController extends AbstractController {
 			} else {
 				//initialize metadata builder configuration
 				IPVPMetadataBuilderConfiguration metadataConfig = 
-						new ELGAMandatesMetadataConfiguration(authURL, credentialProvider);
+						new ELGAMandatesMetadataConfiguration(authURL, credentialProvider, pvpConfiguration);
 				
 				//build metadata
 				String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
index 12f2bde60..ce5f654da 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
@@ -41,26 +41,26 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnResponseValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -70,7 +70,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
  */
 @Component("ReceiveElgaMandateResponseTask")
 public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
-
+  
 	@Autowired SAMLVerificationEngineSP samlVerificationEngine;
 	@Autowired ELGAMandatesCredentialProvider credentialProvider;
 	@Autowired ELGAMandateServiceMetadataProvider metadataProvider;
@@ -85,17 +85,17 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 		
 		try {						
 			IDecoder decoder = null;
-			MOAURICompare comperator = null;
+			EAAFURICompare comperator = null;
 			//select Response Binding
 			if (request.getMethod().equalsIgnoreCase("POST")) {
 				decoder = new PostBinding();
-				comperator = new MOAURICompare(pendingReq.getAuthURL() 
+				comperator = new EAAFURICompare(pendingReq.getAuthURL() 
 						+ ELGAMandatesAuthConstants.ENDPOINT_POST);
 				Logger.debug("Receive PVP Response from ELGA mandate-service, by using POST-Binding.");
 				
 			}  else if (request.getMethod().equalsIgnoreCase("GET")) {
 				decoder = new RedirectBinding();
-				comperator = new MOAURICompare(pendingReq.getAuthURL()
+				comperator = new EAAFURICompare(pendingReq.getAuthURL()
 						+ ELGAMandatesAuthConstants.ENDPOINT_REDIRECT);
 				Logger.debug("Receive PVP Response from ELGA mandate-service, by using Redirect-Binding.");
 				
@@ -131,7 +131,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 			
 			
 			//validate assertion
-			MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);			
+			PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg);			
 			
 			//write ELGA mandate information into MOASession
 			AssertionAttributeExtractor extractor = 
@@ -217,7 +217,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 
 		} catch (AssertionValidationExeption | AuthnResponseValidationException e) {
 			Logger.info("ELGA mandate-service: PVP response validation FAILED. Msg:" + e.getMessage());
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getMessageId());
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getErrorId());
 			throw new TaskExecutionException(pendingReq, "ELGA mandate-service: PVP response validation FAILED.", e);
 		
 		} catch (Exception e) {
@@ -239,13 +239,13 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 	 * @throws AssertionValidationExeption 
 	 * @throws AuthnResponseValidationException 
 	 */
-	private MOAResponse preProcessAuthResponse(MOAResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException {
+	private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException {
 		Logger.debug("Start PVP-2.1 assertion processing... ");
 		Response samlResp = (Response) msg.getResponse();
 
 		//validate 'inResponseTo' attribute
 		String authnReqID = pendingReq.getGenericData(
-				PVPTargetConfiguration.DATAID_INTERFEDERATION_REQUESTID, String.class);
+				MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID, String.class);
 		String inResponseTo = samlResp.getInResponseTo();
 		
 		if (MiscUtil.isEmpty(authnReqID) || MiscUtil.isEmpty(inResponseTo) || 
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
index 70dc87df9..0b0c74777 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
@@ -37,8 +37,10 @@ import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -47,12 +49,10 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesReq
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.exceptions.ELGAMetadataException;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -193,7 +193,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
 			//set MandateReferenceValue as RequestID
 			authnReqConfig.setRequestID(moasession.getMandateReferenceValue());
 			pendingReq.setGenericDataToSession(
-					PVPTargetConfiguration.DATAID_INTERFEDERATION_REQUESTID,
+					MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID,
 					authnReqConfig.getRequestID());
 			
 			//set SubjectConformationDate
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
index 07f618c10..e8cfae10a 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
@@ -22,11 +22,15 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils;
 
+import java.net.MalformedURLException;
 import java.util.List;
 import java.util.Timer;
 
 import javax.xml.namespace.QName;
 
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
 import org.opensaml.saml2.metadata.EntitiesDescriptor;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.RoleDescriptor;
@@ -37,14 +41,19 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.parse.BasicParserPool;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.IDestroyableObject;
+import at.gv.egiz.eaaf.core.api.IDestroyableObject;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
-import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -54,9 +63,10 @@ import at.gv.egovernment.moa.util.MiscUtil;
  */
 
 @Service("ELGAMandate_MetadataProvider")
-public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvider
+public class ELGAMandateServiceMetadataProvider extends SimpleMetadataProvider
 	implements IDestroyableObject {
-	
+	@Autowired(required=true) AuthConfiguration moaAuthConfig;
+		
 	private ChainingMetadataProvider metadataProvider = new ChainingMetadataProvider();
 	private Timer timer = null;
 	
@@ -253,11 +263,12 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
 			filter.addFilter(new SchemaValidationFilter(true));
 			filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID));
 		
-			MetadataProvider idpMetadataProvider = createNewMoaMetadataProvider(metdataURL, 
+			MetadataProvider idpMetadataProvider = createNewSimpleMetadataProvider(metdataURL, 
 					filter, 
 					ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,					
 					timer,
-					new BasicParserPool());
+					new BasicParserPool(),
+					createHttpClient(metdataURL));
 			
 			if (idpMetadataProvider == null) {
 				Logger.error("Create ELGA Mandate-Service Client FAILED.");
@@ -300,4 +311,35 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
 			timer.cancel();
 		
 	}
+	
+	private HttpClient createHttpClient(String metadataURL) {					
+		MOAHttpClient httpClient = new MOAHttpClient();		
+		HttpClientParams httpClientParams = new HttpClientParams();
+		httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+		httpClient.setParams(httpClientParams);
+		
+		if (metadataURL.startsWith("https:")) {
+			try {
+				//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
+				MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+						PVPConstants.SSLSOCKETFACTORYNAME, 
+						moaAuthConfig.getTrustedCACertificates(),
+						null,
+						AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
+						moaAuthConfig.isTrustmanagerrevoationchecking(),
+						moaAuthConfig.getRevocationMethodOrder(),
+						moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+								AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
+				
+				httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+
+			} catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) {
+				Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
+				
+			}
+		}
+		
+		return httpClient;
+				
+	}
 }
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
index c8fe55e51..dd4e5d340 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
@@ -25,11 +25,11 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
-import at.gv.egovernment.moa.util.FileUtils;
 
 /**
  * @author tlenz
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
index 9060f35c5..76e7f0901 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
@@ -24,9 +24,9 @@ package at.gv.egovernment.moa.id.protocols.oauth20;
 
 import java.util.Properties;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.util.FileUtils;
 
 public class OAuth20Configuration {
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index d97c8f7cf..190ef9e9d 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -35,17 +35,18 @@ import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
-import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIssuingNationAttributeBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
@@ -62,7 +63,6 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepOIDAt
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 
 public final class OAuth20AttributeBuilder {
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java
index cd7b8312d..17ed6b40d 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java
@@ -34,11 +34,11 @@ import java.security.interfaces.RSAPublicKey;
 import org.apache.commons.lang.StringUtils;
 import org.opensaml.xml.security.x509.BasicX509Credential;
 
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Configuration;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20CertificateErrorException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
 
 public final class OAuth20SignatureUtil {
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index 5d461afc8..b00675e7c 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -40,11 +40,11 @@ import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
 import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index e04d719d9..98f6f2d5c 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -51,8 +51,9 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 	public String getName() { 
 		return NAME;
 	}
-	
-	public String getPath() {
+
+	@Override
+	public String getAuthProtocolIdentifier() {
 		return PATH;
 	}
 	
diff --git a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java
index 35bbac6e7..824d64171 100644
--- a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java
+++ b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java
@@ -30,10 +30,9 @@ import org.opensaml.xml.security.x509.BasicX509Credential;
 import org.testng.Assert;
 import org.testng.annotations.Test;
 
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Signer;
 import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Verifier;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
-
 import net.oauth.jsontoken.crypto.Signer;
 import net.oauth.jsontoken.crypto.Verifier;
 
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
index 2766eab05..92a08e411 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
@@ -22,6 +22,8 @@ import com.google.gson.JsonElement;
 import com.google.gson.JsonParser;
 import com.google.gson.JsonSyntaxException;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception;
@@ -32,8 +34,6 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.utils.X509Utils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
 
 @Service
 public class JsonSecurityUtils implements IJOSETools{
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
index 9f910d598..04ac1fd57 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
@@ -75,8 +75,10 @@ import com.google.gson.JsonParser;
 import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
@@ -94,12 +96,10 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageExcepti
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import net.glxn.qrgen.QRCode;
 import net.glxn.qrgen.image.ImageType;
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
index f1075f060..c7e42c8ab 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
@@ -49,6 +49,7 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
@@ -59,7 +60,6 @@ import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
index 189fcd2f6..4a5511df4 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
@@ -99,7 +99,18 @@ import com.google.gson.JsonObject;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.SAMLRequestNotSignedException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.PVP2AssertionBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair;
@@ -116,17 +127,8 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
@@ -141,6 +143,9 @@ import iaik.x509.X509Certificate;
 @Service("SSOContainerUtils")
 public class SSOContainerUtils {
 	
+	@Autowired(required=true) private IPVP2BasicConfiguration pvpConfiguration;
+	@Autowired(required=true) private PVP2AssertionBuilder assertionBuilder;
+	
 	private static final String PVP_HOLDEROFKEY_NAME = PVPConstants.URN_OID_PREFIX + 
 			"1.2.40.0.10.2.1.1.261.xx.xx";
 	
@@ -272,7 +277,7 @@ public class SSOContainerUtils {
 		
 	}
 	
-	public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException  {	
+	public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException, SAMLRequestNotSignedException, NoCredentialsException, CredentialsNotAvailableException, AssertionValidationExeption  {	
 		final BasicParserPool ppMgr = new BasicParserPool();
 		final HashMap<String, Boolean> features = new HashMap<String, Boolean>();
 		features.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
@@ -296,7 +301,7 @@ public class SSOContainerUtils {
 			} catch (ValidationException e) {
 				Logger.error("Failed to validate Signature", e);
 				throw new SAMLRequestNotSignedException(e);
-			}
+			} 
 			
 			Credential credential = credentials.getIDPAssertionSigningCredential();
 			if (credential == null) {
@@ -340,7 +345,7 @@ public class SSOContainerUtils {
 	public String generateSignedAndEncryptedSSOContainer(String authURL,
 			IAuthenticationSession authSession, Date date, byte[] hashedSecret) {		
 		try {
-			String entityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL);
+			String entityID = pvpConfiguration.getIDPEntityId(authURL);
 			AuthnContextClassRef authnContextClassRef = SAML2Utils
 					.createSAMLObject(AuthnContextClassRef.class);
 			authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());			
@@ -369,7 +374,7 @@ public class SSOContainerUtils {
 
 			IMOAAuthData authData = new SSOTransferAuthenticationData(authConfig, authSession);
 			
-			Assertion assertion = PVP2AssertionBuilder.buildGenericAssertion(
+			Assertion assertion = assertionBuilder.buildGenericAssertion(
 					entityID,
 					entityID, 
 					new DateTime(date.getTime()), 
@@ -405,7 +410,7 @@ public class SSOContainerUtils {
 						
 			return container.toString();
 												
-		} catch (ConfigurationException | EncryptionException | CredentialsNotAvailableException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | NoSuchPaddingException e) {
+		} catch (EncryptionException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | NoSuchPaddingException | EAAFException e) {
 			Logger.warn("SSO container generation FAILED.", e);
 		}
 		
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java
index 8ca087e1d..a2441bc1f 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java
@@ -39,7 +39,7 @@ import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
 import org.bouncycastle.math.ec.ECPoint;
 import org.bouncycastle.util.BigIntegers;
 
-import at.gv.egovernment.moa.id.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.util.Base64Utils;
 import iaik.security.random.SeedGenerator;
 
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
index 1fff56f8d..a1b8631dc 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
@@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.config;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
-import java.util.Iterator;
 import java.util.List;
 
 import org.opensaml.saml2.core.Attribute;
@@ -35,16 +34,15 @@ import org.opensaml.saml2.metadata.Organization;
 import org.opensaml.saml2.metadata.RequestedAttribute;
 import org.opensaml.xml.security.credential.Credential;
 
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -58,11 +56,14 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo
 	
 	private String authURL;
 	private FederatedAuthCredentialProvider credentialProvider;
+	private IPVP2BasicConfiguration pvpConfiguration;
 	
-	public FederatedAuthMetadataConfiguration(String authURL, FederatedAuthCredentialProvider credentialProvider) {
+	public FederatedAuthMetadataConfiguration(String authURL, 
+			FederatedAuthCredentialProvider credentialProvider,
+			IPVP2BasicConfiguration pvpConfiguration) {
 		this.authURL = authURL;
 		this.credentialProvider = credentialProvider;
-				
+		this.pvpConfiguration = pvpConfiguration;
 	}
 	
 	
@@ -125,9 +126,9 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo
 	@Override
 	public List<ContactPerson> getContactPersonInformation() {
 		try {
-			return PVPConfiguration.getInstance().getIDPContacts();
+			return pvpConfiguration.getIDPContacts();
 			
-		} catch (ConfigurationException e) {
+		} catch (EAAFException e) {
 			Logger.warn("Can not load Metadata entry: Contect Person", e);
 			return null;
 			
@@ -141,9 +142,9 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo
 	@Override
 	public Organization getOrgansiationInformation() {
 		try {
-			return PVPConfiguration.getInstance().getIDPOrganisation();
+			return pvpConfiguration.getIDPOrganisation();
 			
-		} catch (ConfigurationException e) {
+		} catch (EAAFException e) {
 			Logger.warn("Can not load Metadata entry: Organisation", e);
 			return null;
 			
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
index 000590923..6cbe558e7 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
@@ -28,8 +28,8 @@ import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.xml.security.credential.Credential;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation;
 
 /**
  * @author tlenz
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
index 399845643..6a733adb8 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
@@ -36,12 +36,13 @@ import com.google.common.net.MediaType;
 
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthMetadataConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -54,6 +55,7 @@ public class FederatedAuthMetadataController extends AbstractController {
 	@Autowired PVPMetadataBuilder metadatabuilder;
 	@Autowired AuthConfiguration authConfig;
 	@Autowired FederatedAuthCredentialProvider credentialProvider; 
+	@Autowired IPVP2BasicConfiguration pvpConfiguration;
 	
 	public FederatedAuthMetadataController() {
 		super();
@@ -76,7 +78,7 @@ public class FederatedAuthMetadataController extends AbstractController {
 			} else {
 				//initialize metadata builder configuration
 				IPVPMetadataBuilderConfiguration metadataConfig = 
-						new FederatedAuthMetadataConfiguration(authURL, credentialProvider);
+						new FederatedAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration);
 				
 				//build metadata
 				String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
index 717099a8d..20fd5ebc4 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
@@ -35,9 +35,12 @@ import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthnRequestBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
@@ -46,10 +49,7 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -63,6 +63,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 	@Autowired PVPAuthnRequestBuilder authnReqBuilder;
 	@Autowired FederatedAuthCredentialProvider credential;
 	@Autowired(required=true) MOAMetadataProvider metadataProvider;
+	@Autowired(required=true) ILoALevelMapper loaMapper; 
 	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
@@ -117,7 +118,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			//build and transmit AuthnRequest
 			authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response);
 			
-		} catch (MOAIDException | MetadataProviderException e) {
+		} catch (MetadataProviderException e) {
 			throw new TaskExecutionException(pendingReq, "Build PVP2.1 AuthnRequest for SSO inderfederation FAILED.", e);
 
 		} catch (MessageEncodingException | NoSuchAlgorithmException  | SecurityException e) {
@@ -182,7 +183,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 					pendingReq.getClass().isInstance(storkRequst)) {
 				
 				try {									
-					secClass = LoALevelMapper.getInstance().mapToSecClass(
+					secClass = loaMapper.mapToSecClass(
 							PVPConstants.STORK_QAA_PREFIX + String.valueOf(storkSecClass));
 				
 				} catch (Exception e) {
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
index c20342a11..bb7f735aa 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
@@ -48,6 +48,18 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
@@ -60,22 +72,9 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnResponseValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -106,17 +105,17 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 		
 		try {
 			
-			IDecoder decoder = null;
-			MOAURICompare comperator = null;
+			IDecoder decoder = null; 
+			EAAFURICompare comperator = null;
 			//select Response Binding
 			if (request.getMethod().equalsIgnoreCase("POST")) {
 				decoder = new PostBinding();
-				comperator = new MOAURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_POST);
+				comperator = new EAAFURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_POST);
 				Logger.trace("Receive PVP Response from federated IDP, by using POST-Binding.");
 				
 			}  else if (request.getMethod().equalsIgnoreCase("GET")) {
 				decoder = new RedirectBinding();
-				comperator = new MOAURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_REDIRECT);
+				comperator = new EAAFURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_REDIRECT);
 				Logger.trace("Receive PVP Response from federated IDP, by using Redirect-Binding.");
 				
 			} else {
@@ -148,7 +147,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE);
 			
 			//validate assertion
-			MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);
+			PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg);
 			
 			//load IDP and SP configuration
 			IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class);
@@ -171,11 +170,11 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			if (spConfig.isInderfederationIDP()) {
 				//SP is a federated IDP  --> answer only with nameID and wait for attribute-Query
 				pendingReq.setGenericDataToSession(
-						PVPTargetConfiguration.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true);				
+						MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true);				
 				pendingReq.setGenericDataToSession(
-						PVPTargetConfiguration.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID());
+						MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID());
 				pendingReq.setGenericDataToSession(
-						PVPTargetConfiguration.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel());
+						MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel());
 
 				authenticatedSessionStorage.
 					addFederatedSessionInformation(pendingReq, 
@@ -369,7 +368,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 	 * @throws AssertionValidationExeption 
 	 * @throws AuthnResponseValidationException 
 	 */
-	private MOAResponse preProcessAuthResponse(MOAResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException {
+	private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException {
 		Logger.debug("Start PVP21 assertion processing... ");
 		Response samlResp = (Response) msg.getResponse();
 
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
index 9ef02935b..38568cdd8 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
@@ -25,11 +25,11 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.utils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
-import at.gv.egovernment.moa.util.FileUtils;
 
 /**
  * @author tlenz
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 3452da003..92bcce24b 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -32,11 +32,11 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IAction;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.URLEncoder;
@@ -121,7 +121,7 @@ public class GetArtifactAction implements IAction {
 					new SLOInformationImpl(req.getAuthURL(), oaParam.getPublicURLPrefix(), authData.getAssertionID(), null, null, req.requestedModule());
 			
 			return sloInformation;
-			
+			 
 		} catch (Exception ex) {
 			Logger.error("SAML1 Assertion build error", ex);
 			throw new AuthenticationException("SAML1 Assertion build error.", new Object[]{}, ex);
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index 85e2107c6..73d99d93b 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -72,12 +72,12 @@ import org.xml.sax.SAXException;
 
 import com.google.common.net.MediaType;
 
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
@@ -338,7 +338,7 @@ public class GetAuthenticationDataService extends AbstractController implements
 			is = Thread.currentThread()
 					.getContextClassLoader()
 					.getResourceAsStream(templateURL);	
-		
+		 
 			VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();		
 			BufferedReader reader = new BufferedReader(new InputStreamReader(is ));				
 			StringWriter writer = new StringWriter();						
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
index c53d1c98d..51d722dc4 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
@@ -52,6 +52,7 @@ import java.util.List;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
+import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DateTimeUtils;
 
@@ -88,7 +89,8 @@ public class SAML1AuthenticationData extends MOAAuthenticationData {
   private List<ExtendedSAMLAttribute> extendedSAMLAttributesOA;
   
 
-  public SAML1AuthenticationData() {	  	
+  public SAML1AuthenticationData(LoALevelMapper loaMapper) {
+	  	super(loaMapper);
 		this.setMajorVersion(1);
 		this.setMinorVersion(0);
 		this.setAssertionID(Random.nextRandom());	  
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 1be3e3daa..73afec4e0 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -47,6 +47,7 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
@@ -66,7 +67,6 @@ import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
@@ -490,7 +490,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 						&& Constants.URN_PREFIX_BASEID
 								.equals(identificationType)) {
 					// now we calculate the wbPK and do so if we got it from the
-					// BKU
+					// BKU 
 					
 					//load IdentityLinkDomainType from OAParam 					
 					Pair<String, String> targedId = new BPKBuilder().generateAreaSpecificPersonIdentifier(
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 54b137ce1..aa3fce249 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -94,10 +94,11 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
 		return NAME;
 	}
 
-	public String getPath() {
+	@Override
+	public String getAuthProtocolIdentifier() {
 		return PATH;
+		
 	}
-
 	
 	@RequestMapping(value = "/StartAuthentication", method = {RequestMethod.POST, RequestMethod.GET})
 	public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {		
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
index 60d64a3ac..9ba1c4dd3 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
@@ -31,10 +31,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 
 import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 
 public class TestManager{
 	
diff --git a/pom.xml b/pom.xml
index 6e5ee2fb8..2faf73b09 100644
--- a/pom.xml
+++ b/pom.xml
@@ -35,7 +35,7 @@
 			<moa-id-module-elga_mandate_client>1.3.1</moa-id-module-elga_mandate_client>
 
 			<!-- =================================================================================== -->
-			<eaaf-core.version>1.0.0-snapshot</eaaf-core.version>							
+			<egiz.eaaf.version>1.0.0-snapshot</egiz.eaaf.version>							
 			<org.springframework.version>4.3.13.RELEASE</org.springframework.version>
 			<org.springframework.data.spring-data-jpa>1.11.9.RELEASE</org.springframework.data.spring-data-jpa>
 			<surefire.version>2.20.1</surefire.version>		
@@ -442,9 +442,25 @@
 						<dependency>
 	    					<groupId>at.gv.egiz.eaaf</groupId>
 	  						<artifactId>eaaf-core</artifactId>
-	  						<version>${eaaf-core.version}</version>
-	  					</dependency> 
-
+	  						<version>${egiz.eaaf.version}</version>
+	  					</dependency>
+	  					<dependency>
+	  						<groupId>at.gv.egiz.eaaf</groupId>
+  							<artifactId>eaaf_module_pvp2_idp</artifactId>
+  							<version>${egiz.eaaf.version}</version>
+  						</dependency>
+  						<dependency> 
+							<groupId>at.gv.egiz.eaaf</groupId>
+  							<artifactId>eaaf_module_pvp2_sp</artifactId>
+  							<version>${egiz.eaaf.version}</version>
+						</dependency>  							
+						<dependency>
+        					<groupId>at.gv.egiz.eaaf</groupId>
+        					<artifactId>eaaf_module_pvp2_core</artifactId>
+        					<version>${egiz.eaaf.version}</version>
+        				</dependency>  							
+  							
+  							
       					<dependency>
 							<groupId>MOA.id.server</groupId>
 							<artifactId>moa-id-spring-initializer</artifactId>
-- 
cgit v1.2.3


From 016663e3a46f5f41f4d621c19e49063c78ccca70 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 20 Jun 2018 15:32:44 +0200
Subject: add some missing files

---
 .../moa/id/protocols/pvp2x/PVP2XProtocol.java      | 396 +++++++++++++++++++++
 .../metadata/PVPMetadataFilterChain.java           |  54 +++
 .../tasks/FirstBKAMobileAuthTask.java              |   2 +-
 3 files changed, 451 insertions(+), 1 deletion(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
new file mode 100644
index 000000000..a59033177
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -0,0 +1,396 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.saml2.core.AttributeQuery;
+import org.opensaml.saml2.core.LogoutRequest;
+import org.opensaml.saml2.core.LogoutResponse;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.ws.security.SecurityPolicyException;
+import org.opensaml.xml.security.SecurityException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityLogAdapter;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.AbstractPVP2XProtocol;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.SoapBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+ 
+@Controller
+public class PVP2XProtocol extends AbstractPVP2XProtocol {
+
+	@Autowired(required=true) AuthConfiguration moaAuthConfig;
+	@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
+	
+	public static final String NAME = PVP2XProtocol.class.getName();
+	public static final String PATH = "id_pvp2-sprofile";
+
+	
+	public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
+			new String[] {
+					PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME
+			});
+	
+	static {			
+		new VelocityLogAdapter();
+		
+	}
+
+	public String getName() {
+		return NAME;
+	}
+
+	public String getAuthProtocolIdentifier() {
+		return PATH;
+	}
+	
+	public PVP2XProtocol() {
+		super();
+	} 
+		
+	//PVP2.x metadata end-point
+	@RequestMapping(value = PVPConfiguration.PVP2_METADATA, method = {RequestMethod.POST, RequestMethod.GET})
+	public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
+		if (!moaAuthConfig.getAllowedProtocols().isPVP21Active()) {
+			Logger.info("PVP2.1 is deaktivated!");
+			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
+			
+		}
+		
+		super.pvpMetadataRequest(req, resp);
+		
+	}
+	
+	//PVP2.x IDP POST-Binding end-point
+	@RequestMapping(value = PVPConfiguration.PVP2_IDP_POST, method = {RequestMethod.POST})
+	public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
+		if (!moaAuthConfig.getAllowedProtocols().isPVP21Active()) {
+			Logger.info("PVP2.1 is deaktivated!");
+			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
+			
+		}
+		
+		super.PVPIDPPostRequest(req, resp);
+						
+	}
+	
+	//PVP2.x IDP Redirect-Binding end-point
+	@RequestMapping(value = PVPConfiguration.PVP2_IDP_REDIRECT, method = {RequestMethod.GET})
+	public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
+		if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) {
+			Logger.info("PVP2.1 is deaktivated!");
+			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
+			
+		}
+		
+		super.PVPIDPRedirecttRequest(req, resp);
+				
+	}
+	
+	
+	//PVP2.x IDP SOAP-Binding end-point
+	@RequestMapping(value = "/pvp2/soap", method = {RequestMethod.POST})
+	public void PVPIDPSOAPRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
+//		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
+//			Logger.info("PVP2.1 is deaktivated!");
+//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
+//			
+//		}
+				
+		PVPSProfilePendingRequest pendingReq = null;
+		try {
+			//create pendingRequest object
+			pendingReq = applicationContext.getBean(PVPSProfilePendingRequest.class);
+			pendingReq.initialize(req, authConfig);
+			pendingReq.setModule(NAME);
+			
+			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
+			revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());						
+			revisionsLogger.logEvent(
+					pendingReq.getUniqueSessionIdentifier(), 
+					pendingReq.getUniqueTransactionIdentifier(), 
+					MOAIDEventConstants.TRANSACTION_IP, 
+					req.getRemoteAddr());
+			
+			//get POST-Binding decoder implementation
+			InboundMessage msg = (InboundMessage) new SoapBinding().decode(
+					req, resp, metadataProvider, false,
+					new EAAFURICompare(pvpBasicConfiguration.getIDPSSOPostService(pendingReq.getAuthURL())));
+			pendingReq.setRequest(msg);
+			
+			//preProcess Message
+			preProcess(req, resp, pendingReq);
+						
+		} catch (SecurityPolicyException e) {
+			String samlRequest = req.getParameter("SAMLRequest");			
+			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+						
+			//write revision log entries
+			if (pendingReq != null)
+				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
+			
+			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
+			
+		} catch (SecurityException e) {
+			String samlRequest = req.getParameter("SAMLRequest");			
+			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+			
+			//write revision log entries
+			if (pendingReq != null)
+				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
+			
+			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
+		
+		} catch (MOAIDException e) {			
+			//write revision log entries
+			if (pendingReq != null)
+				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
+			
+			throw e;
+						
+		} catch (Throwable e) {			
+			String samlRequest = req.getParameter("SAMLRequest");			
+			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
+			
+			//write revision log entries
+			if (pendingReq != null)
+				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
+			
+			throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()});
+		}					
+	}
+	
+	
+	protected boolean childPreProcess(HttpServletRequest request,
+			HttpServletResponse response, PVPSProfilePendingRequest pendingReq) throws Throwable {				
+		InboundMessage msg = pendingReq.getRequest();
+		if (msg instanceof PVPSProfileRequest && 
+				((PVPSProfileRequest)msg).getSamlRequest() instanceof AttributeQuery)
+			preProcessAttributQueryRequest(request, response, pendingReq);
+
+		else if (msg instanceof PVPSProfileRequest && 
+				((PVPSProfileRequest)msg).getSamlRequest() instanceof LogoutRequest)
+			preProcessLogOut(request, response, pendingReq);
+			
+		else if (msg instanceof PVPSProfileResponse && 
+				((PVPSProfileResponse)msg).getResponse() instanceof LogoutResponse)
+			preProcessLogOut(request, response, pendingReq);
+			
+		else 
+			return false;
+			
+			
+		return true;
+	}
+	
+	/**
+	 * PreProcess Single LogOut request
+	 * @param request
+	 * @param response
+	 * @param msg
+	 * @return
+	 * @throws EAAFException 
+	 * @throws MOAIDException 
+	 */
+	private void preProcessLogOut(HttpServletRequest request,
+			HttpServletResponse response, PVPSProfilePendingRequest pendingReq) throws EAAFException {
+
+		InboundMessage inMsg = pendingReq.getRequest();		
+		PVPSProfileRequest msg;
+		if (inMsg instanceof PVPSProfileRequest && 
+				((PVPSProfileRequest)inMsg).getSamlRequest() instanceof LogoutRequest) {
+			//preProcess single logout request from service provider
+			
+			msg = (PVPSProfileRequest) inMsg;
+			
+			EntityDescriptor metadata = msg.getEntityMetadata(metadataProvider);
+			if(metadata == null) {
+				throw new NoMetadataInformationException();
+			}
+
+			String oaURL = metadata.getEntityID();
+			oaURL = StringEscapeUtils.escapeHtml(oaURL);
+			ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
+			
+			Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding());
+						
+			pendingReq.setSPEntityId(oaURL);
+			pendingReq.setOnlineApplicationConfiguration(oa);
+			pendingReq.setBinding(msg.getRequestBinding());
+			
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_SLO);
+			
+
+						
+		} else if (inMsg instanceof PVPSProfileResponse && 
+				((PVPSProfileResponse)inMsg).getResponse() instanceof LogoutResponse) {
+			//preProcess single logour response from service provider
+						
+			LogoutResponse resp = (LogoutResponse) (((PVPSProfileResponse)inMsg).getResponse());
+			
+			Logger.debug("PreProcess SLO Response from " + resp.getIssuer());
+			
+//			List<String> allowedPublicURLPrefix = authConfig.getIDPPublicURLPrefixes();
+//					AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
+			
+			boolean isAllowedDestination = false;			
+			try {
+				isAllowedDestination = MiscUtil.isNotEmpty(authConfig.validateIDPURL(new URL(resp.getDestination())));
+				
+			} catch (MalformedURLException e) {
+				Logger.info(resp.getDestination() + " is NOT valid. Reason: " + e.getMessage());
+				
+			}
+			
+//			for (String prefix : allowedPublicURLPrefix) {
+//				if (resp.getDestination().startsWith(
+//					prefix)) {
+//					isAllowedDestination = true;
+//					break;
+//				}
+//			}
+						
+			if (!isAllowedDestination) {
+				Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL");
+				throw new AssertionValidationExeption("PVP 2.1 single logout response destination does not match to IDP URL", null);
+				
+			}
+			
+			//TODO: check if relayState exists
+			inMsg.getRelayState();
+						
+						
+		} else 
+			throw new EAAFException("Unsupported request");
+		
+		
+		pendingReq.setRequest(inMsg);
+		pendingReq.setAction(PVPConstants.SINGLELOGOUT);
+		
+		//Single LogOut Request needs no authentication 
+		pendingReq.setNeedAuthentication(false);
+		
+		//set protocol action, which should be executed
+		pendingReq.setAction(SingleLogOutAction.class.getName());
+	}
+	
+	/**
+	 * PreProcess AttributeQuery request 
+	 * @param request
+	 * @param response
+	 * @param pendingReq
+	 * @throws Throwable
+	 */
+	private void preProcessAttributQueryRequest(HttpServletRequest request,
+			HttpServletResponse response, PVPSProfilePendingRequest pendingReq) throws Throwable {
+		PVPSProfileRequest moaRequest = ((PVPSProfileRequest)pendingReq.getRequest());
+		AttributeQuery attrQuery = (AttributeQuery) moaRequest.getSamlRequest();
+		moaRequest.setEntityID(attrQuery.getIssuer().getValue());
+		
+		//validate destination
+		String destinaten = attrQuery.getDestination();
+		if (!pvpBasicConfiguration.getIDPSSOSOAPService(HTTPUtils.extractAuthURLFromRequest(request)).equals(destinaten)) {
+			Logger.warn("AttributeQuery destination does not match IDP AttributeQueryService URL");
+			throw new AttributQueryException("AttributeQuery destination does not match IDP AttributeQueryService URL", null);
+			
+		}
+
+		//check if Issuer is an interfederation IDP		
+		IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(moaRequest.getEntityID(), IOAAuthParameters.class);
+		if (!oa.isInderfederationIDP()) {
+			Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs.");
+			throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null);
+			
+		}
+		
+		if (!oa.isOutboundSSOInterfederationAllowed()) {
+			Logger.warn("Interfederation IDP " + oa.getPublicURLPrefix() + " does not allow outgoing SSO interfederation.");
+			throw new AttributQueryException("Interfederation IDP does not allow outgoing SSO interfederation.", null);
+			
+		}
+					
+		//check active MOASession
+		String nameID = attrQuery.getSubject().getNameID().getValue();			
+		IAuthenticationSession session = authenticatedSessionStorage.getSessionWithUserNameID(nameID);
+		if (session == null) {
+			Logger.warn("AttributeQuery nameID does not match to an active single sign-on session.");
+			throw new AttributQueryException("auth.31", null);
+			
+		}
+		
+		//set preProcessed information into pending-request
+		pendingReq.setRequest(moaRequest);
+		pendingReq.setSPEntityId(moaRequest.getEntityID());
+		pendingReq.setOnlineApplicationConfiguration(oa);
+		pendingReq.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
+		
+		//Attribute-Query Request needs authentication, because session MUST be already authenticated 
+		pendingReq.setNeedAuthentication(false);
+				
+		//set protocol action, which should be executed after authentication
+		pendingReq.setAction(AttributQueryAction.class.getName());
+
+		//add moasession
+		pendingReq.setSSOSessionIdentifier(session.getSSOSessionID());
+				
+		//write revisionslog entry
+		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY);
+		
+		
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
new file mode 100644
index 000000000..615a0eaa7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
+
+import java.security.cert.CertificateException;
+
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
+
+/**
+ * @author tlenz
+ *
+ */
+public class PVPMetadataFilterChain extends MetadataFilterChain {
+
+		
+	/**
+	 * @throws CertificateException 
+	 * 
+	 */
+	public PVPMetadataFilterChain(String url, byte[] certificate) throws CertificateException {
+		addDefaultFilters(url, certificate);
+	}
+	
+	public void addDefaultFilters(String url, byte[] certificate) throws CertificateException {
+		addFilter(new MetadataSignatureFilter(url, certificate));
+		
+	}
+
+
+
+
+
+	
+}
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
index 68b944814..76563c8ca 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
@@ -210,7 +210,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 			moaSession.setUseMandates(false);
 			moaSession.setForeigner(false);			
 			moaSession.setBkuURL("http://egiz.gv.at/BKA_MobileAuthTest");			
-			moaSession.setQAALevel(PVPConstants.STORK_QAA_1_3);
+			moaSession.setQAALevel(PVPConstants.EIDAS_QAA_SUBSTANTIAL);
 			Logger.info("Session Restore completed");
 			
 			
-- 
cgit v1.2.3


From d1d206293ea012fd37c891673a8b5e74ad40a0cf Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 22 Jun 2018 15:20:53 +0200
Subject: some more pvp2 updates

---
 .../id/demoOA/servlet/pvp2/DemoApplication.java    |    2 +-
 .../moa/id/demoOA/servlet/pvp2/Index.java          |    2 +-
 .../moa/id/advancedlogging/MOAReversionLogger.java |    2 +-
 .../id/auth/builder/AuthenticationDataBuilder.java |  657 +++-------
 .../moa/id/auth/builder/BPKBuilder.java            |  359 ------
 .../auth/builder/MOAIDSubjectNameIdGenerator.java  |    5 +-
 .../moa/id/auth/data/AuthenticationSession.java    |   10 +-
 .../id/auth/data/AuthenticationSessionWrapper.java |  231 +---
 .../egovernment/moa/id/auth/data/IdentityLink.java |  312 -----
 .../auth/parser/IdentityLinkAssertionParser.java   |   10 +-
 .../parser/VerifyXMLSignatureResponseParser.java   |    4 +-
 .../id/config/auth/OAAuthParameterDecorator.java   |   43 +-
 .../config/auth/data/DynamicOAAuthParameters.java  |   18 +
 .../gv/egovernment/moa/id/data/IMOAAuthData.java   |    4 +-
 .../at/gv/egovernment/moa/id/data/MISMandate.java  |    2 +-
 .../moa/id/data/MOAAuthenticationData.java         |   47 +-
 .../builder/attributes/EIDIdentityLinkBuilder.java |   76 --
 .../MandateFullMandateAttributeBuilder.java        |    2 +-
 .../MandateNaturalPersonBPKAttributeBuilder.java   |    7 +-
 .../metadata/MOASPMetadataSignatureFilter.java     |    2 +-
 .../moa/id/util/IdentityLinkReSigner.java          |    2 +-
 .../moa/id/util/ParamValidatorUtils.java           |    2 +-
 .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder |    1 -
 .../src/test/java/test/MOAIDTestCase.java          |    4 +-
 .../commons/api/data/AuthProzessDataConstants.java |   22 +-
 .../commons/api/data/IAuthenticationSession.java   |  106 +-
 .../moa/id/commons/api/data/IIdentityLink.java     |  175 ---
 .../java/at/gv/egovernment/moa/util/DOMUtils.java  | 1263 --------------------
 .../gv/egovernment/moa/util/MOADefaultHandler.java |    6 +-
 .../egovernment/moa/util/NodeIteratorAdapter.java  |  111 --
 .../gv/egovernment/moa/util/NodeListAdapter.java   |   68 --
 .../at/gv/egovernment/moa/util/XPathException.java |   86 --
 .../at/gv/egovernment/moa/util/XPathUtils.java     |  557 ---------
 .../test/at/gv/egovernment/moa/MOATestCase.java    |    2 +-
 .../at/gv/egovernment/moa/util/DOMUtilsTest.java   |    2 +-
 .../at/gv/egovernment/moa/util/XPathUtilsTest.java |    3 +-
 .../AbstractGUIFormBuilderConfiguration.java       |  111 --
 ...roviderSpecificGUIFormBuilderConfiguration.java |    1 +
 .../DefaultGUIFormBuilderConfiguration.java        |    1 +
 .../auth/frontend/builder/GUIFormBuilderImpl.java  |  165 +--
 .../moa/id/auth/AuthenticationServer.java          |   15 +-
 .../builder/AuthenticationAssertionBuilder.java    |    2 +-
 .../AuthenticationBlockAssertionBuilder.java       |    2 +-
 .../moa/id/auth/builder/PersonDataBuilder.java     |    6 +-
 .../moa/id/auth/builder/SAMLResponseBuilder.java   |    2 +-
 .../builder/VerifyXMLSignatureRequestBuilder.java  |    2 +-
 .../modules/internal/tasks/GetForeignIDTask.java   |    6 +-
 .../internal/tasks/GetMISSessionIDTask.java        |    2 +-
 .../internal/tasks/PrepareGetMISMandateTask.java   |    2 +-
 .../parser/CreateXMLSignatureResponseParser.java   |    4 +-
 .../parser/ExtendedInfoboxReadResponseParser.java  |    2 +-
 .../id/auth/parser/InfoboxReadResponseParser.java  |    6 +-
 .../CreateXMLSignatureResponseValidator.java       |    9 +-
 .../id/auth/validator/IdentityLinkValidator.java   |    6 +-
 .../VerifyXMLSignatureResponseValidator.java       |    2 +-
 .../moa/id/auth/validator/parep/ParepUtils.java    |    4 +-
 .../id/util/client/mis/simple/MISSimpleClient.java |    2 +-
 .../builder/InfoboxReadRequestBuilderTest.java     |    3 +-
 .../moa/id/auth/builder/PersonDataBuilderTest.java |    2 +-
 .../parser/IdentityLinkAssertionParserTest.java    |    9 +-
 .../auth/parser/InfoboxReadResponseParserTest.java |    6 +-
 .../tasks/FirstBKAMobileAuthTask.java              |    4 +-
 .../tasks/SecondBKAMobileAuthTask.java             |    4 +-
 .../eidas/tasks/CreateIdentityLinkTask.java        |    8 +-
 .../elgamandates/tasks/RequestELGAMandateTask.java |    2 +-
 .../attributes/OAuth20AttributeBuilder.java        |    2 +-
 .../sl20_auth/tasks/ReceiveQualeIDTask.java        |    2 +-
 .../data/SSOTransferAuthenticationData.java        |    2 +-
 .../data/SSOTransferOnlineApplication.java         |   18 +
 .../ssotransfer/servlet/SSOTransferServlet.java    |    5 +-
 .../ssotransfer/utils/SSOContainerUtils.java       |    2 +-
 .../saml1/GetAuthenticationDataService.java        |    6 +-
 .../protocols/saml1/SAML1AuthenticationServer.java |    9 +-
 .../moa/id/monitoring/IdentityLinkTestModule.java  |    4 +-
 74 files changed, 398 insertions(+), 4247 deletions(-)
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeIteratorAdapter.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeListAdapter.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathException.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java
 delete mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
index 93622f828..aeb4d8eac 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
@@ -78,12 +78,12 @@ import org.opensaml.xml.security.x509.X509Credential;
 import org.opensaml.xml.signature.Signature;
 import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.demoOA.Configuration;
 import at.gv.egovernment.moa.id.demoOA.Constants;
 import at.gv.egovernment.moa.id.demoOA.PVPConstants;
 import at.gv.egovernment.moa.id.demoOA.utils.ApplicationBean;
 import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils;
-import at.gv.egovernment.moa.util.DOMUtils;
 
 public class DemoApplication extends HttpServlet {
 	Logger log = Logger.getLogger(DemoApplication.class);
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java
index 28003528b..bac3e1949 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java
@@ -83,11 +83,11 @@ import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.demoOA.Configuration;
 import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException;
 import at.gv.egovernment.moa.id.demoOA.utils.ApplicationBean;
 import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index 8298b082b..9894ffbe9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -33,11 +33,11 @@ import org.springframework.stereotype.Service;
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egiz.eaaf.modules.pvp2.PVPEventConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 998817b19..b6f78119c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -23,19 +23,14 @@
 package at.gv.egovernment.moa.id.auth.builder;
 
 import java.io.IOException;
-import java.io.InputStream;
 import java.lang.reflect.InvocationTargetException;
 import java.security.PrivateKey;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Collection;
 import java.util.Date;
 import java.util.Iterator;
 import java.util.List;
 
-import javax.naming.ldap.LdapName;
-import javax.naming.ldap.Rdn;
-
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.DOMException;
@@ -46,17 +41,24 @@ import org.w3c.dom.NodeList;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFParserException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.exceptions.XPathException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
-import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -64,7 +66,6 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -82,24 +83,21 @@ import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.MiscUtil;
-import at.gv.egovernment.moa.util.XPathException;
-import at.gv.egovernment.moa.util.XPathUtils;
 import at.gv.util.client.szr.SZRClient;
 import at.gv.util.config.EgovUtilPropertiesConfiguration;
 import at.gv.util.wsdl.szr.SZRException;
 import at.gv.util.xsd.szr.PersonInfoType;
-import iaik.x509.X509Certificate;
 
 /**
  * @author tlenz
  *
  */
 @Service("AuthenticationDataBuilder")
-public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAuthenticationDataBuilder{
+public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder {
 
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
 	@Autowired protected AuthConfiguration authConfig;
-	@Autowired private LoALevelMapper loaLevelMapper; 
+	@Autowired protected LoALevelMapper loaLevelMapper; 
 	
 	@Override
 	public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
@@ -108,16 +106,17 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 					new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()),
 					pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class));
 			
-		} catch (ConfigurationException | BuildException | WrongParametersException | DynamicOABuildException e) {
+		} catch (ConfigurationException | BuildException | WrongParametersException | DynamicOABuildException | EAAFBuilderException e) {
 			Logger.warn("Can not build authentication data from session information");
 			throw new EAAFAuthenticationException("TODO", new Object[]{},					
 					"Can not build authentication data from session information", e);
+			
 		}
 		
 	}
 		
 	private IAuthData buildAuthenticationData(IRequest pendingReq, 
-            IAuthenticationSession session,  IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {		
+            IAuthenticationSession session,  IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException, EAAFBuilderException {		
 		MOAAuthenticationData authdata = null;		
 		
 		//only needed for SAML1 legacy support
@@ -181,96 +180,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 	}
 			
 	private void buildAuthDataFormMOASession(MOAAuthenticationData authData, IAuthenticationSession session, 
-			IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException {
-
-		Collection<String> includedToGenericAuthData = null;
-		if (session.getGenericSessionDataStorage() != null &&  
-				!session.getGenericSessionDataStorage().isEmpty())
-			includedToGenericAuthData = session.getGenericSessionDataStorage().keySet();
-		else
-			includedToGenericAuthData = new ArrayList<String>();
-		
-		try {		
-			//####################################################
-			//set general authData info's
-			authData.setAuthenticationIssuer(protocolRequest.getAuthURL());
-			authData.setSsoSession(protocolRequest.needSingleSignOnFunctionality());			
-			authData.setBaseIDTransferRestrication(oaParam.hasBaseIdTransferRestriction());
-			
-		
-			//####################################################
-			//parse user info's from identityLink
-			IIdentityLink idlFromPVPAttr = null;
-			IIdentityLink identityLink = session.getIdentityLink();		
-			if (identityLink != null) {
-				parseBasicUserInfosFromIDL(authData, identityLink, includedToGenericAuthData);
-			
-			} else {
-				// identityLink is not direct in MOASession
-				String pvpAttrIDL = session.getGenericDataFromSession(PVPConstants.EID_IDENTITY_LINK_NAME, String.class);
-					//find PVP-Attr. which contains the IdentityLink
-				if (MiscUtil.isNotEmpty(pvpAttrIDL)) {
-					Logger.debug("Find PVP-Attr: " + PVPConstants.EID_IDENTITY_LINK_FRIENDLY_NAME
-							+ " --> Parse basic user info's from that attribute.");
-					InputStream idlStream = null;
-					try {
-						idlStream = Base64Utils.decodeToStream(pvpAttrIDL, false);				
-						idlFromPVPAttr = new IdentityLinkAssertionParser(idlStream).parseIdentityLink();
-						parseBasicUserInfosFromIDL(authData, idlFromPVPAttr, includedToGenericAuthData);
-															
-					} catch (ParseException e) {
-						Logger.error("Received IdentityLink is not valid", e);
-						
-					} catch (Exception e) {
-						Logger.error("Received IdentityLink is not valid", e);
-						
-					} finally {
-						try {
-							includedToGenericAuthData.remove(PVPConstants.EID_IDENTITY_LINK_NAME);
-							if (idlStream != null)						
-								idlStream.close();
-							
-						} catch (IOException e) {
-							Logger.fatal("Close InputStream FAILED.", e);
-							
-						}
-						
-					}
-					
-				}
-				
-				//if no basic user info's are set yet, parse info's single PVP-Attributes
-				if (MiscUtil.isEmpty(authData.getFamilyName())) {
-					Logger.debug("No IdentityLink found or not parseable --> Parse basic user info's from single PVP-Attributes.");
-					authData.setFamilyName(session.getGenericDataFromSession(PVPConstants.PRINCIPAL_NAME_NAME, String.class));		
-					authData.setGivenName(session.getGenericDataFromSession(PVPConstants.GIVEN_NAME_NAME, String.class));		
-					authData.setDateOfBirth(session.getGenericDataFromSession(PVPConstants.BIRTHDATE_NAME, String.class));
-					authData.setIdentificationValue(session.getGenericDataFromSession(PVPConstants.EID_SOURCE_PIN_NAME, String.class));		
-					authData.setIdentificationType(session.getGenericDataFromSession(PVPConstants.EID_SOURCE_PIN_TYPE_NAME, String.class));
-					
-					//remove corresponding keys from genericSessionData if exists
-					includedToGenericAuthData.remove(PVPConstants.PRINCIPAL_NAME_NAME);
-					includedToGenericAuthData.remove(PVPConstants.GIVEN_NAME_NAME);
-					includedToGenericAuthData.remove(PVPConstants.BIRTHDATE_NAME);
-					includedToGenericAuthData.remove(PVPConstants.EID_SOURCE_PIN_NAME);
-					includedToGenericAuthData.remove(PVPConstants.EID_SOURCE_PIN_TYPE_NAME);
-				}
-								
-			}
-			
-			if (authData.getIdentificationType() != null && 
-					!authData.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
-				Logger.trace("IdentificationType is not a baseID --> clear it. ");
-				authData.setBPK(authData.getIdentificationValue());
-				authData.setBPKType(authData.getIdentificationType());
-				
-				authData.setIdentificationValue(null);
-				authData.setIdentificationType(null);
-								
-			}
+			IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException, EAAFBuilderException {
+		try {
+			//generate basic authentication data
+			generateBasicAuthData(authData, protocolRequest, session);
 			
 			
-			//####################################################
+			// #### generate MOA-ID specific authentication data ######
 			//set BKU URL
 			includedToGenericAuthData.remove(PVPConstants.EID_CCS_URL_NAME);
 			if (MiscUtil.isNotEmpty(session.getBkuURL()))
@@ -282,41 +198,50 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 			//TODO: fully switch from STORK QAA to eIDAS LoA
 			//####################################################
 			//set QAA level
-			includedToGenericAuthData.remove(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME);
-			String currentLoA = null;
-			if (MiscUtil.isNotEmpty(session.getQAALevel()))
-				currentLoA = session.getQAALevel();			
-			else {
-				currentLoA = session.getGenericDataFromSession(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, String.class);
-				if (MiscUtil.isNotEmpty(currentLoA)) {
-					Logger.debug("Find PVP-Attr '" + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA
-							+ " --> Parse QAA-Level from that attribute.");
+			if (MiscUtil.isNotEmpty(authData.getEIDASQAALevel())) {
+				Logger.debug("Find eIDAS LoA. Map it to STORK QAA");
+				authData.setQAALevel(loaLevelMapper.mapeIDASQAAToSTORKQAA(authData.getEIDASQAALevel()));
+				
+			} else {
+				Logger.info("Find NO eIDAS Loa. Starting STORK QAA processing as backup ... ");
+			
+							
+				includedToGenericAuthData.remove(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME);
+				String currentLoA = null;
+				if (MiscUtil.isNotEmpty(session.getQAALevel()))
+					currentLoA = session.getQAALevel();			
+				else {
+					currentLoA = session.getGenericDataFromSession(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, String.class);
+					if (MiscUtil.isNotEmpty(currentLoA)) {
+						Logger.debug("Find PVP-Attr '" + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA
+								+ " --> Parse QAA-Level from that attribute.");
 					
+					}
 				}
-			}
 				
-			if (MiscUtil.isNotEmpty(currentLoA)) {					
-				if (currentLoA.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
-					authData.setQAALevel(currentLoA);
-					authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(currentLoA));
+				if (MiscUtil.isNotEmpty(currentLoA)) {					
+					if (currentLoA.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
+						authData.setQAALevel(currentLoA);
+						authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(currentLoA));
 
-				} else if (currentLoA.startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) {
-					authData.setQAALevel(loaLevelMapper.mapeIDASQAAToSTORKQAA(currentLoA));
-					authData.seteIDASLoA(currentLoA);
+					} else if (currentLoA.startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) {
+						authData.setQAALevel(loaLevelMapper.mapeIDASQAAToSTORKQAA(currentLoA));
+						authData.seteIDASLoA(currentLoA);
 										
-				} else { 
-					Logger.debug("Found PVP SecClass. QAA mapping process starts ... ");				
-					String mappedStorkQAA = loaLevelMapper.mapSecClassToQAALevel(currentLoA);
-					if (MiscUtil.isNotEmpty(mappedStorkQAA)) {
-						authData.setQAALevel(mappedStorkQAA);
-						authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(mappedStorkQAA));
+					} else { 
+						Logger.debug("Found PVP SecClass. QAA mapping process starts ... ");				
+						String mappedStorkQAA = loaLevelMapper.mapSecClassToQAALevel(currentLoA);
+						if (MiscUtil.isNotEmpty(mappedStorkQAA)) {
+							authData.setQAALevel(mappedStorkQAA);
+							authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(mappedStorkQAA));
 						
-					}										
-				}
-			}		
+						}										
+					}
+				}		
+			}
 			
 			//if no QAA level is set in MOASession then set default QAA level  
-			if (MiscUtil.isEmpty(authData.getQAALevel())) {														
+			if (MiscUtil.isEmpty(authData.getEIDASQAALevel())) {														
 				Logger.info("No QAA level found. Set to default level " + EAAFConstants.EIDAS_QAA_LOW);
 				authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + "1");
 				authData.seteIDASLoA(EAAFConstants.EIDAS_QAA_LOW);
@@ -371,65 +296,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 				
 			}
 			
-			
-			//####################################################
-			//set isForeigner flag
-			//TODO: change to new eIDAS-token attribute identifier
-			if (session.getGenericDataFromSession(PVPConstants.EID_STORK_TOKEN_NAME) != null) {
-				Logger.debug("Find PVP-Attr: " + PVPConstants.EID_STORK_TOKEN_FRIENDLY_NAME
-						+ " --> Set 'isForeigner' flag to TRUE");
-				authData.setForeigner(true);
-				
-			} else {		
-				authData.setForeigner(session.isForeigner());
-				
-			}
-					
-			
-			//####################################################
-			//set citizen country-code
-			includedToGenericAuthData.remove(PVPConstants.EID_ISSUING_NATION_NAME);
-			String pvpCCCAttr = session.getGenericDataFromSession(PVPConstants.EID_ISSUING_NATION_NAME, String.class);
-			if (MiscUtil.isNotEmpty(pvpCCCAttr)) {
-				authData.setCiticenCountryCode(pvpCCCAttr);
-				Logger.debug("Find PVP-Attr: " + PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME);
-				
-			} else {
-				if (authData.isForeigner()) {
-					try {
-						if (authData.getSignerCertificate() != null) {					
-							//TODO: replace with TSL lookup when TSL is ready!
-							X509Certificate certificate = new X509Certificate(authData.getSignerCertificate());
-							if (certificate != null) {
-								LdapName ln = new LdapName(certificate.getIssuerDN()
-										.getName());
-								for (Rdn rdn : ln.getRdns()) {
-									if (rdn.getType().equalsIgnoreCase("C")) {
-										Logger.info("C is: " + rdn.getValue());
-										authData.setCiticenCountryCode(rdn.getValue().toString());
-										break;
-									}
-								}
-							}
-							
-						} else
-							Logger.warn("NO PVP-Attr: " + PVPConstants.EID_ISSUING_NATION_NAME 
-									+ " and NO SignerCertificate in MOASession -->"
-									+ " Can NOT extract citizen-country of foreign person.");
-						
-						
-					} catch (Exception e) {
-						Logger.error("Failed to extract country code from certificate with message: " + e.getMessage());
-						
-					}
-									
-				} else {
-					authData.setCiticenCountryCode(COUNTRYCODE_AUSTRIA);
-					
-				}			
-			}
-			
-			
+											
 			//####################################################
 			//set max. SSO session time
 			includedToGenericAuthData.remove(AuthenticationSessionStorageConstants.FEDERATION_RESPONSE_VALIDE_TO);
@@ -558,11 +425,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 					includedToGenericAuthData.remove(PVPConstants.MANDATE_PROF_REP_OID_NAME);
 				}
 			}
-		
-		
-		
-		
-						
+					
 			//####################################################
 			// set bPK and IdentityLink for Organwalter --> 
 			//        Organwalter has a special bPK is received from MIS 
@@ -572,111 +435,14 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 				authData.setBPK(misMandate.getOWbPK());
 				authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");
 				Logger.trace("Authenticated User is OW: " + misMandate.getOWbPK());
-				
-				
-				//TODO: check in case of mandates for business services
-				if (identityLink != null)
-					authData.setIdentityLink(identityLink);
-			
-				else if (idlFromPVPAttr != null){
-					authData.setIdentityLink(idlFromPVPAttr);
-					Logger.debug("Set IdentityLink received from federated IDP for Organwalter");
-										
-				} else
-					Logger.info("Can NOT set Organwalter IdentityLink. Msg: No IdentityLink found");				
-
-				
+											
 				//set bPK and IdenityLink for all other
-			} else {
-				//build bPK
-				String pvpbPKValue = getbPKValueFromPVPAttribute(session);
-				String pvpbPKTypeAttr = getbPKTypeFromPVPAttribute(session);				
-				Pair<String, String> pvpEncbPKAttr = getEncryptedbPKFromPVPAttribute(session, authData, oaParam);
-
-				//check if a unique ID for this citizen exists
-				if (MiscUtil.isEmpty(authData.getIdentificationValue()) && 
-						MiscUtil.isEmpty(pvpbPKValue) && MiscUtil.isEmpty(authData.getBPK()) &&
-						pvpEncbPKAttr == null) {
-					Logger.info("Can not build authData, because moaSession include no bPK, encrypted bPK or baseID");
-					throw new MOAIDException("builder.08", new Object[]{"No " + PVPConstants.BPK_FRIENDLY_NAME
-							+ " or " + PVPConstants.EID_SOURCE_PIN_FRIENDLY_NAME 
-							+ " or " + PVPConstants.ENC_BPK_LIST_FRIENDLY_NAME});
-					
-				}
-								
-				// baseID is in MOASesson --> calculate bPK directly
-				if (MiscUtil.isNotEmpty(authData.getIdentificationValue())) {
-					Logger.debug("Citizen baseID is in MOASession --> calculate bPK from this.");
-					Pair<String, String> result = buildOAspecificbPK(protocolRequest, oaParam, authData);
-					authData.setBPK(result.getFirst());
-					authData.setBPKType(result.getSecond());
-					
-					//check if bPK already added to AuthData matches OA					
-				} else if (MiscUtil.isNotEmpty(authData.getBPK()) 
-						&& matchsReceivedbPKToOnlineApplication(oaParam, authData.getBPKType()) ) { 
-					Logger.debug("Correct bPK is already included in AuthData.");
-
-					//check if bPK received by PVP-Attribute matches OA
-				} else if (MiscUtil.isNotEmpty(pvpbPKValue) && 
-						matchsReceivedbPKToOnlineApplication(oaParam, pvpbPKTypeAttr)) {
-					Logger.debug("Receive correct bPK from PVP-Attribute");
-					authData.setBPK(pvpbPKValue);
-					authData.setBPKType(pvpbPKTypeAttr);
-					
-					//check if decrypted bPK exists
-				} else if (pvpEncbPKAttr != null) {
-					Logger.debug("Receive bPK as encrypted bPK and decryption was possible.");
-					authData.setBPK(pvpEncbPKAttr.getFirst());
-					authData.setBPKType(pvpEncbPKAttr.getSecond());
+				Logger.debug("User is an OW. Set original IDL into authdata ... ");
+				authData.setIdentityLink(session.getIdentityLink());
 				
-					//ask SZR to get bPK
-				} else {
-					String notValidbPK = authData.getBPK();  
-					String notValidbPKType = authData.getBPKType();					
-					if (MiscUtil.isEmpty(notValidbPK) && 
-							MiscUtil.isEmpty(notValidbPKType)) {
-						notValidbPK = pvpbPKValue;
-						notValidbPKType = pvpbPKTypeAttr;
-						
-						if (MiscUtil.isEmpty(notValidbPK) && 
-								MiscUtil.isEmpty(notValidbPKType)) {
-							Logger.fatal("No bPK in MOASession. THIS error should not occur any more.");
-							throw new NullPointerException("No bPK in MOASession. THIS error should not occur any more.");							
-						}						
-					}	
-										
-					Pair<String, String> baseIDFromSZR = getbaseIDFromSZR(authData, notValidbPK, notValidbPKType);
-					if (baseIDFromSZR != null) {
-						Logger.info("Receive citizen baseID from SRZ. Authentication can be completed");
-						authData.setIdentificationValue(baseIDFromSZR.getFirst());
-						authData.setIdentificationType(baseIDFromSZR.getSecond());
-						Pair<String, String> result = buildOAspecificbPK(protocolRequest, oaParam, authData);
-						authData.setBPK(result.getFirst());
-						authData.setBPKType(result.getSecond());
-						
-					} else {
-						Logger.warn("Can not build authData, because moaSession include no valid bPK, encrypted bPK or baseID");
-						throw new MOAIDException("builder.08", new Object[]{"No valid " + PVPConstants.BPK_FRIENDLY_NAME
-								+ " or " + PVPConstants.EID_SOURCE_PIN_FRIENDLY_NAME 
-								+ " or " + PVPConstants.ENC_BPK_LIST_FRIENDLY_NAME});
-						
-					}					
-				}
-								
-				//build IdentityLink
-				if (identityLink != null)
-					authData.setIdentityLink(buildOAspecificIdentityLink(oaParam, identityLink, authData.getBPK(), authData.getBPKType()));
 				
-				else if (idlFromPVPAttr != null) {					
-					authData.setIdentityLink(buildOAspecificIdentityLink(oaParam, idlFromPVPAttr, authData.getBPK(), authData.getBPKType()));
-					Logger.debug("Set IdentityLink received from federated IDP");
 				
-				} else {
-					Logger.info("Can NOT set IdentityLink. Msg: No IdentityLink found");
-					
-				}            	                        
-			}
-			
+			}			
 			
 			//###################################################################
 			//set PVP role attribute (implemented for ISA 1.18 action)
@@ -738,7 +504,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 				}				
 			}
 			
-		} catch (BuildException e) {
+		} catch (EAAFBuilderException e) {
 			throw e;
 			
         } catch (Throwable ex) {
@@ -747,38 +513,6 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
         }
 		
 	}
-
-	/**
-	 * Check a bPK-Type against a Service-Provider configuration <br>
-	 * If bPK-Type is <code>null</code> the result is <code>false</code>.
-	 * 
-	 * @param oaParam Service-Provider configuration, never null
-	 * @param bPKType bPK-Type to check
-	 * @return true, if bPK-Type matchs to Service-Provider configuration, otherwise false
-	 * @throws ConfigurationException 
-	 */
-	private boolean matchsReceivedbPKToOnlineApplication(IOAAuthParameters oaParam, String bPKType) throws ConfigurationException {						
-		return oaParam.getAreaSpecificTargetIdentifier().equals(bPKType);
-
-	}
-
-	private void parseBasicUserInfosFromIDL(AuthenticationData authData, IIdentityLink identityLink, Collection<String> includedGenericSessionData) {
-		//baseID or wbpk in case of BusinessService without SSO or BusinessService SSO
-		authData.setIdentificationValue(identityLink.getIdentificationValue());
-		authData.setIdentificationType(identityLink.getIdentificationType());
-
-		authData.setGivenName(identityLink.getGivenName());
-		authData.setFamilyName(identityLink.getFamilyName());
-		authData.setDateOfBirth(identityLink.getDateOfBirth());
-		
-		//remove corresponding keys from genericSessionData if exists
-		includedGenericSessionData.remove(PVPConstants.PRINCIPAL_NAME_NAME);
-		includedGenericSessionData.remove(PVPConstants.GIVEN_NAME_NAME);
-		includedGenericSessionData.remove(PVPConstants.BIRTHDATE_NAME);
-		includedGenericSessionData.remove(PVPConstants.EID_SOURCE_PIN_NAME);
-		includedGenericSessionData.remove(PVPConstants.EID_SOURCE_PIN_TYPE_NAME);
-		
-	}
 	
 	/**
 	 * @param authData
@@ -786,7 +520,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 	 * @param notValidbPKType
 	 * @return
 	 */
-	private Pair<String, String> getbaseIDFromSZR(AuthenticationData authData, String notValidbPK,
+	@Override
+	protected Pair<String, String> getbaseIDFromSZR(AuthenticationData authData, String notValidbPK,
 			String notValidbPKType) {
 		try {
 			EgovUtilPropertiesConfiguration eGovClientsConfig = authConfig.geteGovUtilsConfig();
@@ -841,7 +576,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 	 * MOASession as 'GenericData' <br> <pre><code>session.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class)</code></pre>
 	 * to <code>authData</code>
 	 *  
-	 * @param session MOASession, but never null
+	 * @param authProcessDataContainer MOASession, but never null
 	 * @param authData AuthenticationData DAO
 	 * @param spConfig Service-Provider configuration
 	 * 
@@ -849,194 +584,124 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 	 *         or <code>null</code> if no attribute exists or can not decrypted
 	 * @throws ConfigurationException 
 	 */
-	private Pair<String, String> getEncryptedbPKFromPVPAttribute(IAuthenticationSession session,
-			MOAAuthenticationData authData, IOAAuthParameters spConfig) throws ConfigurationException {
-		//set List of encrypted bPKs to authData DAO		
-		String pvpEncbPKListAttr = session.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class);
-		if (MiscUtil.isNotEmpty(pvpEncbPKListAttr)) {
-			List<String> encbPKList = Arrays.asList(pvpEncbPKListAttr.split(";"));							
-			authData.setEncbPKList(encbPKList);			
-			
-			//check if one of this encrypted bPK could be decrypt for this Service-Provider
-			for (String fullEncbPK : encbPKList) {
-				int index = fullEncbPK.indexOf("|");								 
-				if (index >= 0) {
-					String encbPK = fullEncbPK.substring(index+1);
-					String second = fullEncbPK.substring(0, index);					
-					int secIndex = second.indexOf("+");
-					if (secIndex >= 0) {
-						String oaTargetId = spConfig.getAreaSpecificTargetIdentifier();
-						if (oaTargetId.startsWith(MOAIDAuthConstants.PREFIX_CDID)) {						
-							String publicServiceShortTarget = oaTargetId.substring(MOAIDAuthConstants.PREFIX_CDID.length());						
-							if (publicServiceShortTarget.equals(second.substring(secIndex+1))) {
-								Logger.debug("Found encrypted bPK for online-application " 
-										+ spConfig.getPublicURLPrefix()
-										+ " Start decryption process ...");
-								PrivateKey privKey = spConfig.getBPKDecBpkDecryptionKey();
-								if (privKey != null) {
-									try {
-										String bPK = BPKBuilder.decryptBPK(encbPK, publicServiceShortTarget, privKey);
-										if (MiscUtil.isNotEmpty(bPK)) {
-											Logger.info("bPK decryption process finished successfully.");
-											return Pair.newInstance(bPK, oaTargetId);
-																															
-										} else {
-											Logger.error("bPK decryption FAILED.");
-										
+	@Override
+	protected Pair<String, String> getEncryptedbPKFromPVPAttribute(IAuthProcessDataContainer authProcessDataContainer,
+			AuthenticationData authData, ISPConfiguration spConfig) throws EAAFBuilderException {
+		//set List of encrypted bPKs to authData DAO
+		if (authData instanceof MOAAuthenticationData && 
+				spConfig instanceof IOAAuthParameters) {
+		
+			String pvpEncbPKListAttr = authProcessDataContainer.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class);
+			if (MiscUtil.isNotEmpty(pvpEncbPKListAttr)) {
+				List<String> encbPKList = Arrays.asList(pvpEncbPKListAttr.split(";"));							
+				((MOAAuthenticationData) authData).setEncbPKList(encbPKList);			
+				
+				//check if one of this encrypted bPK could be decrypt for this Service-Provider
+				for (String fullEncbPK : encbPKList) {
+					int index = fullEncbPK.indexOf("|");								 
+					if (index >= 0) {
+						String encbPK = fullEncbPK.substring(index+1);
+						String second = fullEncbPK.substring(0, index);					
+						int secIndex = second.indexOf("+");
+						if (secIndex >= 0) {
+							String oaTargetId = spConfig.getAreaSpecificTargetIdentifier();
+							if (oaTargetId.startsWith(MOAIDAuthConstants.PREFIX_CDID)) {						
+								String publicServiceShortTarget = oaTargetId.substring(MOAIDAuthConstants.PREFIX_CDID.length());						
+								if (publicServiceShortTarget.equals(second.substring(secIndex+1))) {
+									Logger.debug("Found encrypted bPK for online-application " 
+											+ spConfig.getUniqueIdentifier()
+											+ " Start decryption process ...");
+									PrivateKey privKey = ((IOAAuthParameters) spConfig).getBPKDecBpkDecryptionKey();
+									if (privKey != null) {
+										try {
+											String bPK = BPKBuilder.decryptBPK(encbPK, publicServiceShortTarget, privKey);
+											if (MiscUtil.isNotEmpty(bPK)) {
+												Logger.info("bPK decryption process finished successfully.");
+												return Pair.newInstance(bPK, oaTargetId);
+																																
+											} else {
+												Logger.error("bPK decryption FAILED.");
+											
+											}
+										} catch (EAAFBuilderException e) {
+											Logger.error("bPK decryption FAILED.", e);
+											
 										}
-									} catch (BuildException e) {
-										Logger.error("bPK decryption FAILED.", e);
 										
-									}
+									} else {
+										Logger.info("bPK decryption FAILED, because no valid decryption key is found.");
+										
+									}							
 									
 								} else {
-									Logger.info("bPK decryption FAILED, because no valid decryption key is found.");
+									Logger.info("Found encrypted bPK but " +
+											"encrypted bPK target does not match to online-application target"); 
 									
-								}							
+								}
 								
 							} else {
-								Logger.info("Found encrypted bPK but " +
-										"encrypted bPK target does not match to online-application target"); 
+								Logger.info("Encrypted bPKs are only allowed for public services with prefix: " + MOAIDAuthConstants.PREFIX_CDID 
+										+ " BUT oaTarget is " + oaTargetId);
 								
 							}
-							
-						} else {
-							Logger.info("Encrypted bPKs are only allowed for public services with prefix: " + MOAIDAuthConstants.PREFIX_CDID 
-									+ " BUT oaTarget is " + oaTargetId);
-							
-						}
-					}					
-				}							
-			}
-		}
-		
-		return null;
-	}
-
-	/**
-	 * Get bPK from PVP Attribute 'BPK_NAME', which could be exist in
-	 * MOASession as 'GenericData' <br> <pre><code>session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class)</code></pre>
-	 * 
-	 * @param session MOASession, but never null
-	 * @return bPK, which was received by PVP-Attribute, or <code>null</code> if no attribute exists
-	 */
-	private String getbPKValueFromPVPAttribute(IAuthenticationSession session) {
-		String pvpbPKValueAttr = session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class);
-		if (MiscUtil.isNotEmpty(pvpbPKValueAttr)) {
-			
-			//fix a wrong bPK-value prefix, which was used in some PVP Standardportal implementations
-			if (pvpbPKValueAttr.startsWith("bPK:")) {
-				Logger.warn("Attribute " + PVPConstants.BPK_NAME 
-					+ " contains a not standardize prefix! Staring attribute value correction process ...");
-				pvpbPKValueAttr = pvpbPKValueAttr.substring("bPK:".length());
-				
-			}
-			
-			String[] spitted = pvpbPKValueAttr.split(":");
-			if (spitted.length != 2) {
-				Logger.warn("Attribute " + PVPConstants.BPK_NAME + " has a wrong encoding and can NOT be USED!"
-						+ " Value:" + pvpbPKValueAttr);
-				return null;
-				
+						}					
+					}							
+				}
 			}
-			Logger.debug("Find PVP-Attr: " + PVPConstants.BPK_FRIENDLY_NAME);
-			return spitted[1];
 			
-		}
+		} else
+			Logger.warn("AuthData: " + authData.getClass().getName() + " or spConfig: " + spConfig.getClass().getName() 
+					+ " are not MOAID data-objects");
 		
 		return null;
 	}
 
-	/**
-	 * Get bPK-Type from PVP Attribute 'EID_SECTOR_FOR_IDENTIFIER_NAME', which could be exist in
-	 * MOASession as 'GenericData' <br> <pre><code>session.getGenericDataFromSession(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class)</code></pre>
-	 * 
-	 * @param session MOASession, but never null
-	 * @return bPKType, which was received by PVP-Attribute, or <code>null</code> if no attribute exists
-	 */
-	private String getbPKTypeFromPVPAttribute(IAuthenticationSession session) {
-		String pvpbPKTypeAttr = session.getGenericDataFromSession(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class); 
-		if (MiscUtil.isNotEmpty(pvpbPKTypeAttr)) {
-			
-			//fix a wrong bPK-Type encoding, which was used in some PVP Standardportal implementations
-			if (pvpbPKTypeAttr.startsWith(Constants.URN_PREFIX_CDID) && 
-					!pvpbPKTypeAttr.substring(Constants.URN_PREFIX_CDID.length(), 
-							Constants.URN_PREFIX_CDID.length() + 1).equals("+")) {				
-				Logger.warn("Receive uncorrect encoded bBKType attribute " + pvpbPKTypeAttr + " Starting attribute value correction ... ");
-				pvpbPKTypeAttr = Constants.URN_PREFIX_CDID + "+" + pvpbPKTypeAttr.substring(Constants.URN_PREFIX_CDID.length() + 1); 
-				
-			}
-			Logger.debug("Find PVP-Attr: " + PVPConstants.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME);
-			return pvpbPKTypeAttr;
-		}
-		
-		return null;
-
-
-		/*
-		 * INFO: This code could be used to extract the bPKType from 'PVPConstants.BPK_NAME',
-		 *       because the prefix of BPK_NAME attribute contains the postfix of the bPKType
-		 *       
-		 *       Now, all PVP Standardportals should be able to send 'EID_SECTOR_FOR_IDENTIFIER'
-		 *       PVP attributes  
-		 */
-//		String pvpbPKValueAttr = session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class);
-//		String[] spitted = pvpbPKValueAttr.split(":");
-//		if (MiscUtil.isEmpty(authData.getBPKType())) {
-//			Logger.debug("PVP assertion contains NO bPK/wbPK target attribute. " +
-//					"Starting target extraction from bPK/wbPK prefix ...");
-//			//exract bPK/wbPK type from bpk attribute value prefix if type is 
-//			//not transmitted as single attribute
-//		    Pattern pattern = Pattern.compile("[a-zA-Z]{2}(-[a-zA-Z]+)?");
-//		    Matcher matcher = pattern.matcher(spitted[0]);
-//		    if (matcher.matches()) {
-//		    	//find public service bPK
-//		    	authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + spitted[0]);
-//		    	Logger.debug("Found bPK prefix. Set target to " + authData.getBPKType());
-//		    	   
-//		    } else {
-//		    	//find business service wbPK
-//		    	authData.setBPKType(Constants.URN_PREFIX_WBPK+ "+" + spitted[0]);
-//		    	Logger.debug("Found wbPK prefix. Set target to " + authData.getBPKType());
-//		    	   
-//		    }			    	  				
-//		}
-		
-	}
+	@Override
+	protected IIdentityLink buildOAspecificIdentityLink(ISPConfiguration spConfig, IIdentityLink idl, String bPK, String bPKType) throws EAAFConfigurationException, XPathException, DOMException, EAAFParserException {
+		if (spConfig.hasBaseIdTransferRestriction()) {
+			try {
+				Element idlassertion = idl.getSamlAssertion();
+            
+				//set bpk/wpbk;
+				Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+				prIdentification.getFirstChild().setNodeValue(bPK);
 
-	private IIdentityLink buildOAspecificIdentityLink(IOAAuthParameters oaParam, IIdentityLink idl, String bPK, String bPKType) throws MOAIDException, EAAFConfigurationException, XPathException, DOMException {
-		if (oaParam.hasBaseIdTransferRestriction()) {
-            Element idlassertion = idl.getSamlAssertion();
-            //set bpk/wpbk;
-	        Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
-	        prIdentification.getFirstChild().setNodeValue(bPK);
-            //set bkp/wpbk type
-            Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
-            prIdentificationType.getFirstChild().setNodeValue(bPKType);
+				//set bkp/wpbk type
+				Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
+				prIdentificationType.getFirstChild().setNodeValue(bPKType);
 
-            IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
-            IIdentityLink businessServiceIdl = idlparser.parseIdentityLink();
+				IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
+				IIdentityLink businessServiceIdl = idlparser.parseIdentityLink();
                                 
-            //resign IDL
-			IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();					
-			Element resignedilAssertion;
-
-			if (authConfig.isIdentityLinkResigning()) {
-				resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), authConfig.getIdentityLinkResigningKey());
-			} else {
-				resignedilAssertion = businessServiceIdl.getSamlAssertion();
+				//resign IDL
+				IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();					
+				Element resignedilAssertion;
+ 
+				if (authConfig.isIdentityLinkResigning()) {
+					resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), authConfig.getIdentityLinkResigningKey());				
+				} else {
+					resignedilAssertion = businessServiceIdl.getSamlAssertion();
+				}
+				
+				IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion);
+				return resignedIDLParser.parseIdentityLink();
+				
+			} catch (MOAIDException e) {
+				Logger.warn("Can not build OA specific IDL. Reason: " + e.getMessage(), e);
+				throw new EAAFParserException("TODO", null, 
+						"Can not build OA specific IDL. Reason: " + e.getMessage(), e);
+				
 			}
-			IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion);
-			return resignedIDLParser.parseIdentityLink();
 			
         } else
         	return idl;
-        	
-		
-	}		
-
-
-	private Pair<String, String> buildOAspecificbPK(IRequest pendingReq, IOAAuthParameters oaParam, AuthenticationData authData) throws BuildException, ConfigurationException  {
+        			
+	}
+	
+	
+	@Override
+	protected Pair<String, String> buildOAspecificbPK(IRequest pendingReq, AuthenticationData authData) throws EAAFBuilderException {
+		ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
 		
 		String baseID = authData.getIdentificationValue();
 		String baseIDType = authData.getIdentificationType();		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
deleted file mode 100644
index 4bc4a7e81..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ /dev/null
@@ -1,359 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.security.InvalidKeyException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * Builder for the bPK, as defined in
- * <code>&quot;Ableitung f&uml;r die bereichsspezifische Personenkennzeichnung&quot;</code>
- * version <code>1.0.1</code> from <code>&quot;reference.e-government.gv.at&quot;</code>.
- *
- * @author Paul Schamberger
- * @version $Id$
- */
-public class BPKBuilder {
-
-	/**
-	 * Calculates an area specific unique person-identifier from a baseID
-	 * 
-	 * @param baseID baseId from user but never null
-	 * @param targetIdentifier target identifier for area specific identifier calculation but never null
-	 * @return Pair<unique person identifier for this target, targetArea> but never null
-	 * @throws BuildException if some input data are not valid 
-	 */
-	public Pair<String, String> generateAreaSpecificPersonIdentifier(String baseID, String targetIdentifier) throws BuildException{
-		return generateAreaSpecificPersonIdentifier(baseID, Constants.URN_PREFIX_BASEID, targetIdentifier);
-		
-	}
-	
-	/**
-	 * Calculates an area specific unique person-identifier from an unique identifier with a specific type
-	 * 
-	 * @param baseID baseId from user but never null
-	 * @param baseIdType Type of the baseID but never null
-	 * @param targetIdentifier target identifier for area specific identifier calculation but never null
-	 * @return Pair<unique person identifier for this target, targetArea> but never null
-	 * @throws BuildException if some input data are not valid 
-	 */
-	public Pair<String, String> generateAreaSpecificPersonIdentifier(String baseID, String baseIdType, String targetIdentifier) throws BuildException{
-		if (MiscUtil.isEmpty(baseID))
-			throw new BuildException("builder.00", new Object[]{"baseID is empty or null"});
-
-		if (MiscUtil.isEmpty(baseIdType))
-			throw new BuildException("builder.00", new Object[]{"the type of baseID is empty or null"});
-		
-		if (MiscUtil.isEmpty(targetIdentifier)) 
-			throw new BuildException("builder.00", new Object[]{"OA specific target identifier is empty or null"});
-
-		if (baseIdType.equals(Constants.URN_PREFIX_BASEID)) {
-			Logger.trace("Find baseID. Starting unique identifier caluclation for this target");
-			
-			if (targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_CDID) || 
-					targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_WPBK) || 
-					targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_STORK)) {
-				Logger.trace("Calculate bPK, wbPK, or STORK identifier for target: " + targetIdentifier);
-				return Pair.newInstance(calculatebPKwbPK(baseID + "+" + targetIdentifier), targetIdentifier);
-													
-			} else if (targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_EIDAS)) {
-				Logger.trace("Calculate eIDAS identifier for target: " + targetIdentifier);
-				String[] splittedTarget = targetIdentifier.split("\\+");
-				String cititzenCountryCode = splittedTarget[1];
-				String eIDASOutboundCountry = splittedTarget[2];				 
-				 
-				if (cititzenCountryCode.equalsIgnoreCase(eIDASOutboundCountry)) {
-					Logger.warn("Suspect configuration FOUND!!! CitizenCountry equals DestinationCountry");
-					 
-				}
-				return buildeIDASIdentifer(baseID, baseIdType, cititzenCountryCode, eIDASOutboundCountry);
-				
-				
-			} else
-				throw new BuildException("builder.00", 
-						new Object[]{"Target identifier: " + targetIdentifier + " is NOT allowed or unknown"});
-		
-		} else {
-			Logger.trace("BaseID is not of type " + Constants.URN_PREFIX_BASEID + ". Check type against requested target ...");
-			if (baseIdType.equals(targetIdentifier)) {
-				Logger.debug("Unique identifier is already area specific. Is nothing todo");
-				return Pair.newInstance(baseID, targetIdentifier);
-				
-			} else {
-				Logger.warn("Get unique identifier for target: " + baseIdType + " but target: " + targetIdentifier + " is required!");
-				throw new BuildException("builder.00", 
-						new Object[]{"Get unique identifier for target: " + baseIdType + " but target: " + targetIdentifier + " is required"});
-				
-			}			
-		}						
-	}
-	
-	
-    /**
-     * Builds the storkeid from the given parameters.
-     *
-     * @param baseID baseID of the citizen
-     * @param baseIDType Type of the baseID
-     * @param sourceCountry CountryCode of that country, which build the eIDAs ID
-     * @param destinationCountry CountryCode of that country, which receives the eIDAs ID
-     * 
-     * @return Pair<eIDAs, bPKType> in a BASE64 encoding
-     * @throws BuildException if an error occurs on building the wbPK
-     */
-    private Pair<String, String> buildeIDASIdentifer(String baseID, String baseIDType, String sourceCountry, String destinationCountry)
-            throws BuildException {        
-        String bPK = null;
-        String bPKType = null;
-        
-        // check if we have been called by public sector application
-        if (baseIDType.startsWith(Constants.URN_PREFIX_BASEID)) {
-        	bPKType = Constants.URN_PREFIX_EIDAS + "+" + sourceCountry + "+" + destinationCountry;
-            Logger.debug("Building eIDAS identification from: [identValue]+" + bPKType);         
-            bPK = calculatebPKwbPK(baseID + "+"  + bPKType);
-            
-        } else { // if not, sector identification value is already calculated by BKU
-            Logger.debug("eIDAS eIdentifier already provided by BKU");
-            bPK = baseID;
-        }
-
-        if ((MiscUtil.isEmpty(bPK) ||
-                MiscUtil.isEmpty(sourceCountry) ||
-                	MiscUtil.isEmpty(destinationCountry))) {
-            throw new BuildException("builder.00",
-                    new Object[]{"eIDAS-ID", "Unvollständige Parameterangaben: identificationValue=" +
-                            bPK + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry});
-        }
-        
-        Logger.debug("Building eIDAS identification from: " + sourceCountry+"/"+destinationCountry+"/" + "[identValue]");
-        String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bPK;
-        
-        return Pair.newInstance(eIdentifier, bPKType);
-    }
-	
-//    /**
-//     * Builds the bPK from the given parameters.
-//     *
-//     * @param identificationValue Base64 encoded "Stammzahl"
-//     * @param target              "Bereich lt. Verordnung des BKA"
-//     * @return bPK in a BASE64 encoding
-//     * @throws BuildException if an error occurs on building the bPK
-//     */
-//    private String buildBPK(String identificationValue, String target)
-//            throws BuildException {
-//
-//        if ((identificationValue == null ||
-//                identificationValue.length() == 0 ||
-//                target == null ||
-//                target.length() == 0)) {
-//            throw new BuildException("builder.00",
-//                    new Object[]{"BPK", "Unvollständige Parameterangaben: identificationValue=" +
-//                            identificationValue + ",target=" + target});
-//        }
-//        String basisbegriff;
-//        if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
-//            basisbegriff = identificationValue + "+" + target;
-//        else
-//            basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target;
-//
-//        return calculatebPKwbPK(basisbegriff);
-//    }
-//
-//    /**
-//     * Builds the wbPK from the given parameters.
-//     *
-//     * @param identificationValue Base64 encoded "Stammzahl"
-//     * @param registerAndOrdNr    type of register + "+" + number in register.
-//     * @return wbPK in a BASE64 encoding
-//     * @throws BuildException if an error occurs on building the wbPK
-//     */
-//    private String buildWBPK(String identificationValue, String registerAndOrdNr)
-//            throws BuildException {
-//
-//        if ((identificationValue == null ||
-//                identificationValue.length() == 0 ||
-//                registerAndOrdNr == null ||
-//                registerAndOrdNr.length() == 0)) {
-//            throw new BuildException("builder.00",
-//                    new Object[]{"wbPK", "Unvollständige Parameterangaben: identificationValue=" +
-//                            identificationValue + ",Register+Registernummer=" + registerAndOrdNr});
-//        }
-//
-//        String basisbegriff;
-//        if (registerAndOrdNr.startsWith(Constants.URN_PREFIX_WBPK + "+"))
-//            basisbegriff = identificationValue + "+" + registerAndOrdNr;
-//        else
-//            basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr;
-//
-//        return calculatebPKwbPK(basisbegriff);
-//    }
-//
-//    private String buildbPKorwbPK(String baseID, String bPKorwbPKTarget) throws BuildException {
-//    	if (MiscUtil.isEmpty(baseID) || 
-//    			!(bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_CDID + "+") || 
-//    					bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_WBPK + "+") || 
-//    					bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_STORK + "+")) ) {
-//    		throw new BuildException("builder.00",
-//                    new Object[]{"bPK/wbPK", "bPK or wbPK target " + bPKorwbPKTarget 
-//    					+ " has an unkown prefix."});
-//    		
-//    	}
-//    	
-//    	return calculatebPKwbPK(baseID + "+" + bPKorwbPKTarget);
-//    	
-//    }
-    
-	public static String encryptBPK(String bpk, String target, PublicKey publicKey) throws BuildException {
-		MiscUtil.assertNotNull(bpk, "BPK");
-		MiscUtil.assertNotNull(publicKey, "publicKey");
-		
-		SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
-		if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
-			target = target.substring((Constants.URN_PREFIX_CDID + "+").length());
-		
-		String input = "V1::urn:publicid:gv.at:cdid+" + target + "::"
-		    + bpk + "::"
-		    + sdf.format(new Date());
-		System.out.println(input);
-		byte[] result;
-		try {
-			byte[] inputBytes = input.getBytes("ISO-8859-1");
-			result = encrypt(inputBytes, publicKey);
-			return new String(Base64Utils.encode(result, "ISO-8859-1")).replaceAll("\r\n", "");
-			
-		} catch (Exception e) {
-			throw new BuildException("bPK encryption FAILED", null, e);
-		}		
-	}
-
-	public static String decryptBPK(String encryptedBpk, String target, PrivateKey privateKey) throws BuildException {
-		MiscUtil.assertNotEmpty(encryptedBpk, "Encrypted BPK");
-		MiscUtil.assertNotNull(privateKey, "Private key");
-		String decryptedString;
-		try {
-			byte[] encryptedBytes = Base64Utils.decode(encryptedBpk, false, "ISO-8859-1");
-			byte[] decryptedBytes = decrypt(encryptedBytes, privateKey);
-			decryptedString = new String(decryptedBytes, "ISO-8859-1");
-			
-		} catch (Exception e) {
-			throw new BuildException("bPK decryption FAILED", null, e);
-		}
-		String tmp = decryptedString.substring(decryptedString.indexOf('+') + 1);
-		String sector = tmp.substring(0, tmp.indexOf("::"));
-		tmp = tmp.substring(tmp.indexOf("::") + 2);
-		String bPK = tmp.substring(0, tmp.indexOf("::"));
-
-		if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
-			target = target.substring((Constants.URN_PREFIX_CDID + "+").length());
-		
-		if (target.equals(sector))
-			return bPK;
-		
-		else {
-			Logger.error("Decrypted bPK does not match to request bPK target.");
-			return null;
-		}		
-	}
-        
-    private String calculatebPKwbPK(String basisbegriff) throws BuildException {
-    	try {
-            MessageDigest md = MessageDigest.getInstance("SHA-1");
-            byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1"));
-            String hashBase64 = Base64Utils.encode(hash);
-            return hashBase64;
-            
-        } catch (Exception ex) {
-            throw new BuildException("builder.00", new Object[]{"bPK/wbPK", ex.toString()}, ex);
-        }
-    	
-    }
-    
-	private static byte[] encrypt(byte[] inputBytes, PublicKey publicKey) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
-		byte[] result;
-		Cipher cipher = null;
-		try {
-			cipher = Cipher.getInstance("RSA/ECB/OAEPPadding"); // try with bouncycastle
-		} catch(NoSuchAlgorithmException e) {
-			cipher = Cipher.getInstance("RSA/ECB/OAEP"); // try with iaik provider
-		}
-		cipher.init(Cipher.ENCRYPT_MODE, publicKey);
-		result = cipher.doFinal(inputBytes);
-		
-		return result;
-	}
-
-	private static byte[] decrypt(byte[] encryptedBytes, PrivateKey privateKey) 
-			throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException{
-		byte[] result;
-		Cipher cipher = null;
-		try {
-			cipher = Cipher.getInstance("RSA/ECB/OAEPPadding"); // try with bouncycastle
-		} catch(NoSuchAlgorithmException e) {
-			cipher = Cipher.getInstance("RSA/ECB/OAEP"); // try with iaik provider
-		}
-		cipher.init(Cipher.DECRYPT_MODE, privateKey);
-		result = cipher.doFinal(encryptedBytes);
-		return result;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
index aa462c480..3dfba9cca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
@@ -10,12 +10,13 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.Identificati
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
 import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
 import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
 import at.gv.egiz.eaaf.modules.pvp2.idp.api.builder.ISubjectNameIdGenerator;
 import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -97,7 +98,7 @@ public class MOAIDSubjectNameIdGenerator implements ISubjectNameIdGenerator {
 				try {
 					return new BPKBuilder().generateAreaSpecificPersonIdentifier(bpk, spConfig.getAreaSpecificTargetIdentifier());
 										
-				} catch (BuildException e) {
+				} catch (EAAFBuilderException e) {
 					Logger.warn("Can NOT generate SubjectNameId." , e);
 					throw new ResponderErrorException("pvp2.01", null);
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index d23e32c81..926bfe242 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -48,13 +48,13 @@ import java.util.Map;
 
 import org.apache.commons.collections4.map.HashedMap;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -618,17 +618,17 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi
 	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang.String, java.lang.Object)
 	 */
 	@Override
-	public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException {
+	public void setGenericDataToSession(String key, Object object) throws EAAFStorageException {
 		if (MiscUtil.isEmpty(key)) {
 			Logger.warn("Generic session-data can not be stored with a 'null' key");
-			throw new SessionDataStorageException("Generic session-data can not be stored with a 'null' key", null);
+			throw new EAAFStorageException("Generic session-data can not be stored with a 'null' key");
 			
 		}
 		
 		if (object != null) {
 			if (!Serializable.class.isInstance(object)) {
 				Logger.warn("Generic session-data can only store objects which implements the 'Seralizable' interface");
-				throw new SessionDataStorageException("Generic session-data can only store objects which implements the 'Seralizable' interface", null);
+				throw new EAAFStorageException("Generic session-data can only store objects which implements the 'Seralizable' interface");
 				
 			}						
 		}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java
index fb584047e..aea6f26fb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java
@@ -26,79 +26,35 @@ import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.Collections;
-import java.util.Date;
-import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
-import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
 import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
 import iaik.x509.X509Certificate;
 
 /**
  * @author tlenz
  * 
  */
-public class AuthenticationSessionWrapper implements IAuthenticationSession, AuthProzessDataConstants {
+public class AuthenticationSessionWrapper extends AuthProcessDataWrapper implements IAuthenticationSession, AuthProzessDataConstants {
 
-		
-	private Map<String, Object> sessionData;
 	
 	/**
 	 * @param genericDataStorage
 	 */
 	public AuthenticationSessionWrapper(Map<String, Object> genericDataStorage) {
-		this.sessionData = genericDataStorage;
-	}
-	
-	private <T> T wrapStringObject(String key, Object defaultValue, Class<T> clazz) {		
-		if (MiscUtil.isNotEmpty(key)) {
-			Object obj = sessionData.get(key);
-			if (obj != null && clazz.isInstance(obj))
-				return (T) obj;
-		}
+		super(genericDataStorage);
 		
-		if (defaultValue == null)
-			return null;
-		
-		else if (clazz.isInstance(defaultValue))
-			return (T)defaultValue;
-			
-		else {
-			Logger.error("DefaultValue: " + defaultValue.getClass().getName() + " is not of Type:" + clazz.getName());
-			throw new IllegalStateException("DefaultValue: " + defaultValue.getClass().getName() + " is not of Type:" + clazz.getName());
-				
-		}		
 	}
+		
 	
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isAuthenticated()
-	 */
-	@Override
-	public boolean isAuthenticated() {
-		return wrapStringObject(FLAG_IS_AUTHENTICATED, false, Boolean.class);
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthenticated(boolean)
-	 */
-	@Override
-	public void setAuthenticated(boolean authenticated) {
-		sessionData.put(FLAG_IS_AUTHENTICATED, authenticated);
-
-	}
-
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSignerCertificate()
 	 */
@@ -133,7 +89,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	@Override
 	public void setSignerCertificate(X509Certificate signerCertificate) {
 		try {
-			sessionData.put(VALUE_SIGNER_CERT, signerCertificate.getEncoded());
+			authProcessData.put(VALUE_SIGNER_CERT, signerCertificate.getEncoded());
 			
 		}catch (CertificateEncodingException e) {
 			Logger.warn("Signer certificate can not be stored to session database!", e);
@@ -141,15 +97,6 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIdentityLink()
-	 */
-	@Override
-	public IIdentityLink getIdentityLink() {
-		return wrapStringObject(VALUE_IDENTITYLINK, null, IIdentityLink.class);
-		
-	}
-
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionID()
 	 */
@@ -159,21 +106,12 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 				
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIdentityLink(at.gv.egovernment.moa.id.auth.data.IdentityLink)
-	 */
-	@Override
-	public void setIdentityLink(IIdentityLink identityLink) {
-		sessionData.put(VALUE_IDENTITYLINK, identityLink);
-
-	}
-
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSessionID(java.lang.String)
 	 */
 	@Override
 	public void setSSOSessionID(String sessionId) {
-		sessionData.put(ISSOManager.AUTH_DATA_SSO_SESSIONID, sessionId);
+		authProcessData.put(ISSOManager.AUTH_DATA_SSO_SESSIONID, sessionId);
 
 	}
 
@@ -190,7 +128,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setBkuURL(String bkuURL) {
-		sessionData.put(VALUE_BKUURL, bkuURL);
+		authProcessData.put(VALUE_BKUURL, bkuURL);
 
 	}
 
@@ -207,7 +145,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setAuthBlock(String authBlock) {
-		sessionData.put(VALUE_AUTHBLOCK, authBlock);
+		authProcessData.put(VALUE_AUTHBLOCK, authBlock);
 
 	}
 
@@ -224,7 +162,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setExtendedSAMLAttributesAUTH(List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH) {
-		sessionData.put(VALUE_EXTENTEDSAMLATTRAUTH, extendedSAMLAttributesAUTH);
+		authProcessData.put(VALUE_EXTENTEDSAMLATTRAUTH, extendedSAMLAttributesAUTH);
 
 	}
 
@@ -241,7 +179,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setExtendedSAMLAttributesOA(List<ExtendedSAMLAttribute> extendedSAMLAttributesOA) {
-		sessionData.put(VALUE_EXTENTEDSAMLATTROA, extendedSAMLAttributesOA);
+		authProcessData.put(VALUE_EXTENTEDSAMLATTROA, extendedSAMLAttributesOA);
 
 	}
 
@@ -258,24 +196,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) {
-		sessionData.put(FLAG_SAMLATTRIBUTEGEBEORWBPK, samlAttributeGebeORwbpk);
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant()
-	 */
-	@Override
-	public String getIssueInstant() {
-		return wrapStringObject(VALUE_ISSUEINSTANT, null, String.class);
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIssueInstant(java.lang.String)
-	 */
-	@Override
-	public void setIssueInstant(String issueInstant) {
-		sessionData.put(VALUE_ISSUEINSTANT, issueInstant);
+		authProcessData.put(FLAG_SAMLATTRIBUTEGEBEORWBPK, samlAttributeGebeORwbpk);
 
 	}
 
@@ -291,29 +212,12 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandates(boolean)
-	 */
-	@Override
-	public void setUseMandates(boolean useMandates) {
-		sessionData.put(FLAG_USE_MANDATE, useMandates);
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isMandateUsed()
-	 */
-	@Override
-	public boolean isMandateUsed() {
-		return wrapStringObject(FLAG_USE_MANDATE, false, Boolean.class);
-	}
-
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISSessionID(java.lang.String)
 	 */
 	@Override
 	public void setMISSessionID(String misSessionID) {
-		sessionData.put(VALUE_MISSESSIONID, misSessionID);
+		authProcessData.put(VALUE_MISSESSIONID, misSessionID);
 
 	}
 
@@ -338,24 +242,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setMandateReferenceValue(String mandateReferenceValue) {
-		sessionData.put(VALUE_MISREFVALUE, mandateReferenceValue);
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isForeigner()
-	 */
-	@Override
-	public boolean isForeigner() {
-		return wrapStringObject(FLAG_IS_FOREIGNER, false, Boolean.class);
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setForeigner(boolean)
-	 */
-	@Override
-	public void setForeigner(boolean isForeigner) {
-		sessionData.put(FLAG_IS_FOREIGNER, isForeigner);
+		authProcessData.put(VALUE_MISREFVALUE, mandateReferenceValue);
 
 	}
 
@@ -372,7 +259,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setXMLVerifySignatureResponse(IVerifiyXMLSignatureResponse xMLVerifySignatureResponse) {
-		sessionData.put(VALUE_VERIFYSIGRESP, xMLVerifySignatureResponse);
+		authProcessData.put(VALUE_VERIFYSIGRESP, xMLVerifySignatureResponse);
 
 	}
 
@@ -389,27 +276,10 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setMISMandate(IMISMandate mandate) {
-		sessionData.put(VALUE_MISMANDATE, mandate);
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isOW()
-	 */
-	@Override
-	public boolean isOW() {
-		return wrapStringObject(FLAG_IS_ORGANWALTER, false, Boolean.class);
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setOW(boolean)
-	 */
-	@Override
-	public void setOW(boolean isOW) {
-		sessionData.put(FLAG_IS_ORGANWALTER, isOW);
+		authProcessData.put(VALUE_MISMANDATE, mandate);
 
 	}
-
+	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlockTokken()
 	 */
@@ -423,78 +293,13 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setAuthBlockTokken(String authBlockTokken) {
-		sessionData.put(VALUE_AUTNBLOCKTOKKEN, authBlockTokken);
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getQAALevel()
-	 */
-	@Override
-	public String getQAALevel() {
-		return wrapStringObject(VALUE_QAALEVEL, null, String.class);
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setQAALevel(java.lang.String)
-	 */
-	@Override
-	public void setQAALevel(String qAALevel) {
-		sessionData.put(VALUE_QAALEVEL, qAALevel);
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionCreated()
-	 */
-	@Override
-	public Date getSessionCreated() {
-		return wrapStringObject(EAAFConstants.AUTH_DATA_CREATED, null, Date.class);
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericSessionDataStorage()
-	 */
-	@Override
-	public Map<String, Object> getGenericSessionDataStorage() {
-		Map<String, Object> result = new HashMap<String, Object>();		
-		for (String el : sessionData.keySet()) {
-			if (el.startsWith(GENERIC_PREFIX))
-				result.put(el.substring(GENERIC_PREFIX.length()), sessionData.get(el));
-			
-		}
-		
-		return result;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String)
-	 */
-	@Override
-	public Object getGenericDataFromSession(String key) {
-		return sessionData.get(GENERIC_PREFIX + key); 
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String, java.lang.Class)
-	 */
-	@Override
-	public <T> T getGenericDataFromSession(String key, Class<T> clazz) {
-		return wrapStringObject(GENERIC_PREFIX + key, null, clazz);
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang.String, java.lang.Object)
-	 */
-	@Override
-	public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException {
-		sessionData.put(GENERIC_PREFIX + key, object);
+		authProcessData.put(VALUE_AUTNBLOCKTOKKEN, authBlockTokken);
 
 	}
 
 	@Override
 	public Map<String, Object> getKeyValueRepresentationFromAuthSession() {
-		return Collections.unmodifiableMap(sessionData);
+		return Collections.unmodifiableMap(authProcessData);
 		
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
deleted file mode 100644
index 2690bc2cc..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
+++ /dev/null
@@ -1,312 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.data;
-
-import java.io.IOException;
-import java.io.Serializable;
-import java.security.PublicKey;
-
-import javax.xml.transform.TransformerException;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
-import at.gv.egovernment.moa.util.DOMUtils;
-
-
-/**
- * Data contained in an identity link issued by BMI, relevant to the MOA ID component.
- * <br><code>"IdentityLink"</code> is the translation of <code>"Personenbindung"</code>.
- * 
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class IdentityLink implements Serializable, IIdentityLink{
-
-	private static final long serialVersionUID = 1L;
-	
-	/**
-	 * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
-	 */
-	private String identificationValue;
-	/**
-	* <code>"identificationType"</code> type of the identificationValue in the IdentityLink.
-	*/
-	private String identificationType;
-	/**
-	 * first name
-	 */
-	private String givenName;
-	/**
-	 * family name
-	 */
-	private String familyName;
-  
-  /**
-   * The name as (givenName + familyName)
-   */
-  private String name;
-	/**
-	 * date of birth
-	 */
-	private String dateOfBirth;
-  /**
-   * the original saml:Assertion-Element
-   */
-	private Element samlAssertion;
-  /**
-   * the serializes saml:Assertion
-   */
-  private String serializedSamlAssertion;
-	/**
-	 * Element /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person
-	 */
-	private Element prPerson;
-  /**
-   * we need for each dsig:Reference Element all
-   * transformation elements
-   */
-  private Element[] dsigReferenceTransforms;
-  
-  /**
-   * The issuing time of the identity link SAML assertion.
-   */
-  private String issueInstant;
-
-  /**
-   * we need all public keys stored in 
-   * the identity link
-   */
-  private PublicKey[] publicKey;
-
-	/**
-	 * Constructor for IdentityLink
-	 */
-	public IdentityLink() {
-	}
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDateOfBirth()
- */
-  @Override
-public String getDateOfBirth() {
-    return dateOfBirth;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getFamilyName()
- */
-  @Override
-public String getFamilyName() {
-    return familyName;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getGivenName()
- */
-  @Override
-public String getGivenName() {
-    return givenName;
-  }
-  
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getName()
- */
-  @Override
-public String getName() {
-    if (name == null) {
-      name = givenName + " " + familyName;
-    }
-    return name;
-  }
-  
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationValue()
- */
-  @Override
-public String getIdentificationValue() {
-    return identificationValue;
-  }
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationType()
-	 */
-	@Override
-	public String getIdentificationType() {
-		return identificationType;
-	}
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDateOfBirth(java.lang.String)
- */
-  @Override
-public void setDateOfBirth(String dateOfBirth) {
-    this.dateOfBirth = dateOfBirth;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setFamilyName(java.lang.String)
- */
-  @Override
-public void setFamilyName(String familyName) {
-    this.familyName = familyName;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setGivenName(java.lang.String)
- */
-  @Override
-public void setGivenName(String givenName) {
-    this.givenName = givenName;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationValue(java.lang.String)
- */
-  @Override
-public void setIdentificationValue(String identificationValue) {
-    this.identificationValue = identificationValue;
-  }
-  
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationType(java.lang.String)
-	 */
-	@Override
-	public void setIdentificationType(String identificationType) {
-		this.identificationType = identificationType;
-	}
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSamlAssertion()
- */
-  @Override
-public Element getSamlAssertion() {
-    return samlAssertion;
-  }
-  
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSerializedSamlAssertion()
- */
-  @Override
-public String getSerializedSamlAssertion() {
-    return serializedSamlAssertion;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setSamlAssertion(org.w3c.dom.Element)
- */
-  @Override
-public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException {
-    this.samlAssertion = samlAssertion;
-    this.serializedSamlAssertion = DOMUtils.serializeNode(samlAssertion);    
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDsigReferenceTransforms()
- */
-  @Override
-public Element[] getDsigReferenceTransforms() {
-    return dsigReferenceTransforms;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDsigReferenceTransforms(org.w3c.dom.Element[])
- */
-  @Override
-public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) {
-    this.dsigReferenceTransforms = dsigReferenceTransforms;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPublicKey()
- */
-  @Override
-public PublicKey[] getPublicKey() {
-    return publicKey;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPublicKey(java.security.PublicKey[])
- */
-  @Override
-public void setPublicKey(PublicKey[] publicKey) {
-    this.publicKey = publicKey;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPrPerson()
- */
-  @Override
-public Element getPrPerson() {
-    return prPerson;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPrPerson(org.w3c.dom.Element)
- */
-  @Override
-public void setPrPerson(Element prPerson) {
-    this.prPerson = prPerson;
-  }
-  
-   /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIssueInstant()
- */
-  @Override
-public String getIssueInstant() {
-    return issueInstant;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIssueInstant(java.lang.String)
- */
-  @Override
-public void setIssueInstant(String issueInstant) {
-    this.issueInstant = issueInstant;
-  }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
index 8f7364f62..3ff22b84d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
@@ -58,15 +58,15 @@ import java.util.List;
 import org.w3c.dom.Element;
 import org.w3c.dom.traversal.NodeIterator;
 
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.IdentityLink;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.exception.ECDSAConverterException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 
 /**
  * Parses an identity link <code>&lt;saml:Assertion&gt;</code>
@@ -259,7 +259,7 @@ public class IdentityLinkAssertionParser {
 
   public IIdentityLink parseIdentityLink() throws ParseException {
     IIdentityLink identityLink;
-    try {
+    try { 
       identityLink = new IdentityLink();
       identityLink.setSamlAssertion(assertionElem);
       identityLink.setIssueInstant(assertionElem.getAttribute(ISSUE_INSTANT_ATTR));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
index b54a43fff..e6b4e9bb8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
@@ -54,12 +54,12 @@ import java.io.InputStream;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 
 /**
  * Parses a <code>&lt;VerifyXMLSignatureResponse&gt;</code> returned by
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
index 89e543209..97d1e7132 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
@@ -909,12 +909,6 @@ public boolean containsConfigurationKey(String arg0) {
 }
 
 
-@Override
-public String getConfigurationValue(String arg0) {
-	return spConfiguration.getConfigurationValue(arg0);
-}
-
-
 @Override
 public Map<String, String> getFullConfiguration() {
 	return spConfiguration.getFullConfiguration();
@@ -951,4 +945,41 @@ public String getMinimumLevelOfAssurence() {
 }
 
 
+@Override
+public String getConfigurationValue(String key) {
+	return spConfiguration.getConfigurationValue(key);
+}
+
+@Override
+public String getConfigurationValue(String key, String defaultValue) {
+	String value = getConfigurationValue(key);
+	if (value == null)
+		return defaultValue;
+	else
+		return value;
+}
+
+
+@Override
+public Boolean isConfigurationValue(String key) {
+	String value = getConfigurationValue(key);
+	if (value == null)
+		return Boolean.parseBoolean(value);
+
+	return null;
+	
+}
+
+
+@Override
+public boolean isConfigurationValue(String key, boolean defaultValue) {
+	String value = getConfigurationValue(key);
+	if (value == null)
+		return Boolean.parseBoolean(value);
+	else
+		return defaultValue;
+	
+}
+
+
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index 11932f52a..76a53ee40 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -559,5 +559,23 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 		return getQaaLevel();
 	}
 
+	@Override
+	public String getConfigurationValue(String arg0, String arg1) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Boolean isConfigurationValue(String arg0) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isConfigurationValue(String arg0, boolean arg1) {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
index b8dccfa65..ff4b96aab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
@@ -5,7 +5,6 @@ import java.util.List;
 import org.w3c.dom.Element;
 
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 
 public interface IMOAAuthData extends IAuthData{
@@ -18,8 +17,7 @@ public interface IMOAAuthData extends IAuthData{
 	  */
 	 String getQAALevel();
 	 
-	 List<String> getEncbPKList();	 
-	 IIdentityLink getIdentityLink();	 
+	 List<String> getEncbPKList();	 	 
      byte[] getSignerCertificate();
 	 String getAuthBlock();	 
 	 boolean isPublicAuthority();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java
index 25d50f57a..d1e1e5c60 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java
@@ -51,10 +51,10 @@ import java.io.Serializable;
 import org.w3c.dom.Element;
 
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class MISMandate implements Serializable, IMISMandate{
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
index e0dd30db3..b5d46fea3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
@@ -28,14 +28,14 @@ import java.util.List;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 
@@ -47,7 +47,6 @@ import at.gv.egovernment.moa.util.MiscUtil;
 public class MOAAuthenticationData extends AuthenticationData implements IMOAAuthData, Serializable {
 
 	private static final long serialVersionUID = 1L;
-	private IIdentityLink identityLink;
 	private boolean qualifiedCertificate;
 	private boolean publicAuthority;
 	private String publicAuthorityCode;
@@ -70,8 +69,9 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 
 	private LoALevelMapper loaMapper;
 	
-	public MOAAuthenticationData(LoALevelMapper loaMapper) {	
-		this.loaMapper = loaMapper;
+	public MOAAuthenticationData(ILoALevelMapper loaMapper) {
+		if (loaMapper instanceof LoALevelMapper)
+			this.loaMapper = (LoALevelMapper) loaMapper;
 		
 	}
 	
@@ -82,19 +82,22 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 	public String getQAALevel() {
 		if (this.QAALevel != null && 
 				this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) {
-			String mappedQAA = loaMapper.mapeIDASQAAToSTORKQAA(this.QAALevel);
-			if (MiscUtil.isNotEmpty(mappedQAA))
-				return mappedQAA;
-			
-			else {
-				Logger.error("eIDAS QAA-level:" + this.QAALevel 
-						+ " can not be mapped to STORK QAA-level! Use "
+			if (loaMapper != null) {
+				String mappedQAA = loaMapper.mapeIDASQAAToSTORKQAA(this.QAALevel);
+				if (MiscUtil.isNotEmpty(mappedQAA))
+					return mappedQAA;
+				else {
+					Logger.error("eIDAS QAA-level:" + this.QAALevel 
+							+ " can not be mapped to STORK QAA-level! Use "
+							+ PVPConstants.STORK_QAA_1_1 + " as default value.");					
+				}
+							
+			} else
+				Logger.error("NO LoALevelMapper found. Use "
 						+ PVPConstants.STORK_QAA_1_1 + " as default value.");
-				return PVPConstants.STORK_QAA_1_1;
-				
-			}
-			
 			
+			return PVPConstants.STORK_QAA_1_1;
+										
 		} else
 			return this.QAALevel;
 		
@@ -106,18 +109,6 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 	}
 
 	
-	@Override
-	public IIdentityLink getIdentityLink() {
-		return identityLink;
-	}
-
-	/**
-	 * @param identityLink the identityLink to set
-	 */
-	public void setIdentityLink(IIdentityLink identityLink) {
-		this.identityLink = identityLink;
-	}
-
 	@Override
 	public byte[] getSignerCertificate() {
 		return signerCertificate;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java
deleted file mode 100644
index 2c0a9fe74..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import java.io.IOException;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.util.Base64Utils;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.id.data.IMOAAuthData;
-
-
-
-public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder {
-	private static final Logger log = LoggerFactory.getLogger(EIDIdentityLinkBuilder.class);
-	
-	
-	public String getName() {
-		return EID_IDENTITY_LINK_NAME;
-	}
-
-	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		try {
-			String ilAssertion = null;			
-			if (authData instanceof IMOAAuthData 
-					&&  ((IMOAAuthData)authData).getIdentityLink() == null)
-				throw new UnavailableAttributeException(EID_IDENTITY_LINK_NAME);
-			
-			ilAssertion = ((IMOAAuthData)authData).getIdentityLink().getSerializedSamlAssertion();
-			
-			return g.buildStringAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
-					EID_IDENTITY_LINK_NAME, Base64Utils.encodeToString(ilAssertion.getBytes("UTF-8")));
-			
-			
-		} catch (IOException e) {
-			log.warn("IdentityLink serialization error.", e);
-			return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
-					EID_IDENTITY_LINK_NAME);
-		}
-		
-	}
-
-	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
-		return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
-				EID_IDENTITY_LINK_NAME);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
index 171dfe2d9..af96a9459 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -33,10 +33,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 
 public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder {
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index b2a2aad88..af64ffe64 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -32,9 +32,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -91,7 +92,7 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
 			}
 			
 		}
-		catch (BuildException | ConfigurationException e) {
+		catch (BuildException | ConfigurationException | EAAFBuilderException e) {
 			Logger.error("Failed to generate IdentificationType");
 			throw new NoMandateDataAttributeException();
 			
@@ -105,7 +106,7 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
 		return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME);
 	}
 	
-	protected Pair<String, String> internalBPKGenerator(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException {		
+	protected Pair<String, String> internalBPKGenerator(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException {		
 		//get PVP attribute directly, if exists 
 		Pair<String, String> calcResult = null;
 		if (authData instanceof IMOAAuthData) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
index 16b179d89..75ca2ccdf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
@@ -33,11 +33,11 @@ import org.opensaml.saml2.metadata.provider.FilterException;
 import org.opensaml.saml2.metadata.provider.MetadataFilter;
 import org.opensaml.xml.XMLObject;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
index 81041260c..d8114f19d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
@@ -35,6 +35,7 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -57,7 +58,6 @@ import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
 import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse;
 import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class IdentityLinkReSigner {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index 885d03fd8..397e28bc2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -62,13 +62,13 @@ import javax.xml.parsers.ParserConfigurationException;
 
 import org.xml.sax.SAXException;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
index a1fd81eb2..14d4d9fb6 100644
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -1,4 +1,3 @@
-at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder
diff --git a/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java b/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
index b0494534a..b1f8fe593 100644
--- a/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
+++ b/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
@@ -54,10 +54,10 @@ import javax.xml.transform.TransformerException;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.core.impl.utils.StreamUtils;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 import iaik.ixsil.algorithms.Transform;
 import iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXML;
 import iaik.ixsil.exceptions.AlgorithmException;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java
index 439138645..31a0573b6 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java
@@ -22,39 +22,25 @@
  */
 package at.gv.egovernment.moa.id.commons.api.data;
 
+import at.gv.egiz.eaaf.core.api.idp.EAAFAuthProcessDataConstants;
+
 /**
  * @author tlenz
  *
  */
-public interface AuthProzessDataConstants {
-	
-	public static final String GENERIC_PREFIX 					= "generic_";
-	
+public interface AuthProzessDataConstants extends EAAFAuthProcessDataConstants { 
 	
-	public static final String FLAG_IS_FOREIGNER 				= "direct_flagIsForeigner";
-	public static final String FLAG_USE_MANDATE 				= "direct_flagUseMandate";
-	public static final String FLAG_IS_ORGANWALTER 				= "direct_flagOrganwalter";
-	public static final String FLAG_IS_AUTHENTICATED 			= "direct_flagIsAuth";
 	public static final String FLAG_SAMLATTRIBUTEGEBEORWBPK 	= "direct_SAMLAttributeGebeORwbpk";
 	
-
-	public static final String VALUE_ISSUEINSTANT 				= "direct_issueInstant";
-	
 	public static final String VALUE_SIGNER_CERT 				= "direct_signerCert";
 	public static final String VALUE_IDENTITYLINK 				= "direct_idl";	
 	public static final String VALUE_BKUURL 					= "direct_bkuUrl";
 	public static final String VALUE_AUTHBLOCK 					= "direct_authBlock";
 	
 	public static final String VALUE_AUTNBLOCKTOKKEN 			= "direct_authblocktokken";
-	public static final String VALUE_QAALEVEL 					= "direct_qaaLevel";
-	public static final String VALUE_VERIFYSIGRESP 				= "direct_verifySigResp";
-	
+	public static final String VALUE_VERIFYSIGRESP 				= "direct_verifySigResp";	
 	public static final String VALUE_MISSESSIONID 				= "direct_MIS_SessionId";
 	public static final String VALUE_MISREFVALUE 				= "direct_MIS_RefValue";
-	public static final String VALUE_MISMANDATE 				= "direct_MIS_Mandate";
-	
-	
-
 	
 	@Deprecated
 	public static final String VALUE_EXTENTEDSAMLATTRAUTH 		= "direct_extSamlAttrAuth";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java
index 8cb2b31bc..1d54af7c8 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java
@@ -22,22 +22,17 @@
  */
 package at.gv.egovernment.moa.id.commons.api.data;
 
-import java.util.Date;
 import java.util.List;
 import java.util.Map;
 
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
 import iaik.x509.X509Certificate;
 
 /**
  * @author tlenz
  *
  */
-public interface IAuthenticationSession {
-
-	boolean isAuthenticated();
-
-	void setAuthenticated(boolean authenticated);
+public interface IAuthenticationSession extends IAuthProcessDataContainer {
 
 	X509Certificate getSignerCertificate();
 
@@ -45,13 +40,6 @@ public interface IAuthenticationSession {
 
 	void setSignerCertificate(X509Certificate signerCertificate);
 
-	/**
-	 * Returns the identityLink.
-	 * 
-	 * @return IdentityLink
-	 */
-	IIdentityLink getIdentityLink();
-
 	/**
 	 * Returns the sessionID.
 	 * 
@@ -59,14 +47,7 @@ public interface IAuthenticationSession {
 	 */
 	String getSSOSessionID();
 
-	/**
-	 * Sets the identityLink.
-	 * 
-	 * @param identityLink
-	 *            The identityLink to set
-	 */
-	void setIdentityLink(IIdentityLink identityLink);
-
+	
 	/**
 	 * Sets the sessionID.
 	 * 
@@ -158,20 +139,6 @@ public interface IAuthenticationSession {
 	 */
 	void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk);
 
-	/**
-	 * Returns the issuing time of the AUTH-Block SAML assertion.
-	 * 
-	 * @return The issuing time of the AUTH-Block SAML assertion.
-	 */
-	String getIssueInstant();
-
-	/**
-	 * Sets the issuing time of the AUTH-Block SAML assertion.
-	 * 
-	 * @param issueInstant
-	 *            The issueInstant to set.
-	 */
-	void setIssueInstant(String issueInstant);
 
 	/**
 	 * 
@@ -180,13 +147,6 @@ public interface IAuthenticationSession {
 	 */
 	void setUseMandate(String useMandate);
 
-	void setUseMandates(boolean useMandates);
-
-	/**
-	 * @return
-	 */
-	boolean isMandateUsed();
-
 	/**
 	 * 
 	 * @param misSessionID
@@ -212,9 +172,6 @@ public interface IAuthenticationSession {
 	 */
 	void setMandateReferenceValue(String mandateReferenceValue);
 
-	boolean isForeigner();
-
-	void setForeigner(boolean isForeigner);
 
 	IVerifiyXMLSignatureResponse getXMLVerifySignatureResponse();
 
@@ -224,17 +181,6 @@ public interface IAuthenticationSession {
 
 	void setMISMandate(IMISMandate mandate);
 
-	/**
-	 * @return the isOW
-	 */
-	boolean isOW();
-
-	/**
-	 * @param isOW
-	 *            the isOW to set
-	 */
-	void setOW(boolean isOW);
-
 	/**
 	 * @return the authBlockTokken
 	 */
@@ -246,52 +192,6 @@ public interface IAuthenticationSession {
 	 */
 	void setAuthBlockTokken(String authBlockTokken);
 
-	/**
-	 * eIDAS QAA level
-	 * 
-	 * @return the qAALevel
-	 */
-	String getQAALevel();
-
-	/**
-	 * set QAA level in eIDAS form
-	 * 
-	 * @param qAALevel the qAALevel to set
-	 */
-	void setQAALevel(String qAALevel);
-
-	/**
-	 * @return the sessionCreated
-	 */
-	Date getSessionCreated();
-
-	Map<String, Object> getGenericSessionDataStorage();
-
-	/**
-	 * Returns a generic session-data object with is stored with a specific identifier 
-	 * 
-	 * @param key The specific identifier of the session-data object
-	 * @return The session-data object or null if no data is found with this key
-	 */
-	Object getGenericDataFromSession(String key);
-
-	/**
-	 * Returns a generic session-data object with is stored with a specific identifier 
-	 * 
-	 * @param key The specific identifier of the session-data object
-	 * @param clazz The class type which is stored with this key
-	 * @return The session-data object or null if no data is found with this key
-	 */
-	<T> T getGenericDataFromSession(String key, Class<T> clazz);
-
-	/**
-	 * Store a generic data-object to session with a specific identifier
-	 * 
-	 * @param key Identifier for this data-object
-	 * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
-	 * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
-	 */
-	void setGenericDataToSession(String key, Object object) throws SessionDataStorageException;
 	
 	/**
 	 * Generates a Key / Value representation from Authenticated session
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java
deleted file mode 100644
index 3a0ccd7c9..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java
+++ /dev/null
@@ -1,175 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.commons.api.data;
-
-import java.io.IOException;
-import java.security.PublicKey;
-
-import javax.xml.transform.TransformerException;
-
-import org.w3c.dom.Element;
-
-/**
- * @author tlenz
- *
- */
-public interface IIdentityLink {
-
-	/**
-	   * Returns the dateOfBirth.
-	   * @return Calendar
-	   */
-	String getDateOfBirth();
-
-	/**
-	   * Returns the familyName.
-	   * @return String
-	   */
-	String getFamilyName();
-
-	/**
-	   * Returns the givenName.
-	   * @return String
-	   */
-	String getGivenName();
-
-	/**
-	   * Returns the name.
-	   * @return The name.
-	   */
-	String getName();
-
-	/**
-	   * Returns the identificationValue.
-		 * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
-	   * @return String
-	   */
-	String getIdentificationValue();
-
-	/**
-	 * Returns the identificationType.
-	 * <code>"identificationType"</code> type of the identificationValue in the IdentityLink.
-	 * @return String
-	 */
-	String getIdentificationType();
-
-	/**
-	   * Sets the dateOfBirth.
-	   * @param dateOfBirth The dateOfBirth to set
-	   */
-	void setDateOfBirth(String dateOfBirth);
-
-	/**
-	   * Sets the familyName.
-	   * @param familyName The familyName to set
-	   */
-	void setFamilyName(String familyName);
-
-	/**
-	   * Sets the givenName.
-	   * @param givenName The givenName to set
-	   */
-	void setGivenName(String givenName);
-
-	/**
-	   * Sets the identificationValue.
-		 * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
-	   * @param identificationValue The identificationValue to set
-	   */
-	void setIdentificationValue(String identificationValue);
-
-	/**
-	 * Sets the Type of the identificationValue.
-	 * @param identificationType The type of identificationValue to set
-	 */
-	void setIdentificationType(String identificationType);
-
-	/**
-	   * Returns the samlAssertion.
-	   * @return Element
-	   */
-	Element getSamlAssertion();
-
-	/**
-	   * Returns the samlAssertion.
-	   * @return Element
-	   */
-	String getSerializedSamlAssertion();
-
-	/**
-	   * Sets the samlAssertion and the serializedSamlAssertion.
-	   * @param samlAssertion The samlAssertion to set
-	   */
-	void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException;
-
-	/**
-	   * Returns the dsigReferenceTransforms.
-	   * @return Element[]
-	   */
-	Element[] getDsigReferenceTransforms();
-
-	/**
-	   * Sets the dsigReferenceTransforms.
-	   * @param dsigReferenceTransforms The dsigReferenceTransforms to set
-	   */
-	void setDsigReferenceTransforms(Element[] dsigReferenceTransforms);
-
-	/**
-	   * Returns the publicKey.
-	   * @return PublicKey[]
-	   */
-	PublicKey[] getPublicKey();
-
-	/**
-	   * Sets the publicKey.
-	   * @param publicKey The publicKey to set
-	   */
-	void setPublicKey(PublicKey[] publicKey);
-
-	/**
-	   * Returns the prPerson.
-	   * @return Element
-	   */
-	Element getPrPerson();
-
-	/**
-	   * Sets the prPerson.
-	   * @param prPerson The prPerson to set
-	   */
-	void setPrPerson(Element prPerson);
-
-	/**
-	   * Returns the issuing time of the identity link SAML assertion.
-	   *
-	   * @return The issuing time of the identity link SAML assertion.
-	   */
-	String getIssueInstant();
-
-	/**
-	   * Sets the issuing time of the identity link SAML assertion.
-	   *
-	   * @param issueInstant The issueInstant to set.
-	   */
-	void setIssueInstant(String issueInstant);
-
-}
\ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
deleted file mode 100644
index 62a168ac8..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
+++ /dev/null
@@ -1,1263 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Set;
-import java.util.Vector;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.OutputKeys;
-import javax.xml.transform.Result;
-import javax.xml.transform.Source;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.apache.commons.io.IOUtils;
-import org.apache.xerces.parsers.DOMParser;
-import org.apache.xerces.parsers.SAXParser;
-import org.apache.xerces.parsers.XMLGrammarPreparser;
-import org.apache.xerces.util.SymbolTable;
-import org.apache.xerces.util.XMLGrammarPoolImpl;
-import org.apache.xerces.xni.grammars.XMLGrammarDescription;
-import org.apache.xerces.xni.grammars.XMLGrammarPool;
-import org.apache.xerces.xni.parser.XMLInputSource;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.DocumentFragment;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.xml.sax.EntityResolver;
-import org.xml.sax.ErrorHandler;
-import org.xml.sax.InputSource;
-import org.xml.sax.SAXException;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Various utility functions for handling XML DOM trees.
- * 
- * The parsing methods in this class make use of some features internal to the
- * Xerces DOM parser, mainly for performance reasons. As soon as JAXP
- * (currently at version 1.2) is better at schema handling, it should be used as
- * the parser interface.
- * 
- * @author Patrick Peck
- * @version $Id$
- */
-public class DOMUtils {
-
-  /** Feature URI for namespace aware parsing. */
-  private static final String NAMESPACES_FEATURE =
-    "http://xml.org/sax/features/namespaces";
-  /** Feature URI for validating parsing. */
-  private static final String VALIDATION_FEATURE =
-    "http://xml.org/sax/features/validation";
-  /** Feature URI for schema validating parsing. */
-  private static final String SCHEMA_VALIDATION_FEATURE =
-    "http://apache.org/xml/features/validation/schema";
-  /** Feature URI for normalization of element/attribute values. */
-  private static final String NORMALIZED_VALUE_FEATURE =
-    "http://apache.org/xml/features/validation/schema/normalized-value";
-  /** Feature URI for parsing ignorable whitespace. */
-  private static final String INCLUDE_IGNORABLE_WHITESPACE_FEATURE =
-    "http://apache.org/xml/features/dom/include-ignorable-whitespace";
-  /** Feature URI for creating EntityReference nodes in the DOM tree. */
-  private static final String CREATE_ENTITY_REF_NODES_FEATURE =
-    "http://apache.org/xml/features/dom/create-entity-ref-nodes";
-  /** Property URI for providing external schema locations. */
-  private static final String EXTERNAL_SCHEMA_LOCATION_PROPERTY =
-    "http://apache.org/xml/properties/schema/external-schemaLocation";
-  /** Property URI for providing the external schema location for elements 
-   * without a namespace. */
-  private static final String EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY =
-    "http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation";
-  
-  private static final String EXTERNAL_GENERAL_ENTITIES_FEATURE =
-  	"http://xml.org/sax/features/external-general-entities";
-  
-  private static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE =
-	  "http://xml.org/sax/features/external-parameter-entities";
-  
-  public static final String DISALLOW_DOCTYPE_FEATURE =
-		  "http://apache.org/xml/features/disallow-doctype-decl";
-  
-  
-  
-  /** Property URI for the Xerces grammar pool. */
-  private static final String GRAMMAR_POOL =
-    org.apache.xerces.impl.Constants.XERCES_PROPERTY_PREFIX
-      + org.apache.xerces.impl.Constants.XMLGRAMMAR_POOL_PROPERTY;
-  /** A prime number for initializing the symbol table. */
-  private static final int BIG_PRIME = 2039;
-  /** Symbol table for the grammar pool. */
-  private static SymbolTable symbolTable = new SymbolTable(BIG_PRIME);
-  /** Xerces schema grammar pool. */
-  private static XMLGrammarPool grammarPool = new XMLGrammarPoolImpl();
-  /** Set holding the NamespaceURIs of the grammarPool, to prevent multiple
-    * entries of same grammars to the pool */
-  private static Set grammarNamespaces; 
-
-  static {
-    grammarPool.lockPool();
-    grammarNamespaces = new HashSet();
-  }
-
-  /**
-   * Preparse a schema and add it to the schema pool.
-   * The method only adds the schema to the pool if a schema having the same
-   * <code>systemId</code> (namespace URI) is not already present in the pool.
-   * 
-   * @param inputStream An <code>InputStream</code> providing the contents of
-   * the schema.
-   * @param systemId The systemId (namespace URI) to use for the schema.
-   * @throws IOException An error occurred reading the schema.
-   */
-  public static void addSchemaToPool(InputStream inputStream, String systemId)
-    throws IOException {
-    XMLGrammarPreparser preparser;
-
-    if (!grammarNamespaces.contains(systemId)) { 
-
-      grammarNamespaces.add(systemId);
-    
-      // unlock the pool so that we can add another grammar
-      grammarPool.unlockPool();
-	
-      // prepare the preparser
-      preparser = new XMLGrammarPreparser(symbolTable);
-      preparser.registerPreparser(XMLGrammarDescription.XML_SCHEMA, null);
-      preparser.setProperty(GRAMMAR_POOL, grammarPool);
-      preparser.setFeature(NAMESPACES_FEATURE, true);
-      preparser.setFeature(VALIDATION_FEATURE, true);
-	
-      // add the grammar to the pool
-      preparser.preparseGrammar(
-      XMLGrammarDescription.XML_SCHEMA,
-        new XMLInputSource(null, systemId, null, inputStream, null));
-	
-      // lock the pool again so that schemas are not added automatically
-      grammarPool.lockPool();
-    }
-  }
-
-  /**
-   * Parse an XML document from an <code>InputStream</code>.
-   * 
-   * @param inputStream The <code>InputStream</code> containing the XML
-   * document.
-   * @param validating If <code>true</code>, parse validating.
-   * @param externalSchemaLocations A <code>String</code> containing namespace
-   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
-   * schemaLocation</code> attribute. 
-   * @param externalNoNamespaceSchemaLocation The schema location of the
-   * schema for elements without a namespace, the same way it is accepted by the
-   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
-   * @param entityResolver An <code>EntityResolver</code> to resolve external
-   * entities (schemas and DTDs). If <code>null</code>, it will not be set.
-   * @param errorHandler An <code>ErrorHandler</code> to decide what to do
-   * with parsing errors. If <code>null</code>, it will not be set.
-   * @return The parsed XML document as a DOM tree.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Document parseDocument(
-    InputStream inputStream,
-    boolean validating,
-    String externalSchemaLocations,
-    String externalNoNamespaceSchemaLocation,
-    EntityResolver entityResolver,
-    ErrorHandler errorHandler,
-    Map<String, Object> parserFeatures)
-    throws  SAXException, IOException, ParserConfigurationException {
-
-    DOMParser parser;
-
-//    class MyEntityResolver implements EntityResolver {
-//
-//		public InputSource resolveEntity(String publicId, String systemId)
-//				throws SAXException, IOException {
-//		    return new InputSource(new ByteArrayInputStream(new byte[0]));
-//		}
-//    }
-
-
-		//if Debug is enabled make a copy of inputStream to enable debug output in case of SAXException
-		byte buffer [] = null;
-		ByteArrayInputStream baStream = null;
-		if(true == Logger.isDebugEnabled()) {
-			buffer = IOUtils.toByteArray(inputStream);
-			baStream = new ByteArrayInputStream(buffer);
-			
-		}	
-		
-		
-		
-    // create the DOM parser
-    if (symbolTable != null) {
-      parser = new DOMParser(symbolTable, grammarPool);
-    } else {
-      parser = new DOMParser();
-    }
-    
-    // set parser features and properties
-    try {
-	    parser.setFeature(NAMESPACES_FEATURE, true);
-	    parser.setFeature(VALIDATION_FEATURE, validating);
-	    parser.setFeature(SCHEMA_VALIDATION_FEATURE, validating);
-	    parser.setFeature(NORMALIZED_VALUE_FEATURE, false);
-	    parser.setFeature(INCLUDE_IGNORABLE_WHITESPACE_FEATURE, true);
-	    parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false);
-	    parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
-	    parser.setFeature(EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
-	    
-	    //set external added parser features
-	    if (parserFeatures != null) {
-	    	for (Entry<String, Object> el : parserFeatures.entrySet()) {
-	    		String key = el.getKey();
-	    		if (MiscUtil.isNotEmpty(key)) {
-	    			Object value = el.getValue();
-	    			if (value != null && value instanceof Boolean)	    		
-	    				parser.setFeature(key, (boolean)value);
-	    			
-	    			else
-	    				Logger.warn("This XML parser only allows features with 'boolean' values");
-	    			
-	    		} else 
-	    			Logger.warn("Can not set 'null' feature to XML parser");
-	    	}
-	    }
-	    
-	    //fix XXE problem
-	    //parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
-	    
-	
-	    if (validating) {
-	      if (externalSchemaLocations != null) {
-	        parser.setProperty(
-	          EXTERNAL_SCHEMA_LOCATION_PROPERTY,
-	          externalSchemaLocations);
-	      }
-	      if (externalNoNamespaceSchemaLocation != null) {
-	        parser.setProperty(
-	          EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY,
-	          externalNoNamespaceSchemaLocation);
-	      }
-	    }
-	
-	    // set entity resolver and error handler
-	    if (entityResolver != null) {
-	      parser.setEntityResolver(entityResolver);
-	    }
-	    if (errorHandler != null) {
-	      parser.setErrorHandler(errorHandler);
-	    }
-	
-	    // parse the document and return it
-	    // if debug is enabled: use copy of strem (baStream) else use orig stream
-	    if(null != baStream)
-	    	parser.parse(new InputSource(baStream));
-	    else 
-			parser.parse(new InputSource(inputStream));
-    } catch(SAXException e) {
-			if(true == Logger.isDebugEnabled() && null != buffer) {				
-				String xmlContent = new String(buffer);
-				Logger.debug("SAXException in:\n" + xmlContent);				 
-			} 
-		  throw(e);
-    }
-
-    return parser.getDocument();
-  }
-
-  /**
-   * Parse an XML document from an <code>InputStream</code>.
-   * 
-   * @param inputStream The <code>InputStream</code> containing the XML
-   * document.
-   * @param validating If <code>true</code>, parse validating.
-   * @param externalSchemaLocations A <code>String</code> containing namespace
-   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
-   * schemaLocation</code> attribute. 
-   * @param externalNoNamespaceSchemaLocation The schema location of the
-   * schema for elements without a namespace, the same way it is accepted by the
-   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
-   * @param entityResolver An <code>EntityResolver</code> to resolve external
-   * entities (schemas and DTDs). If <code>null</code>, it will not be set.
-   * @param errorHandler An <code>ErrorHandler</code> to decide what to do
-   * with parsing errors. If <code>null</code>, it will not be set.
-   * @return The parsed XML document as a DOM tree.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Document parseDocumentSimple(InputStream inputStream)
-    throws  SAXException, IOException, ParserConfigurationException {
-
-    DOMParser parser;
-			
-    parser = new DOMParser();
-    // set parser features and properties
-    parser.setFeature(NAMESPACES_FEATURE, true);
-    parser.setFeature(VALIDATION_FEATURE, false);
-    parser.setFeature(SCHEMA_VALIDATION_FEATURE, false);
-    parser.setFeature(NORMALIZED_VALUE_FEATURE, false);
-    parser.setFeature(INCLUDE_IGNORABLE_WHITESPACE_FEATURE, true);
-    parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false);
-		
-    parser.parse(new InputSource(inputStream));
-    
-    return parser.getDocument();
-  }
-
-  
-  /**
-   * Parse an XML document from an <code>InputStream</code>.
-   * 
-   * It uses a <code>MOAEntityResolver</code> as the <code>EntityResolver</code>
-   * and a <code>MOAErrorHandler</code> as the <code>ErrorHandler</code>.
-   * 
-   * @param inputStream The <code>InputStream</code> containing the XML
-   * document.
-   * @param validating If <code>true</code>, parse validating.
-   * @param externalSchemaLocations A <code>String</code> containing namespace
-   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
-   * schemaLocation</code> attribute. 
-   * @param externalNoNamespaceSchemaLocation The schema location of the
-   * schema for elements without a namespace, the same way it is accepted by the
-   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
- * @param parserFeatures 
-   * @return The parsed XML document as a DOM tree.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Document parseDocument(
-    InputStream inputStream,
-    boolean validating,
-    String externalSchemaLocations,
-    String externalNoNamespaceSchemaLocation, Map<String, Object> parserFeatures)
-    throws SAXException, IOException, ParserConfigurationException {
-
-  
-	  
-    return parseDocument(
-      inputStream,
-      validating,
-      externalSchemaLocations,
-      externalNoNamespaceSchemaLocation,
-      new MOAEntityResolver(),
-      new MOAErrorHandler(),
-      parserFeatures);
-  }
-
-  /**
-   * Parse an XML document from a <code>String</code>.
-   * 
-   * It uses a <code>MOAEntityResolver</code> as the <code>EntityResolver</code>
-   * and a <code>MOAErrorHandler</code> as the <code>ErrorHandler</code>.
-   * 
-   * @param xmlString The <code>String</code> containing the XML document.
-   * @param encoding The encoding of the XML document.
-   * @param validating If <code>true</code>, parse validating.
-   * @param externalSchemaLocations A <code>String</code> containing namespace
-   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
-   * schemaLocation</code> attribute. 
-   * @param externalNoNamespaceSchemaLocation The schema location of the
-   * schema for elements without a namespace, the same way it is accepted by the
-   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
-   * @return The parsed XML document as a DOM tree.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Document parseDocument(
-    String xmlString,
-    String encoding,
-    boolean validating,
-    String externalSchemaLocations,
-    String externalNoNamespaceSchemaLocation,
-    Map<String, Object> parserFeatures)
-    throws SAXException, IOException, ParserConfigurationException {
-
-    InputStream in = new ByteArrayInputStream(xmlString.getBytes(encoding));
-    return parseDocument(
-      in,
-      validating,
-      externalSchemaLocations,
-      externalNoNamespaceSchemaLocation,
-      parserFeatures);
-  }
-  
-  
-  /**
-   * Parse an XML document from a <code>String</code>.
-   * 
-   * It uses a <code>MOAEntityResolver</code> as the <code>EntityResolver</code>
-   * and a <code>MOAErrorHandler</code> as the <code>ErrorHandler</code>.
-   * 
-   * @param xmlString The <code>String</code> containing the XML document.
-   * @param encoding The encoding of the XML document.
-   * @param validating If <code>true</code>, parse validating.
-   * @param externalSchemaLocations A <code>String</code> containing namespace
-   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
-   * schemaLocation</code> attribute. 
-   * @param externalNoNamespaceSchemaLocation The schema location of the
-   * schema for elements without a namespace, the same way it is accepted by the
-   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
-   * @return The parsed XML document as a DOM tree.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Document parseDocument(
-    String xmlString,
-    String encoding,
-    boolean validating,
-    String externalSchemaLocations,
-    String externalNoNamespaceSchemaLocation)
-    throws SAXException, IOException, ParserConfigurationException {
-
-    InputStream in = new ByteArrayInputStream(xmlString.getBytes(encoding));
-    return parseDocument(
-      in,
-      validating,
-      externalSchemaLocations,
-      externalNoNamespaceSchemaLocation,
-      null);
-  }
-
-  /**
-   * Parse an UTF-8 encoded XML document from a <code>String</code>.
-   * 
-   * @param xmlString The <code>String</code> containing the XML document.
-   * @param validating If <code>true</code>, parse validating.
-   * @param externalSchemaLocations A <code>String</code> containing namespace
-   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
-   * schemaLocation</code> attribute. 
-   * @param externalNoNamespaceSchemaLocation The schema location of the
-   * schema for elements without a namespace, the same way it is accepted by the
-   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
-   * @return The parsed XML document as a DOM tree.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Document parseDocument(
-    String xmlString,
-    boolean validating,
-    String externalSchemaLocations,
-    String externalNoNamespaceSchemaLocation)
-    throws SAXException, IOException, ParserConfigurationException {
-
-    return parseDocument(
-      xmlString,
-      "UTF-8",
-      validating,
-      externalSchemaLocations,
-      externalNoNamespaceSchemaLocation);
-  }
-
-  /**
-   * A convenience method to parse an XML document validating.
-   * 
-   * @param inputStream The <code>InputStream</code> containing the XML
-   * document.
-   * @return The root element of the parsed XML document.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Element parseXmlValidating(InputStream inputStream)
-    throws ParserConfigurationException, SAXException, IOException {
-    return DOMUtils
-      .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, null)
-      .getDocumentElement();
-  }
-  
-  /**
-   * A convenience method to parse an XML document validating.
-   * 
-   * @param inputStream The <code>InputStream</code> containing the XML
-   * document.
-   * @param parserFeatures Set additional features to XML parser
-   * @return The root element of the parsed XML document.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Element parseXmlValidating(InputStream inputStream, Map<String, Object> parserFeatures)
-    throws ParserConfigurationException, SAXException, IOException {
-    return DOMUtils
-      .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, parserFeatures)
-      .getDocumentElement();
-  }
-  
-  /**
-   * A convenience method to parse an XML document non validating.
-   * This method disallow DocType declarations 
-   * 
-   * @param inputStream The <code>InputStream</code> containing the XML
-   * document.
-   * @return The root element of the parsed XML document.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Element parseXmlNonValidating(InputStream inputStream)
-    throws ParserConfigurationException, SAXException, IOException {	  
-    return DOMUtils
-      .parseDocument(inputStream, false, Constants.ALL_SCHEMA_LOCATIONS, null, 
-    		  Collections.unmodifiableMap(new HashMap<String, Object>() {
-    			  private static final long serialVersionUID = 1L;
-    			  {	
-    				  put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
-				
-    			  }
-    		  })).getDocumentElement();
-  }
-
-  /**
-   * Schema validate a given DOM element.
-   * 
-   * @param element The element to validate.
-   * @param externalSchemaLocations A <code>String</code> containing namespace
-   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
-   * schemaLocation</code> attribute. 
-   * @param externalNoNamespaceSchemaLocation The schema location of the
-   * schema for elements without a namespace, the same way it is accepted by the
-   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
-   * @return <code>true</code>, if the <code>element</code> validates against
-   * the schemas declared in it.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document from its
-   * serialized representation.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * @throws TransformerException An error occurred serializing the element.
-   */
-  public static boolean validateElement(
-    Element element,
-    String externalSchemaLocations,
-    String externalNoNamespaceSchemaLocation)
-    throws
-      ParserConfigurationException,
-      IOException,
-      SAXException,
-      TransformerException {
-
-    byte[] docBytes;
-    SAXParser parser;
-
-    // create the SAX parser
-    if (symbolTable != null) {
-      parser = new SAXParser(symbolTable, grammarPool);
-    } else {
-      parser = new SAXParser();
-    }
-
-    // serialize the document
-    docBytes = serializeNode(element, "UTF-8");
-
-    // set up parser features and attributes
-    parser.setFeature(NAMESPACES_FEATURE, true);
-    parser.setFeature(VALIDATION_FEATURE, true);
-    parser.setFeature(SCHEMA_VALIDATION_FEATURE, true);
-    parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
-    parser.setFeature(DISALLOW_DOCTYPE_FEATURE, true);
-    
-    
-    if (externalSchemaLocations != null) {
-      parser.setProperty(
-        EXTERNAL_SCHEMA_LOCATION_PROPERTY,
-        externalSchemaLocations);
-    }
-    if (externalNoNamespaceSchemaLocation != null) {
-      parser.setProperty(
-        EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY,
-        "externalNoNamespaceSchemaLocation");
-    }
-
-    // set up entity resolver and error handler
-    parser.setEntityResolver(new MOAEntityResolver());
-    parser.setErrorHandler(new MOAErrorHandler());
-
-    // parse validating
-    parser.parse(new InputSource(new ByteArrayInputStream(docBytes)));
-    return true;
-  }
-
-  
-  /**
-   * Schema validate a given DOM element.
-   * 
-   * @param element The element to validate.
-   * @param externalSchemaLocations A <code>String</code> containing namespace
-   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
-   * schemaLocation</code> attribute. 
-   * @param externalNoNamespaceSchemaLocation The schema location of the
-   * schema for elements without a namespace, the same way it is accepted by the
-   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
-   * @return <code>true</code>, if the <code>element</code> validates against
-   * the schemas declared in it.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document from its
-   * serialized representation.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * @throws TransformerException An error occurred serializing the element.
-   */
-  public static boolean validateElement(
-    Element element,
-    String externalSchemaLocations,
-    String externalNoNamespaceSchemaLocation,
-    EntityResolver entityResolver)
-    throws
-      ParserConfigurationException,
-      IOException,
-      SAXException,
-      TransformerException {
-
-    byte[] docBytes;
-    SAXParser parser;
-
-    // create the SAX parser
-    if (symbolTable != null) {
-      parser = new SAXParser(symbolTable, grammarPool);
-    } else {
-      parser = new SAXParser();
-    }
-
-    // serialize the document
-    docBytes = serializeNode(element, "UTF-8");
-
-    // set up parser features and attributes
-    parser.setFeature(NAMESPACES_FEATURE, true);
-    parser.setFeature(VALIDATION_FEATURE, true);
-    parser.setFeature(SCHEMA_VALIDATION_FEATURE, true);
-    
-    if (externalSchemaLocations != null) {
-      parser.setProperty(
-        EXTERNAL_SCHEMA_LOCATION_PROPERTY,
-        externalSchemaLocations);
-    }
-    if (externalNoNamespaceSchemaLocation != null) {
-      parser.setProperty(
-        EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY,
-        "externalNoNamespaceSchemaLocation");
-    }
-
-    // set up entity resolver and error handler
-    parser.setEntityResolver(entityResolver);
-    parser.setErrorHandler(new MOAErrorHandler());
-
-    // parse validating
-    parser.parse(new InputSource(new ByteArrayInputStream(docBytes)));
-    return true;
-  }
-  
-  /**
-   * Serialize the given DOM node.
-   * 
-   * The node will be serialized using the UTF-8 encoding.
-   * 
-   * @param node The node to serialize.
-   * @return String The <code>String</code> representation of the given DOM
-   * node.
-   * @throws TransformerException An error occurred transforming the
-   * node to a <code>String</code>.
-   * @throws IOException An IO error occurred writing the node to a byte array.
-   */
-  public static String serializeNode(Node node)
-    throws TransformerException, IOException {
-    return new String(serializeNode(node, "UTF-8", false), "UTF-8");
-  }
-
-
-  /**
-   * Serialize the given DOM node.
-   * 
-   * The node will be serialized using the UTF-8 encoding.
-   * 
-   * @param node The node to serialize.
-   * @param omitXmlDeclaration The boolean value for omitting the XML Declaration.
-   * @return String The <code>String</code> representation of the given DOM
-   * node.
-   * @throws TransformerException An error occurred transforming the
-   * node to a <code>String</code>.
-   * @throws IOException An IO error occurred writing the node to a byte array.
-   */
-  public static String serializeNode(Node node, boolean omitXmlDeclaration)
-    throws TransformerException, IOException {
-    return new String(serializeNode(node, "UTF-8", omitXmlDeclaration), "UTF-8");
-  }
-
-  /**
-   * Serialize the given DOM node.
-   * 
-   * The node will be serialized using the UTF-8 encoding.
-   * 
-   * @param node The node to serialize.
-   * @param omitXmlDeclaration The boolean value for omitting the XML Declaration.
-   * @param lineSeperator Sets the line seperator String of the parser
-   * @return String The <code>String</code> representation of the given DOM
-   * node.
-   * @throws TransformerException An error occurred transforming the
-   * node to a <code>String</code>.
-   * @throws IOException An IO error occurred writing the node to a byte array.
-   */
-  public static String serializeNode(Node node, boolean omitXmlDeclaration, String lineSeperator)
-    throws TransformerException, IOException {
-    return new String(serializeNode(node, "UTF-8", omitXmlDeclaration, lineSeperator), "UTF-8");
-  }
-  
-  /**
-   * Serialize the given DOM node to a byte array.
-   * 
-   * @param node The node to serialize.
-   * @param xmlEncoding The XML encoding to use.
-   * @return The serialized node, as a byte array. Using a compatible encoding
-   * this can easily be converted into a <code>String</code>.
-   * @throws TransformerException An error occurred transforming the node to a 
-   * byte array.
-   * @throws IOException An IO error occurred writing the node to a byte array.
-   */
-  public static byte[] serializeNode(Node node, String xmlEncoding)
-  throws TransformerException, IOException {
-    return serializeNode(node, xmlEncoding, false);
-  }
-  
-  /**
-   * Serialize the given DOM node to a byte array.
-   * 
-   * @param node The node to serialize.
-   * @param xmlEncoding The XML encoding to use.
-   * @param omitDeclaration The boolean value for omitting the XML Declaration.
-   * @return The serialized node, as a byte array. Using a compatible encoding
-   * this can easily be converted into a <code>String</code>.
-   * @throws TransformerException An error occurred transforming the node to a 
-   * byte array.
-   * @throws IOException An IO error occurred writing the node to a byte array.
-   */
-  public static byte[] serializeNode(Node node, String xmlEncoding, boolean omitDeclaration)
-    throws TransformerException, IOException {
-    return serializeNode(node, xmlEncoding, omitDeclaration, null);
-  }
-
-
-  /**
-   * Serialize the given DOM node to a byte array.
-   * 
-   * @param node The node to serialize.
-   * @param xmlEncoding The XML encoding to use.
-   * @param omitDeclaration The boolean value for omitting the XML Declaration.
-   * @param lineSeperator Sets the line seperator String of the parser
-   * @return The serialized node, as a byte array. Using a compatible encoding
-   * this can easily be converted into a <code>String</code>.
-   * @throws TransformerException An error occurred transforming the node to a 
-   * byte array.
-   * @throws IOException An IO error occurred writing the node to a byte array.
-   */
-  public static byte[] serializeNode(Node node, String xmlEncoding, boolean omitDeclaration, String lineSeperator)
-    throws TransformerException, IOException {
-
-    TransformerFactory transformerFactory = TransformerFactory.newInstance();
-    Transformer transformer = transformerFactory.newTransformer();
-    ByteArrayOutputStream bos = new ByteArrayOutputStream(16384);
-
-    transformer.setOutputProperty(OutputKeys.METHOD, "xml");
-    transformer.setOutputProperty(OutputKeys.ENCODING, xmlEncoding);
-    String omit = omitDeclaration ? "yes" : "no";
-    transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, omit);
-    if (null!=lineSeperator) {
-      transformer.setOutputProperty("{http://xml.apache.org/xalan}line-separator", lineSeperator);//does not work for xalan <= 2.5.1
-    }
-    transformer.transform(new DOMSource(node), new StreamResult(bos));
-
-    bos.flush();
-    bos.close();
-
-    return bos.toByteArray();
-  }
-
-  /**
-    * Return the text that a node contains. 
-    * 
-    * This routine:
-    * <ul>
-    * <li>Ignores comments and processing instructions.</li>
-    * <li>Concatenates TEXT nodes, CDATA nodes, and the results recursively
-    * processing EntityRef nodes.</li>
-    * <li>Ignores any element nodes in the sublist. (Other possible options are
-    * to recurse into element sublists or throw an exception.)</li>
-    * </ul>
-    * 
-    * @param node A DOM node from which to extract text.
-    * @return A String representing its contents.
-    */
-  public static String getText(Node node) {
-    if (!node.hasChildNodes()) {
-      return "";
-    }
-
-    StringBuffer result = new StringBuffer();
-    NodeList list = node.getChildNodes();
-
-    for (int i = 0; i < list.getLength(); i++) {
-      Node subnode = list.item(i);
-      if (subnode.getNodeType() == Node.TEXT_NODE) {
-        result.append(subnode.getNodeValue());
-      } else if (subnode.getNodeType() == Node.CDATA_SECTION_NODE) {
-        result.append(subnode.getNodeValue());
-      } else if (subnode.getNodeType() == Node.ENTITY_REFERENCE_NODE) {
-        // Recurse into the subtree for text
-        // (and ignore comments)
-        result.append(getText(subnode));
-      }
-    }
-    return result.toString();
-  }
-
-  /**
-   * Build the namespace prefix to namespace URL mapping in effect for a given
-   * node.
-   * 
-   * @param node The context node for which build the map.
-   * @return The namespace prefix to namespace URL mapping (
-   * a <code>String</code> value to <code>String</code> value mapping).
-   */
-  public static Map getNamespaceDeclarations(Node node) {
-    Map nsDecls = new HashMap();
-    int i;
-
-    do {
-      if (node.hasAttributes()) {
-        NamedNodeMap attrs = node.getAttributes();
-
-        for (i = 0; i < attrs.getLength(); i++) {
-          Attr attr = (Attr) attrs.item(i);
-
-          // add prefix mapping if none exists
-          if ("xmlns".equals(attr.getPrefix())
-            || "xmlns".equals(attr.getName())) {
-
-            String nsPrefix =
-              attr.getPrefix() != null ? attr.getLocalName() : "";
-
-            if (nsDecls.get(nsPrefix) == null) {
-              nsDecls.put(nsPrefix, attr.getValue());
-            }
-          }
-        }
-      }
-    } while ((node = node.getParentNode()) != null);
-
-    return nsDecls;
-  }
-
-  /**
-   * Add all namespace declarations declared in the parent(s) of a given
-   * element and used in the subtree of the given element to the given element.  
-   * 
-   * @param context The element to which to add the namespaces.
-   */
-  public static void localizeNamespaceDeclarations(Element context) {
-    Node parent = context.getParentNode();
-
-    if (parent != null) {
-      Map namespaces = getNamespaceDeclarations(context.getParentNode());
-      Set nsUris = collectNamespaceURIs(context);
-      Iterator iter;
-
-      for (iter = namespaces.entrySet().iterator(); iter.hasNext();) {
-        Map.Entry e = (Map.Entry) iter.next();
-
-        if (nsUris.contains(e.getValue())) {
-          String prefix = (String) e.getKey();
-          String nsUri = (String) e.getValue();
-          String nsAttrName = "".equals(prefix) ? "xmlns" : "xmlns:" + prefix;
-
-          context.setAttributeNS(Constants.XMLNS_NS_URI, nsAttrName, nsUri);
-        }
-      }
-    }
-  }
-
-  /**
-   * Collect all the namespace URIs used in the subtree of a given element.
-   * 
-   * @param context The element that should be searched for namespace URIs.
-   * @return All namespace URIs used in the subtree of <code>context</code>,
-   * including the ones used in <code>context</code> itself.
-   */
-  public static Set collectNamespaceURIs(Element context) {
-    Set result = new HashSet();
-
-    collectNamespaceURIsImpl(context, result);
-    return result;
-  }
-
-  /**
-   * A recursive method to do the work of <code>collectNamespaceURIs</code>.
-   * 
-   * @param context The context element to evaluate.
-   * @param result The result, passed as a parameter to avoid unnecessary
-   * instantiations of <code>Set</code>.
-   */
-  private static void collectNamespaceURIsImpl(Element context, Set result) {
-    NamedNodeMap attrs = context.getAttributes();
-    NodeList childNodes = context.getChildNodes();
-    String nsUri;
-    int i;
-
-    // add the namespace of the context element
-    nsUri = context.getNamespaceURI();
-    if (nsUri != null && nsUri != Constants.XMLNS_NS_URI) {
-      result.add(nsUri);
-    }
-
-    // add all namespace URIs from attributes
-    for (i = 0; i < attrs.getLength(); i++) {
-      nsUri = attrs.item(i).getNamespaceURI();
-      if (nsUri != null && nsUri != Constants.XMLNS_NS_URI) {
-        result.add(nsUri);
-      }
-    }
-
-    // add all namespaces from subelements
-    for (i = 0; i < childNodes.getLength(); i++) {
-      Node node = childNodes.item(i);
-
-      if (node.getNodeType() == Node.ELEMENT_NODE) {
-        collectNamespaceURIsImpl((Element) node, result);
-      }
-    }
-  }
-
-  /**
-   * Check, that each attribute node in the given <code>NodeList</code> has its
-   * parent in the <code>NodeList</code> as well.
-   * 
-   * @param nodes The <code>NodeList</code> to check.
-   * @return <code>true</code>, if each attribute node in <code>nodes</code>
-   * has its parent in <code>nodes</code> as well.
-   */
-  public static boolean checkAttributeParentsInNodeList(NodeList nodes) {
-    Set nodeSet = new HashSet();
-    int i;
-
-    // put the nodes into the nodeSet
-    for (i = 0; i < nodes.getLength(); i++) {
-      nodeSet.add(nodes.item(i));
-    }
-
-    // check that each attribute node's parent is in the node list
-    for (i = 0; i < nodes.getLength(); i++) {
-      Node n = nodes.item(i);
-
-      if (n.getNodeType() == Node.ATTRIBUTE_NODE) {
-        Attr attr = (Attr) n;
-        Element owner = attr.getOwnerElement();
-
-        if (owner == null) {
-          if (!isNamespaceDeclaration(attr)) {
-            return false;
-          }
-        }
-
-        if (!nodeSet.contains(owner) && !isNamespaceDeclaration(attr)) {
-          return false;
-        }
-      }
-    }
-
-    return true;
-  }
-
-  /**
-   * Convert an unstructured <code>NodeList</code> into a 
-   * <code>DocumentFragment</code>.
-   *
-   * @param nodeList Contains the node list to be converted into a DOM 
-   * DocumentFragment.
-   * @return the resulting DocumentFragment. The DocumentFragment will be 
-   * backed by a new DOM Document, i.e. all noded of the node list will be 
-   * cloned.
-   * @throws ParserConfigurationException An error occurred creating the
-   * DocumentFragment.
-   * @precondition The nodes in the node list appear in document order
-   * @precondition for each Attr node in the node list, the owning Element is 
-   * in the node list as well.
-   * @precondition each Element or Attr node in the node list is namespace 
-   * aware.
-   */
-  public static DocumentFragment nodeList2DocumentFragment(NodeList nodeList)
-    throws ParserConfigurationException {
-
-    DocumentBuilder builder =
-      DocumentBuilderFactory.newInstance().newDocumentBuilder();
-    Document doc = builder.newDocument();
-    DocumentFragment result = doc.createDocumentFragment();
-
-    if (null == nodeList || nodeList.getLength() == 0) {
-      return result;
-    }
-
-    int currPos = 0;
-    currPos =
-      nodeList2DocumentFragment(nodeList, currPos, result, null, null) + 1;
-
-    while (currPos < nodeList.getLength()) {
-      currPos =
-        nodeList2DocumentFragment(nodeList, currPos, result, null, null) + 1;
-    }
-    return result;
-  }
-
-  /**
-   * Helper method for the <code>nodeList2DocumentFragment</code>.
-   * 
-   * @param nodeList The <code>NodeList</code> to convert.
-   * @param currPos The current position in the <code>nodeList</code>.
-   * @param result The resulting <code>DocumentFragment</code>.
-   * @param currOrgElem The current original element.
-   * @param currClonedElem The current cloned element.
-   * @return The current position.
-   */
-  private static int nodeList2DocumentFragment(
-    NodeList nodeList,
-    int currPos,
-    DocumentFragment result,
-    Element currOrgElem,
-    Element currClonedElem) {
-
-    while (currPos < nodeList.getLength()) {
-      Node currentNode = nodeList.item(currPos);
-      switch (currentNode.getNodeType()) {
-        case Node.COMMENT_NODE :
-        case Node.PROCESSING_INSTRUCTION_NODE :
-        case Node.TEXT_NODE :
-          {
-            // Append current node either to resulting DocumentFragment or to 
-            // current cloned Element
-            if (null == currClonedElem) {
-              result.appendChild(
-                result.getOwnerDocument().importNode(currentNode, false));
-            } else {
-              // Stop processing if current Node is not a descendant of 
-              // current Element
-              if (!isAncestor(currOrgElem, currentNode)) {
-                return --currPos;
-              }
-
-              currClonedElem.appendChild(
-                result.getOwnerDocument().importNode(currentNode, false));
-            }
-            break;
-          }
-
-        case Node.ELEMENT_NODE :
-          {
-            Element nextCurrOrgElem = (Element) currentNode;
-            Element nextCurrClonedElem =
-              result.getOwnerDocument().createElementNS(
-                nextCurrOrgElem.getNamespaceURI(),
-                nextCurrOrgElem.getNodeName());
-
-            // Append current Node either to resulting DocumentFragment or to 
-            // current cloned Element
-            if (null == currClonedElem) {
-              result.appendChild(nextCurrClonedElem);
-              currOrgElem = nextCurrOrgElem;
-              currClonedElem = nextCurrClonedElem;
-            } else {
-              // Stop processing if current Node is not a descendant of
-              // current Element
-              if (!isAncestor(currOrgElem, currentNode)) {
-                return --currPos;
-              }
-
-              currClonedElem.appendChild(nextCurrClonedElem);
-            }
-
-            // Process current Node (of type Element) recursively
-            currPos =
-              nodeList2DocumentFragment(
-                nodeList,
-                ++currPos,
-                result,
-                nextCurrOrgElem,
-                nextCurrClonedElem);
-
-            break;
-          }
-
-        case Node.ATTRIBUTE_NODE :
-          {
-            Attr currAttr = (Attr) currentNode;
-
-            // GK 20030411: Hack to overcome problems with IAIK IXSIL
-            if (currAttr.getOwnerElement() == null)
-              break;
-            if (currClonedElem == null)
-              break;
-
-            // currClonedElem must be the owner Element of currAttr if 
-            // preconditions are met
-            currClonedElem.setAttributeNS(
-              currAttr.getNamespaceURI(),
-              currAttr.getNodeName(),
-              currAttr.getValue());
-            break;
-          }
-
-        default :
-          {
-            // All other nodes will be ignored
-          }
-      }
-
-      currPos++;
-    }
-
-    return currPos;
-  }
-
-  /**
-   * Check, if the given attribute is a namespace declaration.
-   * 
-   * @param attr The attribute to check.
-   * @return <code>true</code>, if the attribute is a namespace declaration,
-   * <code>false</code> otherwise.
-   */
-  private static boolean isNamespaceDeclaration(Attr attr) {
-    return Constants.XMLNS_NS_URI.equals(attr.getNamespaceURI());
-  }
-
-  /**
-   * Check, if a given DOM element is an ancestor of a given node.
-   * 
-   * @param candAnc The DOM element to check for being the ancestor.
-   * @param cand The node to check for being the child.
-   * @return <code>true</code>, if <code>candAnc</code> is an (indirect) 
-   * ancestor of <code>cand</code>; <code>false</code> otherwise.
-   */
-  public static boolean isAncestor(Element candAnc, Node cand) {
-    Node currPar = cand.getParentNode();
-
-    while (currPar != null) {
-      if (candAnc == currPar)
-        return true;
-      currPar = currPar.getParentNode();
-    }
-    return false;
-  }
-  
-  /**
-   * Selects the (first) element from a node list and returns it.
-   * 
-   * @param nl  The NodeList to get the element from.
-   * @return    The (first) element included in the node list or <code>null</code>
-   *            if the node list is <code>null</code> or empty or no element is
-   *            included in the list.
-   */
-  public static Element getElementFromNodeList (NodeList nl) {
-    if ((nl == null) || (nl.getLength() == 0)) {
-      return null;
-    }
-    for (int i=0; i<nl.getLength(); i++) {
-      Node node = nl.item(i);
-      if (node.getNodeType() == Node.ELEMENT_NODE)  {
-        return  (Element)node;
-      }
-    }
-    return null;
-  }
-  
-  /**
-   * Returns all child elements of the given element.
-   * 
-   * @param parent  The element to get the child elements from.
-   * 
-   * @return A list including all child elements of the given element.
-   *         Maybe empty if the parent element has no child elements.
-   */
-  public static List getChildElements (Element parent) {
-    Vector v = new Vector();
-    NodeList nl = parent.getChildNodes();
-    int length = nl.getLength();
-    for (int i=0; i < length; i++) {
-      Node node = nl.item(i);
-      if (node.getNodeType() == Node.ELEMENT_NODE) {
-        v.add((Element)node);
-      }
-    }
-    return v;
-  }
-  
-  /**
-   * Returns a byte array from given node.
-   * @param node
-   * @return
-   * @throws TransformerException
-   */
-  public static byte[] nodeToByteArray(Node node) throws TransformerException {
-	  Source source = new DOMSource(node);
-	  ByteArrayOutputStream out = new ByteArrayOutputStream();
-	  //StringWriter stringWriter = new StringWriter();
-	  Result result = new StreamResult(out);
-	  TransformerFactory factory = TransformerFactory.newInstance();
-	  Transformer transformer = factory.newTransformer();
-	  transformer.transform(source, result);
-	  return out.toByteArray();
-  }
-
- 
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOADefaultHandler.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOADefaultHandler.java
index 7a79bd9e5..c0b530ed0 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOADefaultHandler.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOADefaultHandler.java
@@ -33,6 +33,8 @@ import org.xml.sax.SAXException;
 import org.xml.sax.SAXParseException;
 import org.xml.sax.helpers.DefaultHandler;
 
+import at.gv.egiz.eaaf.core.impl.utils.EAAFDomEntityResolver;
+
 /**
  * A <code>DefaultHandler</code> that uses a <code>MOAEntityResolver</code> and
  * a <code>MOAErrorHandler</code>.
@@ -48,9 +50,9 @@ public class MOADefaultHandler extends DefaultHandler {
 
   /**
    * Create a new <code>MOADefaultHandler</code>.
-   */
+   */ 
   public MOADefaultHandler() {
-    entityResolver = new MOAEntityResolver();
+    entityResolver = new EAAFDomEntityResolver();
     errorHandler = new MOAErrorHandler();
   }
 
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeIteratorAdapter.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeIteratorAdapter.java
deleted file mode 100644
index fdc823229..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeIteratorAdapter.java
+++ /dev/null
@@ -1,111 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.util.ListIterator;
-
-import org.w3c.dom.DOMException;
-import org.w3c.dom.Node;
-import org.w3c.dom.traversal.NodeFilter;
-import org.w3c.dom.traversal.NodeIterator;
-
-/**
- * A <code>NodeIterator</code> implementation based on a
- * <code>ListIterator</code>.
- * 
- * @see java.util.ListIterator
- * @see org.w3c.dom.traversal.NodeIterator
- * 
- * @author Patrick Peck
- * @version $Id$
- */
-public class NodeIteratorAdapter implements NodeIterator {
-
-  /** The <code>ListIterator</code> to wrap. */
-  private ListIterator nodeIterator;
-
-  /**
-   * Create a new <code>NodeIteratorAdapter</code>.
-   * @param nodeIterator The <code>ListIterator</code> to iterate over.
-   */
-  public NodeIteratorAdapter(ListIterator nodeIterator) {
-    this.nodeIterator = nodeIterator;
-  }
-
-  /**
-   * @see org.w3c.dom.traversal.NodeIterator#getRoot()
-   */
-  public Node getRoot() {
-    return null;
-  }
-
-  /**
-   * @see org.w3c.dom.traversal.NodeIterator#getWhatToShow()
-   */
-  public int getWhatToShow() {
-    return NodeFilter.SHOW_ALL;
-  }
-
-  /**
-   * @see org.w3c.dom.traversal.NodeIterator#getFilter()
-   */
-  public NodeFilter getFilter() {
-    return null;
-  }
-
-  /**
-   * @see org.w3c.dom.traversal.NodeIterator#getExpandEntityReferences()
-   */
-  public boolean getExpandEntityReferences() {
-    return false;
-  }
-
-  /**
-   * @see org.w3c.dom.traversal.NodeIterator#nextNode()
-   */
-  public Node nextNode() throws DOMException {
-    if (nodeIterator.hasNext()) {
-      return (Node) nodeIterator.next();
-    }
-    return null;
-  }
-
-  /**
-   * @see org.w3c.dom.traversal.NodeIterator#previousNode()
-   */
-  public Node previousNode() throws DOMException {
-    if (nodeIterator.hasPrevious()) {
-      return (Node) nodeIterator.previous();
-    }
-    return null;
-  }
-
-  /**
-   * @see org.w3c.dom.traversal.NodeIterator#detach()
-   */
-  public void detach() {
-  }
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeListAdapter.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeListAdapter.java
deleted file mode 100644
index e39cc0291..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeListAdapter.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.util.List;
-
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * A <code>NodeList</code> implementation based on a <code>List</code>.
- * 
- * @see java.util.List
- * @see org.w3c.dom.NodeList
- * 
- * @author Patrick Peck
- * @version $Id$
- */
-public class NodeListAdapter implements NodeList {
-  /** The <code>List</code> to wrap. */
-  private List nodeList;
-  
-  /**
-   * Create a new <code>NodeListAdapter</code>.
-   * 
-   * @param nodeList The <code>List</code> containing the nodes. 
-   */
-  public NodeListAdapter(List nodeList) {
-    this.nodeList = nodeList;
-  }
-
-  /**
-   * @see org.w3c.dom.NodeList#item(int)
-   */
-  public Node item(int index) {
-    return (Node) nodeList.get(index);
-  }
-
-  /**
-   * @see org.w3c.dom.NodeList#getLength()
-   */
-  public int getLength() {
-    return nodeList.size();
-  }
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathException.java
deleted file mode 100644
index 206245a68..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathException.java
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.io.PrintStream;
-import java.io.PrintWriter;
-
-/**
- * An exception occurred evaluating an XPath.
- * 
- * @author Patrick Peck
- * @version $Id$
- */
-public class XPathException extends RuntimeException {
-  /**
-	 * 
-	 */
-	private static final long serialVersionUID = 1736311265333034392L;
-/** The wrapped exception. */
-  private Throwable wrapped;
-  
-  /**
-   * Create a <code>XPathException</code>.
-   * 
-   * @param message The exception message.
-   * @param wrapped The exception being the likely cause of this exception.
-   */
-  public XPathException(String message, Throwable wrapped) {
-    super(message);
-    this.wrapped = wrapped; 
-  }
-  
-  /**
-   * Return the wrapped exception.
-   * 
-   * @return The wrapped exception being the likely cause of this exception.
-   */
-  public Throwable getWrapped() {
-    return wrapped;
-  }
-
-  /**
-   * @see java.lang.Throwable#printStackTrace(java.io.PrintStream)
-   */
-  public void printStackTrace(PrintStream s) {
-    super.printStackTrace(s);
-    if (getWrapped() != null) {
-      s.print("Caused by: ");
-      getWrapped().printStackTrace(s);
-    }
-  }
-
-  /**
-   * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter)
-   */
-  public void printStackTrace(PrintWriter s) {
-    super.printStackTrace(s);
-    if (getWrapped() != null) {
-      s.print("Caused by: ");
-      getWrapped().printStackTrace(s);
-    }
-  }
- 
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java
deleted file mode 100644
index 89aeaf3d1..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java
+++ /dev/null
@@ -1,557 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.util.List;
-import java.util.Map;
-
-import org.w3c.dom.Attr;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.w3c.dom.traversal.NodeIterator;
-
-import org.jaxen.JaxenException;
-import org.jaxen.NamespaceContext;
-import org.jaxen.Navigator;
-import org.jaxen.SimpleNamespaceContext;
-import org.jaxen.dom.DOMXPath;
-import org.jaxen.dom.DocumentNavigator;
-
-/**
- * Utility methods to evaluate XPath expressions on DOM nodes.
- * 
- * @author Patrick Peck
- * @version $Id$
- */
-public class XPathUtils {
-
-  /**
-   * The XPath expression selecting all nodes under a given root (including the
-   * root node itself).
-   */
-  public static final String ALL_NODES_XPATH =
-    "(.//. | .//@* | .//namespace::*)";
-
-  /** The <code>DocumentNavigator</code> to use for navigating the document. */
-  private static Navigator documentNavigator =
-    DocumentNavigator.getInstance();
-  /** The default namespace prefix to namespace URI mappings. */
-  private static NamespaceContext NS_CONTEXT;
-
-  static {
-    SimpleNamespaceContext ctx = new SimpleNamespaceContext();
-    ctx.addNamespace(Constants.MOA_PREFIX, Constants.MOA_NS_URI);
-    ctx.addNamespace(Constants.MOA_CONFIG_PREFIX, Constants.MOA_CONFIG_NS_URI);
-    ctx.addNamespace(Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
-    ctx.addNamespace(Constants.SL10_PREFIX, Constants.SL10_NS_URI);
-    ctx.addNamespace(Constants.SL11_PREFIX, Constants.SL11_NS_URI);
-    ctx.addNamespace(Constants.SL12_PREFIX, Constants.SL12_NS_URI);
-    ctx.addNamespace(Constants.ECDSA_PREFIX, Constants.ECDSA_NS_URI);
-    ctx.addNamespace(Constants.PD_PREFIX, Constants.PD_NS_URI);
-    ctx.addNamespace(Constants.SAML_PREFIX, Constants.SAML_NS_URI);
-    ctx.addNamespace(Constants.SAMLP_PREFIX, Constants.SAMLP_NS_URI);
-    ctx.addNamespace(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
-    ctx.addNamespace(Constants.XSLT_PREFIX, Constants.XSLT_NS_URI);
-    ctx.addNamespace(Constants.XSI_PREFIX, Constants.XSI_NS_URI);
-    ctx.addNamespace(Constants.DSIG_FILTER2_PREFIX, Constants.DSIG_FILTER2_NS_URI);
-    ctx.addNamespace(Constants.DSIG_EC_PREFIX, Constants.DSIG_EC_NS_URI);
-    ctx.addNamespace(Constants.MD_PREFIX, Constants.MD_NS_URI);
-    ctx.addNamespace(Constants.MDP_PREFIX, Constants.MDP_NS_URI);
-    ctx.addNamespace(Constants.MVV_PREFIX, Constants.MVV_NS_URI);
-    ctx.addNamespace(Constants.STB_PREFIX, Constants.STB_NS_URI);
-    ctx.addNamespace(Constants.WRR_PREFIX, Constants.WRR_NS_URI);
-    ctx.addNamespace(Constants.STORK_PREFIX, Constants.STORK_NS_URI);
-    ctx.addNamespace(Constants.STORKP_PREFIX, Constants.STORKP_NS_URI);
-    ctx.addNamespace(Constants.SAML2_PREFIX, Constants.SAML2_NS_URI);
-    ctx.addNamespace(Constants.SAML2P_PREFIX, Constants.SAML2P_NS_URI);
-    ctx.addNamespace(Constants.XENC_PREFIX, Constants.XENC_NS_URI);
-    ctx.addNamespace(Constants.XADES_1_1_1_NS_PREFIX, Constants.XADES_1_1_1_NS_URI);
-    NS_CONTEXT = ctx;
-  }
-
-  /**
-   * Return a <code>NodeIterator</code> over the nodes matching the XPath
-   * expression.
-   * 
-   * All namespace URIs and prefixes declared in the <code>Constants</code>
-   * interface are used for resolving namespaces.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param exp The XPath expression to evaluate.
-   * @return An iterator over the resulting nodes.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static NodeIterator selectNodeIterator(Node contextNode, String exp)
-    throws XPathException {
-
-    return selectNodeIterator(contextNode, NS_CONTEXT, exp);
-  }
-
-  /**
-   * Return a <code>NodeIterator</code> over the nodes matching the XPath
-   * expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param namespaceElement An element from which to build the
-   * namespace mapping for evaluating the XPath expression
-   * @param exp The XPath expression to evaluate.
-   * @return An iterator over the resulting nodes.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static NodeIterator selectNodeIterator(
-    Node contextNode,
-    Element namespaceElement,
-    String exp)
-    throws XPathException {
-
-    try {
-      SimpleNamespaceContext ctx = new SimpleNamespaceContext();
-      ctx.addElementNamespaces(documentNavigator, namespaceElement);
-      return selectNodeIterator(contextNode, ctx, exp);
-    } catch (JaxenException e) {
-      MessageProvider msg = MessageProvider.getInstance();
-      String message = msg.getMessage("xpath.00", new Object[] { exp });
-      throw new XPathException(message, e);
-    }
-  }
-
-  /**
-   * Return a <code>NodeIterator</code> over the nodes matching the XPath
-   * expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param namespaceMapping A namespace prefix to namespace URI mapping
-   * (<code>String</code> to <code>String</code>) for evaluating the XPath 
-   * expression.
-   * @param exp The XPath expression to evaluate.
-   * @return An iterator over the resulting nodes.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static NodeIterator selectNodeIterator(
-    Node contextNode,
-    Map namespaceMapping,
-    String exp)
-    throws XPathException {
-
-    SimpleNamespaceContext ctx = new SimpleNamespaceContext(namespaceMapping);
-
-    return selectNodeIterator(contextNode, ctx, exp);
-  }
-
-  /**
-   * Return a <code>NodeIterator</code> over the nodes matching the XPath
-   * expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param nsContext The <code>NamespaceContext</code> for resolving namespace
-   * prefixes to namespace URIs for evaluating the XPath expression.
-   * @param exp The XPath expression to evaluate.
-   * @return An iterator over the resulting nodes.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  private static NodeIterator selectNodeIterator(
-    Node contextNode,
-    NamespaceContext nsContext,
-    String exp)
-    throws XPathException {
-
-    try {
-      DOMXPath xpath = new DOMXPath(exp);
-      List nodes;
-
-      xpath.setNamespaceContext(nsContext);
-      nodes = xpath.selectNodes(contextNode);
-      return new NodeIteratorAdapter(nodes.listIterator());
-    } catch (JaxenException e) {
-      MessageProvider msg = MessageProvider.getInstance();
-      String message = msg.getMessage("xpath.00", new Object[] { exp });
-      throw new XPathException(message, e);
-    }
-  }
-
-  /**
-   * Return a <code>NodeList</code> of all the nodes matching the XPath
-   * expression.
-   * 
-   * All namespace URIs and prefixes declared in the <code>Constants</code>
-   * interface are used for resolving namespaces.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param exp The XPath expression to evaluate.
-   * @return A <code>NodeList</code> containing the matching nodes.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static NodeList selectNodeList(Node contextNode, String exp)
-    throws XPathException {
-
-    return selectNodeList(contextNode, NS_CONTEXT, exp);
-  }
-
-  /**
-   * Return a <code>NodeList</code> of all the nodes matching the XPath
-   * expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param namespaceElement An element from which to build the
-   * namespace mapping for evaluating the XPath expression
-   * @param exp The XPath expression to evaluate.
-   * @return A <code>NodeList</code> containing the matching nodes.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static NodeList selectNodeList(
-    Node contextNode,
-    Element namespaceElement,
-    String exp)
-    throws XPathException {
-
-    try {
-      SimpleNamespaceContext ctx = new SimpleNamespaceContext();
-
-      ctx.addElementNamespaces(documentNavigator, namespaceElement);
-      return selectNodeList(contextNode, ctx, exp);
-    } catch (JaxenException e) {
-      MessageProvider msg = MessageProvider.getInstance();
-      String message = msg.getMessage("xpath.00", new Object[] { exp });
-      throw new XPathException(message, e);
-    }
-  }
-
-  /**
-   * Return a <code>NodeList</code> of all the nodes matching the XPath
-   * expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param namespaceMapping A namespace prefix to namespace URI mapping
-   * (<code>String</code> to <code>String</code>) for evaluating the XPath 
-   * expression.
-   * @param exp The XPath expression to evaluate.
-   * @return A <code>NodeList</code> containing the matching nodes.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static NodeList selectNodeList(
-    Node contextNode,
-    Map namespaceMapping,
-    String exp)
-    throws XPathException {
-
-    SimpleNamespaceContext ctx = new SimpleNamespaceContext(namespaceMapping);
-
-    return selectNodeList(contextNode, ctx, exp);
-  }
-
-  /**
-   * Return a <code>NodeList</code> of all the nodes matching the XPath
-   * expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param nsContext The <code>NamespaceContext</code> for resolving namespace
-   * prefixes to namespace URIs for evaluating the XPath expression.
-   * @param exp The XPath expression to evaluate.
-   * @return A <code>NodeList</code> containing the matching nodes.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  private static NodeList selectNodeList(
-    Node contextNode,
-    NamespaceContext nsContext,
-    String exp)
-    throws XPathException {
-
-    try {
-      DOMXPath xpath = new DOMXPath(exp);
-      List nodes;
-
-      xpath.setNamespaceContext(nsContext);
-      nodes = xpath.selectNodes(contextNode);
-      return new NodeListAdapter(nodes);
-    } catch (JaxenException e) {
-      MessageProvider msg = MessageProvider.getInstance();
-      String message = msg.getMessage("xpath.00", new Object[] { exp });
-      throw new XPathException(message, e);
-    }
-  }
-
-  /**
-   * Select the first node matching an XPath expression.
-   * 
-   * All namespace URIs and prefixes declared in the <code>Constants</code>
-   * interface are used for resolving namespaces.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param exp The XPath expression to evaluate.
-   * @return Node The first node matching the XPath expression, or
-   * <code>null</code>, if no node matched.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static Node selectSingleNode(Node contextNode, String exp)
-    throws XPathException {
-
-    return selectSingleNode(contextNode, NS_CONTEXT, exp);
-  }
-
-  /**
-   * Select the first node matching an XPath expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param namespaceElement An element from which to build the
-   * namespace mapping for evaluating the XPath expression
-   * @param exp The XPath expression to evaluate.
-   * @return Node The first node matching the XPath expression, or
-   * <code>null</code>, if no node matched.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static Node selectSingleNode(
-    Node contextNode,
-    Element namespaceElement,
-    String exp)
-    throws XPathException {
-
-    try {
-      SimpleNamespaceContext ctx = new SimpleNamespaceContext();
-      ctx.addElementNamespaces(documentNavigator, namespaceElement);
-
-      return selectSingleNode(contextNode, ctx, exp);
-    } catch (JaxenException e) {
-      MessageProvider msg = MessageProvider.getInstance();
-      String message = msg.getMessage("xpath.00", new Object[] { exp });
-      throw new XPathException(message, e);
-    }
-  }
-
-  /**
-   * Select the first node matching an XPath expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param namespaceMapping A namespace prefix to namespace URI mapping
-   * (<code>String</code> to <code>String</code>) for evaluating the XPath 
-   * expression.
-   * @param exp The XPath expression to evaluate.
-   * @return Node The first node matching the XPath expression, or
-   * <code>null</code>, if no node matched.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static Node selectSingleNode(
-    Node contextNode,
-    Map namespaceMapping,
-    String exp)
-    throws XPathException {
-
-    SimpleNamespaceContext ctx = new SimpleNamespaceContext(namespaceMapping);
-
-    return selectSingleNode(contextNode, ctx, exp);
-  }
-
-  /**
-   * Select the first node matching an XPath expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param nsContext The <code>NamespaceContext</code> for resolving namespace
-   * prefixes to namespace URIs for evaluating the XPath expression.
-   * @param exp The XPath expression to evaluate.
-   * @return Node The first node matching the XPath expression, or
-   * <code>null</code>, if no node matched.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static Node selectSingleNode(
-    Node contextNode,
-    NamespaceContext nsContext,
-    String exp)
-    throws XPathException {
-
-    try {
-      DOMXPath xpath = new DOMXPath(exp);
-      xpath.setNamespaceContext(nsContext);
-      return (Node) xpath.selectSingleNode(contextNode);
-    } catch (JaxenException e) {
-      MessageProvider msg = MessageProvider.getInstance();
-      String message = msg.getMessage("xpath.00", new Object[] { exp });
-      throw new XPathException(message, e);
-    }
-  }
-
-  /**
-   * Return the value of a DOM element whose location is given by an XPath
-   * expression.
-   * 
-   * @param root The root element from which to evaluate the XPath.
-   * @param xpath The XPath expression pointing to the element whose value
-   * to return.
-   * @param def The default value to return, if no element can be found using
-   * the given <code>xpath</code>.
-   * @return The element value, if it can be located using the
-   * <code>xpath</code>. Otherwise, <code>def</code> is returned.
-   */
-  public static String getElementValue(
-    Element root,
-    String xpath,
-    String def) {
-
-    Element elem = (Element) XPathUtils.selectSingleNode(root, xpath);
-    return elem != null ? DOMUtils.getText(elem) : def;
-  }
-
-  /**
-   * Return the value of a DOM attribute whose location is given by an XPath
-   * expression.
-   * 
-   * @param root The root element from which to evaluate the XPath.
-   * @param xpath The XPath expression pointing to the attribute whose value to
-   * return.
-   * @param def The default value to return, if no attribute can be found using
-   * the given <code>xpath</code>.
-   * @return The element value, if it can be located using the
-   * <code>xpath</code>. Otherwise, <code>def</code> is returned.
-   */
-  public static String getAttributeValue(
-    Element root,
-    String xpath,
-    String def) {
-
-    Attr attr = (Attr) XPathUtils.selectSingleNode(root, xpath);
-    return attr != null ? attr.getValue() : def;
-  }
-  
-  /**
-   * Returns the namespace prefix used within <code>XPathUtils</code> for referring to
-   * the namespace of the specified (Security Layer command) element.
-   * 
-   * This namespace prefix can be used in various XPath expression evaluation methods 
-   * within <code> XPathUtils</code> without explicitely binding it to the particular
-   * namespace.
-   * 
-   * @param contextElement The (Security Layer command) element. 
-   *            
-   * @return  the namespace prefix used within <code>XPathUtils</code> for referring to
-   *          the namespace of the specified (Security Layer command) element.
-   * 
-   * throws XpathException If the specified element has a namespace other than the ones
-   *        known by this implementation as valid Security Layer namespaces (cf. 
-   *        @link Constants#SL10_NS_URI, @link Constants#SL11_NS_URI, @link Constants#SL12_NS_URI).
-   */
-  public static String getSlPrefix (Element contextElement) throws XPathException 
-  {
-    String sLNamespace = contextElement.getNamespaceURI();
-    String sLPrefix = null;
-
-    if (sLNamespace.equals(Constants.SL10_NS_URI)) 
-    {
-      sLPrefix = Constants.SL10_PREFIX;
-    }  
-    else if (sLNamespace.equals(Constants.SL12_NS_URI)) 
-    {
-      sLPrefix = Constants.SL12_PREFIX;
-    }
-    else if (sLNamespace.equals(Constants.SL11_NS_URI)) 
-    {
-      sLPrefix = Constants.SL11_PREFIX;
-    } 
-    else 
-    {
-      MessageProvider msg = MessageProvider.getInstance();
-      String message = msg.getMessage("xpath.00", new Object[] { "Ung�ltiger Security Layer Namespace: \"" + sLNamespace + "\"."});
-      throw new XPathException(message, null);
-    }
-    
-    return sLPrefix;
-  }
-  
-  
-  /**
-   * Return the SecurityLayer namespace prefix of the context element.
-   * If the context element is not the element that lies within the 
-   * SecurityLayer namespace. The Securitylayer namespace is derived from
-   * the <code>xmlns:sl10</code>, <code>sl11</code> or <code>sl</code> 
-   * attribute of the context element.
-   * 
-   * The returned prefix is needed for evaluating XPATH expressions.
-   * 
-   * @param contextElement The element to get a prefix for the Securitylayer namespace,
-   *                       that is used within the corresponding document. 
-   *            
-   * @return  The string <code>sl10</code>, <code>sl11</code> or <code>sl</code>,
-   *          depending on the SecurityLayer namespace of the contextElement.
-   * 
-   * throws XPathException If no (vlalid) SecurityLayer namespace prefix or namespace
-   *                       is defined.
-   */
-  public static String getSlPrefixFromNoRoot (Element contextElement) throws XPathException {
-    
-    String slPrefix = checkSLnsDeclaration(contextElement, Constants.SL10_PREFIX, Constants.SL10_NS_URI);
-    if (slPrefix == null) {
-      slPrefix = checkSLnsDeclaration(contextElement, Constants.SL11_PREFIX, Constants.SL11_NS_URI);
-    }
-    if (slPrefix == null) {
-      slPrefix = checkSLnsDeclaration(contextElement, Constants.SL12_PREFIX, Constants.SL12_NS_URI);
-    }       
-     
-    return slPrefix;
-       
-  }
-  
-  /**
-   * Checks if the context element has an attribute <code>xmlns:slPrefix</code> and
-   * if the prefix of that attribute corresponds with a valid SecurityLayer namespace.
-   * 
-   * @param contextElement  The element to be checked.
-   * @param slPrefix        The prefix which should be checked. Must be a valid SecurityLayer
-   *                        namespace prefix.
-   * @param slNameSpace     The SecurityLayer namespace that corresponds to the specified prefix.
-   *  
-   * @return                The valid SecurityLayer prefix or <code>null</code> if this prefix is
-   *                        not used.
-   * @throws XPathException
-   */
-  private static String checkSLnsDeclaration(Element contextElement, String slPrefix, String slNameSpace)
-      throws XPathException 
-  {
-    String nsAtt = "xmlns:" + slPrefix;
-    String nameSpace = contextElement.getAttribute(nsAtt);
-    if (nameSpace == "") {
-      return null;
-    } else {
-      // check if namespace is correct
-      if (nameSpace.equals(slNameSpace)) {
-        return slPrefix;
-      } else {
-        MessageProvider msg = MessageProvider.getInstance();
-        String message = msg.getMessage("xpath.00", new Object[] { "Ung�ltiger SecurityLayer Namespace: \"" + nameSpace + "\"."});
-        throw new XPathException(message, null);
-      }
-    }
-  }
-
-}
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
index 66bf1faff..51297fce3 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
@@ -36,8 +36,8 @@ import javax.xml.parsers.DocumentBuilderFactory;
 import org.w3c.dom.Document;
 import org.xml.sax.InputSource;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import junit.framework.TestCase;
 
 /**
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
index 7b1c0cb67..ac121a0b2 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
@@ -31,8 +31,8 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import test.at.gv.egovernment.moa.MOATestCase;
 
 /**
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java
index 15e6a62f3..4837caa2b 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java
@@ -26,10 +26,9 @@ package test.at.gv.egovernment.moa.util;
 import org.w3c.dom.Document;
 import org.w3c.dom.NodeList;
 
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import test.at.gv.egovernment.moa.MOATestCase;
 
-import at.gv.egovernment.moa.util.XPathUtils;
-
 
 /**
  * @author Patrick Peck
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java
deleted file mode 100644
index 999552891..000000000
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java
+++ /dev/null
@@ -1,111 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.frontend.builder;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-public abstract class AbstractGUIFormBuilderConfiguration implements IGUIBuilderConfiguration {
-
-	public static final String PARAM_AUTHCONTEXT = "contextPath";
-	public static final String PARAM_FORMSUBMITENDPOINT = "submitEndpoint";
-	
-	public static final String PARAM_PENDINGREQUESTID = "pendingReqID";
-	
-	private String authURL = null;
-	private String viewName = null;
-	private String formSubmitEndpoint = null;
-	
-	/**
-	 * @param authURL IDP PublicURL-Prefix which should be used, but never null
-	 * @param viewName Name of the template (with suffix) but never null
-	 * @param formSubmitEndpoint EndPoint on which the form should be submitted, 
-	 * or null if the form must not submitted
-	 * 
-	 */
-	public AbstractGUIFormBuilderConfiguration(String authURL, String viewName, String formSubmitEndpoint) {
-		if (viewName.startsWith("/"))
-			this.viewName = viewName.substring(1);
-		else
-			this.viewName = viewName;
-		
-		if (authURL.endsWith("/"))
-			this.authURL = authURL.substring(0, authURL.length() - 1);
-		else
-			this.authURL = authURL;
-		
-		if (MiscUtil.isNotEmpty(formSubmitEndpoint)) {
-			if (formSubmitEndpoint.startsWith("/"))
-				this.formSubmitEndpoint = formSubmitEndpoint;
-			else		
-				this.formSubmitEndpoint = "/" + formSubmitEndpoint;
-		}
-	}
-	
-	
-	/**
-	 * Define the parameters, which should be evaluated in the template <br>
-	 * <b>IMPORTANT:</b> external HTML escapetion is required, because it is NOT done internally during the building process
-	 * 
-	 * @return Map of parameters, which should be added to template
-	 */
-	abstract protected Map<String, Object> getSpecificViewParameters();
-	
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewName()
-	 */
-	@Override
-	public final String getViewName() {
-		return this.viewName;
-		
-	}
-	
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewParameters()
-	 */
-	@Override
-	public final Map<String, Object> getViewParameters() {
-		//get parameters from detail implementation
-		Map<String, Object> specParams = getSpecificViewParameters();
-		if (specParams == null)
-			specParams = new HashMap<String, Object>();
-		
-		//add generic parameters
-		specParams.put(PARAM_AUTHCONTEXT, this.authURL);		
-		if (this.formSubmitEndpoint != null)
-			specParams.put(PARAM_FORMSUBMITENDPOINT, this.formSubmitEndpoint);
-		
-		return specParams;
-		
-	}
-
-}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
index e1f995e82..2fcec92c5 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
@@ -30,6 +30,7 @@ import java.util.Map;
 import org.apache.commons.lang.StringEscapeUtils;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.gui.AbstractGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
index 5283089ed..e59c19219 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
@@ -30,6 +30,7 @@ import org.apache.commons.lang.StringEscapeUtils;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.impl.gui.AbstractGUIFormBuilderConfiguration;
 	
 /**
  * This class builds MOA-ID GUI forms from default resource paths
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
index 1bacc93c7..43d499589 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
@@ -22,154 +22,40 @@
  */
 package at.gv.egovernment.moa.id.auth.frontend.builder;
 
-import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileInputStream;
-import java.io.IOException;
 import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.StringWriter;
 import java.net.URI;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Map.Entry;
 
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
-import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
 import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
-import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
-import at.gv.egovernment.moa.id.commons.MOAIDConstants;
+import at.gv.egiz.eaaf.core.impl.gui.AbstractGUIFormBuilderImpl;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
  * @author tlenz 
  *
  */
 @Service("guiFormBuilder")
-public class GUIFormBuilderImpl implements IGUIFormBuilder {
+public class GUIFormBuilderImpl extends AbstractGUIFormBuilderImpl {
 	
-	private static final String DEFAULT_CONTENT_TYPE = MOAIDConstants.DEFAULT_CONTENT_TYPE_HTML_UTF8;
+
 	private static final String CONFIG_HTMLTEMPLATES_DIR = "htmlTemplates/";
 	private static final String CLASSPATH_HTMLTEMPLATES_DIR = "templates/";
 			
 	@Autowired private AuthConfiguration authConfig;
-	private VelocityEngine engine;
-		
+
 	public GUIFormBuilderImpl() throws GUIBuildException {
-		try {
-			engine = VelocityProvider.getClassPathVelocityEngine();
-			
-		} catch (Exception e) {
-			Logger.fatal("Initialization of Velocity-Engine to render GUI components FAILED.", e);
-			throw new GUIBuildException("Initialization of Velocity-Engine to render GUI components FAILED.", e);
-			
-		}
+		super();
 		
 	}
-		
-	public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String loggerName) throws GUIBuildException {
-		build(httpResp, config, getInternalContentType(config), loggerName);
-		
-	}
-		
-	@Override
-	public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, 
-			String contentType, String loggerName) throws GUIBuildException {
-		
-		InputStream is = null;
-		try {
-			String viewName = config.getViewName();			
-			is = getTemplateInputStream(config);
-			
-			//build Velocity Context from input paramters
-			VelocityContext context = buildContextFromViewParams(config.getViewParameters());
-
-			//evaluate template
-			StringWriter writer = new StringWriter();
-			engine.evaluate(context, writer, loggerName, new BufferedReader(new InputStreamReader(is)));
-							
-			//write template to response
-			final byte[] content = writer.toString().getBytes("UTF-8");
-			httpResp.setStatus(HttpServletResponse.SC_OK);
-			httpResp.setContentLength(content.length);
-			httpResp.setContentType(contentType);						
-			httpResp.getOutputStream().write(content);
-			
-			if (Logger.isTraceEnabled()) {
-				Logger.trace("Write Content for viewName:" + viewName 
-						+ ". Contentsize:" + String.valueOf(content.length)
-						+ " BufferSize:" + httpResp.getBufferSize()
-						+ " ContentType:" + contentType);
-				for (String el : httpResp.getHeaderNames())
-					Logger.trace(" * Headername:" + el + " Value:" + httpResp.getHeader(el));
 				
-			}
-			
-		} catch (IOException e) {
-			Logger.error("GUI form-builder has an internal error.", e);
-			throw new GUIBuildException("GUI form-builder has an internal error.", e);
-						
-		} finally {
-			if (is != null)
-				try {
-					is.close();
-					
-				} catch (IOException e) {
-					Logger.error("Can NOT close GUI-Template InputStream.", e);
-					
-				}
-		}
-		
-	}
-
-	/**
-	 * Generate a new {@link VelocityContext} and populate it with MOA-ID GUI parameters
-	 * 
-	 * @param config
-	 * @return
-	 */
-	public VelocityContext generateVelocityContextFromConfiguration(IGUIBuilderConfiguration config) {
-		return buildContextFromViewParams(config.getViewParameters());
-		
-	}
-	
-	/**
-	 * Load the template from different resources
-	 * 
-	 * @param config
-	 * @return An {@link InputStream} but never null. The {@link InputStream} had to be closed be the invoking method
-	 * @throws GUIBuildException
-	 */
-	public InputStream getTemplateInputStream(IGUIBuilderConfiguration config) throws GUIBuildException {			
-		InputStream is = getInternalTemplate(config);
-		if (is == null) {
-			Logger.warn("No GUI with viewName:" + config.getViewName() + " FOUND.");
-			throw new GUIBuildException("No GUI with viewName:" + config.getViewName() + " FOUND.");
-		
-		}		
-		return is;
-		
-	}
-	
-	private String getInternalContentType(IGUIBuilderConfiguration config) {
-		if (MiscUtil.isEmpty(config.getDefaultContentType()))
-			return DEFAULT_CONTENT_TYPE;
-		
-		else
-			return config.getDefaultContentType();
-		
-	}
-	
-	private InputStream getInternalTemplate(IGUIBuilderConfiguration config) throws GUIBuildException {
+	@Override
+	protected InputStream getInternalTemplate(IGUIBuilderConfiguration config) throws GUIBuildException {
 		String viewName = config.getViewName();
 		
 		//load specific template
@@ -193,7 +79,7 @@ public class GUIFormBuilderImpl implements IGUIFormBuilder {
 					Logger.debug("GUI template:" + viewName + " is not found in configuration directory. "
 							+ " Load template from project library ... ");					
 					try  {
-						pathLocation = getInternalClasspathTemplateDir(config) + viewName;
+						pathLocation = super.getInternalClasspathTemplateDir(config, CLASSPATH_HTMLTEMPLATES_DIR) + viewName;
 						is = Thread.currentThread()
 								.getContextClassLoader()
 								.getResourceAsStream(pathLocation);				
@@ -219,39 +105,4 @@ public class GUIFormBuilderImpl implements IGUIFormBuilder {
 		
 	}
 	
-	
-	/**
-	 * @return
-	 */
-	private String getInternalClasspathTemplateDir(IGUIBuilderConfiguration config) {
-		String dir = config.getClasspathTemplateDir();
-		if (dir != null) {
-			if (!dir.endsWith("/"))
-				dir += "/";
-			
-			return dir;			
-			
-		} else
-			return CLASSPATH_HTMLTEMPLATES_DIR;
-	}
-	
-	/**
-	 * @param viewParams
-	 * @return
-	 */
-	private VelocityContext buildContextFromViewParams(Map<String, Object> viewParams) {
-		VelocityContext context = new VelocityContext();
-				
-		if (viewParams != null) {
-			Iterator<Entry<String, Object>> interator = viewParams.entrySet().iterator();
-			while (interator.hasNext()) {
-				Entry<String, Object> el = interator.next();
-				context.put(el.getKey(), el.getValue());
-			}
-			
-		} 
-		
-		return context;
-	}
-	
 }
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index ef3e71874..6156ba6b4 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -26,13 +26,16 @@ import org.w3c.dom.NodeList;
 import org.xml.sax.SAXException;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
 import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
 import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
@@ -61,7 +64,6 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException;
@@ -71,7 +73,6 @@ import at.gv.egovernment.moa.id.logging.SpecificTraceLogger;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.DateTimeUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
@@ -432,7 +433,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 	 */
 	public String getCreateXMLSignatureRequestAuthBlockOrRedirect(
 			IAuthenticationSession session, IRequest pendingReq) throws ConfigurationException,
-			BuildException, ValidateException {
+			BuildException, ValidateException, EAAFBuilderException {
 
 		IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
 
@@ -531,7 +532,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 	 * @throws ConfigurationException 
 	 */
 	private String buildAuthenticationBlock(IAuthenticationSession session,
-			IOAAuthParameters oaParam, IRequest pendingReq) throws BuildException, ConfigurationException {
+			IOAAuthParameters oaParam, IRequest pendingReq) throws BuildException, ConfigurationException, EAAFBuilderException {
 
 		IIdentityLink identityLink = session.getIdentityLink();
 		String issuer = identityLink.getName();
@@ -930,7 +931,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 	public void verifyAuthenticationBlock(IRequest pendingReq, IAuthenticationSession session,
 			String xmlCreateXMLSignatureReadResponse)
 					throws AuthenticationException, BuildException, ParseException,
-					ConfigurationException, ServiceException, ValidateException, BKUException {
+					ConfigurationException, ServiceException, ValidateException, BKUException, EAAFBuilderException {
 
 		if (session == null)
 			throw new AuthenticationException("auth.10", new Object[]{
@@ -1068,7 +1069,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 	 */
 
 	protected Element createIdentificationBPK(Element mandatePerson,
-			String baseid, String target) throws BuildException {
+			String baseid, String target) throws BuildException, EAAFBuilderException {
 		Element identificationBpK = mandatePerson.getOwnerDocument()
 				.createElementNS(Constants.PD_NS_URI, "Identification");
 		Element valueBpK = mandatePerson.getOwnerDocument().createElementNS(
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
index 9a807ca00..a2a38c9dd 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
@@ -31,10 +31,10 @@ import javax.xml.transform.TransformerException;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.StringUtils;
 
 /**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index bbd90fdaa..a46c81d06 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -48,6 +48,7 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
@@ -61,7 +62,6 @@ import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
index 9dcc93e9f..fb65bac04 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
@@ -49,10 +49,10 @@ package at.gv.egovernment.moa.id.auth.builder;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 
 /**
  * Builder for the <code>lt;pr:Person&gt;</code> element to be inserted
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java
index 306c871fc..ee58b7fa1 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java
@@ -50,9 +50,9 @@ import java.text.MessageFormat;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.StringUtils;
 
 /**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
index e6adcf159..2c8127e2d 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -55,10 +55,10 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
 
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
index 37f24ea72..d345aa208 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
@@ -18,9 +18,11 @@ import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -31,12 +33,10 @@ import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.client.SZRGWClientException;
 import at.gv.egovernment.moa.id.client.utils.SZRGWClientUtils;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
 
 /**
@@ -135,7 +135,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
 				IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(
 						response.getIdentityLink()));
 				IIdentityLink identitylink = ilParser.parseIdentityLink();
-				moasession.setIdentityLink(identitylink);
+				moasession.setIdentityLink(identitylink); 
 
 				// set QAA Level four in case of card authentifcation
 				moasession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
index d81afee7b..af4abe813 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
@@ -18,6 +18,7 @@ import org.xml.sax.SAXException;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -31,7 +32,6 @@ import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 import iaik.pki.PKIException;
 
 /**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
index 4db814246..7c9702b8b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
@@ -37,6 +37,7 @@ import org.w3c.dom.Element;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -49,7 +50,6 @@ import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 
 /**
  * @author tlenz
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
index fb3cf3713..0b5db368f 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
@@ -58,14 +58,14 @@ import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 import org.w3c.dom.traversal.NodeIterator;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 
 /**
  * Parses an <code>&lt;InfoboxReadResponse&gt;</code> returned from
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java
index 390467bf8..4c9c15e99 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java
@@ -53,12 +53,12 @@ import java.util.Vector;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.auth.data.InfoboxToken;
 import at.gv.egovernment.moa.id.auth.data.InfoboxTokenImpl;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 
 /**
  * Parses and unmarshales <code>InfoboxReadResponse<code>.
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
index dba26f1db..8458bce01 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
@@ -63,14 +63,14 @@ import org.apache.xpath.XPathAPI;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 import iaik.x509.X509Certificate;
 
 /**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 96be0279a..01ef4ee26 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -57,9 +57,12 @@ import org.jaxen.SimpleNamespaceContext;
 import org.w3c.dom.Element;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
@@ -68,7 +71,6 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -77,7 +79,6 @@ import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 
 /**
  * 
@@ -136,7 +137,7 @@ public class CreateXMLSignatureResponseValidator {
  * @throws ConfigurationException 
    */
   public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, IAuthenticationSession session, IRequest pendingReq)
-   throws ValidateException, BuildException, ConfigurationException {
+   throws ValidateException, BuildException, ConfigurationException, EAAFBuilderException {
       // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
     IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
     String oaURL = oaParam.getPublicURLPrefix(); 
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
index f3ce6888b..604d224eb 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
@@ -49,11 +49,11 @@ package at.gv.egovernment.moa.id.auth.validator;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.IdentityLink;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.exception.ValidateException;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.XPathUtils;
 
 /**
  * This class is used to validate an {@link IdentityLink} 
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 17a3fe7ab..17d487e79 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -54,11 +54,11 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Set;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.ValidateException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
index b3327a3d5..e023a6507 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
@@ -64,7 +64,8 @@ import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
 import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
@@ -73,7 +74,6 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.BoolUtils;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.StringUtils;
 
 /**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
index a1e16a7f0..fe0e659c7 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
@@ -70,12 +70,12 @@ import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 import org.xml.sax.SAXException;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MISSimpleClientException;
 import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.StringUtils;
 
 
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java
index ec15a209c..9d59b60f3 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java
@@ -48,10 +48,9 @@ package test.at.gv.egovernment.moa.id.auth.builder;
 
 import org.w3c.dom.Document;
 import test.at.gv.egovernment.moa.id.UnitTestCase;
-
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 
 /**
  * @author Paul Ivancsics
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java
index f2fde6322..f83f57144 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java
@@ -46,9 +46,9 @@
 
 package test.at.gv.egovernment.moa.id.auth.builder;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
 import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.util.Constants;
 
 import test.at.gv.egovernment.moa.id.UnitTestCase;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java
index 977764878..88b973457 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java
@@ -46,20 +46,19 @@
 
 package test.at.gv.egovernment.moa.id.auth.parser;
 
-import iaik.security.rsa.RSAPublicKey;
-
 import java.io.FileOutputStream;
 import java.io.RandomAccessFile;
 import java.security.PublicKey;
 
 import org.w3c.dom.Document;
 
-import test.at.gv.egovernment.moa.id.UnitTestCase;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
 import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
+import iaik.security.rsa.RSAPublicKey;
+import test.at.gv.egovernment.moa.id.UnitTestCase;
 
 /**
  * @author Paul Ivancsics
@@ -74,7 +73,7 @@ public class IdentityLinkAssertionParserTest extends UnitTestCase {
   }
 
   public void setUp() {
-    try {
+    try { 
       RandomAccessFile s =
         new RandomAccessFile(
           "data/test/xmldata/testperson1/InfoboxReadResponse.xml",
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java
index 38bf1cab6..58c6b66d0 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java
@@ -48,10 +48,10 @@ package test.at.gv.egovernment.moa.id.auth.parser;
 
 import java.io.RandomAccessFile;
 
-import test.at.gv.egovernment.moa.id.UnitTestCase;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import test.at.gv.egovernment.moa.id.UnitTestCase;
 
 /**
  * @author Paul Ivancsics
@@ -64,7 +64,7 @@ public class InfoboxReadResponseParserTest extends UnitTestCase {
   public InfoboxReadResponseParserTest(String name) {
     super(name);
   }
-
+ 
   public void setUp() {
   }
 
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
index 76563c8ca..ec43adccc 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
@@ -55,6 +55,7 @@ import com.google.gson.JsonParseException;
 import com.google.gson.JsonParser;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
@@ -64,7 +65,6 @@ import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
@@ -91,7 +91,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 	private static final String EIDCONTAINER_KEY_SALT = "salt";
 	private static final String EIDCONTAINER_KEY_IV = "iv";
 	private static final String EIDCONTAINER_EID = "eid";
-	private static final String EIDCONTAINER_KEY_IDL = "idl";
+	private static final String EIDCONTAINER_KEY_IDL = "idl"; 
 	private static final String EIDCONTAINER_KEY_BINDINGCERT = "cert";
 	 
 	public static final String REQ_PARAM_eID_BLOW = "eidToken";
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
index 90810a7f4..5e79aee8e 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
@@ -34,6 +34,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
@@ -44,7 +45,6 @@ import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
@@ -64,7 +64,7 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
 			throws TaskExecutionException {
-		
+		 
 		try {
 			Logger.info("Add user credentials for BKA MobileAuth SAML2 test and finalize authentication");	
 			parseDemoValuesIntoMOASession(pendingReq);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
index 45033562f..103781470 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -35,9 +35,12 @@ import org.springframework.stereotype.Component;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
@@ -46,13 +49,10 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeExce
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
 
 /**
@@ -70,7 +70,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 	@Override
 	public void execute(ExecutionContext executionContext,
 			HttpServletRequest request, HttpServletResponse response)
-			throws TaskExecutionException {
+			throws TaskExecutionException { 
 		try{												
 			//get eIDAS attributes from MOA-Session
 			ImmutableAttributeMap eIDASAttributes = pendingReq.getGenericData(
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
index 0b0c74777..658502d2c 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
@@ -38,11 +38,11 @@ import org.springframework.stereotype.Component;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesRequestBuilderConfiguration;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 190ef9e9d..19fdb3fee 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -37,6 +37,7 @@ import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIssuingNationAttributeBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN;
@@ -46,7 +47,6 @@ import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
index 325e1906d..8791da429 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -127,7 +127,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				
 				//TODO: validate results
 				
-				
+				 
 				//add into session
 				AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
 				moasession.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink());
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
index 5a17d6123..044366eb6 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
@@ -28,10 +28,10 @@ import java.util.List;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.data.AuthenticationRole;
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
index a866f3939..8c024e79c 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
@@ -447,4 +447,22 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters {
 		return false;
 	}
 
+	@Override
+	public String getConfigurationValue(String arg0, String arg1) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Boolean isConfigurationValue(String arg0) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isConfigurationValue(String arg0, boolean arg1) {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
 }
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
index 04ac1fd57..dc2baab7d 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
@@ -75,6 +75,7 @@ import com.google.gson.JsonParser;
 import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
@@ -202,7 +203,7 @@ public class SSOTransferServlet{
 					InputStream idlstream = idlURL.openStream();
 					moaSession.setIdentityLink(new IdentityLinkAssertionParser(idlstream).parseIdentityLink());
 					internalTransferPersonalInformation(req, resp, container, moaSession, true);
-					
+					 
 				} else {
 					Logger.info("Servlet " + getClass().getName() + " receive a token:" +
 							token + ", which references an empty data object.");
@@ -451,7 +452,7 @@ public class SSOTransferServlet{
 	}
 	
 	private void internalTransferPersonalInformation(HttpServletRequest req, HttpServletResponse resp,
-			SSOTransferContainer container, IAuthenticationSession moaSession, boolean developmentMode) throws IOException, InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, OperatorCreationException, CredentialsNotAvailableException, PKCSException, CertificateException, SessionDataStorageException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException {
+			SSOTransferContainer container, IAuthenticationSession moaSession, boolean developmentMode) throws IOException, InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, OperatorCreationException, CredentialsNotAvailableException, PKCSException, CertificateException, SessionDataStorageException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException, EAAFStorageException {
 		Logger.debug("");
 		JsonObject receivedData = getJSONObjectFromPostMessage(req, developmentMode);
 		
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
index 4a5511df4..cf7723c70 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
@@ -213,7 +213,7 @@ public class SSOContainerUtils {
 			Logger.error("SignerCertificate is not parseable.", e);
 			
 		}
-		
+		 
 		String idlStr = attributeExtractor.getSingleAttributeValue(PVPConstants.EID_IDENTITY_LINK_NAME);
 		try {
 			if (MiscUtil.isNotEmpty(idlStr)) {
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index 73d99d93b..dcb7cb7ee 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -74,17 +74,17 @@ import com.google.common.net.MediaType;
 
 import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.DateTimeUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 
 /**
  * Web service for picking up authentication data created in the MOA-ID Auth component.
@@ -256,7 +256,7 @@ public class GetAuthenticationDataService extends AbstractController implements
 				// no SAML artifact given in request
 				statusCode = "samlp:Requester";
 				statusMessageCode = "1202";
-				
+				 
 			} else if (samlArtifactList.getLength() > 1) {
 				// too many SAML artifacts given in request
 				statusCode = "samlp:Requester";
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 73afec4e0..78dc80815 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -46,12 +46,14 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
 import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -71,7 +73,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 import at.gv.util.xsd.persondata.IdentificationType;
@@ -445,7 +446,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 	private String generateMandateDate(IOAAuthParameters oaParam, MOAAuthenticationData authData
 			) throws AuthenticationException, BuildException,
 			ParseException, ConfigurationException, ServiceException,
-			ValidateException {
+			ValidateException, EAAFBuilderException {
 
 		if (authData == null)
 			throw new AuthenticationException("auth.10", new Object[] {
@@ -547,7 +548,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 				
 			} else {
 				;
-			}
+			} 
 			
 			return DOMUtils.serializeNode(prPerson);
 
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
index e6dbcd89d..33976704f 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
@@ -28,6 +28,7 @@ import java.util.List;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
 import at.gv.egovernment.moa.id.auth.exception.ValidateException;
 import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
@@ -36,7 +37,6 @@ import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
 import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
 import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters;
@@ -56,7 +56,7 @@ public class IdentityLinkTestModule implements TestModuleInterface {
 			identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink();
 		}
 		
-	} 
+	}  
 	
 	public List<String> performTests()  throws Exception{
 		Logger.trace("Start MOA-ID IdentityLink Test");
-- 
cgit v1.2.3


From 30e324851d67bd900471457e3c30a19b4073ec77 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 25 Jun 2018 13:22:20 +0200
Subject: add SP specific configuration for SL2.0

---
 .../data/oa/OAAuthenticationData.java              | 55 +++++++++++++++-
 .../oa/OAAuthenticationDataValidation.java         | 61 ++++++++++++++++-
 .../resources/applicationResources_de.properties   |  8 +++
 .../resources/applicationResources_en.properties   |  8 +++
 .../main/webapp/jsp/snippets/OA/authentication.jsp | 21 ++++++
 .../ServicesAuthenticationInformationTask.java     | 76 ++++++++++++++++++++++
 .../moa/id/moduls/AuthenticationManager.java       |  4 +-
 .../moa/id/commons/MOAIDAuthConstants.java         |  1 +
 .../moa/id/commons/api/IOAAuthParameters.java      |  3 +-
 .../config/ConfigurationMigrationUtils.java        | 24 +++++++
 .../config/MOAIDConfigurationConstants.java        |  3 +
 .../db/dao/config/deprecated/AuthComponentOA.java  | 38 ++++++++---
 .../moa/id/commons/utils/KeyValueUtils.java        | 26 ++++++++
 .../moa/id/auth/modules/sl20_auth/Constants.java   |  5 +-
 .../sl20_auth/SL20AuthenticationModulImpl.java     | 43 +++++++++---
 .../sl20_auth/tasks/CreateQualeIDRequestTask.java  | 37 +++++------
 16 files changed, 366 insertions(+), 47 deletions(-)

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
index ad99f5d22..2f51e68b4 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
@@ -85,6 +85,11 @@ public class OAAuthenticationData implements IOnlineApplicationData {
 	private boolean useTestIDLValidationTrustStore = false;
 	private boolean useTestAuthblockValidationTrustStore = false;
 	
+	
+	//SL2.0
+	private boolean sl20Active = false;
+	private String sl20EndPoints = null;
+	
 	/**
 	 * 
 	 */
@@ -253,6 +258,29 @@ public class OAAuthenticationData implements IOnlineApplicationData {
 			useTestIDLValidationTrustStore = oaauth.getTestCredentials().isUseTestIDLTrustStore();		
 		}
 		
+		//parse SL2.0 information
+		if (oaauth.isSl20Active()) {
+			//parse SL2.0 endpoint information
+			if (oaauth.getSl20EndPoints() != null) {
+				if (KeyValueUtils.isCSVValueString(oaauth.getSl20EndPoints()))
+					sl20EndPoints = KeyValueUtils.normalizeCSVValueString(oaauth.getSl20EndPoints());
+				
+				else {
+					if (oaauth.getSl20EndPoints().contains(KeyValueUtils.CSV_DELIMITER)) {
+						//remove trailing comma if exist
+						sl20EndPoints = oaauth.getSl20EndPoints().substring(0, 
+								oaauth.getSl20EndPoints().indexOf(KeyValueUtils.CSV_DELIMITER));
+													
+					} else
+						sl20EndPoints = oaauth.getSl20EndPoints();
+					
+				}
+			}
+			sl20Active = oaauth.isSl20Active();
+			
+		}
+		
+		
 		return null;
 		
 	}
@@ -392,7 +420,10 @@ public class OAAuthenticationData implements IOnlineApplicationData {
         testing.setUseTestIDLTrustStore(useTestIDLValidationTrustStore);
         
         
-        
+        //store SL2.0 information
+        authoa.setSl20Active(isSl20Active());        
+        authoa.setSl20EndPoints(getSl20EndPoints());
+                
         return null;
 	}
 
@@ -768,6 +799,28 @@ public class OAAuthenticationData implements IOnlineApplicationData {
 	public List<String> getSzrgwServicesList() {
 		return szrgwServicesList;
 	}
+
+	
+	public boolean isSl20Active() {
+		return sl20Active;
+	}
+
+	public void setSl20Active(boolean sl20Active) {
+		this.sl20Active = sl20Active;
+	}
+
+	public String getSl20EndPoints() {
+		return sl20EndPoints;
+	}
+
+	public void setSl20EndPoints(String sl20EndPoints) {
+		if (MiscUtil.isNotEmpty(sl20EndPoints))
+			this.sl20EndPoints = 
+				KeyValueUtils.removeAllNewlineFromString(sl20EndPoints);
+		else
+			this.sl20EndPoints = sl20EndPoints;
+	}
 		
 	
+	
 }
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
index a758088b1..32ef4a6cc 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
@@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletRequest;
 import org.apache.log4j.Logger;
 
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
 import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
@@ -187,7 +188,65 @@ public class OAAuthenticationDataValidation {
 			
 			
 		}
-				
+		
+		if (form.isSl20Active()) {
+			if (MiscUtil.isNotEmpty(form.getSl20EndPoints())) {
+				log.debug("Validate SL2.0 configuration ... ");				
+				List<String> sl20Endpoints = KeyValueUtils.getListOfCSVValues(form.getSl20EndPoints());
+				if (sl20Endpoints.size() == 1) {
+					String value = sl20Endpoints.get(0);
+					
+					if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && 
+							value.contains(KeyValueUtils.KEYVVALUEDELIMITER)) {
+						log.warn("SL2.0 endpoint '" + value + "' has wrong format");
+						errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", 
+							new Object[] {value}, request ));
+												
+					} else if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && 
+							!value.contains(KeyValueUtils.KEYVVALUEDELIMITER) ) {
+						log.info("Find one SL2.0 endpoint without 'default='. Start update ... ");
+						form.setSl20EndPoints(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER + value);	
+						
+					}
+					
+				} else {
+					boolean findDefault = false;
+					for (String el : sl20Endpoints) {
+						if (!el.contains(KeyValueUtils.KEYVVALUEDELIMITER)) {
+							log.warn("SL2.0 endpoint '" + el + "' has wrong format");
+							errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", 
+								new Object[] {el}, request ));
+							
+						} else {
+							if (el.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER)) {
+								log.debug("Find default endpoint.");
+								findDefault = true;
+								
+							} else {
+								String firstPart = el.split(KeyValueUtils.KEYVVALUEDELIMITER)[0];
+								try {	
+									Integer.valueOf(firstPart);
+									
+								} catch (NumberFormatException e) {
+									log.warn("SL2.0 endpoint '" + el + "' has wrong format", e);
+									errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", 
+											new Object[] {el}, request ));
+									
+								}																										
+							}							
+						}
+					}
+					
+					if (!findDefault) {
+						log.warn("SL2.0 endpoints contains NO default endpoint");
+						errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.default", 
+								new Object[] {}, request ));
+						
+					}
+				}								
+			}			
+		}
+		
 		return errors;
 	}
 }
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index 2006625ff..047d4b200 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -562,3 +562,11 @@ validation.general.form.appletredirecttarget=Der RedirectTarget beinhaltet einen
 validation.general.form.fonttype=Der BKU-Auswahl Schrifttyp enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
 validation.general.form.applet.width=Die Appleth\u00F6he ist keine g\\u00FCltige Zahl.
 validation.general.form.applet.height=Die Appletbreite ist keine g\\u00FCltige Zahl.
+
+
+###new
+webpages.oaconfig.general.sl20.header=Security Layer f�r mobile Authententifizierung
+webpages.oaconfig.general.sl20.enable=SL2.0 aktivieren
+webpages.oaconfig.general.sl20.endpoints=VDA Endpunkt URLs
+validation.general.sl20.endpoints.default=SL2.0 Endpunkt beinhaltet keinen 'default' Endpunkt.
+validation.general.sl20.endpoints.wrong=SL2.0 Endpunkt ist ung\\u00FCltig formatiert {0}.  
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index 694294df7..43fa0f3ae 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -559,3 +559,11 @@ validation.general.form.appletredirecttarget=RedirectTarget contains invalud val
 validation.general.form.fonttype=Font type for CCE selection contains forbidden characters. The following characters are not allowed\: {0}
 validation.general.form.applet.width=The height of applet is invalid number.
 validation.general.form.applet.height=The width of applet is invalid number.
+
+
+###new
+webpages.oaconfig.general.sl20.header=Security Layer for mobile Authentication
+webpages.oaconfig.general.sl20.enable=Activate SL2.0
+webpages.oaconfig.general.sl20.endpoints=VDA endPoint URLs
+validation.general.sl20.endpoints.default=SL2.0 endpoint contains NO 'default'.
+validation.general.sl20.endpoints.wrong=SL2.0 endpoint {0} is not valid.  
\ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp
index 59661091b..d2668e264 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp
@@ -67,6 +67,27 @@
 					</div>
 				</s:if>	
 
+				<div class="oa_config_block">
+						<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.sl20.header", request) %></h3>
+						<s:checkbox name="authOA.sl20Active" 
+								value="%{authOA.sl20Active}"
+								labelposition="left"
+								key="webpages.oaconfig.general.sl20.enable"
+								cssClass="checkbox">
+						</s:checkbox>
+						
+						<s:textarea name="authOA.sl20EndPoints" 
+									value="%{authOA.sl20EndPoints}" 
+									labelposition="left"
+									key="webpages.oaconfig.general.sl20.endpoints"
+									cssClass="textfield_long"
+									rows="3"								
+									requiredLabel="true"
+									style="height:120px;">								
+						</s:textarea>							
+				</div>
+
+
 				<div class="oa_config_block">
 						<h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.testing.header", request) %></h3>
 						
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
index 25855dcb6..956d07c44 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java
@@ -279,6 +279,82 @@ public class ServicesAuthenticationInformationTask extends AbstractTaskValidator
 					LanguageHelper.getErrorString("validation.general.szrgw.url.valid", new Object[]{check})));
 		}
 		
+		
+		
+		
+		
+		
+		check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS);
+		if (input.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED) != null && 
+				Boolean.valueOf(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED))) {
+			if (MiscUtil.isNotEmpty(check)) {
+				log.debug("Validate SL2.0 configuration ... ");				
+				List<String> sl20Endpoints = KeyValueUtils.getListOfCSVValues(check);
+				if (sl20Endpoints.size() == 1) {
+					String value = sl20Endpoints.get(0);
+					
+					if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && 
+							value.contains(KeyValueUtils.KEYVVALUEDELIMITER)) {
+						log.warn("SL2.0 endpoint '" + value + "' has wrong format");
+						errors.add(new ValidationObjectIdentifier(
+								MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, 
+								"SL2.0 - EndPoint URLs",
+								LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", new Object[]{value})));
+																				
+					} else if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && 
+							!value.contains(KeyValueUtils.KEYVVALUEDELIMITER) ) {
+						log.info("Find one SL2.0 endpoint without 'default='. Start updateing ... ");
+						sl20Endpoints.remove(0);
+						sl20Endpoints.add(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER + value);	
+						
+					}
+					
+				} else {
+					boolean findDefault = false;
+					for (String el : sl20Endpoints) {
+						if (!el.contains(KeyValueUtils.KEYVVALUEDELIMITER)) {
+							log.warn("SL2.0 endpoint '" + el + "' has wrong format");
+							errors.add(new ValidationObjectIdentifier(
+									MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, 
+									"SL2.0 - EndPoint URLs",
+									LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", new Object[]{el})));
+							
+						} else {
+							if (el.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER)) {
+								log.debug("Find default endpoint.");
+								findDefault = true;
+								
+							} else {
+								String firstPart = el.split(KeyValueUtils.KEYVVALUEDELIMITER)[0];
+								try {	
+									Integer.valueOf(firstPart);
+									
+								} catch (NumberFormatException e) {
+									log.warn("SL2.0 endpoint '" + el + "' has wrong format", e);
+									errors.add(new ValidationObjectIdentifier(
+											MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, 
+											"SL2.0 - EndPoint URLs",
+											LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", new Object[]{el})));
+									
+								}																										
+							}							
+						}
+					}
+					
+					if (!findDefault) {
+						log.warn("SL2.0 endpoints contains NO default endpoint");
+						errors.add(new ValidationObjectIdentifier(
+								MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, 
+								"SL2.0 - EndPoint URLs",
+								LanguageHelper.getErrorString("validation.general.sl20.endpoints.default", new Object[]{})));
+						
+					}
+				}								
+			}			
+		}
+		
+		
+		
 		if (!errors.isEmpty())
 			throw new ConfigurationTaskValidationException(errors);
 				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index e093ce1e2..db0170e54 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -476,7 +476,9 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 		try {
 			//put pending-request ID on execurtionContext
 			executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID());			
-						
+			executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_SP_CONFIG, pendingReq.getOnlineApplicationConfiguration());
+			
+			
 			// create process instance
 			String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext);
 
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
index 6f6735d48..58f930590 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
@@ -190,6 +190,7 @@ public class MOAIDAuthConstants extends MOAIDConstants{
   public static final String PROCESSCONTEXT_ISLEGACYREQUEST = "isLegacyRequest";
   public static final String PROCESSCONTEXT_UNIQUE_OA_IDENTFIER = "uniqueSPId";
   public static final String PROCESSCONTEXT_SSL_CLIENT_CERTIFICATE = MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE;
+  public static final String PROCESSCONTEXT_SP_CONFIG = "spConfig";
   
   //General protocol-request data-store keys
   public static final String AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE = "authProces_SecurityLayerTemplate";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
index 332764edf..4e697f099 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
@@ -22,6 +22,7 @@
  */
 package at.gv.egovernment.moa.id.commons.api;
 
+import java.io.Serializable;
 import java.security.PrivateKey;
 import java.util.Collection;
 import java.util.List;
@@ -37,7 +38,7 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
  * @author tlenz
  *
  */
-public interface IOAAuthParameters {
+public interface IOAAuthParameters extends Serializable{
 
 	public static final String CONFIG_KEY_RESTRICTIONS_BASEID_INTERNAL = "configuration.restrictions.baseID.idpProcessing";
 	public static final String CONFIG_KEY_RESTRICTIONS_BASEID_TRANSMISSION = "configuration.restrictions.baseID.spTransmission";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
index 48d64225c..f42c1eb69 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
@@ -181,12 +181,26 @@ public class ConfigurationMigrationUtils {
 			else
 				result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, StringUtils.EMPTY);
 			
+						
 			//convert selected SZR-GW service
 			if (MiscUtil.isNotEmpty(oa.getSelectedSZRGWServiceURL()))
 				result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL, oa.getSelectedSZRGWServiceURL());
 			
 	        AuthComponentOA oaauth = oa.getAuthComponentOA();
 			if (oaauth != null) {
+			
+				//convert SL20 infos
+				if (oaauth.isSl20Active() != null)
+					result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED, oaauth.isSl20Active().toString());
+				else
+					result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED, Boolean.FALSE.toString());
+				
+				if (MiscUtil.isNotEmpty(oaauth.getSl20EndPoints()))
+					result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, oaauth.getSl20EndPoints());
+				else
+					result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, StringUtils.EMPTY);
+				
+				
 				
 				//convert business identifier
 				IdentificationNumber idnumber = oaauth.getIdentificationNumber();
@@ -777,6 +791,16 @@ public class ConfigurationMigrationUtils {
 	        	
 	        }
 
+	        //set SL20 things
+	        if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED)))
+	        	authoa.setSl20Active(Boolean.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED)));
+	        else 
+	        	authoa.setSl20Active(false);
+	        
+	        authoa.setSl20EndPoints(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS));
+	        
+	        
+	        
 	        dbOA.setSelectedSZRGWServiceURL(oa.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL));
 
 	        dbOA.setMandateServiceSelectionTemplateURL(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL));
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
index 8b52e4e0c..9d5553277 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java
@@ -84,6 +84,9 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants {
 	public static final String SERVICE_AUTH_BKU_AUTHBLOCKTEXT = AUTH + ".authblock.additionaltext";
 	public static final String SERVICE_AUTH_BKU_AUTHBLOCK_REMOVEBPK = AUTH + ".authblock.removebPK";
 
+	public static final String SERVICE_AUTH_SL20_ENABLED = AUTH + ".sl20.enabled";
+	public static final String SERVICE_AUTH_SL20_ENDPOINTS = AUTH + ".sl20.endpoints";
+	
 	private static final String SERVICE_AUTH_TEMPLATES = AUTH + "." + TEMPLATES;
 	public static final String SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA = SERVICE_AUTH_TEMPLATES + ".bkuselection.data";
 	public static final String SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW = SERVICE_AUTH_TEMPLATES + ".bkuselection.preview";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java
index 04efb0afe..852df16e6 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java
@@ -11,23 +11,17 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated;
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.List;
+
 import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.JoinColumn;
 import javax.persistence.ManyToOne;
 import javax.persistence.OneToMany;
-import javax.persistence.Table;
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlAttribute;
 import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlTransient;
 import javax.xml.bind.annotation.XmlType;
+
 import org.jvnet.jaxb2_commons.lang.Equals;
 import org.jvnet.jaxb2_commons.lang.EqualsStrategy;
 import org.jvnet.jaxb2_commons.lang.HashCode;
@@ -162,6 +156,13 @@ public class AuthComponentOA
     @XmlAttribute(name = "Hjid")
     protected Long hjid;
 
+    
+    @XmlTransient
+    protected Boolean sl20Active;    
+    @XmlTransient
+    protected String sl20EndPoints;
+    
+    
     /**
      * Gets the value of the bkuurls property.
      * 
@@ -522,11 +523,28 @@ public class AuthComponentOA
     
     
+    
     public Long getHjid() {
         return hjid;
     }
 
-    /**
+    public Boolean isSl20Active() {
+		return sl20Active;
+	}
+
+	public void setSl20Active(Boolean sl20Active) {
+		this.sl20Active = sl20Active;
+	}
+
+	public String getSl20EndPoints() {
+		return sl20EndPoints;
+	}
+
+	public void setSl20EndPoints(String sl20EndPoints) {
+		this.sl20EndPoints = sl20EndPoints;
+	}
+
+	/**
      * Sets the value of the hjid property.
      * 
      * @param value
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
index 40ef5a23a..a206c9125 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java
@@ -34,6 +34,7 @@ import java.util.Set;
 
 import org.apache.commons.lang3.StringUtils;
 
+import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
@@ -44,6 +45,8 @@ public class KeyValueUtils {
 	
 	public static final String KEY_DELIMITER = ".";
 	public static final String CSV_DELIMITER = ",";
+	public static final String KEYVVALUEDELIMITER = "=";
+	public static final String DEFAULT_VALUE = "default";
 	
 	/**
 	 * Convert Java properties into a Map<String, String>
@@ -327,6 +330,29 @@ public class KeyValueUtils {
 		return list;
 	}
 	
+	/**
+	 * Convert a List of String elements to a Map of Key/Value pairs
+	 * <br>
+	 * Every List element used as a key/value pair and the '=' sign represents the delimiter between key and value 
+	 * 
+	 * @param elements List of key/value elements
+	 * @return Map of Key / Value pairs, but never null
+	 */
+	public static Map<String, String> convertListToMap(List<String> elements) {
+		Map<String, String> map = new HashMap<String, String>();
+		for (String el : elements) {
+			if (el.contains(KEYVVALUEDELIMITER)) {
+				String[] split = el.split(KEYVVALUEDELIMITER);
+				map.put(split[0], split[1]);
+				
+			} else
+				Logger.debug("Key/Value Mapper: '" + el + "' contains NO '='. Ignore it.");
+			
+		}
+		
+		return map;
+	}
+	
 	/**
 	 * This method remove all newline delimiter (\n or \r\n) from input data
 	 * 
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java
index 9fcb3aa58..f474461bf 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java
@@ -6,7 +6,8 @@ public class Constants {
 	public static final String HTTP_ENDPOINT_RESUME = "/sl20/resume";
 	
 	public static final String CONFIG_PROP_PREFIX = "modules.sl20";
-	public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT = CONFIG_PROP_PREFIX + ".vda.urls.qualeID.endpoint";
+	public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID = CONFIG_PROP_PREFIX + ".vda.urls.qualeID.endpoint.";
+	public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT = "default";
 	public static final String CONFIG_PROP_VDA_AUTHBLOCK_ID = CONFIG_PROP_PREFIX + ".vda.authblock.id";
 	public static final String CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID = CONFIG_PROP_PREFIX + ".vda.authblock.transformation.id";	
 	public static final String CONFIG_PROP_SECURITY_KEYSTORE_PATH = CONFIG_PROP_PREFIX + ".security.keystore.path";
@@ -16,7 +17,7 @@ public class Constants {
 	public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS = CONFIG_PROP_PREFIX + ".security.encryption.alias";;
 	public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD = CONFIG_PROP_PREFIX + ".security.encryption.password";
 	
-	public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST = CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + ".";
+	public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST = CONFIG_PROP_VDA_ENDPOINT_QUALeID;
 	public static final String CONFIG_PROP_SP_LIST = CONFIG_PROP_PREFIX + ".sp.entityIds.";
 	
 	public static final String CONFIG_PROP_DISABLE_EID_VALIDATION = CONFIG_PROP_PREFIX + ".security.eID.validation.disable";
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
index 367e7b604..2c106b52e 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
@@ -27,15 +27,18 @@ import java.util.List;
 
 import javax.annotation.PostConstruct;
 
-import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 
 import at.gv.egovernment.moa.id.auth.modules.AuthModule;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
  * @author tlenz
@@ -75,23 +78,43 @@ public class SL20AuthenticationModulImpl implements AuthModule {
 	 */
 	@Override
 	public String selectProcess(ExecutionContext context) {
+		Object spConfigObj = context.get(MOAIDAuthConstants.PROCESSCONTEXT_SP_CONFIG);
+		IOAAuthParameters spConfig = null;
+		if (spConfigObj != null && spConfigObj instanceof IOAAuthParameters)
+			spConfig = (IOAAuthParameters)spConfigObj;
+					
 		String sl20ClientTypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase());
 		String sl20VDATypeHeader = (String)  context.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase());
 		
-		if ( StringUtils.isNotBlank(sl20ClientTypeHeader) 
-//				&& (
-//						StringUtils.isNotBlank(sl20VDATypeHeader) 
-//						//&& VDA_TYPE_IDS.contains(sl20VDATypeHeader.trim())
-//				   ) 
-				) {
-			Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE +  "' header found");			
+		if (spConfig != null && 
+				MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED)) &&
+					Boolean.valueOf(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED))) {
+			Logger.debug("SL2.0 is enabled for " + spConfig.getPublicURLPrefix());
+			Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE +  ": " + sl20ClientTypeHeader);			
+			Logger.trace(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE +  ": " + sl20VDATypeHeader);
 			return "SL20Authentication";
 			
 		} else {
-			Logger.trace("No '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE +  "' header found");
+			Logger.trace("SL2.0 is NOT enabled for " + spConfig.getPublicURLPrefix());
 			return null;
 			
-		}		
+		}
+		
+		
+//		if ( StringUtils.isNotBlank(sl20ClientTypeHeader) 
+////				&& (
+////						StringUtils.isNotBlank(sl20VDATypeHeader) 
+////						//&& VDA_TYPE_IDS.contains(sl20VDATypeHeader.trim())
+////				   ) 
+//				) {
+//			Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE +  "' header found");			
+//			return "SL20Authentication";
+//			
+//		} else {
+//			Logger.trace("No '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE +  "' header found");
+//			return null;
+//			
+//		}		
 	}
 
 	/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
index b87d614c5..883ae07f2 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
@@ -39,7 +39,9 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUti
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.util.SSLUtils;
@@ -202,30 +204,22 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 	}
 	
 	private String extractVDAURLForSpecificOA(IOAAuthParameters oaConfig, ExecutionContext executionContext) {		
+		String spSpecificVDAEndpoints = oaConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS);		
+		Map<String, String> endPointMap = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
+		if (MiscUtil.isNotEmpty(spSpecificVDAEndpoints)) {
+			endPointMap.putAll(KeyValueUtils.convertListToMap(
+							KeyValueUtils.getListOfCSVValues(
+								KeyValueUtils.normalizeCSVValueString(spSpecificVDAEndpoints))));
+			Logger.debug("Find OA specific SL2.0 endpoints. Updating endPoint list ... ");
+			
+		} 
+		
+		Logger.trace("Find #" + endPointMap.size() + " SL2.0 endpoints ... ");
 		
-		//selection based on EntityID
-//		Map<String, String> listOfVDAs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
-//		Map<String, String> listOfSPs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_SP_LIST);
-//		
-//		for (Entry<String, String> el : listOfSPs.entrySet()) {
-//			List<String> spEntityIds = KeyValueUtils.getListOfCSVValues(el.getValue());
-//			if (spEntityIds.contains(oaConfig.getPublicURLPrefix())) {
-//				Logger.trace("Select VDA endPoint with Id: " + el.getKey());
-//				if (listOfVDAs.containsKey(el.getKey()))					
-//					return listOfVDAs.get(el.getKey());
-//				
-//				else
-//					Logger.info("No VDA endPoint with Id: " + el.getKey());
-//				
-//			} else
-//				Logger.trace("SP list: " + el.getKey() + " does not contain OAIdentifier: " + oaConfig.getPublicURLPrefix());
-//			
-//		}
-
 		//selection based on request Header
 		String sl20VDATypeHeader = (String)  executionContext.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase());
 		if (MiscUtil.isNotEmpty(sl20VDATypeHeader)) {
-			String vdaURL = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST + sl20VDATypeHeader);
+			String vdaURL = endPointMap.get(sl20VDATypeHeader);
 			if (MiscUtil.isNotEmpty(vdaURL))
 				return vdaURL.trim();
 			
@@ -235,7 +229,8 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 		}
 		
 		Logger.info("NO SP specific VDA endpoint found. Use default VDA");
-		return authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT);
+		return endPointMap.getOrDefault(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT,
+				Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT);
 		
 	}
 
-- 
cgit v1.2.3


From 1f17c6819cb036d2cbd91f9d391bd8f6412364ac Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 2 Jul 2018 18:07:27 +0200
Subject: add Annotations to AttributeBuilder

---
 .../moa/id/protocols/builder/attributes/EIDAuthBlock.java        | 2 ++
 .../moa/id/protocols/builder/attributes/EIDCcsURL.java           | 2 ++
 .../builder/attributes/EIDCitizenQAALevelAttributeBuilder.java   | 2 ++
 .../moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java       | 2 ++
 .../id/protocols/builder/attributes/EIDSignerCertificate.java    | 2 ++
 .../builder/attributes/EncryptedBPKAttributeBuilder.java         | 2 ++
 .../builder/attributes/MandateFullMandateAttributeBuilder.java   | 2 ++
 .../attributes/MandateLegalPersonFullNameAttributeBuilder.java   | 2 ++
 .../attributes/MandateLegalPersonSourcePinAttributeBuilder.java  | 2 ++
 .../MandateLegalPersonSourcePinTypeAttributeBuilder.java         | 2 ++
 .../attributes/MandateNaturalPersonBPKAttributeBuilder.java      | 2 ++
 .../MandateNaturalPersonBirthDateAttributeBuilder.java           | 2 ++
 .../MandateNaturalPersonFamilyNameAttributeBuilder.java          | 2 ++
 .../MandateNaturalPersonGivenNameAttributeBuilder.java           | 2 ++
 .../MandateNaturalPersonSourcePinAttributeBuilder.java           | 2 ++
 .../MandateNaturalPersonSourcePinTypeAttributeBuilder.java       | 2 ++
 .../builder/attributes/MandateProfRepDescAttributeBuilder.java   | 2 ++
 .../builder/attributes/MandateProfRepOIDAttributeBuilder.java    | 2 ++
 .../attributes/MandateReferenceValueAttributeBuilder.java        | 2 ++
 .../builder/attributes/MandateTypeAttributeBuilder.java          | 2 ++
 .../builder/attributes/MandateTypeOIDAttributeBuilder.java       | 2 ++
 .../moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java   | 9 +++++++--
 .../protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java | 1 +
 .../protocols/eidas/attributes/builder/eIDASAttrFamilyName.java  | 1 +
 .../protocols/eidas/attributes/builder/eIDASAttrGivenName.java   | 1 +
 .../protocols/eidas/attributes/builder/eIDASAttrLegalName.java   | 1 +
 .../eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java | 1 +
 .../attributes/builder/eIDASAttrNaturalPersonalIdentifier.java   | 1 +
 .../attributes/builder/eIDASAttrRepresentativeDateOfBirth.java   | 1 +
 .../attributes/builder/eIDASAttrRepresentativeFamilyName.java    | 1 +
 .../attributes/builder/eIDASAttrRepresentativeGivenName.java     | 1 +
 .../attributes/builder/eIDASAttrRepresentativeLegalName.java     | 1 +
 .../builder/eIDASAttrRepresentativeLegalPersonIdentifier.java    | 1 +
 .../eIDASAttrRepresentativeNaturalPersonalIdentifier.java        | 1 +
 34 files changed, 61 insertions(+), 2 deletions(-)

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
index 1168773dc..139bb15cc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
@@ -32,10 +32,12 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
+@PVPMETADATA
 public class EIDAuthBlock implements IPVPAttributeBuilder {
 	
 	public String getName() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java
index 5e14e598f..1e630cf16 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java
@@ -28,10 +28,12 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
+@PVPMETADATA
 public class EIDCcsURL implements IPVPAttributeBuilder {
 
 	public String getName() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
index 76b1a1cda..95e6d5bca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
@@ -28,12 +28,14 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 
 
 @Deprecated
+@PVPMETADATA
 public class EIDCitizenQAALevelAttributeBuilder implements IPVPAttributeBuilder {
 
 	public String getName() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java
index b38660a57..97bf2f78e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java
@@ -32,11 +32,13 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 @Deprecated
+@PVPMETADATA
 public class EIDSTORKTOKEN implements IPVPAttributeBuilder  {
 
 	public String getName() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java
index 7c2207d1d..dfb234ee7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java
@@ -31,9 +31,11 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.logging.Logger;
 
+@PVPMETADATA
 public class EIDSignerCertificate implements IPVPAttributeBuilder {
 
 	public String getName() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
index 090cf6b21..44043ec40 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
@@ -28,9 +28,11 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.logging.Logger;
 
+@PVPMETADATA
 public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
 	
 	public String getName() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
index af96a9459..a40c0fefb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -33,11 +33,13 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
 import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.logging.Logger;
 
+@PVPMETADATA
 public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder {
 
 	public String getName() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
index 26ea1823e..67d9a356d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
@@ -31,12 +31,14 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
+@PVPMETADATA
 public class MandateLegalPersonFullNameAttributeBuilder implements IPVPAttributeBuilder {
 	
 	public String getName() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
index cad8416b4..fc85e3413 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
@@ -31,12 +31,14 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
+@PVPMETADATA
 public class MandateLegalPersonSourcePinAttributeBuilder  implements IPVPAttributeBuilder  {
 
 	public String getName() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
index 5fa0a5c48..e89d34e3d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
@@ -31,12 +31,14 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
+@PVPMETADATA
 public class MandateLegalPersonSourcePinTypeAttributeBuilder implements IPVPAttributeBuilder {
 	
 	public String getName() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index af64ffe64..f67f79dcf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -36,6 +36,7 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -46,6 +47,7 @@ import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.MiscUtil;
 
+@PVPMETADATA
 public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBuilder {
 	
 	public String getName() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
index e91087484..3ee184fb1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
@@ -37,12 +37,14 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
+@PVPMETADATA
 public class MandateNaturalPersonBirthDateAttributeBuilder implements IPVPAttributeBuilder {
 	
 	public String getName() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
index 9261ba063..6dd669663 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
@@ -34,12 +34,14 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
+@PVPMETADATA
 public class MandateNaturalPersonFamilyNameAttributeBuilder  implements IPVPAttributeBuilder {
 
 	public String getName() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
index fe952253d..3d661459a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
@@ -33,12 +33,14 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
+@PVPMETADATA
 public class MandateNaturalPersonGivenNameAttributeBuilder implements IPVPAttributeBuilder {
 	
 	public String getName() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
index 3c0a2cc94..32b45a595 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
@@ -33,11 +33,13 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.AttributePolicyException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 
+@PVPMETADATA
 public class MandateNaturalPersonSourcePinAttributeBuilder  implements IPVPAttributeBuilder {
 
 	public String getName() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
index 0d9009778..90a0d61c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
@@ -32,11 +32,13 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 
+@PVPMETADATA
 public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAttributeBuilder  {
 
 	public String getName() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
index 3cd9ef3e2..9c42f14e4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
@@ -30,6 +30,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
@@ -37,6 +38,7 @@ import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
+@PVPMETADATA
 public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder {
 
 	public String getName() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
index 6cdf64dc3..c7f9ace31 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
@@ -27,12 +27,14 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
+@PVPMETADATA
 public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder {
 	
 	public String getName() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java
index f609117a4..3ceebcd4c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java
@@ -27,9 +27,11 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.logging.Logger;
 
+@PVPMETADATA
 public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuilder {
 	
 	public String getName() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java
index 5471c5a13..0f9995ab1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java
@@ -30,12 +30,14 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
+@PVPMETADATA
 public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder {
 	
 	public String getName() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
index 88f5bc2f7..76992af39 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
@@ -27,10 +27,12 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
+@PVPMETADATA
 public class MandateTypeOIDAttributeBuilder implements IPVPAttributeBuilder {
 	
 	public String getName() {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
index 1b1b15567..200215308 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
@@ -39,6 +39,7 @@ import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
@@ -67,8 +68,12 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder {
 			while (moduleLoaderInterator.hasNext()) {
 				try {
 					IeIDASAttribute modul = moduleLoaderInterator.next();
-					Logger.info("Loading eIDAS attribut-builder Modul Information: " + modul.getName());
-					supportAttrList.add(modul.getName());
+					if (modul.getClass().isAnnotationPresent(eIDASMetadata.class)) {
+						Logger.info("Loading eIDAS attribut-builder Modul Information: " + modul.getName());
+						supportAttrList.add(modul.getName());
+						
+					} else
+						Logger.trace(modul.getName() + " is not an eIDAS metadata attribute");
 					
 				} catch(Throwable e) {
 					Logger.error("Check configuration! " + "Some attribute-builder modul" + 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java
index 1f00af765..2f42cc43e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java
@@ -28,6 +28,7 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BirthdateAttributeBuilde
  * @author tlenz
  *
  */
+@eIDASMetadata
 public class eIDASAttrDateOfBirth extends BirthdateAttributeBuilder implements IeIDASAttribute {
  
 	@Override
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java
index 50b270765..9505a0a62 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
  * @author tlenz
  *
  */
+@eIDASMetadata
 public class eIDASAttrFamilyName implements IeIDASAttribute{
 
 	/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java
index 3b83a9793..7307b4f2a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
  * @author tlenz
  *
  */
+@eIDASMetadata
 public class eIDASAttrGivenName implements IeIDASAttribute{
 
 	/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java
index 63a4e89d5..1ac4560b0 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java
@@ -29,6 +29,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF
  *
  */
 @Deprecated
+@eIDASMetadata
 public class eIDASAttrLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute {
 
 	@Override
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
index 7f18c21cb..66359e240 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
@@ -36,6 +36,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
  *
  */
 @Deprecated
+@eIDASMetadata
 public class eIDASAttrLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute {
 
 	@Override
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java
index 5a8fcb846..76ca3a94d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java
@@ -40,6 +40,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
  * @author tlenz
  *
  */
+@eIDASMetadata
 public class eIDASAttrNaturalPersonalIdentifier implements IeIDASAttribute{
 
 	/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeDateOfBirth.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeDateOfBirth.java
index 43d2f96c2..ed86d6e4b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeDateOfBirth.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeDateOfBirth.java
@@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPerso
  * @author tlenz
  *
  */
+@eIDASMetadata
 public class eIDASAttrRepresentativeDateOfBirth extends MandateNaturalPersonBirthDateAttributeBuilder implements IeIDASAttribute {
 
 	@Override
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeFamilyName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeFamilyName.java
index 924a275b1..5db88e71e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeFamilyName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeFamilyName.java
@@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPerso
  * @author tlenz
  *
  */
+@eIDASMetadata
 public class eIDASAttrRepresentativeFamilyName extends MandateNaturalPersonFamilyNameAttributeBuilder implements IeIDASAttribute{
 
 	/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeGivenName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeGivenName.java
index 2de585918..0a7c514aa 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeGivenName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeGivenName.java
@@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPerso
  * @author tlenz
  *
  */
+@eIDASMetadata
 public class eIDASAttrRepresentativeGivenName extends MandateNaturalPersonGivenNameAttributeBuilder implements IeIDASAttribute{
 
 	/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java
index 92456d202..638b01bb1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java
@@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF
  * @author tlenz
  *
  */
+@eIDASMetadata
 public class eIDASAttrRepresentativeLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute {
 
 	@Override
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
index 6c65872e4..fd245c3eb 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
@@ -35,6 +35,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
  * @author tlenz
  *
  */
+@eIDASMetadata
 public class eIDASAttrRepresentativeLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute {
 
 	@Override
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
index 1176ba251..f7e135bae 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
@@ -42,6 +42,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
  * @author tlenz
  *
  */
+@eIDASMetadata
 public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNaturalPersonBPKAttributeBuilder implements IeIDASAttribute{
 
 	/* (non-Javadoc)
-- 
cgit v1.2.3


From 5acd1d23f3702d8899f531e823da68cd9fccaaa4 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 2 Jul 2018 18:08:04 +0200
Subject: update auth. module for central eIDAS node connection

---
 id/server/auth-edu/pom.xml                         |   4 +
 id/server/auth-final/pom.xml                       |   5 +
 .../pvp2x/validation/AuthnRequestValidator.java    |  78 +++++
 .../main/resources/moaid.authentication.beans.xml  |   3 +
 .../moa-id-module-AT_eIDAS_connector/pom.xml       |  59 ++++
 .../EidasCentralAuthConstants.java                 |  93 ++++++
 .../EidasCentralAuthModuleImpl.java                |  92 ++++++
 .../EidasCentralAuthSpringResourceProvider.java    |  63 ++++
 .../EidasCentralAuthMetadataConfiguration.java     | 355 +++++++++++++++++++++
 ...idasCentralAuthRequestBuilderConfiguration.java | 262 +++++++++++++++
 .../EidasCentralAuthMetadataController.java        | 133 ++++++++
 .../EidasCentralAuthSignalController.java          |  67 ++++
 .../tasks/CreateAuthnRequestTask.java              | 164 ++++++++++
 .../tasks/ReceiveAuthnResponseTask.java            | 272 ++++++++++++++++
 .../utils/EidasCentralAuthCredentialProvider.java  | 124 +++++++
 .../utils/EidasCentralAuthMetadataProvider.java    | 345 ++++++++++++++++++++
 ...iz.components.spring.api.SpringResourceProvider |   1 +
 .../resources/eIDAS_central_node_auth.process.xml  |  17 +
 .../moaid_eIDAS_central_node_auth.beans.xml        |  41 +++
 .../eidas/attributes/builder/eIDASMetadata.java    |   5 +
 .../ELGAMandatesRequestBuilderConfiguration.java   |  13 +-
 .../FederatedAuthnRequestBuilderConfiguration.java |  13 +-
 id/server/modules/pom.xml                          |   1 +
 pom.xml                                            |   6 +
 24 files changed, 2214 insertions(+), 2 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthSpringResourceProvider.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthSignalController.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthCredentialProvider.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/eIDAS_central_node_auth.process.xml
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml
index 455278edd..8f4ab662e 100644
--- a/id/server/auth-edu/pom.xml
+++ b/id/server/auth-edu/pom.xml
@@ -213,6 +213,10 @@
 		 	<artifactId>moa-id-module-sl20_authentication</artifactId>
 		 </dependency>		
 
+		<dependency>
+			<groupId>MOA.id.server.modules</groupId>
+			<artifactId>moa-id-module-AT_eIDAS_connector</artifactId>
+		</dependency> 
 
 <!-- 	
 		<dependency>
diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml
index 4f5f219a1..15208bb47 100644
--- a/id/server/auth-final/pom.xml
+++ b/id/server/auth-final/pom.xml
@@ -165,6 +165,11 @@
 			<artifactId>moa-id-modul-citizencard_authentication</artifactId>
 		</dependency>
 
+		<dependency>
+			<groupId>MOA.id.server.modules</groupId>
+			<artifactId>moa-id-module-AT_eIDAS_connector</artifactId>
+		</dependency>
+
 			<!--dependency>
 				<groupId>MOA.id.server.modules</groupId>
 				<artifactId>moa-id-modules-federated_authentication</artifactId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
new file mode 100644
index 000000000..b42a1de28
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
@@ -0,0 +1,78 @@
+/*******************************************************************************
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.NameIDPolicy;
+import org.opensaml.saml2.metadata.AttributeConsumingService;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator;
+import at.gv.egiz.eaaf.modules.pvp2.exception.NameIDFormatNotSupportedException;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
+import at.gv.egovernment.moa.logging.Logger;
+
+
+/**
+ * @author tlenz
+ *
+ */
+@Service("MOAAuthnRequestValidator")
+public class AuthnRequestValidator implements IAuthnRequestValidator {
+	
+	public void validate(HttpServletRequest httpReq, IRequest pendingReq, AuthnRequest authnReq, SPSSODescriptor spSSODescriptor) throws AuthnRequestValidatorException{
+
+		//validate NameIDPolicy
+		NameIDPolicy nameIDPolicy = authnReq.getNameIDPolicy();
+		if (nameIDPolicy != null) {
+			String nameIDFormat = nameIDPolicy.getFormat();
+			if (nameIDFormat != null) {
+				if ( !(NameID.TRANSIENT.equals(nameIDFormat) ||
+						NameID.PERSISTENT.equals(nameIDFormat) ||
+						NameID.UNSPECIFIED.equals(nameIDFormat)) ) {
+				 
+					throw new NameIDFormatNotSupportedException(nameIDFormat);
+					
+				}
+				
+			} else
+				Logger.trace("Find NameIDPolicy, but NameIDFormat is 'null'");							
+		} else
+			Logger.trace("AuthnRequest includes no 'NameIDPolicy'");
+
+		//select AttributeConsumingService from request
+		AttributeConsumingService attributeConsumer = null;		
+		Integer aIdx = authnReq.getAttributeConsumingServiceIndex();
+		int attributeIdx = 0;
+	
+		if(aIdx != null) {
+			attributeIdx = aIdx.intValue();
+		}
+		
+		if (spSSODescriptor.getAttributeConsumingServices() != null  && 
+				spSSODescriptor.getAttributeConsumingServices().size() > 0) {
+			attributeConsumer  = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
+		} 
+		
+		String useMandate = httpReq.getParameter(MOAIDAuthConstants.PARAM_USEMANDATE);
+		if(useMandate != null) {
+			if(useMandate.equals("true") && attributeConsumer != null) {
+				if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
+					MandateAttributesNotHandleAbleException e = new MandateAttributesNotHandleAbleException();	
+					throw new AuthnRequestValidatorException(e.getErrorId(), e.getParams(), e.getMessage(), pendingReq, e);
+				}
+			}
+		}
+		
+		
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
index 5ccacf350..a0bf1e86c 100644
--- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
+++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
@@ -46,6 +46,9 @@
 		</property>
  	</bean>
  
+ 	<bean id="MOAAuthnRequestValidator"
+ 			class="at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator" />
+ 
 	<bean id="MOAID_AuthenticationManager" 
 				class="at.gv.egovernment.moa.id.moduls.AuthenticationManager"/>
 
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml
new file mode 100644
index 000000000..c340f90c9
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>MOA.id.server.modules</groupId>
+    <artifactId>moa-id-modules</artifactId>
+    <version>${moa-id-version}</version>
+  </parent>
+  <artifactId>moa-id-module-AT_eIDAS_connector</artifactId>
+  <name>moa-id-module-AT_eIDAS_connector</name>
+  <url>http://maven.apache.org</url>
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    <repositoryPath>${basedir}/../../../../repository</repositoryPath>
+  </properties>
+  
+  <profiles>
+        <profile>
+            <id>default</id>
+            <activation>
+                <activeByDefault>true</activeByDefault>
+            </activation>
+            <repositories>
+                <repository>
+                    <id>local</id>
+                    <name>local</name>
+                    <url>file:${basedir}/../../../../repository</url>
+                </repository>
+                <repository>
+                    <id>egiz-commons</id>
+                    <url>https://demo.egiz.gv.at/int-repo/</url>
+                    <releases>
+                        <enabled>true</enabled>
+                    </releases>
+                </repository>
+            </repositories>
+        </profile>
+    </profiles>
+  
+  <dependencies>
+  	<dependency>
+  		<groupId>MOA.id.server</groupId>
+  		<artifactId>moa-id-lib</artifactId>
+  	</dependency>
+  
+  
+  	<dependency>
+		<groupId>org.springframework</groupId>
+		<artifactId>spring-test</artifactId>
+		<scope>test</scope>
+	</dependency>  
+    <dependency>
+     	<groupId>junit</groupId>
+      	<artifactId>junit</artifactId>
+      	<scope>test</scope>
+    </dependency>
+  </dependencies>
+</project>
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
new file mode 100644
index 000000000..e8694383f
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EidasCentralAuthConstants {
+
+	public static final String MODULE_NAME_FOR_LOGGING = "eIDAS central authentication";
+	
+	public static final int METADATA_VALIDUNTIL_IN_HOURS = 24; 
+	
+	public static final String HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION = "useeIDAS";
+	
+	public static final String ENDPOINT_POST = "/sp/eidas/post";
+	public static final String ENDPOINT_REDIRECT = "/sp/eidas/redirect";
+	public static final String ENDPOINT_METADATA = "/sp/eidas/metadata";
+
+	public static final String CONFIG_PROPS_PREFIX = "modules.eidascentralauth.";	
+	public static final String CONFIG_PROPS_KEYSTORE = CONFIG_PROPS_PREFIX + "keystore.path";
+	public static final String CONFIG_PROPS_KEYSTOREPASSWORD = CONFIG_PROPS_PREFIX + "keystore.password";
+	public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.password";
+	public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.alias";
+	public static final String CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.password";
+	public static final String CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.alias";
+	public static final String CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.password";
+	public static final String CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.alias";	
+	public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX + "required.additinal.attributes";	
+	public static final String CONFIG_PROPS_NODE_ENTITYID = CONFIG_PROPS_PREFIX + "node.entityId";
+	public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "node.metadataUrl";
+	public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "node.trustprofileID";	
+	
+	
+	public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EAAFConstants.EIDAS_QAA_HIGH;	
+	public static final List<Trible<String, String, Boolean>> DEFAULT_REQUIRED_PVP_ATTRIBUTES = 
+			Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
+				private static final long serialVersionUID = 1L;
+				{	
+					//add PVP Version attribute
+					add(Trible.newInstance(PVPConstants.PVP_VERSION_NAME, PVPConstants.PVP_VERSION_FRIENDLY_NAME, true));
+					
+					//request entity information
+					add(Trible.newInstance(PVPConstants.GIVEN_NAME_NAME, PVPConstants.GIVEN_NAME_FRIENDLY_NAME, true));
+					add(Trible.newInstance(PVPConstants.PRINCIPAL_NAME_NAME, PVPConstants.PRINCIPAL_NAME_FRIENDLY_NAME, true));
+					add(Trible.newInstance(PVPConstants.BIRTHDATE_NAME, PVPConstants.BIRTHDATE_FRIENDLY_NAME, true));
+					add(Trible.newInstance(PVPConstants.BPK_NAME, PVPConstants.BPK_FRIENDLY_NAME, true));
+					add(Trible.newInstance(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, PVPConstants.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, true));
+					add(Trible.newInstance(PVPConstants.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, PVPConstants.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, true));
+					add(Trible.newInstance(PVPConstants.EID_ISSUING_NATION_NAME, PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME, true));
+				}
+			});
+	
+	public static final List<String> DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES = 
+			Collections.unmodifiableList(new ArrayList<String>() {
+				private static final long serialVersionUID = 1L;
+				{	
+					for (Trible<String, String, Boolean> el : DEFAULT_REQUIRED_PVP_ATTRIBUTES) 
+						add(el.getFirst());
+				}
+			});
+}
+
+
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java
new file mode 100644
index 000000000..f1bec9dac
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth;
+
+import java.io.Serializable;
+
+import javax.annotation.PostConstruct;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EidasCentralAuthModuleImpl implements AuthModule {
+
+	@Autowired(required=true) private AuthenticationManager authManager;
+	
+	@PostConstruct
+	protected void initalCentralEidasAuthentication() {
+		//parameter to whiteList
+		authManager.addParameterNameToWhiteList(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION);
+		
+	}
+	
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
+	 */
+	@Override
+	public int getPriority() {
+		// TODO Auto-generated method stub
+		return 0;
+	} 
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
+	 */
+	@Override
+	public String selectProcess(ExecutionContext context) {
+		Serializable paramObj = context.get(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION);
+		if (paramObj instanceof String) {
+			String param = (String)paramObj;
+			if (StringUtils.isNotEmpty(param) && Boolean.parseBoolean(param)) {
+				Logger.debug("Centrial eIDAS authentication process selected ");
+				return "centrialEidasAuthentication";
+				
+			} else
+				Logger.trace(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION 
+						+ " is empty or has value: " + Boolean.parseBoolean(param));
+		
+		} else
+			Logger.info("Find suspect http param '" + EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION 
+					+ "' of type: " + paramObj.getClass().getName());
+		return null;		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
+	 */
+	@Override
+	public String[] getProcessDefinitions() {
+		return new String[] { "classpath:eIDAS_central_node_auth.process.xml" };
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthSpringResourceProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthSpringResourceProvider.java
new file mode 100644
index 000000000..beaaee619
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthSpringResourceProvider.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth;
+
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+
+import at.gv.egiz.components.spring.api.SpringResourceProvider;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EidasCentralAuthSpringResourceProvider implements SpringResourceProvider {
+
+	/* (non-Javadoc)
+	 * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad()
+	 */
+	@Override
+	public Resource[] getResourcesToLoad() {
+		ClassPathResource federationAuthConfig = new ClassPathResource("/moaid_eIDAS_central_node_auth.beans.xml", EidasCentralAuthSpringResourceProvider.class);					
+		
+		return new Resource[] {federationAuthConfig};
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan()
+	 */
+	@Override
+	public String[] getPackagesToScan() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName()
+	 */
+	@Override
+	public String getName() {
+		return "MOA-ID Auth-module 'central eIDAS Authentication'";
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java
new file mode 100644
index 000000000..aad1244f1
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java
@@ -0,0 +1,355 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.NameIDType;
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.Organization;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.xml.security.credential.Credential;
+
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EidasCentralAuthMetadataConfiguration implements IPVPMetadataBuilderConfiguration {
+
+	private Collection<RequestedAttribute> additionalAttributes = null;
+	
+	
+	private String authURL;
+	private EidasCentralAuthCredentialProvider credentialProvider;
+	private IPVP2BasicConfiguration pvpConfiguration;
+	
+	public EidasCentralAuthMetadataConfiguration(String authURL, 
+			EidasCentralAuthCredentialProvider credentialProvider,
+			IPVP2BasicConfiguration pvpConfiguration) {
+		this.authURL = authURL;
+		this.credentialProvider = credentialProvider;
+		this.pvpConfiguration = pvpConfiguration;
+	}
+	
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataValidUntil()
+	 */
+	@Override
+	public int getMetadataValidUntil() {
+		return EidasCentralAuthConstants.METADATA_VALIDUNTIL_IN_HOURS;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildEntitiesDescriptorAsRootElement()
+	 */
+	@Override
+	public boolean buildEntitiesDescriptorAsRootElement() {
+		return false;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildIDPSSODescriptor()
+	 */
+	@Override
+	public boolean buildIDPSSODescriptor() {
+		return false;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildSPSSODescriptor()
+	 */
+	@Override
+	public boolean buildSPSSODescriptor() {
+		return true;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityIDPostfix()
+	 */
+	@Override
+	public String getEntityID() {
+		return authURL + EidasCentralAuthConstants.ENDPOINT_METADATA;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityFriendlyName()
+	 */
+	@Override
+	public String getEntityFriendlyName() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getContactPersonInformation()
+	 */
+	@Override
+	public List<ContactPerson> getContactPersonInformation() {
+		try {
+			return pvpConfiguration.getIDPContacts();
+			
+		} catch (EAAFException e) {
+			Logger.warn("Can not load Metadata entry: Contect Person", e);
+			return null;
+			
+		}
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getOrgansiationInformation()
+	 */
+	@Override
+	public Organization getOrgansiationInformation() {
+		try {
+			return pvpConfiguration.getIDPOrganisation();
+			
+		} catch (EAAFException e) {
+			Logger.warn("Can not load Metadata entry: Organisation", e);
+			return null;
+			
+		}
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataSigningCredentials()
+	 */
+	@Override
+	public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException {
+		return credentialProvider.getIDPMetaDataSigningCredential();
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getRequestorResponseSigningCredentials()
+	 */
+	@Override
+	public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException {
+		return credentialProvider.getIDPAssertionSigningCredential();
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEncryptionCredentials()
+	 */
+	@Override
+	public Credential getEncryptionCredentials() throws CredentialsNotAvailableException {
+		return credentialProvider.getIDPAssertionEncryptionCredential();
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSOPostBindingURL()
+	 */
+	@Override
+	public String getIDPWebSSOPostBindingURL() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSORedirectBindingURL()
+	 */
+	@Override
+	public String getIDPWebSSORedirectBindingURL() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLOPostBindingURL()
+	 */
+	@Override
+	public String getIDPSLOPostBindingURL() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLORedirectBindingURL()
+	 */
+	@Override
+	public String getIDPSLORedirectBindingURL() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServicePostBindingURL()
+	 */
+	@Override
+	public String getSPAssertionConsumerServicePostBindingURL() {
+		return authURL + EidasCentralAuthConstants.ENDPOINT_POST;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServiceRedirectBindingURL()
+	 */
+	@Override
+	public String getSPAssertionConsumerServiceRedirectBindingURL() {
+		return authURL + EidasCentralAuthConstants.ENDPOINT_REDIRECT;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOPostBindingURL()
+	 */
+	@Override
+	public String getSPSLOPostBindingURL() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLORedirectBindingURL()
+	 */
+	@Override
+	public String getSPSLORedirectBindingURL() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOSOAPBindingURL()
+	 */
+	@Override
+	public String getSPSLOSOAPBindingURL() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleAttributes()
+	 */
+	@Override
+	public List<Attribute> getIDPPossibleAttributes() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleNameITTypes()
+	 */
+	@Override
+	public List<String> getIDPPossibleNameITTypes() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPRequiredAttributes()
+	 */
+	@Override
+	public Collection<RequestedAttribute> getSPRequiredAttributes() {		
+		Map<String, RequestedAttribute> requestedAttributes = new HashMap<String, RequestedAttribute>();
+		for (Trible<String, String, Boolean> el : EidasCentralAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES)
+			requestedAttributes.put(el.getFirst(), PVPAttributeBuilder.buildReqAttribute(el.getFirst(), el.getSecond(), el.getThird()));
+		
+		if (additionalAttributes != null) {
+			Logger.trace("Add additional PVP attributes into metadata ... ");
+			for (RequestedAttribute el : additionalAttributes) {
+				if (requestedAttributes.containsKey(el.getName()))
+					Logger.debug("Attribute " + el.getName() + " is already added by default configuration. Overwrite it by user configuration");
+
+				requestedAttributes.put(el.getName(), el);					
+				
+			}			
+		}
+		
+		return requestedAttributes.values();
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAllowedNameITTypes()
+	 */
+	@Override
+	public List<String> getSPAllowedNameITTypes() {
+		return Arrays.asList(NameIDType.PERSISTENT);
+		
+	}
+
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#getSPNameForLogging()
+	 */
+	@Override
+	public String getSPNameForLogging() {
+		return EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING;
+	}
+
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAssertionSigned()
+	 */
+	@Override
+	public boolean wantAssertionSigned() {
+		return false;
+	}
+
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAuthnRequestSigned()
+	 */
+	@Override
+	public boolean wantAuthnRequestSigned() {
+		return true;
+	}
+
+	/**
+	 * Add additonal PVP attributes that are required by this deployment
+	 * 
+	 * @param additionalAttr List of PVP attribute name and isRequired flag 
+	 */
+	public void setAdditionalRequiredAttributes(List<Pair<String, Boolean>> additionalAttr) {
+		if (additionalAttr != null) {
+			additionalAttributes = new ArrayList<RequestedAttribute>();
+			for (Pair<String, Boolean> el : additionalAttr) {
+				Attribute attributBuilder = PVPAttributeBuilder.buildEmptyAttribute(el.getFirst());
+				if (attributBuilder != null) {
+					additionalAttributes.add(
+							PVPAttributeBuilder.buildReqAttribute(
+									attributBuilder.getName(), 
+									attributBuilder.getFriendlyName(), 
+									el.getSecond()));
+										
+				} else
+					Logger.info("NO PVP attribute with name: " + el.getFirst());
+				
+			}			
+		}		
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java
new file mode 100644
index 000000000..ebbe08588
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java
@@ -0,0 +1,262 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config;
+
+import java.util.List;
+
+import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.xml.security.credential.Credential;
+import org.w3c.dom.Element;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EidasCentralAuthRequestBuilderConfiguration implements IPVPAuthnRequestBuilderConfiguruation {
+
+	private boolean isPassive;
+	private String SPEntityID;
+	private String QAA_Level;
+	private EntityDescriptor idpEntity;
+	private Credential signCred;
+	private String scopeRequesterId;
+	private String providerName;
+	private List<EAAFRequestedAttribute> requestedAttributes;
+	
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#isPassivRequest()
+	 */
+	@Override
+	public Boolean isPassivRequest() {
+		return this.isPassive;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAssertionConsumerServiceId()
+	 */
+	@Override
+	public Integer getAssertionConsumerServiceId() {
+		return 0;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getEntityID()
+	 */
+	@Override
+	public String getSPEntityID() {
+		return this.SPEntityID;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy()
+	 */
+	@Override
+	public String getNameIDPolicyFormat() {
+		return NameID.PERSISTENT;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy()
+	 */
+	@Override
+	public boolean getNameIDPolicyAllowCreation() {
+		return true;
+	}
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnContextClassRef()
+	 */
+	@Override
+	public String getAuthnContextClassRef() {
+		return this.QAA_Level;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnContextComparison()
+	 */
+	@Override
+	public AuthnContextComparisonTypeEnumeration getAuthnContextComparison() {
+		return AuthnContextComparisonTypeEnumeration.MINIMUM;
+	}
+
+	/**
+	 * @param isPassive the isPassive to set
+	 */
+	public void setPassive(boolean isPassive) {
+		this.isPassive = isPassive;
+	}
+
+	/**
+	 * @param sPEntityID the sPEntityID to set
+	 */
+	public void setSPEntityID(String sPEntityID) {
+		SPEntityID = sPEntityID;
+	}
+
+	/**
+	 * @param qAA_Level the qAA_Level to set
+	 */
+	public void setQAA_Level(String qAA_Level) {
+		QAA_Level = qAA_Level;
+	}
+
+	/**
+	 * @param idpEntity the idpEntity to set
+	 */
+	public void setIdpEntity(EntityDescriptor idpEntity) {
+		this.idpEntity = idpEntity;
+	}
+
+	/**
+	 * @param signCred the signCred to set
+	 */
+	public void setSignCred(Credential signCred) {
+		this.signCred = signCred;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnRequestSigningCredential()
+	 */
+	@Override
+	public Credential getAuthnRequestSigningCredential() {
+		return this.signCred;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getIDPEntityDescriptor()
+	 */
+	@Override
+	public EntityDescriptor getIDPEntityDescriptor() {
+		return this.idpEntity;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameID()
+	 */
+	@Override
+	public String getSubjectNameID() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSPNameForLogging()
+	 */
+	@Override
+	public String getSPNameForLogging() {
+		return EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDFormat()
+	 */
+	@Override
+	public String getSubjectNameIDFormat() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getRequestID()
+	 */
+	@Override
+	public String getRequestID() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDQualifier()
+	 */
+	@Override
+	public String getSubjectNameIDQualifier() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationMethode()
+	 */
+	@Override
+	public String getSubjectConformationMethode() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationDate()
+	 */
+	@Override
+	public Element getSubjectConformationDate() {
+		return null;
+	}
+
+	@Override
+	public List<EAAFRequestedAttribute> getRequestedAttributes() {
+		return this.requestedAttributes;
+		
+	}
+
+	@Override
+	public String getProviderName() {
+		return this.providerName;
+	}
+
+	@Override
+	public String getScopeRequesterId() {
+		return this.scopeRequesterId;
+	}
+
+	/**
+	 * Set the entityId of the SP that requests the proxy for eIDAS authentication
+	 * 
+	 * @param scopeRequesterId
+	 */
+	public void setScopeRequesterId(String scopeRequesterId) {
+		this.scopeRequesterId = scopeRequesterId;
+	}
+
+	/**
+	 * Set a friendlyName for the SP that requests the proxy for eIDAS authentication
+	 * 
+	 * @param providerName
+	 */
+	public void setProviderName(String providerName) {
+		this.providerName = providerName;
+	}
+
+	/**
+	 * Set a Set of PVP attributes that a requested by using requested attributes
+	 * 
+	 * @param requestedAttributes
+	 */
+	public void setRequestedAttributes(List<EAAFRequestedAttribute> requestedAttributes) {
+		this.requestedAttributes = requestedAttributes;
+	}
+	
+	
+
+	
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java
new file mode 100644
index 000000000..4898c8f1e
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java
@@ -0,0 +1,133 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import com.google.common.net.MediaType;
+
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config.EidasCentralAuthMetadataConfiguration;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@Controller
+public class EidasCentralAuthMetadataController extends AbstractController {
+	
+	@Autowired PVPMetadataBuilder metadatabuilder;
+	@Autowired AuthConfiguration authConfig;
+	@Autowired EidasCentralAuthCredentialProvider credentialProvider; 
+	@Autowired IPVP2BasicConfiguration pvpConfiguration;
+	
+	public EidasCentralAuthMetadataController() {
+		super();
+		Logger.debug("Registering servlet " + getClass().getName() 
+				+ " with mappings '" + EidasCentralAuthConstants.ENDPOINT_METADATA 
+				+ "'.");
+		
+	}
+	
+	@RequestMapping(value = EidasCentralAuthConstants.ENDPOINT_METADATA, 
+					method = {RequestMethod.GET})
+	public void getSPMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+		//check PublicURL prefix
+		try {
+			String authURL = HTTPUtils.extractAuthURLFromRequest(req);		
+			if (!authConfig.getPublicURLPrefix().contains(authURL)) {		
+				resp.sendError(HttpServletResponse.SC_FORBIDDEN, "No valid request URL");
+				return;
+				
+			} else {
+				//initialize metadata builder configuration
+				EidasCentralAuthMetadataConfiguration metadataConfig = 
+						new EidasCentralAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration);
+				metadataConfig.setAdditionalRequiredAttributes(getAdditonalRequiredAttributes());
+				
+				
+				//build metadata
+				String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
+				
+				//write response
+				byte[] content = xmlMetadata.getBytes("UTF-8");
+				resp.setStatus(HttpServletResponse.SC_OK);
+				resp.setContentLength(content.length);
+				resp.setContentType(MediaType.XML_UTF_8.toString());
+				resp.getOutputStream().write(content);
+
+			}
+			
+		} catch (Exception e) {
+			Logger.warn("Build federated-authentication PVP metadata FAILED.", e);
+			handleErrorNoRedirect(e, req, resp, false);
+			
+		}
+		
+	}
+
+	private List<Pair<String, Boolean>> getAdditonalRequiredAttributes() {
+		Map<String, String> addReqAttributes = authConfig.getBasicMOAIDConfigurationWithPrefix(EidasCentralAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST);
+		if (addReqAttributes != null) {
+			List<Pair<String, Boolean>> result = new ArrayList<Pair<String, Boolean>>();
+			for (String el : addReqAttributes.values()) {
+				if (MiscUtil.isNotEmpty(el)) {
+					Logger.trace("Parse additional attr. definition: " + el);
+					List<String> attr = KeyValueUtils.getListOfCSVValues(el.trim());
+					if (attr.size() == 2) {						
+						result.add(Pair.newInstance(attr.get(0), Boolean.parseBoolean(attr.get(1))));
+						
+					} else
+						Logger.info("IGNORE additional attr. definition: " + el
+								+ " Reason: Format not valid");
+				}				
+			}
+			
+			return result;
+		}
+				
+		return null;
+	}
+		
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthSignalController.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthSignalController.java
new file mode 100644
index 000000000..1486ef841
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthSignalController.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.text.StringEscapeUtils;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Controller
+public class EidasCentralAuthSignalController extends AbstractProcessEngineSignalController {
+
+	public EidasCentralAuthSignalController() {
+		super();
+		Logger.debug("Registering servlet " + getClass().getName() 
+				+ " with mappings '" + EidasCentralAuthConstants.ENDPOINT_POST 
+				+ "' and '" + EidasCentralAuthConstants.ENDPOINT_REDIRECT + "'.");
+		
+	}
+	
+	@RequestMapping(value = {	EidasCentralAuthConstants.ENDPOINT_POST, 
+								EidasCentralAuthConstants.ENDPOINT_REDIRECT
+							}, 
+					method = {RequestMethod.POST, RequestMethod.GET})
+	public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+		signalProcessManagement(req, resp);
+		
+	}
+	
+	public String getPendingRequestId(HttpServletRequest request) {
+		return StringEscapeUtils.escapeHtml4(request.getParameter("RelayState"));
+		
+	}
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
new file mode 100644
index 000000000..7fb6fb4f8
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
@@ -0,0 +1,164 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.tasks;
+
+import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.xml.security.SecurityException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config.EidasCentralAuthRequestBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("CreateEidasCentrialAuthnRequestTask")
+public class CreateAuthnRequestTask extends AbstractAuthServletTask {
+ 
+	@Autowired PVPAuthnRequestBuilder authnReqBuilder;
+	@Autowired EidasCentralAuthCredentialProvider credential;
+	@Autowired EidasCentralAuthMetadataProvider metadataService;
+	
+	//@Autowired(required=true) ILoALevelMapper loaMapper;	
+	//@Autowired(required=true) MOAMetadataProvider metadataProvider;
+	 
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+		try{
+			//check if eIDAS authentication is enabled for this SP
+			if (!Boolean.parseBoolean(pendingReq.getServiceProviderConfiguration().getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED, String.valueOf(false)))) {
+				Logger.info("eIDAS authentication is NOT enabled for OA: " + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier());
+				throw new MOAIDException("eIDAS authentication is NOT enabled for OA: " + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(), null);
+				
+			}
+						
+			// get entityID for central ms-specific eIDAS node 
+			String msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
+					
+			if (MiscUtil.isEmpty(msNodeEntityID)) {
+				Logger.info("eIDAS authentication not possible -> NO EntityID for central eIDAS node FOUND!");
+				throw new MOAIDException("NO EntityID for central eIDAS node FOUND", null);
+				
+			}
+						
+			//load metadata with metadataURL, as backup
+			String metadataURL = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_METADATAURL);
+			if (MiscUtil.isNotEmpty(metadataURL)) {
+				Logger.warn("Use not recommended metadata-provider initialization!"
+						+ " SAML2 'Well-Known-Location' is the preferred methode.");
+				Logger.info("Initialize 'ms-specific eIDAS node' metadata-provider with URL:" + metadataURL);				
+				metadataService.addMetadataWithMetadataURL(metadataURL);
+				
+			}
+			
+			//load IDP SAML2 entitydescriptor
+			EntityDescriptor entityDesc = metadataService.getEntityDescriptor(msNodeEntityID);											
+			if (entityDesc == null) {
+				Logger.error("Requested 'ms-specific eIDAS node' " + entityDesc 
+						+ " has no valid metadata or metadata is not found");
+				throw new MOAIDException("Requested 'ms-specific eIDAS node' " + entityDesc 
+						+ " has no valid metadata or metadata is not found", null);
+				
+			}
+			
+			//setup AuthnRequestBuilder configuration
+			EidasCentralAuthRequestBuilderConfiguration authnReqConfig = new EidasCentralAuthRequestBuilderConfiguration();
+			authnReqConfig.setIdpEntity(entityDesc);
+			authnReqConfig.setPassive(false);
+			authnReqConfig.setSignCred(credential.getIDPAssertionSigningCredential());
+			authnReqConfig.setSPEntityID(pendingReq.getAuthURL() + EidasCentralAuthConstants.ENDPOINT_METADATA);			
+			authnReqConfig.setQAA_Level(
+					pendingReq.getServiceProviderConfiguration().getConfigurationValue(
+							MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, 
+							EidasCentralAuthConstants.CONFIG_DEFAULT_LOA_EIDAS_LEVEL));
+
+			authnReqConfig.setScopeRequesterId(pendingReq.getServiceProviderConfiguration().getUniqueIdentifier());
+			authnReqConfig.setProviderName(pendingReq.getServiceProviderConfiguration().getFriendlyName());
+			authnReqConfig.setRequestedAttributes(buildRequestedAttributes());
+			
+			//build and transmit AuthnRequest
+			authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response);
+
+		} catch (MOAIDException e) {
+			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+						
+		} catch (MetadataProviderException e) {
+			throw new TaskExecutionException(pendingReq, "Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED.", e);
+
+		} catch (MessageEncodingException | NoSuchAlgorithmException  | SecurityException e) {
+			Logger.error("Build PVP2.1 AuthnRequest for SSO inderfederation FAILED", e);
+			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			
+		} catch (Exception e) {
+			Logger.error("Build PVP2.1 AuthnRequest for SSO inderfederation FAILED", e);
+			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			
+		}
+	}
+
+	private List<EAAFRequestedAttribute> buildRequestedAttributes() {
+		List<EAAFRequestedAttribute> attributs = new ArrayList<EAAFRequestedAttribute>();
+		
+		//build EID sector for identification attribute
+		Attribute attr = PVPAttributeBuilder.buildEmptyAttribute(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME);
+		EAAFRequestedAttribute reqAttr = SAML2Utils.generateReqAuthnAttributeSimple(
+				attr , 
+				true, 
+				pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());	
+		attributs.add(reqAttr );		
+		
+		return attributs;
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
new file mode 100644
index 000000000..f9686029f
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
@@ -0,0 +1,272 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.tasks;
+
+import java.io.IOException;
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
+
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.security.SecurityException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("ReceiveFederatedAuthnResponseTask")
+public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
+
+	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
+	@Autowired private EidasCentralAuthCredentialProvider credentialProvider; 
+	@Autowired(required=true) EidasCentralAuthMetadataProvider metadataProvider;
+	
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {		
+		InboundMessage msg = null;
+		
+		try {
+			
+			IDecoder decoder = null; 
+			EAAFURICompare comperator = null;
+			//select Response Binding
+			if (request.getMethod().equalsIgnoreCase("POST")) {
+				decoder = new PostBinding();
+				comperator = new EAAFURICompare(pendingReq.getAuthURL() + EidasCentralAuthConstants.ENDPOINT_POST);
+				Logger.trace("Receive PVP Response from 'ms-specific eIDAS node', by using POST-Binding.");
+				
+			}  else if (request.getMethod().equalsIgnoreCase("GET")) {
+				decoder = new RedirectBinding();
+				comperator = new EAAFURICompare(pendingReq.getAuthURL() + EidasCentralAuthConstants.ENDPOINT_REDIRECT);
+				Logger.trace("Receive PVP Response from 'ms-specific eIDAS node', by using Redirect-Binding.");
+				
+			} else {
+				Logger.warn("Receive PVP Response, but Binding (" 
+						+ request.getMethod() + ") is not supported.");
+				throw new AuthnResponseValidationException("sp.pvp2.03", new Object[] {EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING});
+				
+			}
+			
+			//decode PVP response object
+			msg = (InboundMessage) decoder.decode(
+					request, response, metadataProvider, true,
+					comperator);
+			 
+			if (MiscUtil.isEmpty(msg.getEntityID())) {
+				throw new InvalidProtocolRequestException("sp.pvp2.04", 
+						new Object[] {EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING},
+						"NO configuration for SP entityID: " + msg.getEntityID());
+				
+			}
+
+			//validate response signature
+			if(!msg.isVerified()) {
+				samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
+				msg.setVerified(true);
+								
+			}
+			
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE);
+			
+			//validate assertion
+			PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg);
+			
+			//validate entityId of response
+			String msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
+			String respEntityId = msg.getEntityID();
+			if (!msNodeEntityID.equals(respEntityId)) {
+				Logger.warn("Response Issuer is not a 'ms-specific eIDAS node'. Stopping eIDAS authentication ...");
+				throw new AuthnResponseValidationException("sp.pvp2.08", 
+						new Object[] {EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING,
+								msg.getEntityID()});
+				
+			}
+									
+			//initialize Attribute extractor
+			AssertionAttributeExtractor extractor = 
+					new AssertionAttributeExtractor((Response) processedMsg.getResponse());
+															
+			getAuthDataFromInterfederation(extractor, pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class));	
+							
+			//store pending-request
+			requestStoreage.storePendingRequest(pendingReq);
+			
+			//write log entries
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_REVEIVED);				
+			Logger.info("Receive a valid assertion from IDP " + msg.getEntityID()); 
+											
+		} catch (MessageDecodingException | SecurityException e) {
+			String samlRequest = request.getParameter("SAMLRequest");			
+			Logger.warn("Receive INVALID PVP Response from 'ms-specific eIDAS node': " + samlRequest, e);
+			throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from federated IDP", e);
+
+		} catch (IOException | MarshallingException | TransformerException e) {
+			Logger.warn("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
+			
+		} catch (CredentialsNotAvailableException e) {
+			Logger.error("PVP response decrytion FAILED. No credential found.", e);
+			throw new TaskExecutionException(pendingReq, "PVP response decrytion FAILED. No credential found.", e);
+
+		} catch (AssertionValidationExeption | AuthnResponseValidationException e) {
+			Logger.info("PVP response validation FAILED. Msg:" + e.getMessage());			
+			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
+									
+		} catch (Exception e) {
+			Logger.warn("PVP response validation FAILED. Msg:" + e.getMessage(), e);			
+			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
+			
+		}
+
+	}
+	
+	private void getAuthDataFromInterfederation(AssertionAttributeExtractor extractor, IOAAuthParameters spConfig) throws BuildException, ConfigurationException{		
+		try {																		
+			//check if all attributes are include
+			if (!extractor.containsAllRequiredAttributes() 
+					&& !extractor.containsAllRequiredAttributes(EidasCentralAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES)) {
+				Logger.warn("PVP Response from federated IDP contains not all requested attributes.");
+				throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING});
+				
+			}
+			
+			//copy attributes into MOASession
+			Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
+			for (String el : includedAttrNames) {
+				String value = extractor.getSingleAttributeValue(el);				 				
+				pendingReq.setGenericDataToSession(el, value);				
+				Logger.debug("Add PVP-attribute " + el + " into MOASession");
+				
+			}
+												
+		} catch (AssertionValidationExeption e) {
+			throw new BuildException("builder.06", null, e);
+			
+		} catch (EAAFStorageException e) {
+			throw new BuildException("builder.06", null, e);
+			
+		}
+	}
+	
+	/**
+	 * @param executionContext
+	 * @param idpConfig
+	 * @param message 
+	 * @param objects 
+	 * @throws TaskExecutionException 
+	 * @throws Throwable 
+	 */
+	private void handleAuthnResponseValidationProblem(ExecutionContext executionContext, IOAAuthParameters idpConfig, Throwable e) throws TaskExecutionException {
+
+		if (idpConfig != null && idpConfig.isPerformLocalAuthenticationOnInterfederationError()) {
+			Logger.info("Switch to local authentication on this IDP ... ");
+		
+			executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_REQUIRELOCALAUTHENTICATION, true);
+			executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, true);
+		
+			executionContext.remove(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH);
+			
+		} else {
+			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
+			
+		}
+		
+	}
+	
+	/**
+	 * PreProcess AuthResponse and Assertion 
+	 * @param msg
+	 * @throws TransformerException 
+	 * @throws MarshallingException 
+	 * @throws IOException 
+	 * @throws CredentialsNotAvailableException 
+	 * @throws AssertionValidationExeption 
+	 * @throws AuthnResponseValidationException 
+	 */
+	private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException {
+		Logger.debug("Start PVP21 assertion processing... ");
+		Response samlResp = (Response) msg.getResponse();
+
+		// check SAML2 response status-code
+		if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {				
+			//validate PVP 2.1 assertion
+			samlVerificationEngine.validateAssertion(samlResp, true, 
+					credentialProvider.getIDPAssertionEncryptionCredential(),
+					pendingReq.getAuthURL() + EidasCentralAuthConstants.ENDPOINT_METADATA,
+					EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING);
+
+			msg.setSAMLMessage(SAML2Utils.asDOMDocument(samlResp).getDocumentElement());
+			return msg;
+				
+		} else {
+			Logger.info("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue() 
+				+ " from 'ms-specific eIDAS node'.");
+			throw new AuthnResponseValidationException("sp.pvp2.05", 
+					new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING, samlResp.getIssuer().getValue(), samlResp.getStatus().getStatusCode().getValue()});
+					
+		}
+								
+	}	
+
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthCredentialProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthCredentialProvider.java
new file mode 100644
index 000000000..f2f8530f6
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthCredentialProvider.java
@@ -0,0 +1,124 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+
+/**
+ * @author tlenz
+ *
+ */
+@Service("EidasCentralAuthCredentialProvider")
+public class EidasCentralAuthCredentialProvider extends AbstractCredentialProvider {
+
+	@Autowired AuthConfiguration authConfig;
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath()
+	 */
+	@Override
+	public String getKeyStoreFilePath() throws ConfigurationException {
+		return FileUtils.makeAbsoluteURL(
+					authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTORE), 
+					authConfig.getRootConfigFileDir());
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStorePassword()
+	 */
+	@Override
+	public String getKeyStorePassword() {
+		return authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim();
+
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getMetadataKeyAlias()
+	 */
+	@Override
+	public String getMetadataKeyAlias() {
+		return authConfig.getBasicConfiguration(
+				EidasCentralAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD).trim();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getMetadataKeyPassword()
+	 */
+	@Override
+	public String getMetadataKeyPassword() {
+		return authConfig.getBasicConfiguration(
+				EidasCentralAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD).trim();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getSignatureKeyAlias()
+	 */
+	@Override
+	public String getSignatureKeyAlias() {
+		return authConfig.getBasicConfiguration(
+				EidasCentralAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD).trim();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getSignatureKeyPassword()
+	 */
+	@Override
+	public String getSignatureKeyPassword() {
+		return authConfig.getBasicConfiguration(
+				EidasCentralAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD).trim();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getEncryptionKeyAlias()
+	 */
+	@Override
+	public String getEncryptionKeyAlias() {
+		return authConfig.getBasicConfiguration(
+				EidasCentralAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD).trim();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getEncryptionKeyPassword()
+	 */
+	@Override
+	public String getEncryptionKeyPassword() {
+		return authConfig.getBasicConfiguration(
+				EidasCentralAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD).trim();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getCredentialName()
+	 */
+	@Override
+	public String getFriendlyName() {
+		return "eIDAS centrial authentication";
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java
new file mode 100644
index 000000000..5cee90658
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java
@@ -0,0 +1,345 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils;
+
+import java.net.MalformedURLException;
+import java.util.List;
+import java.util.Timer;
+
+import javax.xml.namespace.QName;
+
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.IDestroyableObject;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+
+@Service("EidasCentralAuthMetadataProvider")
+public class EidasCentralAuthMetadataProvider extends SimpleMetadataProvider
+	implements IDestroyableObject {
+	@Autowired(required=true) AuthConfiguration moaAuthConfig;
+		
+	private ChainingMetadataProvider metadataProvider = new ChainingMetadataProvider();
+	private Timer timer = null;
+	
+
+	public EidasCentralAuthMetadataProvider() {		
+		metadataProvider.setRequireValidMetadata(true);
+		
+	}
+
+	public void addMetadataWithMetadataURL(String metadataURL) throws MetadataProviderException {
+		internalInitialize(metadataURL);
+					
+	}
+	
+	public void destroy() {
+		fullyDestroy();
+		
+	}
+	
+	
+		
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#requireValidMetadata()
+	 */
+	@Override
+	public boolean requireValidMetadata() {
+			return metadataProvider.requireValidMetadata();
+			
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#setRequireValidMetadata(boolean)
+	 */
+	@Override
+	public void setRequireValidMetadata(boolean requireValidMetadata) {	
+			metadataProvider.setRequireValidMetadata(requireValidMetadata);
+					
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadataFilter()
+	 */
+	@Override
+	public MetadataFilter getMetadataFilter() {	
+			return metadataProvider.getMetadataFilter();
+			
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#setMetadataFilter(org.opensaml.saml2.metadata.provider.MetadataFilter)
+	 */
+	@Override
+	public void setMetadataFilter(MetadataFilter newFilter) throws MetadataProviderException {
+		Logger.fatal("Set Metadata Filter is not implemented her!");
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadata()
+	 */
+	@Override
+	public XMLObject getMetadata() throws MetadataProviderException {		
+		return metadataProvider.getMetadata();
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getEntitiesDescriptor(java.lang.String)
+	 */
+	@Override
+	public EntitiesDescriptor getEntitiesDescriptor(String name) throws MetadataProviderException {
+		return metadataProvider.getEntitiesDescriptor(name);
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getEntityDescriptor(java.lang.String)
+	 */
+	@Override
+	public EntityDescriptor getEntityDescriptor(String entityID) throws MetadataProviderException {
+		try {
+			//search if metadata is already loaded
+			EntityDescriptor entityDesc =  metadataProvider.getEntityDescriptor(entityID);
+			
+			if (entityDesc != null)
+				return entityDesc;
+			else
+				Logger.info("No ms-specific eIDAS node: " + entityID + " Starting refresh process ...");
+						
+		} catch (MetadataProviderException e) {
+			Logger.info("Access ms-specific eIDAS node: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ...");
+			
+		}
+
+		//(re)initialize ms-specific eIDAS node
+		internalInitialize(entityID);
+				
+		//search again after reload (re)initialization
+		try {
+			EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID);
+			if (entityDesc == null) {
+				Logger.error("MS-specific eIDAS node Client ERROR: No EntityID with "+ entityID);
+				throw new MetadataProviderException("No EntityID with "+ entityID);
+			}
+			
+			return entityDesc;
+			
+		} catch (MetadataProviderException e) {
+			Logger.error("MS-specific eIDAS node Client ERROR: Metadata extraction FAILED.", e);
+			throw new MetadataProviderException("Metadata extraction FAILED", e);
+			
+		}
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName)
+	 */
+	@Override
+	public List<RoleDescriptor> getRole(String entityID, QName roleName) throws MetadataProviderException {
+		try {
+			//search if metadata is already loaded
+			List<RoleDescriptor> role = metadataProvider.getRole(entityID, roleName);
+			
+			if (role != null)
+				return role;
+			else
+				Logger.info("No ms-specific eIDAS node: " + entityID + " Starting refresh process ...");
+						
+		} catch (MetadataProviderException e) {
+			Logger.info("Access ms-specific eIDAS node: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ...");
+			
+		}
+
+		//(re)initialize ms-specific eIDAS node
+		internalInitialize(entityID);
+		
+		//search again after reload (re)initialization
+		return metadataProvider.getRole(entityID, roleName);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName, java.lang.String)
+	 */
+	@Override
+	public RoleDescriptor getRole(String entityID, QName roleName, String supportedProtocol)
+			throws MetadataProviderException {		
+		try {
+			//search if metadata is already loaded
+			RoleDescriptor role = metadataProvider.getRole(entityID, roleName, supportedProtocol);
+			
+			if (role != null)
+				return role;
+			else
+				Logger.info("No ms-specific eIDAS node: " + entityID + " Starting refresh process ...");
+						
+		} catch (MetadataProviderException e) {
+			Logger.info("Access ms-specific eIDAS node: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ...");
+			
+		}
+
+		//(re)initialize ms-specific eIDAS node
+		internalInitialize(entityID);
+		
+		//search again after reload (re)initialization
+		return metadataProvider.getRole(entityID, roleName, supportedProtocol);
+	}
+	
+	private synchronized void internalInitialize(String metdataURL) throws MetadataProviderException {
+		
+		//check if metadata with EntityID already exists in chaining metadata provider
+		boolean addNewMetadata = true;
+		try {
+			addNewMetadata = (metadataProvider.getEntityDescriptor(metdataURL) == null);
+						
+		} catch (MetadataProviderException e) {}
+
+		//switch between metadata refresh and add new metadata		
+		if (addNewMetadata) {
+			//Metadata provider seems not loaded --> Add new metadata provider
+			Logger.info("Initialize PVP MetadataProvider:" + metdataURL + " to connect ms-specific eIDAS node");
+		
+			String trustProfileID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_TRUSTPROFILEID);
+			if (MiscUtil.isEmpty(trustProfileID)) {
+				Logger.error("Create ms-specific eIDAS node Client FAILED: No trustProfileID to verify PVP metadata." );
+				throw new MetadataProviderException("No trustProfileID to verify PVP metadata.");
+			}
+		
+			//initialize Timer if it is null
+			if (timer == null)
+				timer = new Timer(true);
+				
+			//create metadata validation filter chain
+			MetadataFilterChain filter = new MetadataFilterChain();
+			filter.addFilter(new SchemaValidationFilter(true));
+			filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID));
+		
+			MetadataProvider idpMetadataProvider = createNewSimpleMetadataProvider(metdataURL, 
+					filter, 
+					EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING,					
+					timer,
+					new BasicParserPool(),
+					createHttpClient(metdataURL));
+			
+			if (idpMetadataProvider == null) {
+				Logger.error("Create ms-specific eIDAS node Client FAILED.");
+				throw new MetadataProviderException("Can not initialize 'ms-specific eIDAS node' metadata provider.");
+			
+			}
+		
+			idpMetadataProvider.setRequireValidMetadata(true);
+			metadataProvider.addMetadataProvider(idpMetadataProvider);	
+			
+		} else {
+			//Metadata provider seems already loaded --> start refresh process
+			List<MetadataProvider> loadedProvider = metadataProvider.getProviders();
+			for (MetadataProvider el : loadedProvider) {
+				if (el instanceof HTTPMetadataProvider) {
+					HTTPMetadataProvider prov = (HTTPMetadataProvider)el;
+					if (prov.getMetadataURI().equals(metdataURL))
+						prov.refresh();
+										
+				} else
+					Logger.warn("'ms-specific eIDAS node' Metadata provider is not of Type 'HTTPMetadataProvider'! Something is suspect!!!!");
+								
+			}			
+		}
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.IDestroyableObject#fullyDestroy()
+	 */
+	@Override
+	public void fullyDestroy() {
+		Logger.info("Destroy 'ms-specific eIDAS node' PVP metadata pool ... ");
+		
+		if (metadataProvider != null) {
+			metadataProvider.destroy();
+			
+		}
+		
+		if (timer != null)
+			timer.cancel();
+		
+	}
+	
+	private HttpClient createHttpClient(String metadataURL) {					
+		MOAHttpClient httpClient = new MOAHttpClient();		
+		HttpClientParams httpClientParams = new HttpClientParams();
+		httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+		httpClient.setParams(httpClientParams);
+		
+		if (metadataURL.startsWith("https:")) {
+			try {
+				//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
+				MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+						PVPConstants.SSLSOCKETFACTORYNAME, 
+						moaAuthConfig.getTrustedCACertificates(),
+						null,
+						AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
+						moaAuthConfig.isTrustmanagerrevoationchecking(),
+						moaAuthConfig.getRevocationMethodOrder(),
+						moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+								AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
+				
+				httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+
+			} catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) {
+				Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
+				
+			}
+		}
+		
+		return httpClient;
+				
+	}
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
new file mode 100644
index 000000000..5954455a4
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
@@ -0,0 +1 @@
+at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthSpringResourceProvider
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/eIDAS_central_node_auth.process.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/eIDAS_central_node_auth.process.xml
new file mode 100644
index 000000000..02bf7bcad
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/eIDAS_central_node_auth.process.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="centrialEidasAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
+
+	<pd:Task id="createEidasAuthnRequest" 	class="CreateEidasCentrialAuthnRequestTask" />
+	<pd:Task id="receiveEidasAuthnResponse"	class="ReceiveEidasCentrialAuthnResponseTask" async="true" />
+	<pd:Task id="finalizeAuthentication" 	class="FinalizeAuthenticationTask" />	
+
+	<pd:StartEvent id="start" />
+			
+	<pd:Transition from="start"						to="createEidasAuthnRequest" />	
+	<pd:Transition from="createEidasAuthnRequest" 	to="receiveEidasAuthnResponse"/>
+	<pd:Transition from="receiveEidasAuthnResponse" to="finalizeAuthentication"/>	
+	<pd:Transition from="finalizeAuthentication"    to="end" />			
+	
+	<pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml
new file mode 100644
index 000000000..9c6ee3c67
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xmlns:tx="http://www.springframework.org/schema/tx"
+	xmlns:aop="http://www.springframework.org/schema/aop"
+	xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+ 
+
+<!-- Federated authentication services -->
+	<bean id="EidasCentralAuthCredentialProvider"
+	      		class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider"/>
+
+	<bean	id="EidasCentralAuthMetadataController"
+				class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller.EidasCentralAuthMetadataController"/>
+				
+	<bean	id="EidasCentralAuthModuleImpl"
+				class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthModuleImpl"/>				
+	
+	<bean	id="EidasCentralAuthSignalController"
+				class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller.EidasCentralAuthSignalController"/>
+	
+	<bean	id="EidasCentralAuthMetadataProvider"
+				class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider" />
+	
+	<bean 	id="pvpAuthnRequestBuilder"
+				class="at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder" />
+	
+<!-- Federated Authentication Process Tasks -->
+	<bean id="CreateEidasCentrialAuthnRequestTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.tasks.CreateAuthnRequestTask"
+				scope="prototype"/>
+				
+	<bean id="ReceiveEidasCentrialAuthnResponseTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.tasks.ReceiveAuthnResponseTask"
+				scope="prototype"/>
+																								
+</beans>
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java
new file mode 100644
index 000000000..db072203d
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java
@@ -0,0 +1,5 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder;
+
+public @interface eIDASMetadata {
+
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
index 719629936..6548f9fcf 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
@@ -40,6 +40,7 @@ import org.opensaml.xml.security.credential.Credential;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
 import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
 import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
@@ -302,10 +303,20 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest
 	}
 
 	@Override
-	public List<String> getRequestedAttributes() {
+	public List<EAAFRequestedAttribute> getRequestedAttributes() {
 		return null;
 		
 	}
+
+	@Override
+	public String getProviderName() {
+		return null;
+	}
+
+	@Override
+	public String getScopeRequesterId() {
+		return null;
+	}
 	
 		
 }
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
index e9c3115fe..50da5187b 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
@@ -30,6 +30,7 @@ import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.xml.security.credential.Credential;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
 import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 
@@ -210,10 +211,20 @@ public class FederatedAuthnRequestBuilderConfiguration implements IPVPAuthnReque
 	}
 
 	@Override
-	public List<String> getRequestedAttributes() {
+	public List<EAAFRequestedAttribute> getRequestedAttributes() {
 		return null;
 		
 	}
 
+	@Override
+	public String getProviderName() {
+		return null;
+	}
+
+	@Override
+	public String getScopeRequesterId() {
+		return null;
+	}
+
 	
 }
diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml
index a9aed2d24..06c9a341a 100644
--- a/id/server/modules/pom.xml
+++ b/id/server/modules/pom.xml
@@ -36,6 +36,7 @@
 		<module>moa-id-module-bkaMobilaAuthSAML2Test</module>
    		
    		<module>moa-id-module-sl20_authentication</module>
+    <module>moa-id-module-AT_eIDAS_connector</module>
   </modules>
 	
 	<dependencies>
diff --git a/pom.xml b/pom.xml
index 2faf73b09..8d7773b5a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -566,6 +566,12 @@
 				<groupId>MOA.id.server.modules</groupId>
 				<artifactId>moa-id-module-sl20_authentication</artifactId>
 				<version>${moa-id-version}</version>
+			</dependency>
+			
+			<dependency>
+				<groupId>MOA.id.server.modules</groupId>
+				<artifactId>moa-id-module-AT_eIDAS_connector</artifactId>
+				<version>${moa-id-version}</version>
 			</dependency>				   			                         
 			   			                         
              <dependency>
-- 
cgit v1.2.3


From 56ae5a8050fa116061eb00be9057abefd0428521 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 3 Jul 2018 15:36:46 +0200
Subject: rename eIDAS LoA constants

---
 .../id/auth/builder/AuthenticationDataBuilder.java |  6 +++---
 .../id/config/auth/OAAuthParameterDecorator.java   | 14 ++++++++++---
 .../config/auth/data/DynamicOAAuthParameters.java  | 14 +++++++++++--
 .../resources/properties/id_messages_de.properties |  2 +-
 .../EidasCentralAuthConstants.java                 |  2 +-
 .../tasks/CreateAuthnRequestTask.java              |  2 ++
 .../data/SSOTransferOnlineApplication.java         | 23 ++++++++++++++++------
 7 files changed, 47 insertions(+), 16 deletions(-)

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index b6f78119c..b60162f35 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -224,7 +224,7 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 						authData.setQAALevel(currentLoA);
 						authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(currentLoA));
 
-					} else if (currentLoA.startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) {
+					} else if (currentLoA.startsWith(EAAFConstants.EIDAS_LOA_PREFIX)) {
 						authData.setQAALevel(loaLevelMapper.mapeIDASQAAToSTORKQAA(currentLoA));
 						authData.seteIDASLoA(currentLoA);
 										
@@ -242,9 +242,9 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 			
 			//if no QAA level is set in MOASession then set default QAA level  
 			if (MiscUtil.isEmpty(authData.getEIDASQAALevel())) {														
-				Logger.info("No QAA level found. Set to default level " + EAAFConstants.EIDAS_QAA_LOW);
+				Logger.info("No QAA level found. Set to default level " + EAAFConstants.EIDAS_LOA_LOW);
 				authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + "1");
-				authData.seteIDASLoA(EAAFConstants.EIDAS_QAA_LOW);
+				authData.seteIDASLoA(EAAFConstants.EIDAS_LOA_LOW);
 						
 			}
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
index 97d1e7132..6ecba5820 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
@@ -59,6 +59,7 @@ import java.util.Set;
 
 import org.apache.commons.lang.SerializationUtils;
 
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
@@ -940,10 +941,18 @@ public String getUniqueIdentifier() {
 
 
 @Override
-public String getMinimumLevelOfAssurence() {
-	return getQaaLevel();
+public List<String> getRequiredLoA() {
+	String loa = getQaaLevel();
+	if (loa != null)
+		return Arrays.asList(loa);
+	else 
+		return null;
 }
 
+@Override
+public String getLoAMatchingMode() {
+	return EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM;
+}
 
 @Override
 public String getConfigurationValue(String key) {
@@ -981,5 +990,4 @@ public boolean isConfigurationValue(String key, boolean defaultValue) {
 	
 }
 
-
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index 76a53ee40..86235a26d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -24,10 +24,12 @@ package at.gv.egovernment.moa.id.config.auth.data;
 
 import java.io.Serializable;
 import java.security.PrivateKey;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.List;
 import java.util.Map;
 
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
@@ -555,8 +557,11 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 	}
 
 	@Override
-	public String getMinimumLevelOfAssurence() {
-		return getQaaLevel();
+	public List<String> getRequiredLoA() {
+		if (getQaaLevel() != null)
+			return Arrays.asList(getQaaLevel());
+		else 
+			return null;
 	}
 
 	@Override
@@ -577,5 +582,10 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 		return false;
 	}
 
+	@Override
+	public String getLoAMatchingMode() {
+		return EAAFConstants.EIDAS_LOA_MATCHING_MINIMUM;
+	}
+
 	
 }
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 9cc4b0b5e..03814463e 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -293,7 +293,7 @@ pvp2.13=Interner Server Fehler
 pvp2.14=SAML Anfrage verweigert
 pvp2.15=Keine Metadateninformation gefunden
 pvp2.16=Fehler beim verschl\u00FCsseln der PVP2 Assertion
-pvp2.17=Der QAA Level {0} entspricht nicht dem angeforderten QAA Level {1}
+pvp2.17=Der QAA Level {0} entspricht nicht dem angeforderten QAA Level {1} im Matching-Mode {2}
 pvp2.18=Es konnten nicht alle Single Sign-On Sessions beendet werden.
 pvp2.19=Der Single LogOut Vorgang musste wegen eines unkorregierbaren Fehler abgebrochen werden. 
 pvp2.20=F\u00FCr die im Request angegebene EntityID konnten keine g\u00FCltigen Metadaten gefunden werden.
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
index e8694383f..55864f3c9 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
@@ -61,7 +61,7 @@ public class EidasCentralAuthConstants {
 	public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "node.trustprofileID";	
 	
 	
-	public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EAAFConstants.EIDAS_QAA_HIGH;	
+	public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EAAFConstants.EIDAS_LOA_HIGH;	
 	public static final List<Trible<String, String, Boolean>> DEFAULT_REQUIRED_PVP_ATTRIBUTES = 
 			Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
 				private static final long serialVersionUID = 1L;
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
index 7fb6fb4f8..08ae845cb 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
@@ -158,6 +158,8 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 				pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());	
 		attributs.add(reqAttr );		
 		
+		//TODO: add mandate information if mandates are used!!!!
+		
 		return attributs;
 	}
 
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
index 8c024e79c..611771188 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
@@ -40,6 +40,11 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
  */
 public class SSOTransferOnlineApplication implements IOAAuthParameters {
 
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1L;
+
 	public SSOTransferOnlineApplication() {
 		
 	}
@@ -405,12 +410,6 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters {
 		return false;
 	}
 
-	@Override
-	public String getMinimumLevelOfAssurence() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
 	@Override
 	public List<String> getTargetsWithNoBaseIdInternalProcessingRestriction() {
 		// TODO Auto-generated method stub
@@ -465,4 +464,16 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters {
 		return false;
 	}
 
+	@Override
+	public List<String> getRequiredLoA() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getLoAMatchingMode() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
 }
-- 
cgit v1.2.3


From 3535ae9500b29d0b2d0f317ea7f47a6c25c6f70e Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 10 Jul 2018 16:53:03 +0200
Subject: some small updates and handbook update

---
 .../resources/applicationResources_de.properties   |   8 +-
 .../resources/applicationResources_en.properties   |   8 +-
 .../data/deploy/conf/moa-id/moa-id.properties      |  36 +-
 .../conf/moa-spss/SampleMOASPSSConfiguration.xml   |   3 +
 id/server/doc/handbook/additional/additional.html  |  25 ++
 id/server/doc/handbook/config/config.html          | 414 ++++-----------------
 .../id/advancedlogging/MOAIDEventConstants.java    |   8 +-
 .../moa/id/advancedlogging/MOAReversionLogger.java |   6 +
 .../EidasCentralAuthConstants.java                 |   2 +-
 ...idasCentralAuthRequestBuilderConfiguration.java |  12 +-
 .../tasks/CreateAuthnRequestTask.java              |  10 +
 .../tasks/ReceiveAuthnResponseTask.java            |  39 +-
 12 files changed, 179 insertions(+), 392 deletions(-)

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index 4b29f901a..030a30adc 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -152,7 +152,7 @@ webpages.moaconfig.moasp.url=URL zum MOA-SP Service
 webpages.moaconfig.identitylinksigners=IdentityLinkSigners
 webpages.moaconfig.services.header=Externe Services
 webpages.moaconfig.services.mandates=Online-Vollmachten Service URLs (CSV)
-webpages.moaconfig.services.szrgw=SZR Gateway Service URLs (CSV)
+webpages.moaconfig.services.szrgw=Zentraler nationaler eIDAS Connector URLs (CSV)
 webpages.moaconfig.services.elgamandateservice=ELGA Mandate Service EntityIDs (CSV)
 webpages.moaconfig.sso.header=Single Sign-On
 webpages.moaconfig.sso.PublicUrl=SSO Service URL-Prefix
@@ -263,8 +263,8 @@ webpages.oaconfig.general.aditional.useUTC=UTC Zeit verwenden
 webpages.oaconfig.general.aditional.calculateHPI="TODO!"
 webpages.oaconfig.general.isHideBPKAuthBlock=bPK/wbPK im AuthBlock ausblenden
 
-webpages.oaconfig.general.szrgw.header=SZR-Gateway Service
-webpages.oaconfig.general.szrgw.selected=SZR-Gateway Service URL
+webpages.oaconfig.general.szrgw.header=Zentraler nationaler eIDAS Connector
+webpages.oaconfig.general.szrgw.selected=URL zum zentralen eIDAS Connector
 
 webpages.oaconfig.menu.saml1.show=SAML1 Konfiguration einblenden
 webpages.oaconfig.menu.saml1.hidden=SAML1 Konfiguration ausblenden
@@ -409,7 +409,7 @@ validation.general.IdentityLinkSigners.empty=Es wurde kein IdentityLinkSigner an
 validation.general.IdentityLinkSigners.valid=Der IdentityLinkSigner in der Zeile {0} enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {1}
 validation.general.mandateservice.valid=Die URL {0} zum Online-Vollmachten Service hat kein g\u00F6ltiges Format.
 validation.general.elga.mandateservice.valid=Die EntityID {0} zum ELGA Vertretungsservice hat kein g\u00F6ltiges Format.
-validation.general.szrgw.url.valid=Die URL {0} des SZR Gateways hat kein g\u00F6ltiges Format.
+validation.general.szrgw.url.valid=Die URL {0} des zentralen eIDAS Connectors hat kein g\u00F6ltiges Format.
 validation.general.moasp.auth.transformation.empty=Die Transformation f\u00F6r den Authentfizierungsblock ist leer.
 validation.general.moasp.auth.transformation.valid=Die Transformation f\u00F6r den Authentfizierungsblock  in der Zeile {0} enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {1}
 validation.general.moasp.auth.trustprofile.empty=Das TrustProfile zur Pr\u00F6fung des Authentfizierungsblock ist leer.
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index d642994de..cf87394b9 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -151,7 +151,7 @@ webpages.moaconfig.moasp.url=URL for MOA-SP Service
 webpages.moaconfig.identitylinksigners=IdentityLinkSigners
 webpages.moaconfig.services.header=External Services
 webpages.moaconfig.services.mandates=Online-Mandate Service URLs (CSV)
-webpages.moaconfig.services.szrgw=SZR Gateway Service URLs (CSV)
+webpages.moaconfig.services.szrgw=Central national eIDAS Conenctor URLs (CSV)
 webpages.moaconfig.services.elgamandateservice=ELGA Mandate Service EntityIDs (CSV)
 webpages.moaconfig.sso.header=Single Sign-On
 webpages.moaconfig.sso.PublicUrl=SSO Service URL-Prefix
@@ -269,8 +269,8 @@ webpages.oaconfig.general.aditional.useUTC=Use UTC time
 webpages.oaconfig.general.aditional.calculateHPI="TODO!"
 webpages.oaconfig.general.isHideBPKAuthBlock=Hide bPK/wbPK from AuthBlock
 
-webpages.oaconfig.general.szrgw.header=SZR-Gateway Service
-webpages.oaconfig.general.szrgw.selected=SZR-Gateway Service URL
+webpages.oaconfig.general.szrgw.header=Central national eIDAS Connector
+webpages.oaconfig.general.szrgw.selected=URL to central eIDAS Connector
 
 webpages.oaconfig.menu.saml1.show=Show SAML1 configuration
 webpages.oaconfig.menu.saml1.hidden=Hide SAML1 configuration
@@ -408,7 +408,7 @@ validation.general.IdentityLinkSigners.empty=There is no IdentityLinkSigner give
 validation.general.IdentityLinkSigners.valid=IdentityLinkSigner in the line {0} contains forbidden characters. The following characters are not allowed\: {1}
 validation.general.mandateservice.valid=URL {0} for Online-Mandating Service has invalid format.
 validation.general.elga.mandateservice.valid=EntityID {0} for ELGA Mandate-Service has invalid format.
-validation.general.szrgw.url.valid=URL {0} for SZR Gateway has invalid format.
+validation.general.szrgw.url.valid=URL {0} for central eIDAs Connector has invalid format.
 validation.general.moasp.auth.transformation.empty=Transformation for authentication block is blank.
 validation.general.moasp.auth.transformation.valid=Transformation for authentication block in the line {0} contians forbidden characters. The following characters are not allowed\: {1}
 validation.general.moasp.auth.trustprofile.empty=TrustProfile for checking of authentication block is blank.
diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
index fa6bccef0..e8cdcf74d 100644
--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
+++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
@@ -27,22 +27,11 @@ configuration.monitoring.test.identitylink.url=$PATH_TO_CONFIG$/conf/moa-id/moni
 #MOA-ID 3.x Advanced Logging
 configuration.advancedlogging.active=false
 
-##Webservice Client Configuration
-#MOA-SP webservice
-#service.moasp.acceptedServerCertificates=
-#service.moasp.clientKeyStore=
-#service.moasp.clientKeyStorePassword=
-
 #Online mandates webservice (MIS)
 service.onlinemandates.acceptedServerCertificates=
 service.onlinemandates.clientKeyStore=keys/....
 service.onlinemandates.clientKeyStorePassword=
 
-#Foreign Identities (SZRGW)
-service.foreignidentities.acceptedServerCertificates=
-service.foreignidentities.clientKeyStore=keys/....
-service.foreignidentities.clientKeyStorePassword=
-
 ##Protocol configuration##
 #PVP2
 protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
@@ -61,6 +50,31 @@ protocols.oauth20.jwt.ks.password=password
 protocols.oauth20.jwt.ks.key.name=oauth
 protocols.oauth20.jwt.ks.key.password=password
 
+
+
+######## central eIDAS-node connector module ##########
+modules.eidascentralauth.keystore.path=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
+modules.eidascentralauth.keystore.password=password
+modules.eidascentralauth.metadata.sign.alias=pvp_metadata
+modules.eidascentralauth.metadata.sign.password=password
+modules.eidascentralauth.request.sign.alias=pvp_assertion 
+modules.eidascentralauth.request.sign.password=password
+modules.eidascentralauth.response.encryption.alias=pvp_assertion 
+modules.eidascentralauth.response.encryption.password=password
+ 
+modules.eidascentralauth.node.trustprofileID=centralnode_metadata
+
+
+#modules.eidascentralauth.required.additional.attributes.0=urn:oid:1.2.40.0.10.2.1.1.261.36,false
+#modules.eidascentralauth.required.additional.attributes.1=urn:oid:1.2.40.0.10.2.1.1.261.104,false
+#modules.eidascentralauth.required.additional.attributes.2=urn:oid:1.2.40.0.10.2.1.1.261.38,false
+
+##########################################################
+
+
+
+
+
 ##Database configuration##
 configuration.database.byteBasedValues=false
 
diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
index 31fc8a16c..18952eaf7 100644
--- a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
@@ -64,6 +64,9 @@
 				<cfg:Id>PVP_metadata</cfg:Id>
 					<cfg:TrustAnchorsLocation>trustProfiles/PVP_metadata</cfg:TrustAnchorsLocation>
 				</cfg:TrustProfile>
+        <cfg:Id>centralnode_metadata</cfg:Id>
+					<cfg:TrustAnchorsLocation>trustProfiles/centralnode_metadata</cfg:TrustAnchorsLocation>
+				</cfg:TrustProfile>
 			</cfg:PathValidation>
 			<cfg:RevocationChecking>
 				<cfg:EnableChecking>true</cfg:EnableChecking>
diff --git a/id/server/doc/handbook/additional/additional.html b/id/server/doc/handbook/additional/additional.html
index 9e3cdf11e..557f3d528 100644
--- a/id/server/doc/handbook/additional/additional.html
+++ b/id/server/doc/handbook/additional/additional.html
@@ -610,6 +610,31 @@
       <td valign="top">&nbsp;</td>
       <td valign="top">Personenbindung f&uuml;r Authentifizierung &uuml;ber eIDAS Node erstellt</td>
     </tr>
+    <tr>
+      <td valign="top">6200</td>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">Anmeldung via nationalen zentralen eIDAS Knoten gestartet</td>
+    </tr>
+    <tr>
+      <td valign="top">6201</td>
+      <td valign="top">RequestID</td>
+      <td valign="top">Weiterleitung an zentralen eIDAS Knoten mit RequestID</td>
+    </tr>
+    <tr>
+      <td valign="top">6202</td>
+      <td valign="top">ResponseID</td>
+      <td valign="top">Antwort von zentralem eIDAS Knoten mit ResponseID erhalten</td>
+    </tr>
+    <tr>
+      <td valign="top">6203</td>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">Antwort von zentralem eIDAS Knoten enth&auml;lt einen Fehler</td>
+    </tr>
+    <tr>
+      <td valign="top">6204</td>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">Antwort von zentralem eIDAS Knoten vollst&auml;ndig und g&uuml;ltig</td>
+    </tr>
   </table>
 <p>&nbsp;</p>
 <p>Einzelne  Events werden um einen Transaktionsparameter erg&auml;nzt, welcher in der Spalte  Wert beschrieben ist. <br>
diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
index 30624d3b0..26925709e 100644
--- a/id/server/doc/handbook/config/config.html
+++ b/id/server/doc/handbook/config/config.html
@@ -59,7 +59,7 @@
   <ol>
     <li><a href="#basisconfig_moa_id_auth_param_services_moasp">MOA-SP</a></li>
     <li><a href="#basisconfig_moa_id_auth_param_services_mandates">Online-Vollmachen</a></li>
-    <li><a href="#">Foreign Identities</a></li>
+    <li><a href="#">Zentraler eIDAS Knoten</a></li>
     </ol>
     </li>
   <li><a href="#basisconfig_moa_id_auth_param_protocol">Protokolle</a>
@@ -77,7 +77,6 @@
     </li>
   <li>  <a href="#basisconfig_moa_id_auth_param_testing">Testing</a></li>
   <li><a href="#basisconfig_moa_id_auth_szrclient">SZR Client f&uuml;r STORK &lt;-&gt; PVP Gateway Betrieb</a></li>
-  <li><a href="#basisconfig_moaid_stork2">STORK 2.0</a></li>
 </ol>
 </li>
           </ol>
@@ -98,14 +97,13 @@
             <li><a href="#konfigurationsparameter_allgemein_moasp">MOA-SP</a></li>
             <li><a href="#konfigurationsparameter_allgemein_services">Externe Services</a></li>
             <li><a href="#konfigurationsparameter_allgemein_sso">Single-Sign On (SSO)</a></li>
-            <li><a href="#konfigurationsparameter_allgemein_stork">Secure idenTity acrOss boRders linKed (STORK)</a></li>
             <li><a href="#konfigurationsparameter_allgemein_protocol">Protokolle</a>
-<ol>
-            <li><a href="#konfigurationsparameter_allgemein_protocol_allowed">Protkolle aktivieren</a></li>
-                <li><a href="#konfigurationsparameter_allgemein_protocol_legacy">Legacy Modus</a></li>
-                <li><a href="#konfigurationsparameter_allgemein_protocol_saml1">SAML1 Konfiguration</a></li>
-                <li><a href="#konfigurationsparameter_allgemein_protocol_pvp21">PVP2.1 Konfiguration </a></li>
-              </ol>
+  <ol>
+    <li><a href="#konfigurationsparameter_allgemein_protocol_allowed">Protkolle aktivieren</a></li>
+    <li><a href="#konfigurationsparameter_allgemein_protocol_legacy">Legacy Modus</a></li>
+    <li><a href="#konfigurationsparameter_allgemein_protocol_saml1">SAML1 Konfiguration</a></li>
+    <li><a href="#konfigurationsparameter_allgemein_protocol_pvp21">PVP2.1 Konfiguration </a></li>
+    </ol>
             </li>
             <li><a href="#konfigurationsparameter_allgemein_sltransform">Security-Layer Transformationen</a></li>
             <li><a href="#general_revision">Revisionssicherheit</a></li>
@@ -122,9 +120,9 @@
             <li><a href="#konfigurationsparameter_oa_bku">BKU Konfiguration</a></li>
             <li><a href="#konfigurationsparameter_oa_testcredentials">Test Credentials</a></li>
             <li><a href="#konfigurationsparameter_oa_mandates">Vollmachten</a></li>
-            <li><a href="#konfigurationsparameter_oa_szr-gw-service">SZR-Gateway Service</a></li>
+            <li><a href="#konfigurationsparameter_oa_szr-gw-service">Zentraler eIDAS Connector</a></li>
             <li><a href="#konfigurationsparameter_oa_sso">Single Sign-On (SSO)</a></li>
-            <li><a href="#konfigurationsparameter_oa_stork">Secure idenTity acrOss boRders linKed (STORK)</a></li>
+            <li><a href="#konfigurationsparameter_oa_stork">Authentifizierung via eIDAS</a></li>
             <li><a href="#konfigurationsparameter_oa_protocol">Authentifizierungsprotokolle</a>
 <ol>
             <li><a href="#konfigurationsparameter_oa_protocol_saml1">SAML 1</a></li>
@@ -504,8 +502,8 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
   </tr>
 </table>
 <p>&nbsp;</p>
-<h6><a name="basisconfig_moa_id_auth_param_services_foreign" id="uebersicht_bekanntmachung8"></a>2.2.2.2.3 Foreign Identities</h6>
-<p>MOA-ID-Auth bietet die M&ouml;glichkeit der Nutzung von ausl&auml;ndischen Karten oder die Anmeldung ausl&auml;ndischer Personen mittels STORK. Hierf&uuml;r ist   eine Verbindung zum Stammzahlenregister-Gateway n&ouml;tig, das einen entsprechenden Zugang   zum Stammzahlenregister bereitstellt. F&uuml;r diesen Zugriff muss das   Client-Zertifikat f&uuml;r die SSL-Verbindung zum Gateway angegeben werden.   Voraussetzung daf&uuml;r ist ein Zertifikat von A-Trust bzw. A-CERT mit   Verwaltungseigenschaft  oder Dienstleistereigenschaft. Wenn ihr MOA-ID-Auth   Zertifikat diese Voraussetzung erf&uuml;llt, k&ouml;nnen Sie dieses hier angeben.</p>
+<h6><a name="basisconfig_moa_id_auth_param_services_foreign" id="uebersicht_bekanntmachung8"></a>2.2.2.2.3 Zentraler eIDAS Knoten</h6>
+<p>MOA-ID-Auth bietet die M&ouml;glichkeit  die Anmeldung ausl&auml;ndischer Personen mittels eIDAS. Hierf&uuml;r ist   eine Verbindung zum &ouml;sterreichischen zentralen eIDAS Knoten notwendig.  F&uuml;r diesen Zugriff muss der Zugriff auf den zentralen eIDAS Knoten wie unten angegeben konfiguriert werden. Der Zugriff auf den zentralen eIDAS Knoten erfolgt via PVP2 S-Profil wobei das Signaturzertifikat f&uuml;r die PVP2 Metadaten beim Betreiber des zentralen eIDAS Knoten registriert werden muss.</p>
 <table class="configtable">
   <tr>
     <th>Name</th>
@@ -513,19 +511,55 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
     <th>Beschreibung</th>
   </tr>
   <tr>
-    <td>service.foreignidentities.clientKeyStore</td>
+    <td>modules.eidascentralauth.keystore.path</td>
     <td>keys/szrgw.p12</td>
-    <td>Dateiname des PKCS#12 Keystores, relativ zur MOA-ID Konfigurationsdatei.                Diesem Keystore wird der private Schl&uuml;ssel f&uuml;r                die TLS-Client-Authentisierung entnommen.</td>
+    <td>Dateiname des Java Keystore oder PKCS12 Keystore zur Signierung von PVP 2.1 spezifischen Inhalten. (PVP 2.1 Metadaten, PVP 2.1 Assertion)</td>
   </tr>
   <tr>
-    <td>service.foreignidentities.clientKeyStorePassword</td>
+    <td>modules.eidascentralauth.keystore.password</td>
     <td>pass1234</td>
     <td>Passwort zum Keystore</td>
   </tr>
   <tr>
-    <td>service.foreignidentities.acceptedServerCertificates</td>
-    <td>certs/szrgw-server/</td>
-    <td>Hier kann ein Verzeichnisname              (relativ zur MOA-ID Konfigurationsdatei) angegeben werden, in dem              die akzeptierten Zertifikate der TLS-Verbindung hinterlegt sind. In              diesem Verzeichnis werden nur Serverzertifikate abgelegt. Fehlt dieser              Parameter wird lediglich &uuml;berpr&uuml;ft ob ein Zertifikatspfad              zu den im Element &lt;TrustedCACertificates&gt; (siehe <a href="#konfigurationsparameter_allgemein_certvalidation">Kapitel 3.1.4</a>) angegebenen              Zertifikaten erstellt werden kann.</td>
+    <td>modules.eidascentralauth.metadata.sign.alias</td>
+    <td>&nbsp;</td>
+    <td>Name des Schl&uuml;ssels der zur Signierung der PVP 2.1 Metadaten des eIDAS Authentifizierungsmoduls</td>
+  </tr>
+  <tr>
+    <td>modules.eidascentralauth.metadata.sign.password</td>
+    <td>&nbsp;</td>
+    <td>Passwort des Schl&uuml;ssels der zur Signierung der PVP 2.1 Metadaten  des eIDAS Authentifizierungsmoduls</td>
+  </tr>
+  <tr>
+    <td>modules.eidascentralauth.request.sign.alias</td>
+    <td>&nbsp;</td>
+    <td>Name des Schl&uuml;ssels mit dem der PVP 2.1 Authn. Request durch MOA-ID-Auth unterschieben wird</td>
+  </tr>
+  <tr>
+    <td>modules.eidascentralauth.request.sign.password</td>
+    <td>&nbsp;</td>
+    <td>Passwort des Schl&uuml;ssels mit dem der PVP 2.1 Authn. Request durch MOA-ID-Auth unterschieben wird</td>
+  </tr>
+  <tr>
+    <td>modules.eidascentralauth.response.encryption.alias</td>
+    <td>&nbsp;</td>
+    <td>Name des Schl&uuml;ssels mit dem die PVP 2.1 Assertion f&uuml;r MOA-ID-Auth verschl&uuml;sselt werden soll</td>
+  </tr>
+  <tr>
+    <td>modules.eidascentralauth.response.encryption.password</td>
+    <td>&nbsp;</td>
+    <td>Passwort des Schl&uuml;ssels mit dem PVP 2.1 Assertion f&uuml;r MOA-ID-Auth verschl&uuml;sselt werden soll</td>
+  </tr>
+  <tr>
+    <td>modules.eidascentralauth.node.trustprofileID</td>
+    <td>&nbsp;</td>
+    <td>MOA-SP TrustProfil welches die vertrauensw&uuml;rdigen Zertifikate zur Validierung der Metadaten des zentralen eIDAS Knoten beinhaltet</td>
+  </tr>
+  <tr>
+    <td>modules.eidascentralauth.required.additional.attributes.x</td>
+    <td>&nbsp;</td>
+    <td><p><strong>Optional:</strong> zus&auml;tzliche Attribute welche vom zentralen eIDAS Knoten angefordert werden</p>
+      <p>Attribute werden entspechend PVP2 Attribute-Profil angegeben. Beispiele f&uuml;r die Konfiguration finden Sie in der Beispielkonfiguration</p></td>
   </tr>
 </table>
 <p>&nbsp;</p>
@@ -911,38 +945,6 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
   </table>
   <p>&nbsp;</p>
   <p><strong>Hinweis:</strong> Detaillierte Informationen zu den einzelnen PVP spezifischen Konfigurationsparametern finden Sie in der entsprechenden PVP Spezifikation.</p>
-  <h5><a name="basisconfig_moaid_stork2" id="uebersicht_bekanntmachung17"></a>2.2.2.6 STORK 2</h5>
-  <p>Dieses Abschnitt beschreibt Konfigurationswerte welche nur f&uuml;r den <strong>Testbetrieb von STORK 2</strong> erforderlich sind.</p>
-  <table class="configtable">
-    <tr>
-      <th>Name</th>
-      <th>Beispielwert</th>
-      <th>Beschreibung</th>
-    </tr>
-    <tr>
-      <td>stork.fakeIdL.active</td>
-      <td>true / false</td>
-      <td><p>Im Produktivbetrieb ist eine Anmeldung nur f&uuml;r jene L&auml;nder mittels STORK 2 m&ouml;glich welche in der <em>Gleichwertigkeitsverordnung</em> aufgelistet sind. Um einen Testbetrieb mit weiteren L&auml;ndern zu erm&ouml;glichen bietet das Modul MOA-ID-Auth die M&ouml;glichkeit zur Ausstellung eines Fake-Identititlink, welcher im Testbetrieb f&uuml;r die Anmeldung an einer &ouml;sterreichischen Test Online Applikation verwendet werden kann.</p>
-        <p><strong>Hinweis:</strong> Diese Funktion ist standardm&auml;&szlig;ig <strong>deaktiviert</strong>. Eine Aktivierung ist nur im Testbetrieb f&uuml;r STORK 2 empfohlen.</p></td>
-    </tr>
-    <tr>
-      <td>stork.fakeIdL.countries</td>
-      <td>DE,CH</td>
-      <td>K&uuml;rzel jener L&auml;nder f&uuml;r welche ein Fake-Identitilink ausgestellt werden soll.</td>
-    </tr>
-    <tr>
-      <td>stork.fakeIdL.keygroup</td>
-      <td>IDL_signing</td>
-      <td>MOA-SS Schl&uuml;sselgruppe, welche f&uuml;r die Signatur des Fake-Identitilinks verwendet werden soll.</td>
-    </tr>
-    <tr>
-      <td>stork.documentservice.url</td>
-      <td>http://testvidp.buergerkarte.at/<br>
-      DocumentService/DocumentService?wsdl</td>
-      <td>URL zum STORK 2 Dokumentenservice</td>
-    </tr>
-  </table>
-  <p>&nbsp;</p>
 <h3><a name="uebersicht_logging" id="uebersicht_logging"></a>2.3 Konfiguration des Loggings</h3>
   <p>Die Module MOA-ID-Auth und MOA-ID-Configuration verwendet als Framework f&uuml;r Logging-Information die Open Source Software <code>log4j</code>. Die Konfiguration der Logging-Information erfolgt  nicht direkt durch die einzelnen Module, sondern &uuml;ber eine eigene Konfigurationsdatei, die der <span class="term">Java Virtual Machine</span> durch eine <span class="term">System Property </span>  mitgeteilt wird. Der Name der <span class="term">System Property </span>  lautet <code>log4j.configuration</code>; als Wert der <span class="term">System Property </span>  ist eine URL anzugeben, die auf die <code>log4j</code>-Konfigurationsdatei verweist, z.B.  </p>
 <pre>log4j.configuration=file:/C:/Programme/apache/tomcat-8.x.x/conf/moa-id/log4j.properties</pre>
@@ -953,99 +955,8 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
   <p>Weitere Informationen zur Konfiguration des Loggings erhalten Sie in <a href="../install/install.html#webservice_basisinstallation_logging">Abschnitt 2.1.3</a> des Installationshandbuchs.
   </p>
   <p></p>
-<h3><a name="uebersicht_samlengine" id="uebersicht_samlengine"></a>2.4 Konfiguration des SamlEngines</h3>
-<p>F&uuml;r die Untest&uuml;tzung des STORK2 Protokols verwendet MOA-ID eine zus&auml;tzliche Bibliothek, die &uuml;ber gesonderte Dateien konfiguriert wird. Diese Dateien sind unter einem Verzeichnis gespeichert, das sich &uuml;blicherweise im MOA-ID-Auth Konfigurationsverzeichnis befindet. Der Name der <span class="term">System Property </span>  lautet <code>eu.stork.samlengine.config.location</code>; als Wert der <span class="term">System Property </span>  ist das Verzeichnis anzugeben, wo die entsprechende SamlEngine Konfigurationsdateien gespeichert werden, z.B.  </p>
-<pre>eu.stork.samlengine.config.location=file:/C:/Programme/apache/tomcat-8.x.x/conf/moa-id/conf/moa-id/stork</pre>
-<p>Dieses Verzeichnis muss mindestens folgende Dateien enthalten:</p>
-<table class="configtable">
-  <tr>
-    <th>Datei</th>
-    <th>Beschreibung</th>
-  </tr>
-  <tr>
-    <td>SamlEngine.xml</td>
-    <td>Die Hauptdatei, in welcher die Konfigurationen von verschiedenen Instanzen des SamlEngines angegeben werden.</td>
-  </tr>
-   <tr>
-    <td>StorkSamlEngine_<span class="term">XXX</span>.xml</td>
-    <td>Enth&auml;lt allgemeine Konfigurationsparametern einer spezifischen Instanz des SamlEngines.</td>
-  </tr> <tr>
-    <td>SignModule_<span class="term">XXX</span>.xml</td>
-    <td>Enth&auml;lt Konfigurationsparametern f&uuml;r Trust- und Keystore einer spezifischen Instanz des SamlEngines.</td>
-  </tr>
-</table>
-<p></p>
-<p>In der Hauptkonfigurations-Datei (<span class="term">SamlEngine.xml</span>) verweist auf alle Konfigurationsdateien f&uuml;r sie SamlEngine, welche f&uuml;r unterschiedliche Anwendungsszenarien verwendet werden k&ouml;nnen. Die Beispielkonfiguration dieser Datei sieht wie folgendes: 
-</p>
-<pre>
-&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
-&lt;instances&gt;
-        &lt;!-- Configuration name--&gt;
-        &lt;instance name=&quot;<span class="strongerterm">VIDP</span>&quot;&gt;
-                &lt;!-- Configurations parameters StorkSamlEngine  --&gt;
-                &lt;configuration name=&quot;SamlEngineConf&quot;&gt;
-                        &lt;parameter name=&quot;fileConfiguration&quot; value=&quot;StorkSamlEngine_<span class="strongerterm">VIDP</span>.xml&quot; /&gt;
-                &lt;/configuration&gt;
-
-                &lt;!-- Settings module signature--&gt;
-                &lt;configuration name=&quot;SignatureConf&quot;&gt;
-                        &lt;!-- Specific signature module --&gt;
-                        &lt;parameter name=&quot;class&quot; value=&quot;eu.stork.peps.auth.engine.core.impl.SignSW&quot; /&gt;
-                        &lt;!-- Settings specific module --&gt;
-                        &lt;parameter name=&quot;fileConfiguration&quot; value=&quot;SignModule_<span class="strongerterm">VIDP</span>.xml&quot; /&gt;
-                &lt;/configuration&gt;
-        &lt;/instance&gt;
-&lt;/instances&gt;
-</pre>
-<p>In diesem Beispiel ist nur eine Instanz <em>VIDP</em> definiert deren spezifischen Parametern in zwei Konfigurationsdateien aufgeteilt werden.</p>
-<p>Die Datei <span class="strongerterm">StorkSamlEngine_VIDP.xml</span> enth&auml;lt STORK-spezifische Parameter, die im Normalbetrieb nicht ge&auml;ndert werden m&uuml;ssen. Die zweite Datei, <span class="strongerterm">SignModule_VIDP.xml</span>, definiert   den von der SamlEngine verwendeten Trust- und Keystore. Die Beispielkonfiguration dieser Datei sieht wie folgendes:</p>
-<pre>
-&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
-&lt;!DOCTYPE properties SYSTEM &quot;http://java.sun.com/dtd/properties.dtd&quot;&gt;
-
-&lt;properties&gt;
-        &lt;comment&gt;SWModule sign with JKS.&lt;/comment&gt;
-        &lt;entry key=&quot;keystorePath&quot;&gt;C:/Programme/apache/tomcat-4.1.30/conf/moa-id/keys/storkDemoKeys.jks&lt;/entry&gt;
-        &lt;entry key=&quot;keyStorePassword&quot;&gt;local-demo&lt;/entry&gt;
-        &lt;entry key=&quot;keyPassword&quot;&gt;<span class="strongerterm">XXX</span>&lt;/entry&gt;
-        &lt;entry key=&quot;issuer&quot;&gt;C=AT, L=Graz, OU=Institute for Applied Information Processing and Communications&lt;/entry&gt;
-        &lt;entry key=&quot;serialNumber&quot;&gt;123AA2CDB1123&lt;/entry&gt;
-        &lt;entry key=&quot;keystoreType&quot;&gt;JKS&lt;/entry&gt;
-&lt;/properties&gt;
-</pre>
-<p>Diese Parameter m&uuml;ssen bei der Installation angepasst werden, um die Zugriff an Keystore und die Schl&uuml;ssel zu erm&ouml;glichen. Die einzelne Parameter werden in folgender Tabelle erl&auml;utert:</p>
-<table class="configtable">
-  <tr>
-    <th>Name</th>
-    <th>Beschreibung</th>
-  </tr>
-  <tr>
-    <td>keystorePath</td>
-    <td>Keystore mit Schl&uuml;ssel und Zertifikaten welche f&uuml;r das Signieren und Verschl&uuml;sseln von STORK Nachrichten verwendet werden sollen. </td>
-  </tr>
-  <tr>
-    <td>keyStorePassword</td>
-    <td>Passwort des Keystores. Keystore soll den Schl&uuml;ssel f&uuml;r das Signieren von Nachrichten enthalten, ebenso wie die vertrauensw&uuml;rdige Zertifikate von anderen Parteien, wie z.B. ausl&auml;ndische PEPSes. </td>
-  </tr>
-  <tr>
-    <td>keyPassword</td>
-    <td>Password des Schl&uuml;ssels, der f&uuml;r das Signieren der STORK Nachrichten verwendet werden soll.</td>
-  </tr>
-  <tr>
-    <td>issuer</td>
-    <td>Issuer des Keypairs, der f&uuml;r das Signieren der STORK Nachrichten verwendet werden soll.</td>
-  </tr>
-  <tr>
-    <td>serialNumber</td>
-    <td>Nummer des Keypairs, der f&uuml;r das Signieren der STORK Nachrichten verwendet werden soll.</td>
-  </tr>
-  <tr>
-    <td>keystoreType</td>
-    <td>Typ und Format des Keystores. <span class="term">JKS</span> steht f&uuml;r <span class="term">Java Key Store</span>.</td>
-  </tr>
-</table>
-<h2><a name="konfigurationsparameter"></a>3 Konfiguration MOA-ID-Auth</h2>
-  <p>Dieser Abschnitt beschreibt die Konfiguration des Modules MOA-ID-Auth mithilfe der durch das Modul MOA-ID-Configuration zur Verf&uuml;gung gestellten Web-Oberfl&auml;che. Hierzu muss das Konfigurationstool (Module MOA-ID-Konfiguration) bereits installiert und konfiguriert sein (siehe <a href="#uebersicht_zentraledatei_aktualisierung">Kapitel 2.1</a>). Nach erfolgreichem Login am Konfigurationstool kann das Modul MOA-ID-Auth &uuml;ber die Web-Oberfl&auml;che konfiguriert werden.</p>
+<h3><a name="uebersicht_samlengine" id="uebersicht_samlengine"></a>3 Konfiguration MOA-ID-Auth</h3>
+<p>Dieser Abschnitt beschreibt die Konfiguration des Modules MOA-ID-Auth mithilfe der durch das Modul MOA-ID-Configuration zur Verf&uuml;gung gestellten Web-Oberfl&auml;che. Hierzu muss das Konfigurationstool (Module MOA-ID-Konfiguration) bereits installiert und konfiguriert sein (siehe <a href="#uebersicht_zentraledatei_aktualisierung">Kapitel 2.1</a>). Nach erfolgreichem Login am Konfigurationstool kann das Modul MOA-ID-Auth &uuml;ber die Web-Oberfl&auml;che konfiguriert werden.</p>
   <p>Die Konfiguration von MOA-ID-Auth ist in zwei Teilbereiche unterteilet. Diese behandeln die Allgemeine Konfiguration der MOA-ID-Auth Instanz und die Konfiguration von Online-Applikationen (Service Providern) welche dieser MOA-ID-Auth Instanz zugeordnet sind.</p>
 <h3><a name="konfigurationsparameter_allgemein" id="konfigurationsparameter_allgemein"></a>3.1
     Allgemeine Konfiguration</h3>
@@ -1212,9 +1123,9 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
 <p>Hiermit werden die URLs  zum Online-Vollmachten Service und zum SZR-Gateway konfiguriert. Die Konfiguration der f&uuml;r den Zugriff ben&ouml;tigen Client-Zertifikate wurden bereits im Abschnitt <a href="#basisconfig_moa_id_auth_param_services">2.2.2.2</a> behandelt.</p>
 <table class="configtable">
   <tr>
-    <th>Name</th>
-    <th>Beispielwert</th>
-    <th>Beschreibung</th>
+    <th width="10%">Name</th>
+    <th width="23%">Beispielwert</th>
+    <th width="67%">Beschreibung</th>
   </tr>
   <tr>
     <td><span id="wwlbl_loadGeneralConfig_moaconfig_mandateURL">Online-Vollmachten Service (CSV)</span></td>
@@ -1229,16 +1140,15 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
       <p><strong>Hinweis:</strong> Erfolgt in der Online Applikation keine konkrete Auswahl wird Standardm&auml;&szlig;ig <strong>das erste eingetragen Service</strong> verwendet.</p></td>
   </tr>
   <tr>
-    <td>SZR-Gateway Service (CSV)</td>
-    <td>https://szrgw.egiz.gv.at:8443/szr-gateway_2.0/services/IdentityLinkCreation</td>
-    <td><p>URL(s) zum Stammzahlen-Register Gateway</p>
-      <p><strong>Hinweis:</strong> Der SZR-Gateway Service welcher in der MOA-ID 1.5.1 Konfiguration verwendet wurde ist nicht mehr kompatibel zu MOA-ID 2.0. Das aktualisierte Test SZR-Gateway Service f&uuml;r MOA-ID 2.x steht unter folgender URL zur Verf&uuml;gung. <em>https://szrgw.egiz.gv.at:8443/szr-gateway_2.0/services/IdentityLinkCreation</em></p>
+    <td>Zentraler nationaler eIDAS Connector (CSV)</td>
+    <td>https://vidp.gv.at.at/ms_connector/pvp/metadata</td>
+    <td><p>URL(s) zum zentralen nationalen eIDAS Connector</p>
       <ul>
-        <li>Produktivsystem: <a href="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">https://szrgw.egiz.gv.at/services_2.0/IdentityLinkCreation</a></li>
-        <li>Testsystem: <a href="https://vollmachten.egiz.gv.at/mis-test/MandateIssueRequest">https://szrgw.egiz.gv.at:8443/services_2.0/IdentityLinkCreation</a></li>
+        <li>Produktivsystem: </li>
+        <li>Testsystem: <a href="https://vollmachten.egiz.gv.at/mis-test/MandateIssueRequest">https://vidp.gv.at.at/ms_connector/pvp/metadata</a></li>
       </ul>
-      <p><strong>Hinweis:</strong> Die URLs auf die unterschiedlichen Instanzen des SZR-Gateway Services k&ouml;nnen auch als Comma Separatet Value (CSV) eingetragen werden. Bei CSV werden die einzelnen URLs durch Beistrich (',') getrennt. Sind mehrere URLs hinterlegt kann das zu verwendeten Service je Online Applikation konfiguriert werden (siehe <a href="#konfigurationsparameter_oa_mandates">Kapitel 3.2.4</a>).<br>
-        (z.B.: <a href="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest">https://szrgw.egiz.gv.at/services_2.0/IdentityLinkCreation</a>,<a href="https://vollmachten.egiz.gv.at/mis-test/MandateIssueRequest">https://szrgw.egiz.gv.at:8443/services_2.0/IdentityLinkCreation</a>)</p>
+      <p><strong>Hinweis:</strong> Die URLs auf die unterschiedlichen Instanzen des zentralen eIDAS Connectos k&ouml;nnen auch als Comma Separatet Value (CSV) eingetragen werden. Bei CSV werden die einzelnen URLs durch Beistrich (',') getrennt. Sind mehrere URLs hinterlegt kann das zu verwendeten Service je Online Applikation konfiguriert werden (siehe <a href="#konfigurationsparameter_oa_mandates">Kapitel 3.2.4</a>).<br>
+        (z.B.: <a href="https://vollmachten.egiz.gv.at/mis-test/MandateIssueRequest">https://vidp.gv.at.at/ms_connector/pvp/metadata</a><a href="https://vollmachten.stammzahlenregister.gv.at/mis/MandateIssueRequest"></a>,<a href="https://vollmachten.egiz.gv.at/mis-test/MandateIssueRequest">https://eid.gv.at/ms_connector/pvp/metadata</a>)</p>
       <p><strong>Hinweis:</strong> Erfolgt in der Online Applikation keine konkrete Auswahl wird Standardm&auml;&szlig;ig <strong>das erste eingetragen Service</strong> verwendet.</p></td>
     </tr>
   <tr>
@@ -1308,166 +1218,6 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
     <p><em>Ich Max Mustermann, geboren am 01.01.1978 stimme am 05.02.2014 um 10:35 einer Anmeldung mittels Single Sign-On zu.</em></p></td>
   </tr>
 </table>
-<h4><a name="konfigurationsparameter_allgemein_stork" id="konfigurationsparameter_allgemein_bku8"></a>3.1.8 Secure idenTity acrOss boRders linKed (STORK)</h4>
-<p>Hierbei werden allgemeine Parameter f&uuml;r STORK Protokoll konfiguriert.</p>
-<table class="configtable">
-  <tr>
-    <th>Name</th>
-    <th>Beispielwerte</th>
-    <th>Beschreibung</th>
-  </tr>
-  <tr>
-    <td>Standard QAA-Level</td>
-    <td>4</td>
-    <td>QAA <span class="term">(Attribute Quality Authentication Assurance)</span> stellt Mindestanforderung von QAA fest. </td>
-  </tr>
-  <tr>
-    <td>Country Code</td>
-    <td>ES</td>
-    <td>Der zweistelligen Code vom unterst&uuml;tzten PEPS-Staat.</td>
-  </tr>
-  <tr>
-    <td>PEPS URL</td>
-    <td>https://prespanishpeps.redsara.es/PEPS/ColleagueRequest</td>
-    <td>Die Adresse von PEPS eines unterst&uuml;tzten PEPS-Staat.</td>
-  </tr>
-  <tr>
-    <td>Attributname</td>
-    <td>eIdentifier</td>
-    <td>Der Name des unterst&uuml;tzten Attributes. Die als <span class="term">zwingend</span>  markierte Attribute m&uuml;ssen im Response von dem gegenstehendem PEPS enthalten sein. Jedes Attribut wird gesondert eingetragen. <br/>Die Liste von vorhandenen und unterst&uuml;tzen Attributes ist in Konfigurationsdatei von SamlEngine <span class="term">(StorkSamlEngine_XXX.xml)</span>  vorhanden. </td>
-  </tr>
-</table>
-<p>&nbsp;</p>
-<p>Folgende PEPS URLs stehen aktuell zur Verf&uuml;gung:</p>
-<table class="configtable">
-  <tr>
-    <th>L&auml;ndercode</th>
-    <th>TestInstanz</th>
-    <th>URL</th>
-  </tr>
-  <tr>
-    <td>AT </td>
-    <td align="center">X</td>
-    <td><a href="https://testvidp.buergerkarte.at/moa-id-auth/stork2/SendPEPSAuthnRequest">https://testvidp.buergerkarte.at/moa-id-auth/stork2/SendPEPSAuthnRequest</a></td>
-  </tr>
-  <tr>
-    <td>EE </td>
-    <td align="center">X</td>
-    <td><a href="https://testpeps.sk.ee/PEPS/ColleagueRequest">https://testpeps.sk.ee/PEPS/ColleagueRequest</a></td>
-  </tr>
-  <tr>
-    <td>EE </td>
-    <td align="center">&nbsp;</td>
-    <td><a href="https://peps.sk.ee/PEPS/ColleagueRequest">https://peps.sk.ee/PEPS/ColleagueRequest</a></td>
-  </tr>
-  <tr>
-    <td>ES </td>
-    <td align="center">X</td>
-    <td><a href="https://prespanishpeps.redsara.es/PEPS/ColleagueRequest">https://prespanishpeps.redsara.es/PEPS/ColleagueRequest</a></td>
-  </tr>
-  <tr>
-    <td>IS </td>
-    <td align="center">X</td>
-    <td><a href="https://storktest.advania.is/PEPS/ColleagueRequest">https://storktest.advania.is/PEPS/ColleagueRequest</a></td>
-  </tr>
-  <tr>
-    <td>IS </td>
-    <td align="center">&nbsp;</td>
-    <td><a href="https://peps.island.is/PEPS/ColleagueRequest">https://peps.island.is/PEPS/ColleagueRequest</a></td>
-  </tr>
-  <tr>
-    <td>LT </td>
-    <td align="center">X</td>
-    <td><a href="https://testpeps.eid.lt/PEPS/ColleagueRequest">https://testpeps.eid.lt/PEPS/ColleagueRequest</a></td>
-  </tr>
-  <tr>
-    <td>PT</td>
-    <td align="center">X</td>
-    <td><a href="https://eu-id.teste.cartaodecidadao.gov.pt/PEPS/ColleagueRequest">https://eu-id.teste.cartaodecidadao.gov.pt/PEPS/ColleagueRequest</a></td>
-  </tr>
-  <tr>
-    <td>SI</td>
-    <td align="center">X</td>
-    <td><a href="https://peps-test.mju.gov.si/PEPS/ColleagueRequest">https://peps-test.mju.gov.si/PEPS/ColleagueRequest</a></td>
-  </tr>
-</table>
-<p>&nbsp;</p>
-<p>Folgende Attribute m&uuml;ssen jedoch mindestens angefordert werden, wobei die erforderlichen Attribute je nach Anmeldeart unterschiedlich sind. Eine Liste mit weiteren m&ouml;glichen Attribute finden Sie im Kapitel <a href="./../protocol/protocol.html#allgemeines_attribute">Protokolle</a> oder in der <a href="#referenzierte_spezifikation">STORK Spezifikation</a>.</p>
-<table class="configtable">
-  <tr>
-    <th>Name</th>
-    <th>nat&uuml;rliche Person</th>
-    <th>Anmeldung in Vertretung</th>
-    <th>Beschreibung</th>
-  </tr>
-  <tr>
-    <td>eIdentifier</td>
-    <td align="center">X</td>
-    <td align="center">X</td>
-    <td>Eindeutiger Identifier der Person f&uuml;r die die Anmeldung erfolgt.</td>
-  </tr>
-  <tr>
-    <td><p>givenName</p></td>
-    <td align="center">X</td>
-    <td align="center">X</td>
-    <td>Vorname der Person f&uuml;r die die Anmeldung erfolgt.</td>
-  </tr>
-  <tr>
-    <td><p>surname</p></td>
-    <td align="center"><br>
-      X</td>
-    <td align="center">X</td>
-    <td><p>Familienname der Person f&uuml;r die die Anmeldung erfolgt.</p></td>
-  </tr>
-  <tr>
-    <td>dateOfBirth</td>
-    <td align="center">X</td>
-    <td align="center">X</td>
-    <td>Geburtsdatum der Person f&uuml;r die die Anmeldung erfolgt.</td>
-  </tr>
-  <tr>
-    <td>gender</td>
-    <td align="center">X</td>
-    <td align="center">X</td>
-    <td>Geschlecht der Person f&uuml;r die die Anmeldung erfolgt.</td>
-  </tr>
-  <tr>
-    <td>signedDoc</td>
-    <td align="center">X</td>
-    <td align="center">X</td>
-    <td>Ein Dokument welches durch die Person, f&uuml;r die die Anmeldung erfolgt, signiert wurde.</td>
-  </tr>
-  <tr>
-    <td>fiscalNumber</td>
-    <td align="center">X</td>
-    <td align="center">X</td>
-    <td>Ein eindeutiger nationaler Identifier der Person.</td>
-  </tr>
-  <tr>
-    <td>canonicalResidenceAddress</td>
-    <td align="center">&nbsp;</td>
-    <td align="center">X</td>
-    <td>Adresse der Person f&uuml;r welche die Anmeldung erfolgt</td>
-  </tr>
-  <tr>
-    <td>mandateContent</td>
-    <td align="center">&nbsp;</td>
-    <td align="center">X</td>
-    <td>Elektronische Vollmacht, welche die Vertretungsverh&auml;ltnisse widerspiegelt.</td>
-  </tr>
-  <tr>
-    <td>representative</td>
-    <td align="center">&nbsp;</td>
-    <td align="center">X</td>
-    <td>Nat&uuml;rliche Person welche eine juristische oder nat&uuml;rliche Person im Rahmen einer Anmeldung mittels Vollmacht vertritt.</td>
-  </tr>
-  <tr>
-    <td>represented</td>
-    <td align="center">&nbsp;</td>
-    <td align="center">X</td>
-    <td>Juristische oder nat&uuml;rliche Person welche im Rahmen einer Anmeldung mittels Vollmacht vertreten wird.</td>
-  </tr>
-</table>
 <p></p>
 <h4><a name="konfigurationsparameter_allgemein_protocol" id="konfigurationsparameter_allgemein_bku9"></a>3.1.9 Protokolle</h4>
 <p>Hierbei handelt es ich um allgemeine Einstellungen zu den vom Modul MOA-ID-Auth unterst&uuml;tzen Authentifizierungsprotokollen.</p>
@@ -1826,8 +1576,8 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID  1.5.1 im Kontext der
 </table>
 <p>&nbsp;</p>
 <p><strong>Hinweis:</strong> Werden f&uuml;r die Online-Applikation eigene Templates f&uuml;r die B&uuml;rgerkartenauswahl oder die zus&auml;tzliche Anmeldeabfrage im SSO Fall (siehe <a href="#konfigurationsparameter_oa_bku">Abschnitt 3.2.2</a>) verwendet, stehen alle Konfigurationsparameter die Einfluss auf die BKU-Auswahl haben nicht zur Verf&uuml;gung. Die Funktionalit&auml;t der entsprechenden Parameter hat jedoch weiterhin Einfluss auf den Anmeldevorgang.</p>
-<h4><a name="konfigurationsparameter_oa_szr-gw-service" id="uebersicht_zentraledatei_aktualisierung12"></a>3.2.5 SZR-Gateway Service</h4>
-<p>Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zum Stammzahlenregistergateway der &ouml;sterreichischen Datenschutzbeh&ouml;rde.</p>
+<h4><a name="konfigurationsparameter_oa_szr-gw-service" id="uebersicht_zentraledatei_aktualisierung12"></a>3.2.5 Zentraler nationaler eIDAS Connector</h4>
+<p>Dieser Abschnitt behandelt online-applikationsspezifische Einstellungen zum Ankn&uuml;pfung an den zentralen nationalen eIDAS Connector</p>
 <table class="configtable">
   <tr>
     <th width="17%">Name</th>
@@ -1837,11 +1587,11 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID  1.5.1 im Kontext der
     <th width="64%">Beschreibung</th>
   </tr>
   <tr>
-    <td>SZR-Gateway Service URL</td>
+    <td> URL</td>
     <td>&nbsp;</td>
     <td align="center">&nbsp;</td>
     <td align="center">&nbsp;</td>
-    <td><p>Definiert das Stammzahlenregister-Gateway Service welches von dieser Online-Applikation verwendet werden soll. Hierf&uuml;r stehen all jene Auswahlm&ouml;glichkeiten zur Verf&uuml;gung welche in der Allgemeinen Konfiguration (siehe <a href="#konfigurationsparameter_allgemein_services">Kapitel 3.1.7</a>) festgelegt wurden. </p>
+    <td><p>Definiert dan zentralen nationalen eIDAS Connector welcher von dieser Online-Applikation verwendet werden soll. Hierf&uuml;r stehen all jene Auswahlm&ouml;glichkeiten zur Verf&uuml;gung welche in der Allgemeinen Konfiguration (siehe <a href="#konfigurationsparameter_allgemein_services">Kapitel 3.1.7</a>) festgelegt wurden. </p>
       <p><strong>Hinweis:</strong> Wird keine spezifische Auswahl getroffen wird automatisch <strong>das Erste in der allgemeinen Konfiguration eingetragene Service</strong> verwendet.</p></td>
   </tr>
 </table>
@@ -1873,8 +1623,8 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID  1.5.1 im Kontext der
     <p><strong>Hinweis:</strong> Diese Abfrage ist standardm&auml;&szlig;ig aktiviert und kann nur durch einen Benutzer mit der Role <em>admin</em> deaktiviert werden.</p></td>
   </tr>
 </table>
-<h4><a name="konfigurationsparameter_oa_stork" id="uebersicht_zentraledatei_aktualisierung23"></a>3.2.7 Secure idenTity acrOss boRders linKed (STORK)</h4>
-<p>Dieser Abschnitt  behandelt Online-Applikationsspezifische Einstellungen zu STORK.</p>
+<h4><a name="konfigurationsparameter_oa_stork" id="uebersicht_zentraledatei_aktualisierung23"></a>3.2.7 Authentifizierung mittels eIDAS</h4>
+<p>Dieser Abschnitt  behandelt Online-Applikationsspezifische Einstellungen zur Authentifizierung mittels eIDAS.</p>
 <table class="configtable">
   <tr>
     <th>Name</th>
@@ -1883,30 +1633,16 @@ Soll die B&uuml;rgerkartenauswahl weiterhin, wie in MOA-ID  1.5.1 im Kontext der
     <th>Beschreibung</th>
   </tr>
   <tr>
-    <td>STORK verwenden</td>
+    <td>eIDAS verwenden</td>
     <td>ja</td>
     <td align="center">X</td>
-    <td>Definiert ob die Online-Applikation eine Anmeldung mittels STORK unterst&uuml;tzt. Wird STORK unterst&uuml;tzt wird in w&auml;hrend der BKU-Auswahl die Option <em>Home Country Selection </em> f&uuml;r eine Anmeldung mittels STORK dargestellt.</td>
+    <td>Definiert ob die Online-Applikation eine Anmeldung mittels eIDAS unterst&uuml;tzt. Wird eIDAS unterst&uuml;tzt wird in w&auml;hrend der BKU-Auswahl die Option <em>eIDAS LogIn </em> f&uuml;r eine Anmeldung mittels eIDAS dargestellt.</td>
   </tr>
   <tr>
     <td><p>QAA-Level</p></td>
-    <td>4</td>
+    <td>high</td>
     <td align="center">X</td>
-    <td>Von der Online-Applikation geforderter mindest QAA-Level der Authentifizierung</td>
-  </tr>
-  <tr>
-    <td>aktivierte Ziell&auml;nder</td>
-    <td>&nbsp;</td>
-    <td align="center">X</td>
-    <td><p>Hier k&ouml;nnen jene STORK L&auml;nder konfiguriert werden f&uuml;r welche diese Online-Applikation eine Anmeldung mittels STORK unterst&uuml;tzt.</p>
-      <p><strong>Hinweis:</strong> Die zur Auswahl stehenden L&auml;nder werden aus den <a href="#konfigurationsparameter_allgemein_stork">PEPS Konfigurationen</a> generiert, welche im allgemeinen Konfigurationsbereich hinterlegt wurden.</p></td>
-  </tr>
-  <tr>
-    <td><p>angeforderte Attribute</p></td>
-    <td>&nbsp;</td>
-    <td align="center">      X</td>
-    <td align="center"><p>STORK Attribute welche die Online-Applikation anfordert</p>
-      <p>Bei den Attributen kann  jedoch nur aus dem Set der in der allgemeinen Konfiguration hinterlegten STORK  Attributen (siehe <a href="#konfigurationsparameter_allgemein_stork">Kapitel 3.1.8</a>) gew&auml;hlt werden, wobei  Attribute die in der allgemeinen Konfiguration als <span class="term">zwingend</span> markiert  sind immer mitgeliefert werden.</p></td>
+    <td>Von der Online-Applikation geforderter mindest LoA-Level der Authentifizierung</td>
   </tr>
 </table>
 <p>&nbsp;</p>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
index 2c1e47009..05d344fb6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
@@ -85,7 +85,13 @@ public interface MOAIDEventConstants extends EventConstants {
 	public static final int AUTHPROCESS_PEPS_RECEIVED = 6102;
 	public static final int AUTHPROCESS_PEPS_RECEIVED_ERROR = 6103;
 	public static final int AUTHPROCESS_PEPS_IDL_RECEIVED = 6104;
-		
+	
+	public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_SELECTED = 6200;
+	public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_REQUESTED = 6201;
+	public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED = 6202;
+	public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR = 6203;
+	public static final int AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID = 6204;
+	
 	//person information
 	public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK = 5000;
 	public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE = 5001;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index 9894ffbe9..1c1cc4168 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -95,6 +95,12 @@ public class MOAReversionLogger implements IRevisionLogger {
 			MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED,
 			MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR,
 			MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED,
+						
+			MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID,
+			MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED,
+			MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR,
+			MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_REQUESTED,
+			MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_SELECTED,
 			
 			MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND,
 			MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED,
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
index 55864f3c9..0f4f81122 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
@@ -55,7 +55,7 @@ public class EidasCentralAuthConstants {
 	public static final String CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.alias";
 	public static final String CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.password";
 	public static final String CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.alias";	
-	public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX + "required.additinal.attributes";	
+	public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX + "required.additional.attributes";	
 	public static final String CONFIG_PROPS_NODE_ENTITYID = CONFIG_PROPS_PREFIX + "node.entityId";
 	public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "node.metadataUrl";
 	public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "node.trustprofileID";	
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java
index ebbe08588..8376f3aad 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java
@@ -48,6 +48,7 @@ public class EidasCentralAuthRequestBuilderConfiguration implements IPVPAuthnReq
 	private String scopeRequesterId;
 	private String providerName;
 	private List<EAAFRequestedAttribute> requestedAttributes;
+	private String reqId;
 	
 	
 	/* (non-Javadoc)
@@ -186,7 +187,7 @@ public class EidasCentralAuthRequestBuilderConfiguration implements IPVPAuthnReq
 	 */
 	@Override
 	public String getRequestID() {
-		return null;
+		return this.reqId;
 	}
 
 	/* (non-Javadoc)
@@ -256,6 +257,15 @@ public class EidasCentralAuthRequestBuilderConfiguration implements IPVPAuthnReq
 		this.requestedAttributes = requestedAttributes;
 	}
 	
+	/**
+	 * Set a RequestId for this Authn. Request
+	 * 
+	 * @param reqId
+	 */
+	public void setRequestId(String reqId) {
+		this.reqId = reqId;
+	}
+	
 	
 
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
index 08ae845cb..e312299f8 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
@@ -29,6 +29,7 @@ import java.util.List;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
@@ -45,6 +46,7 @@ import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
 import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
 import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config.EidasCentralAuthRequestBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
@@ -76,6 +78,8 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
 			throws TaskExecutionException {
 		try{
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_SELECTED);
+			
 			//check if eIDAS authentication is enabled for this SP
 			if (!Boolean.parseBoolean(pendingReq.getServiceProviderConfiguration().getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED, String.valueOf(false)))) {
 				Logger.info("eIDAS authentication is NOT enabled for OA: " + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier());
@@ -114,6 +118,8 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			
 			//setup AuthnRequestBuilder configuration
 			EidasCentralAuthRequestBuilderConfiguration authnReqConfig = new EidasCentralAuthRequestBuilderConfiguration();
+			SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
+			authnReqConfig.setRequestId(gen.generateIdentifier());
 			authnReqConfig.setIdpEntity(entityDesc);
 			authnReqConfig.setPassive(false);
 			authnReqConfig.setSignCred(credential.getIDPAssertionSigningCredential());
@@ -130,6 +136,10 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			//build and transmit AuthnRequest
 			authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response);
 
+			revisionsLogger.logEvent(pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_REQUESTED,
+					authnReqConfig.getRequestID());
+			
 		} catch (MOAIDException e) {
 			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
 						
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
index f9686029f..214a23f88 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
@@ -59,7 +59,6 @@ import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
@@ -112,7 +111,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			msg = (InboundMessage) decoder.decode(
 					request, response, metadataProvider, true,
 					comperator);
-			 
+			
 			if (MiscUtil.isEmpty(msg.getEntityID())) {
 				throw new InvalidProtocolRequestException("sp.pvp2.04", 
 						new Object[] {EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING},
@@ -126,9 +125,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 				msg.setVerified(true);
 								
 			}
-			
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE);
-			
+						
 			//validate assertion
 			PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg);
 			
@@ -153,7 +150,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			requestStoreage.storePendingRequest(pendingReq);
 			
 			//write log entries
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_REVEIVED);				
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID);				
 			Logger.info("Receive a valid assertion from IDP " + msg.getEntityID()); 
 											
 		} catch (MessageDecodingException | SecurityException e) {
@@ -208,32 +205,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			
 		}
 	}
-	
-	/**
-	 * @param executionContext
-	 * @param idpConfig
-	 * @param message 
-	 * @param objects 
-	 * @throws TaskExecutionException 
-	 * @throws Throwable 
-	 */
-	private void handleAuthnResponseValidationProblem(ExecutionContext executionContext, IOAAuthParameters idpConfig, Throwable e) throws TaskExecutionException {
-
-		if (idpConfig != null && idpConfig.isPerformLocalAuthenticationOnInterfederationError()) {
-			Logger.info("Switch to local authentication on this IDP ... ");
-		
-			executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_REQUIRELOCALAUTHENTICATION, true);
-			executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, true);
 		
-			executionContext.remove(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH);
-			
-		} else {
-			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
-			
-		}
-		
-	}
-	
 	/**
 	 * PreProcess AuthResponse and Assertion 
 	 * @param msg
@@ -257,11 +229,16 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 					EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING);
 
 			msg.setSAMLMessage(SAML2Utils.asDOMDocument(samlResp).getDocumentElement());
+			revisionsLogger.logEvent(pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED,
+					samlResp.getID());
 			return msg;
 				
 		} else {
 			Logger.info("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue() 
 				+ " from 'ms-specific eIDAS node'.");
+			revisionsLogger.logEvent(pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR);			
 			throw new AuthnResponseValidationException("sp.pvp2.05", 
 					new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING, samlResp.getIssuer().getValue(), samlResp.getStatus().getStatusCode().getValue()});
 					
-- 
cgit v1.2.3


From 158d41705d0f8c67a858e84bda8d2c16377cf288 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 13 Jul 2018 15:48:17 +0200
Subject: some bug fixes

---
 .../src/main/webapp/jsp/snippets/OA/stork.jsp      |   3 +-
 .../conf/moa-id/htmlTemplates/css_template.css     |  84 +++++++++++++--------
 .../conf/moa-id/htmlTemplates/loginFormFull.html   |  68 ++++++++++-------
 id/server/idserverlib/pom.xml                      |   4 +-
 .../moa/id/advancedlogging/StatisticLogger.java    |  80 +++++++++++---------
 .../id/auth/builder/AuthenticationDataBuilder.java |  10 +--
 .../builder/CreateXMLSignatureRequestBuilder.java  |   2 +-
 .../moa/id/auth/data/AuthenticationSession.java    |  22 ++++--
 .../tasks/EvaluateSSOConsentsTaskImpl.java         |  16 ++--
 .../internal/tasks/UserRestrictionTask.java        |   2 +-
 .../StartAuthentificationParameterParser.java      |   8 +-
 .../moa/id/moduls/AuthenticationManager.java       |  11 +--
 .../gv/egovernment/moa/id/moduls/SSOManager.java   |  32 +++++---
 .../storage/DBAuthenticationSessionStoreage.java   |   3 +-
 .../resources/properties/id_messages_de.properties |   6 +-
 .../protocol_response_statuscodes_de.properties    |   2 +
 .../auth/data/AuthenticationDataBuilderTest.java   |   2 +-
 ...roviderSpecificGUIFormBuilderConfiguration.java |  12 ++-
 .../moa/id/auth/frontend/utils/FormBuildUtils.java |  18 ++---
 .../moa/id/auth/AuthenticationServer.java          |  10 +--
 .../AuthenticationBlockAssertionBuilder.java       |   2 +-
 .../internal/tasks/CertificateReadRequestTask.java |   4 +-
 .../internal/tasks/CreateIdentityLinkFormTask.java |   2 +-
 .../internal/tasks/GetMISSessionIDTask.java        |   3 +-
 .../tasks/InitializeBKUAuthenticationTask.java     |   9 ++-
 .../tasks/PrepareAuthBlockSignatureTask.java       |   3 +-
 .../internal/tasks/PrepareGetMISMandateTask.java   |   3 +-
 .../tasks/VerifyAuthenticationBlockTask.java       |   3 +-
 .../internal/tasks/VerifyCertificateTask.java      |   3 +-
 .../internal/tasks/VerifyIdentityLinkTask.java     |   3 +-
 .../CreateXMLSignatureResponseValidator.java       |   4 +-
 .../tasks/CreateAuthnRequestTask.java              |  50 +++---------
 .../tasks/ReceiveAuthnResponseTask.java            |  34 +++++++--
 .../auth/modules/eIDAScentralAuth/utils/Utils.java |  45 +++++++++++
 .../tasks/FirstBKAMobileAuthTask.java              |  19 +----
 .../tasks/SecondBKAMobileAuthTask.java             |  13 +---
 .../eidas/tasks/CreateIdentityLinkTask.java        |  18 ++---
 .../eidas/tasks/ReceiveAuthnResponseTask.java      |  19 +++--
 .../moa/id/protocols/eidas/EIDASProtocol.java      |   6 +-
 .../tasks/ReceiveElgaMandateResponseTask.java      |   8 +-
 .../elgamandates/tasks/RequestELGAMandateTask.java |   4 +-
 .../oauth20/protocol/OAuth20AuthRequest.java       |   3 +-
 .../oauth20/protocol/OAuth20BaseRequest.java       |  11 +--
 .../oauth20/protocol/OAuth20Protocol.java          |   4 +-
 .../oauth20/protocol/OAuth20TokenRequest.java      |   3 +-
 .../sl20_auth/tasks/CreateQualeIDRequestTask.java  |   2 +-
 .../sl20_auth/tasks/ReceiveQualeIDTask.java        |  19 +++--
 .../sl20_auth/tasks/VerifyQualifiedeIDTask.java    |  14 ++--
 .../task/InitializeRestoreSSOSessionTask.java      |   4 +-
 .../ssotransfer/task/RestoreSSOSessionTask.java    |  14 ++--
 .../tasks/CreateAuthnRequestTask.java              |   2 +-
 .../tasks/ReceiveAuthnResponseTask.java            |  16 ++--
 .../moa/id/protocols/saml1/GetArtifactAction.java  |   6 +-
 .../moa/id/protocols/saml1/SAML1Protocol.java      |   4 +-
 .../eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0-tests.jar | Bin 53076 -> 53645 bytes
 .../egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0.jar  | Bin 360335 -> 360662 bytes
 .../1.0.0/eaaf_module_pvp2_core-1.0.0.jar          | Bin 110449 -> 110555 bytes
 .../1.0.0/eaaf_module_pvp2_idp-1.0.0.jar           | Bin 35302 -> 35407 bytes
 .../1.0.0/eaaf_module_pvp2_sp-1.0.0.jar            | Bin 15649 -> 15649 bytes
 59 files changed, 411 insertions(+), 341 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java

(limited to 'id/server/idserverlib/src/main/java/at/gv')

diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp
index 76c8d069b..129b32508 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp
@@ -22,7 +22,7 @@
 								labelposition="left" 
 								cssClass="textfield_long"/>
 								
-								
+							<!-- 	
 							<h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.enabledcpeps", request) %></h4>
 							<s:checkboxlist name="storkOA.enabledCitizenCountries" list="storkOA.availableCitizenCountries" value="storkOA.enabledCitizenCountries" />
 							<h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.header", request) %></h4>
@@ -39,6 +39,7 @@
 									</tr>
 								</s:iterator>
 							</table>
+							 -->
 						</div>
 					</div>
 				
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css b/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css
index c8de82c50..f95106c5a 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css
@@ -87,7 +87,7 @@
 			  }
 			
 			  #leftcontent {
-				 width: 300px;
+				 width: 400px;
 				 /*margin-top: 30px;*/
          margin: auto;
 			  }
@@ -99,9 +99,9 @@
         }
       
         #bkulogin {
-				  overflow:hidden;	
-          min-width: 190px;
-          min-height: 180px;
+            overflow:hidden;	
+            min-width: 190px;
+            min-height: 180px;
           /*height: 260px;*/	
 			  }
       
@@ -130,11 +130,16 @@
 				 float:left; 
 				 margin-left: 40px;
 			  }
+            #centerbutton {
+                width: 30%
+                float: middle; 
+            }
+			
 			
 			  #rightbutton {
 				 width: 30%; 
 				 float:right; 
-				 margin-right: 45px; 
+				 margin-right: 40px; 
 				 text-align: right;
 			  }
         
@@ -266,7 +271,7 @@
         } 
       }
 
-      @media screen and (max-width: 399px) and (min-width: 300px) {
+      @media screen and (max-width: 399px) and (min-width: 400px) {
         #localBKU p {
           font-size: 0.9em;
         } 
@@ -381,15 +386,14 @@
           visibility: hidden;
         }
         
-			  #leftcontent {
-			    visibility: visible;
-			    margin-bottom: 0px;
-			    text-align: left;
-			    border:none;
-          vertical-align: middle;
-          min-height: 173px;
-          min-width: 204px;
-          
+                #leftcontent {
+			     visibility: visible;
+			     margin-bottom: 0px;
+			     text-align: left;
+			     border:none;
+                vertical-align: middle;
+                min-height: 173px;
+                min-width: 204px;
 			  }
 			  
         #bku_header {
@@ -452,13 +456,14 @@
 			}
 			
 			#leftbutton  {
-				width: 35%; 
+				width: 30%; 
 				float:left; 
 				margin-left: 15px;
 			}
+
 			
 			#rightbutton {
-				width: 35%; 
+				width: 30%; 
 				float:right; 
 				margin-right: 25px; 
 				text-align: right;
@@ -479,12 +484,17 @@
         padding-top: 4%;
         height: 10%;
         position: relative;
-        text-align: center;
+        text-align: left;
 			}
       
       .verticalcenter {
         vertical-align: middle;
       }
+
+    .mandate{
+        float: left;
+        margin-left: 4%;
+    }
       
       #mandateLogin div {
         clear: both;
@@ -509,29 +519,37 @@
 			#bkukarte {
 				float:left;
 				text-align:center;
-				width:40%;
-        min-height: 70px;
-        padding-left: 5%;
-        padding-top: 2%;
+				width:33%;
+                min-height: 90px;
+
+                padding-top: 2%;
 			}
 			
 			#bkuhandy {
-				float:right;
+				float:left;
 				text-align:center;
-				width:40%;
-        min-height: 90px;
-        padding-right: 5%;
-        padding-top: 2%;
+				width:33%;
+                min-height: 90px;
+
+                padding-top: 2%;
 			}
+            #bkueulogin {
+            float:left;
+            text-align:center;
+            width:33%;
+            min-height: 90px;
+            padding-top: 2%;
+         
+        }
 			
-      .bkuimage {
-        width: 60%;
-        height: auto;
-        margin-bottom: 10%;
-      }
+            .bkuimage {
+            width: 55%;
+            height: auto;
+            margin-bottom: 10%;
+            }
       
 			#mandate{
-				text-align:center;
+				text-align:left;
 				padding : 5px 5px 5px 5px;
 			}
       
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
index fe9bc2166..01249537f 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
@@ -4,7 +4,7 @@
 <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
 
    <!-- MOA-ID 2.x BKUSelection Layout CSS -->               
-   <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=$pendingReqID" />
+   <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=$pendingReqID"/>
    
    <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
    <script src="$contextPath/js/buildJS?pendingid=$pendingReqID"></script>
@@ -26,8 +26,8 @@
 						<div id="mandateLogin" class="$MANDATEVISIBLE">
 							<div>
 								<input tabindex="1" type="checkbox" name="Mandate"
-									id="mandateCheckBox" class="verticalcenter" role="checkbox" $MANDATECHECKED>
-								<label for="mandateCheckBox" class="verticalcenter">in
+									id="mandateCheckBox" class="mandate" role="checkbox" $MANDATECHECKED>
+								<label for="mandateCheckBox" class="mandate">in
 									Vertretung anmelden</label>
 								<!--a      href="info_mandates.html" 
                         target="_blank"
@@ -37,31 +37,41 @@
 						</div>
 						<div id="bkuselectionarea">
 							<div id="bkukarte">
-								<img id="bkuimage" class="bkuimage" src="$contextPath/img/karte.png" alt="OnlineBKU" /> 
+								<img id="bkuimage" class="bkuimage" src="$contextPath/img/karte.png" alt="OnlineBKU"/> 
                 
-                <!-- Remove support for Online BKU and swith the card button to local BKU-->
-                <!--input name="bkuButtonOnline" type="button" onClick="bkuOnlineClicked();" tabindex="2" role="button" value="Karte" /-->                
+                  <!-- Remove support for Online BKU and swith the card button to local BKU-->
+                  <!--input name="bkuButtonOnline" type="button" onClick="bkuOnlineClicked();" tabindex="2" role="button" value="Karte" /-->                
                 
-                <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent">
-								  <input type="hidden" name="bkuURI" value="$bkuLocal" />
-								  <input type="hidden" name="useMandate" id="useMandate" /> 
-								  <input type="hidden" name="SSO" id="useSSO" /> 
-								  <input type="hidden" name="ccc" id="ccc" /> 
-								  <input type="hidden" name="pendingid" value="$pendingReqID" /> 
-                  <input type="submit" value=" Karte " tabindex="4" role="button">
-                </form>
+                  <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent">
+								    <input type="hidden" name="bkuURI" value="$bkuLocal" />
+								    <input type="hidden" name="useMandate" id="useMandate" /> 
+								    <input type="hidden" name="SSO" id="useSSO" /> 
+								    <input type="hidden" name="ccc" id="ccc" /> 
+								    <input type="hidden" name="pendingid" value="$pendingReqID" /> 
+                    <input type="submit" value=" Karte " tabindex="5" role="button" onclick="setMandateSelection();" />
+                  </form>
                 
-                <iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/feature/bkuDetection?pendingid=$pendingReqID"></iframe>
+                  <iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/feature/bkuDetection?pendingid=$pendingReqID"></iframe>
                 
-                <!-- BKU detection with static template-->
-                <!--iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/iframeLBKUdetect.html"></iframe-->
-                                                            
-							</div>
-							<div id="bkuhandy">
-								<img class="bkuimage" src="$contextPath/img/handysign.png" alt="HandyBKU" />         
-                <input name="bkuButtonHandy" type="button" tabindex="3" role="button" value="HANDY" />
-							</div>
-						</div>
+                  <!-- BKU detection with static template-->
+                  <!--iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/iframeLBKUdetect.html"></iframe-->                                                            
+				        </div>
+                            
+				        <div id="bkuhandy">
+				            <img class="bkuimage" src="$contextPath/img/handysign.png" alt="HandyBKU" />         
+                            <input name="bkuButtonHandy" type="button" tabindex="3" role="button" value="HANDY" />
+				        </div>
+                
+            
+				        <div id="bkueulogin" style="$STORKVISIBLE">
+				            <img class="bkuimage" src="$contextPath/img/eIDAS_small.png" alt="EULogin" />                                                        
+                    <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent">
+								      <input type="hidden" name="useeIDAS" value="true" />
+								      <input type="hidden" name="useMandate" id="useMandate" />  
+								      <input type="hidden" name="pendingid" value="$pendingReqID" /> 
+                      <input name="bkuButtonEULogin" onclick="setMandateSelection();" type="submit" role="button" value="EULogin" />
+                    </form>
+				        </div>
 						<!--div id="localBKU">
 							<form method="get" id="moaidform" action="$contextPath$submitEndpoint"
 								class="verticalcenter" target="_parent">
@@ -80,7 +90,11 @@
               <!--div id="ssoSessionTransferBlock">
                 <a href="$contextPath$submitEndpoint?pendingid=$pendingReqID&restoreSSOSession=true">>Restore SSO Session from Smartphone</a>
               </div-->
-              
+            
+                  
+                        
+            
+            <!-- 
               <div id="stork" align="center" class="$STORKVISIBLE">
                 <h2 id="tabheader" class="dunkel">Home Country Selection</h2>
                 <p>
@@ -88,9 +102,9 @@
                     $countryList
                   </select>
                   <button id="eIDASButton" name="bkuButton" type="button">Proceed</button>
-                  <!--a href="info_stork.html" target="_blank" class="infobutton">i</a-->
+                  a href="info_stork.html" target="_blank" class="infobutton">i</a
                 </p>
-              </div>
+              </div>-->
 
 						<div id="metroDetected" class="unvisible">
 							<p>Anscheinend verwenden Sie Internet Explorer im
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 9b9b13d8b..0e8b996ba 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -319,8 +319,8 @@
   			<artifactId>eaaf-core</artifactId>
   			<type>test-jar</type>
   			<classifier>tests</classifier>
-  			<version>1.0.0-snapshot</version>
-  			<scope>test</scope> 
+  			<version>1.0.0</version>
+  			<scope>test</scope>  
 		</dependency>						
 <!-- 		<dependency>
   			<groupId>org.opensaml</groupId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
index e92c3377a..f642cddc7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
@@ -61,7 +61,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -142,12 +142,15 @@ public class StatisticLogger implements IStatisticLogger{
 				IMOAAuthData moaAuthData = (IMOAAuthData) authData;
 				dblog.setOatarget(moaAuthData.getBPKType());	
 
-				boolean isFederatedAuthentication = protocolRequest.getGenericData(AuthenticationManager.DATAID_INTERFEDERATIOIDP_RESPONSE) != null;
+				boolean isFederatedAuthentication = protocolRequest.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE) != null;
 				dblog.setInterfederatedSSOSession(isFederatedAuthentication);
 				
 				if (isFederatedAuthentication) {
 					dblog.setBkutype(IOAAuthParameters.INDERFEDERATEDIDP);
-					dblog.setBkuurl(protocolRequest.getGenericData(AuthenticationManager.DATAID_INTERFEDERATIOIDP_ENTITYID, String.class));
+					dblog.setBkuurl(protocolRequest.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, String.class));
+					
+				} else if (moaAuthData.isForeigner()) {
+					dblog.setBkutype(IOAAuthParameters.EIDAS);
 					
 				} else {
 					dblog.setBkuurl(moaAuthData.getBkuURL());
@@ -299,7 +302,8 @@ public class StatisticLogger implements IStatisticLogger{
 										
 				} else {
 					Logger.debug("Use MOA session information from pending-req for ErrorLogging");
-					moasession = new AuthenticationSessionWrapper(errorRequest.genericFullDataStorage()); 
+					moasession = (IAuthenticationSession) errorRequest.getSessionData(AuthenticationSessionWrapper.class);
+					
 
 					
 				}
@@ -393,45 +397,47 @@ public class StatisticLogger implements IStatisticLogger{
 	
 	private String findBKUType(String bkuURL, IOAAuthParameters dbOA) {
 		
-		if (dbOA != null) {
-			if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.HANDYBKU)))
-				return IOAAuthParameters.HANDYBKU;
-					
-			if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.LOCALBKU)))
-				return IOAAuthParameters.LOCALBKU;
-					
-			if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.THIRDBKU)))
-				return IOAAuthParameters.THIRDBKU;	
-		}
-		
-		Logger.trace("Staticic Log search BKUType from DefaultBKUs");
-		
-		try {
-			if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.THIRDBKU)))
-				return IOAAuthParameters.THIRDBKU;
+		if (bkuURL != null) {
+			if (dbOA != null) {
+				if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.HANDYBKU)))
+					return IOAAuthParameters.HANDYBKU;
+						
+				if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.LOCALBKU)))
+					return IOAAuthParameters.LOCALBKU;
+						
+				if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.THIRDBKU)))
+					return IOAAuthParameters.THIRDBKU;	
+			}
+			
+			Logger.trace("Staticic Log search BKUType from DefaultBKUs");
 			
-			if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU)))
+			try {
+				if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.THIRDBKU)))
+					return IOAAuthParameters.THIRDBKU;
+				
+				if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU)))
+					return IOAAuthParameters.LOCALBKU;
+				
+				if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU)))
+					return IOAAuthParameters.HANDYBKU;
+				
+			} catch (ConfigurationException e) {
+				Logger.info("Advanced Logging: Default BKUs read failed");
+			}
+			
+			Logger.debug("Staticic Log search BKUType from generneric Parameters");
+			
+			if (bkuURL.endsWith(GENERIC_LOCALBKU)) {
+				Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.LOCALBKU);
 				return IOAAuthParameters.LOCALBKU;
+			}
 			
-			if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU)))
+			if (bkuURL.startsWith(GENERIC_HANDYBKU)) {
+				Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.HANDYBKU);
 				return IOAAuthParameters.HANDYBKU;
-			
-		} catch (ConfigurationException e) {
-			Logger.info("Advanced Logging: Default BKUs read failed");
-		}
-		
-		Logger.debug("Staticic Log search BKUType from generneric Parameters");
-		
-		if (bkuURL.endsWith(GENERIC_LOCALBKU)) {
-			Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.LOCALBKU);
-			return IOAAuthParameters.LOCALBKU;
+			}
 		}
 		
-		if (bkuURL.startsWith(GENERIC_HANDYBKU)) {
-			Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.HANDYBKU);
-			return IOAAuthParameters.HANDYBKU;
-		}
-				
 		Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.AUTHTYPE_OTHERS);
 		return IOAAuthParameters.AUTHTYPE_OTHERS;
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index a13455972..2c14af463 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -129,12 +129,12 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 	public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
 		try {
 			return buildAuthenticationData(pendingReq, 
-					new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()),
+					pendingReq.getSessionData(AuthenticationSessionWrapper.class),
 					pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class));
 			
 		} catch (ConfigurationException | BuildException | WrongParametersException | DynamicOABuildException | EAAFBuilderException e) {
 			Logger.warn("Can not build authentication data from session information");
-			throw new EAAFAuthenticationException("TODO", new Object[]{}, e);
+			throw new EAAFAuthenticationException("builder.11", new Object[]{}, e);
 			
 		}
 		
@@ -186,14 +186,14 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 		if (oaParam.isSTORKPVPGateway())
 			oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, pendingReq);
 				
-		Boolean isMinimalFrontChannelResp = pendingReq.getGenericData(
+		Boolean isMinimalFrontChannelResp = pendingReq.getRawData(
 				MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, Boolean.class);
 		if (isMinimalFrontChannelResp != null && isMinimalFrontChannelResp) {
 			//only set minimal response attributes			
 			authdata.setQAALevel(
-					pendingReq.getGenericData(MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, String.class));
+					pendingReq.getRawData(MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, String.class));
 			authdata.setBPK(
-					pendingReq.getGenericData(MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, String.class));
+					pendingReq.getRawData(MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, String.class));
 						
 		} else {
 			//build AuthenticationData from MOASession
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index a43e6a7fb..399ecc022 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -191,7 +191,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
 		String sectorName = null;
 		
 		
-		String saml1Target = pendingReq.getGenericData(
+		String saml1Target = pendingReq.getRawData(
 				MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class);
 		if (MiscUtil.isNotEmpty(saml1Target)) {
 			target = saml1Target;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 926bfe242..cadaec2a0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -45,6 +45,7 @@ import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Map.Entry;
 
 import org.apache.commons.collections4.map.HashedMap;
 
@@ -235,13 +236,17 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi
 	 */
 	@Override
 	public X509Certificate getSignerCertificate() {
-		try {
-			return new X509Certificate(signerCertificate);
-		}
-		catch (CertificateException e) {
-			Logger.warn("Signer certificate can not be loaded from session database!", e);
-			return null;
+		if (signerCertificate != null && signerCertificate.length > 0) {
+			try {
+				return new X509Certificate(signerCertificate);
+			}
+			catch (CertificateException e) {
+				Logger.warn("Signer certificate can not be loaded from session database!", e);
+			
+			}
 		}
+		
+		return null;
 	}
 	
 	/* (non-Javadoc)
@@ -665,8 +670,9 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi
 		result.put(VALUE_SIGNER_CERT, getSignerCertificate());
 		result.put(VALUE_VERIFYSIGRESP, getXMLVerifySignatureResponse());
 		
-		result.putAll(genericSessionDataStorate);
-		
+		for (Entry<String, Object> el : genericSessionDataStorate.entrySet()) 
+			result.put(GENERIC_PREFIX + el.getKey(), el.getValue());
+				
 		return Collections.unmodifiableMap(result);
 	}	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
index b976cba9e..375b144d7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
@@ -78,13 +78,8 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
 			//defaultTaskInitialization(request, executionContext);
 			
 			//check SSO session cookie and MOASession object
-			String ssoId = ssoManager.getSSOSessionID(request);
-			boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq);
-
-			//load MOA SSO-session from database
-			AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier());
-			
-			if (!(isValidSSOSession && ssoMOSSession.isAuthenticated() )) {
+			String ssoId = ssoManager.getSSOSessionID(request);			
+			if (!(ssoManager.isValidSSOSession(ssoId, pendingReq))) {
 				Logger.info("Single Sign-On consents evaluator found NO valid SSO session. Stopping authentication process ...");
 				throw new AuthenticationException("auth.30", null);
 				
@@ -95,9 +90,12 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
 						
 			//user allow single sign-on authentication
 			if (ssoConsents) {
-								
+				//load MOA SSO-session from database
+				AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier());
+
+				
 				//Populate this pending request with SSO session information
-				pendingReq.setGenericDataToSession(ssoMOSSession.getKeyValueRepresentationFromAuthSession());;
+				pendingReq.setRawDataToTransaction(ssoMOSSession.getKeyValueRepresentationFromAuthSession());;
 				
 				//authenticate pending-request
 				pendingReq.setAuthenticated(true);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
index 7d9a2c28c..acaf21682 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
@@ -35,7 +35,7 @@ public class UserRestrictionTask extends AbstractAuthServletTask {
 			List<String> restrictedSPs = KeyValueUtils.getListOfCSVValues(authConfig.getBasicConfiguration(CONFIG_PROPS_SP_LIST));						
 			if (restrictedSPs.contains(spEntityId)) {
 				Logger.debug("SP:" + spEntityId + " has a user restrication. Check users bPK ... ");				
-				AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+				AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); 
 				
 				//check if user idl is already loaded
 				if (moasession.getIdentityLink() == null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 0e1e1bf12..ead80b117 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -138,8 +138,8 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 				resultTargetFriendlyName = targetFriendlyNameConfig;
 					
 			//set info's into request-context. (It's required to support SAML1 requested target parameters)			
-			protocolReq.setGenericDataToSession(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, resultTarget);
-			protocolReq.setGenericDataToSession(
+			protocolReq.setRawDataToTransaction(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, resultTarget);
+			protocolReq.setRawDataToTransaction(
 					MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, resultTargetFriendlyName);
 			
 		} else {
@@ -206,7 +206,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 	    if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL()))
 		       throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
 	    
-	    protocolReq.setGenericDataToSession(
+	    protocolReq.setRawDataToTransaction(
 	    		MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE, 
 	    		templateURL);
 	    
@@ -248,7 +248,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 	    oaURL = pendingReq.getSPEntityId();
 	    
 	    //only needed for SAML1
-	    String target = pendingReq.getGenericData("saml1_target", String.class);
+	    String target = pendingReq.getRawData("saml1_target", String.class);
 	    	    
 	    parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, pendingReq);
 	    
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 6544766b2..77abe07af 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -60,12 +60,9 @@ import at.gv.egovernment.moa.util.MiscUtil;
 @Service("MOAID_AuthenticationManager")
 public class AuthenticationManager extends AbstractAuthenticationManager {
 
-	public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL";
-	public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse";
-	public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes";
-	public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "interIDPEntityID";	
 	public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_LoA";
-		
+	public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes";	
+	
 	public static final String MOA_SESSION = "MoaAuthenticationSession";
 	public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
 
@@ -167,13 +164,13 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 		//set interfederation authentication flag
 		executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH, 
 				MiscUtil.isNotEmpty(
-						pendingReq.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class)));
+						pendingReq.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class)));
 		
 		//set legacy mode or BKU-selection flags
 		boolean leagacyMode = (legacyallowed && legacyparamavail);			
 		executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_ISLEGACYREQUEST, leagacyMode);
 		executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, !leagacyMode 
-				&& MiscUtil.isEmpty(pendingReq.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class)));
+				&& MiscUtil.isEmpty(pendingReq.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class)));
 				
 		//add additional http request parameter to context
 		if (leagacyMode) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 97c4f40cd..b5005d0c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -23,6 +23,8 @@
 package at.gv.egovernment.moa.id.moduls;
 
 import java.util.Date;
+import java.util.Map;
+import java.util.Map.Entry;
 
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
@@ -73,9 +75,10 @@ public class SSOManager implements ISSOManager {
 	
 	private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec
 
-	public static final String DATAID_INTERFEDERATIOIDP_URL = "INTERFEDERATIOIDP_URL";
-	public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "INTERFEDERATIOIDP_RESPONSE";
-	public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "INTERFEDERATIOIDP_ENTITYID";
+	public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL";
+	public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse";
+	public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "interIDPEntityID";	
+	
 	
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
 	@Autowired private AuthConfiguration authConfig;
@@ -166,8 +169,17 @@ public class SSOManager implements ISSOManager {
 				Logger.debug("Found authenticated MOASession with provided SSO-Cookie.");
 				revisionsLogger.logEvent(pendingReq, EVENT_SSO_SESSION_VALID);
 				
-				Logger.trace("Populatint pending request with SSO session information .... ");						
-				pendingReq.setGenericDataToSession(ssoMOASession.getKeyValueRepresentationFromAuthSession());
+				Logger.trace("Populatint pending request with SSO session information .... ");
+				Map<String, Object> fullSSOData = ssoMOASession.getKeyValueRepresentationFromAuthSession();
+				if (Logger.isTraceEnabled()) {
+					Logger.trace("Full SSO DataSet:  ");
+					for (Entry<String, Object> el : fullSSOData.entrySet()) {
+						Logger.trace("  Key: " + el.getKey() + " Value: " + el.getValue());
+						
+					}
+					
+				}				
+				pendingReq.setRawDataToTransaction(fullSSOData);
 				pendingReq.setAuthenticated(true);
 							
 			}
@@ -301,7 +313,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
 		String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP);
 
 		String interfederationIDP = 
-				protocolRequest.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class);
+				protocolRequest.getRawData(DATAID_INTERFEDERATIOIDP_URL, String.class);
 		if (MiscUtil.isNotEmpty(interfederationIDP)) {
 			Logger.debug("Protocolspecific preprocessing already set interfederation IDP " + interfederationIDP);
 			return;
@@ -313,14 +325,14 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
 			RequestImpl moaReq = (RequestImpl) protocolRequest;
 			if (MiscUtil.isNotEmpty(interIDP)) {
 				Logger.info("Receive SSO request for interfederation IDP " + interIDP);
-				moaReq.setGenericDataToSession(DATAID_INTERFEDERATIOIDP_URL, interIDP);
+				moaReq.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, interIDP);
 				
 			} else {
 				//check if IDP cookie is set
 				String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION);
 				if (MiscUtil.isNotEmpty(cookie)) {
 					Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie);
-					moaReq.setGenericDataToSession(DATAID_INTERFEDERATIOIDP_URL, cookie);
+					moaReq.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, cookie);
 				
 					deleteCookie(httpReq, httpResp, SSOINTERFEDERATION);									
 				}				
@@ -367,7 +379,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
 				//in case of federated SSO session, jump to federated IDP for authentication
 				
 				String interfederationIDP = 
-						protocolRequest.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class);
+						protocolRequest.getRawData(DATAID_INTERFEDERATIOIDP_URL, String.class);
 				
 				if (MiscUtil.isEmpty(interfederationIDP)) {
 					InterfederationSessionStore selectedIDP = authenticatedSessionStore.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid());
@@ -375,7 +387,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
 					if (selectedIDP != null) {				
 						//no local SSO session exist -> request interfederated IDP
 						Logger.info("SSO Session refer to federated IDP: " + selectedIDP.getIdpurlprefix());
-						protocolRequest.setGenericDataToSession(
+						protocolRequest.setRawDataToTransaction(
 								DATAID_INTERFEDERATIOIDP_URL, selectedIDP.getIdpurlprefix());
 						
 					} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
index 0f75cf63b..405e44112 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
@@ -95,7 +95,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			dbsession.setAdditionalInformationBytes(mapper.serialize(sessionExt).getBytes("UTF-8"));
 		
 			AuthenticationSession session = new AuthenticationSession(id, now, 
-					new AuthenticationSessionWrapper(target.genericFullDataStorage()));
+					(IAuthenticationSession)target.getSessionData(AuthenticationSessionWrapper.class));
 			encryptSession(session, dbsession);
 		
 			//store AssertionStore element to Database
@@ -341,6 +341,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 				  
 		dbsession.setSSOSession(true);
 		dbsession.setSSOsessionid(externalSSOSessionID);
+		dbsession.setAuthenticated(true);
 
 		//Store MOASession
 		entityManager.merge(dbsession);
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 7d6730925..66b9be341 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -114,6 +114,7 @@ builder.07=Fehlerhaftes SecurityLayer Template.
 builder.08=Authentication process could NOT completed. Reason: {0}
 builder.09=Can not build GUI component. Reason: {0}
 builder.10=Can not create or update SSO session. SSO NOT POSSIBLE
+builder.11=Fehler beim generieren der Anmeldedaten f\u00FCr die Online Applikation
 
 service.00=Fehler beim Aufruf des Web Service: {0}
 service.01=Fehler beim Aufruf des Web Service: kein Endpoint
@@ -310,8 +311,8 @@ pvp2.25=Fehler beim Validieren der PVP2 Metadaten
 
 ##add status codes!!!!
 sp.pvp2.00=Can not build PVP AuthnRequest for {0} {1}. No valid SingleSignOnService endpoint found.
-sp.pvp2.01=Can not build PVP AuthnRequest for {0} {0}. IDP is not allowed for federated authentication.
-sp.pvp2.02=Can not build PVP AuthnRequest for {0} {0}. IDP has no (valid) metadata.
+sp.pvp2.01=Can not build PVP AuthnRequest for {0}. IDP is not allowed for federated authentication.
+sp.pvp2.02=Can not build PVP AuthnRequest for {0}. IDP has no (valid) metadata.
 sp.pvp2.03=Receive PVP Response from {0} with unsupported Binding.  
 sp.pvp2.04=Receive invalid PVP Response from {0}. No PVP metadata found.  
 sp.pvp2.05=Receive invalid PVP Response from {0} {1}. StatusCode:{2} Msg:{3}.
@@ -322,6 +323,7 @@ sp.pvp2.09=Receive invalid PVP Response from {0} {1}. StatusCodes:{2} {3} Msg:{4
 sp.pvp2.10=Receive invalid PVP Response from {0}. No valid assertion included.
 sp.pvp2.11=Receive invalid PVP Response from {0}. Assertion decryption FAILED.
 sp.pvp2.12=Receive invalid PVP Response from {0}. Msg:{1}
+sp.pvp2.13=Can not build PVP AuthnRequest for {0}. Internal processing error.
 
 oauth20.01=Fehlerhafte redirect url
 oauth20.02=Fehlender oder ung\u00FCltiger Parameter "{0}"
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index 5d7588dd5..b878eadf3 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -92,6 +92,7 @@ builder.07=9002
 builder.08=1008
 builder.09=9103
 builder.10=1009
+builder.11=9102
 
 service.00=4300
 service.03=4300
@@ -122,6 +123,7 @@ sp.pvp2.09=4503
 sp.pvp2.10=4502
 sp.pvp2.11=4502
 sp.pvp2.12=4502
+sp.pvp2.13=4501
  
 validator.00=1102
 validator.01=1102
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
index 16cdc9c12..1ea057186 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
@@ -43,7 +43,7 @@ public class AuthenticationDataBuilderTest {
 				
 		IAuthenticationSession session = new DummyAuthSession();
 		session.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL, false))).parseIdentityLink());
-		pendingReq.setGenericDataToSession(session.getKeyValueRepresentationFromAuthSession());
+		pendingReq.setRawDataToTransaction(session.getKeyValueRepresentationFromAuthSession());
 		
 		
 		IMOAAuthData authData = (IMOAAuthData) authBuilder.buildAuthenticationData(pendingReq);
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
index 2fcec92c5..c9dcd291a 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
@@ -63,6 +63,7 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
 	
 	public static final String PARAM_OANAME = "OAName";
 	public static final String PARAM_COUNTRYLIST = "countryList";
+	public static final String PARAM_EIDAS_VISIBLE = "eIDASVisible";
 	
 	protected IRequest pendingReq = null;
 	protected String templateClasspahtDir = null;
@@ -141,10 +142,15 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
 					params.put(PARAM_BKU_URL_THIRD, oaParam.getBKUURL(IOAAuthParameters.THIRDBKU));
 				
 				//set eIDAS login information if requird
-				if (oaParam.isShowStorkLogin())
+				if (oaParam.isShowStorkLogin()) {
 					addCountrySelection(params, oaParam);
-				else
-					params.put(PARAM_COUNTRYLIST, "");
+					params.put(PARAM_EIDAS_VISIBLE, "");
+					
+				} else {
+					params.put(PARAM_COUNTRYLIST, "");					
+					params.put(PARAM_EIDAS_VISIBLE, FormBuildUtils.TEMPLATEVISIBLE);
+					
+				}
 				
 				FormBuildUtils.customiceLayoutBKUSelection(params, oaParam);
 								
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
index 53ec222dc..248bde700 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
@@ -50,12 +50,10 @@ public class FormBuildUtils {
 	private static String PARAM_MANDATEVISIBLE = "MANDATEVISIBLE";
 	private static String PARAM_MANDATECHECKED = "MANDATECHECKED";
 
-	private static String PARAM_STORKVISIBLE = "STORKVISIBLE";
-
-	private static final String TEMPLATEVISIBLE = " unvisible";
-	private static final String TEMPLATEDISABLED =  "disabled=\"true\"";
-	private static final String TEMPLATECHECKED = "checked=\"true\"";
-	private static final String TEMPLATE_ARIACHECKED = "aria-checked=";
+	public static final String TEMPLATEVISIBLE = " unvisible";
+	public static final String TEMPLATEDISABLED =  "disabled=\"true\"";
+	public static final String TEMPLATECHECKED = "checked=\"true\"";
+	public static final String TEMPLATE_ARIACHECKED = "aria-checked=";
 	
 	
 	static {
@@ -91,12 +89,7 @@ public class FormBuildUtils {
 			
 		} else
 			params.put(PARAM_MANDATECHECKED, TEMPLATE_ARIACHECKED + "\"false\"");
-		
-		if (oaParam.isShowStorkLogin())
-			params.put(PARAM_STORKVISIBLE, "");
-		else
-			params.put(PARAM_STORKVISIBLE, TEMPLATEVISIBLE);
-		
+				
 		//add more SP specific infos
 		setFormCustomizatenFromSP(params, oaParam);
 		
@@ -126,7 +119,6 @@ public class FormBuildUtils {
 	public static void defaultLayoutBKUSelection(Map<String, Object> params) {
 		params.put(PARAM_MANDATEVISIBLE, TEMPLATEVISIBLE);
 		params.put(PARAM_MANDATECHECKED, TEMPLATE_ARIACHECKED + "\"false\"");
-		params.put(PARAM_STORKVISIBLE, TEMPLATEVISIBLE);
 		
 		params.putAll(getDefaultMap());		
 	}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 34567131b..a77ba45a5 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -151,7 +151,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 			throw new AuthenticationException("auth.00", new Object[]{pendingReq.getSPEntityId()});
 
 		//load Template
-		String templateURL = pendingReq.getGenericData(
+		String templateURL = pendingReq.getRawData(
 				MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE, String.class);
 		String template = null;
 		if (MiscUtil.isNotEmpty(templateURL)) {
@@ -450,8 +450,8 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 		
 		SpecificTraceLogger.trace("Req. Authblock: " + createXMLSignatureRequest);
 		SpecificTraceLogger.trace("OA config: " + pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).toString());
-		SpecificTraceLogger.trace("saml1RequestedTarget: " + pendingReq.getGenericData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class));
-		SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + pendingReq.getGenericData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class));	
+		SpecificTraceLogger.trace("saml1RequestedTarget: " + pendingReq.getRawData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class));
+		SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + pendingReq.getRawData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class));	
 				
 		return createXMLSignatureRequest;
 	}
@@ -547,10 +547,10 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 		String authURL = pendingReq.getAuthURL();
 		
 		@Deprecated
-		String saml1RequestedTarget = pendingReq.getGenericData(
+		String saml1RequestedTarget = pendingReq.getRawData(
 				MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class);
 		@Deprecated
-		String saml1RequestedFriendlyName = pendingReq.getGenericData(
+		String saml1RequestedFriendlyName = pendingReq.getRawData(
 				MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class);
 
 		
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index a46c81d06..a2e03bc4e 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -162,7 +162,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
 	  result.put(AUTHBLOCK_TEXT_PATTERN_TIME, timeformat.format(datetime.getTime()));
 	  	  
 	  //set other values from pendingReq if exists
-	  Map<?,?> processSpecificElements = pendingReq.getGenericData(PENDING_REQ_AUTHBLOCK_TEXT_KEY, Map.class);
+	  Map<?,?> processSpecificElements = pendingReq.getRawData(PENDING_REQ_AUTHBLOCK_TEXT_KEY, Map.class);
 	  if (processSpecificElements != null && !processSpecificElements.isEmpty()) {
 		  Logger.debug("Find process-specific patterns for 'special AuthBlock-Text'. Start processing ...");
 		  Iterator<?> mapIterator = processSpecificElements.entrySet().iterator();
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
index f53dfae45..3eb7225a8 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
@@ -51,8 +51,8 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask {
 		Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
 					
 		try { 
-			//execute default task initialization
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			//execute default task initialization   
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); 
 			boolean useMandate = moasession.isMandateUsed();
 			boolean identityLinkAvailable = BooleanUtils.isTrue((Boolean) executionContext.get("identityLinkAvailable"));	
 			if (!identityLinkAvailable && useMandate) {
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
index af8f780ec..50add6beb 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
@@ -64,7 +64,7 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
 			throws TaskExecutionException {		
 		try { 
 			//execute default task initialization
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			
 	    	//normal MOA-ID authentication
 	    	Logger.debug("Starting normal MOA-ID authentication");		    			    	    	
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
index af4abe813..e4966a53b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
@@ -71,7 +71,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
 
 		try {
 			//execute default task initialization
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			
 			//get MIS sessionID
 			String misSessionID = moasession.getMISSessionID();
@@ -120,7 +120,6 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
 			//revisionsLogger.logMandateEventSet(pendingReq, mandate);
 									
 			//store pending request with new MOASession data information
-			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 			
 			
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
index ab53671f2..65ae9cf91 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
@@ -34,6 +34,7 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -87,7 +88,9 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
 			HttpServletRequest request, HttpServletResponse response) throws EAAFException {
 		
 		Logger.info("BKU is selected -> Start BKU communication ...");			
-		AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+		//AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+		
+		AuthenticationSessionWrapper moasession = ((RequestImpl)pendingReq).getSessionData(AuthenticationSessionWrapper.class);
 		
 		boolean isLegacyRequest = false;
 		Object isLegacyRequestObj = executionContext.get("isLegacyRequest");
@@ -122,9 +125,9 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
 				
 		    	//get Target from config or from request in case of SAML 1				
 				String target = null;
-				if (MiscUtil.isNotEmpty(pendingReq.getGenericData("saml1_target", String.class)) && 
+				if (MiscUtil.isNotEmpty(pendingReq.getRawData("saml1_target", String.class)) && 
 						pendingReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol"))
-					target = pendingReq.getGenericData("saml1_target", String.class);
+					target = pendingReq.getRawData("saml1_target", String.class);
 
 				
 		    	String bkuURL = oaParam.getBKUURL(bkuid);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
index d1d0ef086..a02032e74 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
@@ -50,14 +50,13 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask {
 		
 		try {
 			//initialize task
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			
 			//build authBlock
 			String createXMLSignatureRequest = authServer
 					.getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq);
 
 			//store pending request with new MOASession data information
-			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 			
 			//write response
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
index 7c9702b8b..dd7890b7e 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
@@ -71,7 +71,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
 		//mandate Mode
 		try {
 			//perform default task initialization
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 						
 			ConnectionParameterInterface connectionParameters = 
 					moaAuthConfig.getOnlineMandatesConnectionParameter(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class));	
@@ -131,7 +131,6 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
 	        moasession.setMISSessionID(misSessionID.getSessiondId());
 		
 	      //store pending request with new MOASession data information
-	        pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 	        			
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
index 3b70c55e9..c8b562282 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
@@ -87,7 +87,7 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
 				throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
 
 			//execute default task initialization
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
 			
@@ -95,7 +95,6 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
 			authServer.verifyAuthenticationBlock(pendingReq, moasession, createXMLSignatureResponse);
 			
 			//store pending request with new MOASession data information
-			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 							
 		}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
index 5b207d33e..9f1f23344 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
@@ -77,7 +77,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
 				
 	    try {
 	    	//execute default task initialization
-	    	AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+	    	AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
 	    		    	
@@ -98,7 +98,6 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
 	    				authServer.getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq);
 	    		
 	    		//store pending request with new MOASession data information
-	    		pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 				requestStoreage.storePendingRequest(pendingReq);
 	    		
 		    	CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
index 99eba56c1..b7c45a032 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
@@ -66,7 +66,7 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
 		
 		try {
 			//execute default task initialization
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 		
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
 
@@ -74,7 +74,6 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
 			boolean identityLinkAvailable = authServer.verifyIdentityLink(pendingReq, moasession, parameters) != null;
 			
 			//store pending request with new MOASession data information
-			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 
 			//set 'identityLink exists' flag to context
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 01ef4ee26..ab9be7163 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -144,10 +144,10 @@ public class CreateXMLSignatureResponseValidator {
     IIdentityLink identityLink = session.getIdentityLink();
     
     @Deprecated
-	String saml1RequestedTarget = pendingReq.getGenericData(
+	String saml1RequestedTarget = pendingReq.getRawData(
 			MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class);
 	@Deprecated
-	String saml1RequestedFriendlyName = pendingReq.getGenericData(
+	String saml1RequestedFriendlyName = pendingReq.getRawData(
 			MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class);
 	  
 	  try {	                
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
index c3c3331e1..c1229e3ff 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
@@ -29,7 +29,6 @@ import java.util.List;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.commons.lang3.StringUtils;
 import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -40,21 +39,20 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
 import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
 import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config.EidasCentralAuthRequestBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider;
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.logging.Logger;
@@ -92,7 +90,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			}
 						
 			// get entityID for central ms-specific eIDAS node 			
-			String msNodeEntityID = getCentraleIDASNodeEntityId(pendingReq.getServiceProviderConfiguration());
+			String msNodeEntityID = Utils.getCentraleIDASNodeEntityId(pendingReq.getServiceProviderConfiguration(), authConfig);
 			
 			
 			if (MiscUtil.isEmpty(msNodeEntityID)) {
@@ -149,48 +147,24 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
 						
 		} catch (MetadataProviderException e) {
-			throw new TaskExecutionException(pendingReq, "Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED.", e);
+			
+			throw new TaskExecutionException(pendingReq, 
+					"Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED.", 
+					new AuthnRequestBuildException("sp.pvp2.02", new Object[] {"'national central eIDASNode'"},e ));
 
 		} catch (MessageEncodingException | NoSuchAlgorithmException  | SecurityException e) {
-			Logger.error("Build PVP2.1 AuthnRequest for SSO inderfederation FAILED", e);
-			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			Logger.error("Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED", e);
+			throw new TaskExecutionException(pendingReq, 
+					e.getMessage(), 
+					new AuthnRequestBuildException("sp.pvp2.13", new Object[] {"'national central eIDASNode'"},e ));
 			
 		} catch (Exception e) {
-			Logger.error("Build PVP2.1 AuthnRequest for SSO inderfederation FAILED", e);
+			Logger.error("Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED", e);
 			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
 			
 		}
 	}
 
-	private String getCentraleIDASNodeEntityId(ISPConfiguration spConfiguration) {
-		//load from service-provider configuration
-		String msNodeEntityID = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL);
-		
-		if (StringUtils.isEmpty(msNodeEntityID)) {
-			Logger.debug("No SP-specific central eIDAS-node URL. Switch to general configuration ... ");
-			if (authConfig instanceof AuthConfiguration) {
-				AuthConfiguration moaAuthConfig = (AuthConfiguration)authConfig;					
-				List<String> configuratedEntityIDs = KeyValueUtils.getListOfCSVValues(
-						moaAuthConfig.getConfigurationWithKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL));
-				
-				if (configuratedEntityIDs.size() > 0)
-					msNodeEntityID = configuratedEntityIDs.get(0);
-				else
-					Logger.info("No central eIDAS-node URL in IDP configuration. Switch to backup configuration ... ");
-				
-			} else 
-				Logger.info("Basic configuration is NOT of type '" + AuthConfiguration.class.getName()
-						+ "' Switch to generic Type ... ");
-				
-			
-			if (StringUtils.isEmpty(msNodeEntityID))
-				msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
-			
-		}
-						
-		return msNodeEntityID;
-	}
-
 	private List<EAAFRequestedAttribute> buildRequestedAttributes() {
 		List<EAAFRequestedAttribute> attributs = new ArrayList<EAAFRequestedAttribute>();
 		
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
index c034dc95e..f3eaff11a 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
@@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.xml.transform.TransformerException;
 
+import org.apache.commons.lang3.StringUtils;
 import org.opensaml.saml2.core.Response;
 import org.opensaml.saml2.core.StatusCode;
 import org.opensaml.ws.message.decoder.MessageDecodingException;
@@ -55,10 +56,12 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
 import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
 import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
@@ -129,7 +132,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg);
 			
 			//validate entityId of response
-			String msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
+			String msNodeEntityID = Utils.getCentraleIDASNodeEntityId(pendingReq.getServiceProviderConfiguration(), authConfig);
 			String respEntityId = msg.getEntityID();
 			if (!msNodeEntityID.equals(respEntityId)) {
 				Logger.warn("Response Issuer is not a 'ms-specific eIDAS node'. Stopping eIDAS authentication ...");
@@ -155,23 +158,28 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 		} catch (MessageDecodingException | SecurityException e) {
 			String samlRequest = request.getParameter("SAMLRequest");			
 			Logger.warn("Receive INVALID PVP Response from 'ms-specific eIDAS node': " + samlRequest, e);
-			throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from federated IDP", e);
+			throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from federated IDP", 
+					new AuthnResponseValidationException("sp.pvp2.11", new Object[] {"'national central eIDASNode'"}, e));
 
 		} catch (IOException | MarshallingException | TransformerException e) {
 			Logger.warn("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
-			throw new TaskExecutionException(pendingReq, "Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "Processing PVP response from 'ms-specific eIDAS node' FAILED.", 
+					new AuthnResponseValidationException("sp.pvp2.12", new Object[] {"'national central eIDASNode'", e.getMessage()}, e));
 			
 		} catch (CredentialsNotAvailableException e) {
 			Logger.error("PVP response decrytion FAILED. No credential found.", e);
-			throw new TaskExecutionException(pendingReq, "PVP response decrytion FAILED. No credential found.", e);
+			throw new TaskExecutionException(pendingReq, "PVP response decrytion FAILED. No credential found.", 
+					new AuthnResponseValidationException("sp.pvp2.10", new Object[] {"'national central eIDASNode'"}, e));
 
 		} catch (AssertionValidationExeption | AuthnResponseValidationException e) {
 			Logger.info("PVP response validation FAILED. Msg:" + e.getMessage());			
-			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", 
+					new AuthnResponseValidationException("sp.pvp2.10", new Object[] {"'national central eIDASNode'"}, e));
 									
 		} catch (Exception e) {
 			Logger.warn("PVP response validation FAILED. Msg:" + e.getMessage(), e);			
-			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", 
+					new AuthnResponseValidationException("sp.pvp2.12", new Object[] {"'national central eIDASNode'", e.getMessage()}, e));
 			
 		}
 
@@ -182,19 +190,29 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			//check if all attributes are include
 			if (!extractor.containsAllRequiredAttributes() 
 					&& !extractor.containsAllRequiredAttributes(EidasCentralAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES)) {
-				Logger.warn("PVP Response from federated IDP contains not all requested attributes.");
+				Logger.warn("PVP Response from 'ms-specific eIDAS node' contains not all requested attributes.");
 				throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING});
 				
 			}
 			
 			//copy attributes into MOASession
+			AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); 
 			Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
 			for (String el : includedAttrNames) {
 				String value = extractor.getSingleAttributeValue(el);				 				
-				pendingReq.setGenericDataToSession(el, value);				
+				session.setGenericDataToSession(el, value);				
 				Logger.debug("Add PVP-attribute " + el + " into MOASession");
 				
 			}
+			
+			//set foreigner flag
+			session.setForeigner(true);
+			if (extractor.getFullAssertion().getIssuer() != null && 
+					StringUtils.isNotEmpty(extractor.getFullAssertion().getIssuer().getValue()))
+				session.setBkuURL(extractor.getFullAssertion().getIssuer().getValue());
+			else
+				session.setBkuURL("eIDAS_Authentication");
+			
 												
 		} catch (AssertionValidationExeption e) {
 			throw new BuildException("builder.06", null, e);
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java
new file mode 100644
index 000000000..642008726
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java
@@ -0,0 +1,45 @@
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils;
+
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class Utils {
+
+	public static String getCentraleIDASNodeEntityId(ISPConfiguration spConfiguration, IConfiguration authConfig) {
+		//load from service-provider configuration
+		String msNodeEntityID = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL);
+		
+		if (StringUtils.isEmpty(msNodeEntityID)) {
+			Logger.debug("No SP-specific central eIDAS-node URL. Switch to general configuration ... ");
+			if (authConfig instanceof AuthConfiguration) {
+				AuthConfiguration moaAuthConfig = (AuthConfiguration)authConfig;					
+				List<String> configuratedEntityIDs = KeyValueUtils.getListOfCSVValues(
+						moaAuthConfig.getConfigurationWithKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL));
+				
+				if (configuratedEntityIDs.size() > 0)
+					msNodeEntityID = configuratedEntityIDs.get(0);
+				else
+					Logger.info("No central eIDAS-node URL in IDP configuration. Switch to backup configuration ... ");
+				
+			} else 
+				Logger.info("Basic configuration is NOT of type '" + AuthConfiguration.class.getName()
+						+ "' Switch to generic Type ... ");
+				
+			
+			if (StringUtils.isEmpty(msNodeEntityID))
+				msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
+			
+		}
+						
+		return msNodeEntityID;
+	}
+}
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
index ec43adccc..0cbf009ad 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
@@ -29,7 +29,6 @@ import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.KeySpec;
-import java.util.Date;
 
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
@@ -57,14 +56,12 @@ import com.google.gson.JsonParser;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
-import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
@@ -136,9 +133,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 	 * @throws MOAIDException 
 	 * @throws IOException 
 	 */
-	private void parseDemoValuesIntoMOASession(IRequest pendingReq, String eIDBlobRawB64) throws MOAIDException, IOException {
-		IAuthenticationSession moaSession = new AuthenticationSession("1235", new Date());
-		
+	private void parseDemoValuesIntoMOASession(IRequest pendingReq, String eIDBlobRawB64) throws MOAIDException, IOException {		
 		Logger.debug("Check eID blob signature  ... ");
 		byte[] eIDBlobRaw = Base64Utils.decode(eIDBlobRawB64.trim(), false);
 		
@@ -206,16 +201,14 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 			Logger.debug("Parse eID information into MOA-Session ...");
 			byte[] rawIDL = Base64Utils.decode(idlB64, false);
 			IIdentityLink identityLink = new IdentityLinkAssertionParser(new ByteArrayInputStream(rawIDL)).parseIdentityLink();			
+			AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			moaSession.setIdentityLink(identityLink);
 			moaSession.setUseMandates(false);
 			moaSession.setForeigner(false);			
 			moaSession.setBkuURL("http://egiz.gv.at/BKA_MobileAuthTest");			
 			moaSession.setQAALevel(PVPConstants.EIDAS_QAA_SUBSTANTIAL);
 			Logger.info("Session Restore completed");
-			
-			
-			pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession());
-			
+									
 		} catch (MOAIDException e) {
 			throw e;
 			
@@ -243,10 +236,6 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 			Logger.error("Can not extract mobile-app binding-certificate from eID blob.", e);
 			throw new MOAIDException("Can not extract mobile-app binding-certificate from eID blob.", null, e);
 						
-		} catch (EAAFStorageException e) {
-			Logger.error("Can not populate pending-request with eID data.", e);
-			throw new MOAIDException("Can not populate pending-request with eID data.", null, e);
-			
 		} finally {
 						
 		}
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
index 5e79aee8e..bb5700bd7 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
@@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.tasks;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.URL;
-import java.util.Date;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -40,11 +39,10 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
@@ -87,9 +85,8 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
 	 * @throws MOAIDException 
 	 * @throws EAAFStorageException 
 	 */
-	private void parseDemoValuesIntoMOASession(IRequest pendingReq) throws MOAIDException, EAAFStorageException {
-		IAuthenticationSession moaSession = new AuthenticationSession("1233", new Date());
-		
+	private void parseDemoValuesIntoMOASession(IRequest pendingReq) throws MOAIDException, EAAFStorageException {		
+		AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 		moaSession.setUseMandates(false);
 		moaSession.setForeigner(false);
 		
@@ -108,9 +105,7 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
 			throw new MOAIDException("IdentityLink is not parseable.", null);
 			
 		}
-			
-		pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession());
-		
+					
 	}
 
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
index 103781470..3dea62ec4 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -24,7 +24,6 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
 import java.io.InputStream;
 import java.text.SimpleDateFormat;
-import java.util.Date;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -42,8 +41,8 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
@@ -73,7 +72,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 			throws TaskExecutionException { 
 		try{												
 			//get eIDAS attributes from MOA-Session
-			ImmutableAttributeMap eIDASAttributes = pendingReq.getGenericData(
+			AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
+			ImmutableAttributeMap eIDASAttributes = moaSession.getGenericDataFromSession(
 					AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, 
 					ImmutableAttributeMap.class);
 			
@@ -161,13 +161,11 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 			}
 			
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED);
-			AuthenticationSession moasession = new AuthenticationSession("1234", new Date());
-			moasession.setForeigner(true);
-			moasession.setIdentityLink(identityLink);
-			moasession.setBkuURL("Not applicable (eIDASAuthentication)");
-			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
-			
-			
+			moaSession.setForeigner(true);
+			moaSession.setIdentityLink(identityLink);
+			moaSession.setBkuURL("Not applicable (eIDASAuthentication)");
+
+						
 			//store MOA-session to database
 			requestStoreage.storePendingRequest(pendingReq);
 		
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 55416e92b..1788facf0 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -12,6 +12,7 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
@@ -89,21 +90,19 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			// **********************************************************
 			
 			//update MOA-Session data with received information			
-			Logger.debug("Store eIDAS response information into MOA-session.");
-					
-			pendingReq.setGenericDataToSession(AuthProzessDataConstants.VALUE_QAALEVEL, samlResp.getLevelOfAssurance());
-			
-			pendingReq.setGenericDataToSession(
+			Logger.debug("Store eIDAS response information into MOA-session.");					
+			AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class);			
+			session.setGenericDataToSession(AuthProzessDataConstants.VALUE_QAALEVEL, samlResp.getLevelOfAssurance());			
+			session.setGenericDataToSession(
 					AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, 
-					samlResp.getAttributes());
-						
-			pendingReq.setGenericDataToSession(
+					samlResp.getAttributes());						
+			session.setGenericDataToSession(
 					AuthenticationSessionStorageConstants.eIDAS_RESPONSE, 
 					decSamlToken);
 			
 			//set issuer nation as PVP attribute into MOASession
-			pendingReq.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry());
-						
+			session.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry());			
+			
 			//store MOA-session to database
 			requestStoreage.storePendingRequest(pendingReq);
 			
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 42ca6e507..d268dd2f6 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -350,15 +350,15 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
 			pendingReq.setRemoteRelayState(relayState);
 			
 			//store level of assurance
-			pendingReq.setGenericDataToSession(eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE, 
+			pendingReq.setRawDataToTransaction(eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE, 
 					eIDASSamlReq.getEidasLevelOfAssurance().stringValue());			
 			
 			//set flag if transiend identifier is requested
 			if (MiscUtil.isNotEmpty(eIDASSamlReq.getNameIdFormat()) 
 					&& eIDASSamlReq.getNameIdFormat().equals(SamlNameIdFormat.TRANSIENT.getNameIdFormat()))
-				pendingReq.setGenericDataToSession(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, true);
+				pendingReq.setRawDataToTransaction(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, true);
 			else
-				pendingReq.setGenericDataToSession(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, false);
+				pendingReq.setRawDataToTransaction(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, false);
 			
 			// - memorize requested attributes			
 			pendingReq.setEidasRequestedAttributes(eIDASSamlReq.getRequestedAttributes());
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
index 25f303816..b1db1564e 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
@@ -55,6 +55,7 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationExceptio
 import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
@@ -162,8 +163,11 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 			Logger.debug("Validation of PVP Response from ELGA mandate-service is complete.");
 			
 			Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
+			
+			AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class);			
 			for (String el : includedAttrNames) {
-				pendingReq.setGenericDataToSession(el, extractor.getSingleAttributeValue(el));
+				session.setGenericDataToSession(el, extractor.getSingleAttributeValue(el));
+				//pendingReq.setGenericDataToSession(el, extractor.getSingleAttributeValue(el));
 				Logger.debug("Add PVP-attribute " + el + " into MOASession");
 				
 			}
@@ -243,7 +247,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 		Response samlResp = (Response) msg.getResponse();
 
 		//validate 'inResponseTo' attribute
-		String authnReqID = pendingReq.getGenericData(
+		String authnReqID = pendingReq.getRawData(
 				MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID, String.class);
 		String inResponseTo = samlResp.getInResponseTo();
 		
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
index 658502d2c..50fb2cb4a 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
@@ -114,7 +114,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
 			EntityDescriptor entityDesc = metadataService.getEntityDescriptor(elgaMandateServiceEntityID);			
 			
 			//load MOASession from database
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			
 			
 			//setup AuthnRequestBuilder configuration
@@ -192,7 +192,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
 			
 			//set MandateReferenceValue as RequestID
 			authnReqConfig.setRequestID(moasession.getMandateReferenceValue());
-			pendingReq.setGenericDataToSession(
+			pendingReq.setRawDataToTransaction(
 					MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID,
 					authnReqConfig.getRequestID());
 			
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index 40701d91d..0350a113c 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -28,6 +28,7 @@ import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -159,7 +160,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 	}
 
 	@Override
-	protected void populateSpecialParameters(HttpServletRequest request) throws OAuth20Exception {
+	protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception {
 		this.setResponseType(this.getParam(request, OAuth20Constants.PARAM_RESPONSE_TYPE, true));
 		this.setState(this.getParam(request, OAuth20Constants.PARAM_STATE, true));
 		this.setRedirectUri(this.getParam(request, OAuth20Constants.PARAM_REDIRECT_URI, true));
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
index 2ce5234ac..118de861c 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -30,7 +30,6 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
-import org.springframework.beans.factory.annotation.Autowired;
 
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
@@ -49,9 +48,7 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 	private static final long serialVersionUID = 1L;
 	
 	protected Set<String> allowedParameters = new HashSet<String>();
-		
-	@Autowired(required=true) protected IConfiguration authConfig;
-	
+			
 	protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception {
 		String param = request.getParameter(name);
 		Logger.debug("Reading param " + name + " from HttpServletRequest with value " + param);
@@ -65,7 +62,7 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 		return param;
 	}
 	
-	protected void populateParameters(final HttpServletRequest request) throws OAuth20Exception {
+	protected void populateParameters(final HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception {
 		
 		// moa id - load oa with client id!
 		try {
@@ -91,7 +88,7 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 		}
 		
 		// oAuth
-		this.populateSpecialParameters(request);
+		this.populateSpecialParameters(request, authConfig);
 		
 		// cleanup parameters
 		this.checkAllowedParameters(request);
@@ -115,6 +112,6 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 		
 	}
 	
-	protected abstract void populateSpecialParameters(final HttpServletRequest request) throws OAuth20Exception;
+	protected abstract void populateSpecialParameters(final HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception;
 	
 }
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 30e89d15a..9f4174bf0 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -79,7 +79,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 		try {			
 			pendingReq.initialize(req, authConfig);
 			pendingReq.setModule(OAuth20Protocol.NAME);		
-			pendingReq.populateParameters(req);
+			pendingReq.populateParameters(req, authConfig);
 			
 		} catch (EAAFException e) {
 			Logger.info("OpenID-Connect request has a validation error: " + e.getMessage());
@@ -113,7 +113,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 		try {			
 			pendingReq.initialize(req, authConfig);
 			pendingReq.setModule(OAuth20Protocol.NAME);		
-			pendingReq.populateParameters(req);
+			pendingReq.populateParameters(req, authConfig);
 			
 		} catch (EAAFException e) {
 			Logger.info("OpenID-Connect request has a validation error: " + e.getMessage());
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index e14914512..89e4252b1 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -28,6 +28,7 @@ import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -124,7 +125,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
 	}
 	
 	@Override
-	protected void populateSpecialParameters(HttpServletRequest request) throws OAuth20Exception {
+	protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception {
 		this.setCode(this.getParam(request, OAuth20Constants.RESPONSE_CODE, true));
 		this.setGrantType(this.getParam(request, OAuth20Constants.PARAM_GRANT_TYPE, true));
 		this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true));
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
index fec78d88c..3408cf538 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
@@ -167,7 +167,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 							command, signedCommand);
 										
 					//store pending request
-					pendingReq.setGenericDataToSession(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, 
+					pendingReq.setRawDataToTransaction(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, 
 							qualeIDReqId);
 					requestStoreage.storePendingRequest(pendingReq);
 
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
index a3175713a..fc386b796 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -25,7 +25,6 @@ import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
 import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
 import at.gv.egiz.eaaf.core.impl.utils.StreamUtils;
 import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
@@ -93,7 +92,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				}
 			
 				//validate reqId with inResponseTo 
-				String sl20ReqId = pendingReq.getGenericData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class);
+				String sl20ReqId = pendingReq.getRawData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class);
 				String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true);
 				if (sl20ReqId == null || !sl20ReqId.equals(inRespTo)) {
 					Logger.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo);
@@ -153,16 +152,16 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 					}
 				
 					//cache qualified eID data into pending request
-					pendingReq.setGenericDataToSession(
+					pendingReq.setRawDataToTransaction(
 							Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, 
 							idlB64);
-					pendingReq.setGenericDataToSession(
+					pendingReq.setRawDataToTransaction(
 							Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, 
 							authBlockB64);
-					pendingReq.setGenericDataToSession(
+					pendingReq.setRawDataToTransaction(
 							Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, 
 							ccsURL);
-					pendingReq.setGenericDataToSession(
+					pendingReq.setRawDataToTransaction(
 							Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, 
 							LoA);
 								
@@ -176,7 +175,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				Logger.warn("SL2.0 processing error:", e);
 				if (sl20Result != null)
 					Logger.debug("Received SL2.0 result: " + sl20Result);
-				pendingReq.setGenericDataToSession(
+				pendingReq.setRawDataToTransaction(
 						Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, 
 						new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e));
 				
@@ -185,7 +184,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				Logger.warn("SL2.0 Authentication FAILED with a generic error.", e);
 				if (sl20Result != null)
 					Logger.debug("Received SL2.0 result: " + sl20Result);
-				pendingReq.setGenericDataToSession(
+				pendingReq.setRawDataToTransaction(
 						Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, 
 						new TaskExecutionException(pendingReq, e.getMessage(), e));
 				
@@ -246,7 +245,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				Map<String, String> reqParameters = new HashMap<String, String>();
 				reqParameters.put(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID, pendingReq.getPendingRequestId());
 				JsonObject callReqParams = SL20JSONBuilderUtils.createCallCommandParameters(
-						new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.ENDPOINT_FINALIZEPROTOCOL, null), 
+						new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null), 
 						SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, 
 						false, 
 						reqParameters);
@@ -260,7 +259,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 								
 				//build second redirect command for IDP
 				JsonObject redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters(
-						new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.ENDPOINT_FINALIZEPROTOCOL, null), 
+						new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null), 
 						redirectOneCommand, null, true);
 				JsonObject redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams);
 				
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
index 403423e46..6811d1016 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
@@ -40,7 +40,7 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
 		Logger.debug("Verify qualified eID data from SL20 response .... ");
 		try {
 			//check if there was an error 
-			TaskExecutionException sl20Error = pendingReq.getGenericData(
+			TaskExecutionException sl20Error = pendingReq.getRawData(
 					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR,
 					TaskExecutionException.class);			
 			if (sl20Error != null) {
@@ -50,19 +50,19 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
 			}
 			
 			//get data from pending request
-			String sl20ReqId = pendingReq.getGenericData(
+			String sl20ReqId = pendingReq.getRawData(
 					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, 
 					String.class);
-			String idlB64 =  pendingReq.getGenericData(
+			String idlB64 =  pendingReq.getRawData(
 					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL,
 					String.class);
-			String authBlockB64 = pendingReq.getGenericData(
+			String authBlockB64 = pendingReq.getRawData(
 					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, 
 					String.class);
-			String ccsURL = pendingReq.getGenericData(
+			String ccsURL = pendingReq.getRawData(
 					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, 
 					String.class);
-			String LoA = pendingReq.getGenericData(
+			String LoA = pendingReq.getRawData(
 					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, 
 					String.class);
 							
@@ -104,7 +104,7 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
 			
 			
 			//add into session
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());			
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);			
 			moasession.setIdentityLink(idl);
 			moasession.setBkuURL(ccsURL);
 			//TODO: from AuthBlock
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
index 95590b51a..921e3844b 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
@@ -91,8 +91,8 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask {
 			//store DH params and nonce to pending-request
 			SSOTransferContainer container = new SSOTransferContainer();
 			container.setDhParams(dhKeyIDP);
-			pendingReq.setGenericDataToSession(SSOTransferConstants.PENDINGREQ_DH, container);
-			pendingReq.setGenericDataToSession(SSOTransferConstants.PENDINGREQ_NONCE, nonce);
+			pendingReq.setRawDataToTransaction(SSOTransferConstants.PENDINGREQ_DH, container);
+			pendingReq.setRawDataToTransaction(SSOTransferConstants.PENDINGREQ_NONCE, nonce);
 						
 			//store pending-request
 			requestStoreage.storePendingRequest(pendingReq);
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
index c7e42c8ab..90b74ebd7 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
@@ -27,7 +27,6 @@ import java.io.IOException;
 import java.io.PrintWriter;
 import java.math.BigInteger;
 import java.security.MessageDigest;
-import java.util.Date;
 
 import javax.crypto.Cipher;
 import javax.crypto.spec.DHPublicKeySpec;
@@ -50,13 +49,11 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
@@ -102,8 +99,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 			
 		}
 		
-    	String nonce = pendingReq.getGenericData(SSOTransferConstants.PENDINGREQ_NONCE, String.class);
-    	SSOTransferContainer container = pendingReq.getGenericData(
+    	String nonce = pendingReq.getRawData(SSOTransferConstants.PENDINGREQ_NONCE, String.class);
+    	SSOTransferContainer container = pendingReq.getRawData(
     			SSOTransferConstants.PENDINGREQ_DH, SSOTransferContainer.class);
     	if (container == null) {
     		throw new TaskExecutionException(pendingReq, "NO DH-Params in pending-request", 
@@ -189,9 +186,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 				Logger.debug("MobileDevice is valid. --> Starting session reconstruction ...");
 		    					
 		    	//transfer SSO Assertion into MOA-Session
-				AuthenticationSession moaSession = new AuthenticationSession("1235", new Date());
+				AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 		    	ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moaSession, attributeExtractor);
-		    	pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession());
 		    	
 		    	// store MOASession into database
 		    	requestStoreage.storePendingRequest(pendingReq);
@@ -249,8 +245,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 				
 			} else {
 		    	//session is valid --> load MOASession object
-
-				IAuthenticationSession moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());			    
+				AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); 
+								
 				DateTime moaSessionCreated = new DateTime(moasession.getSessionCreated().getTime());
 				if (moaSessionCreated.plusMinutes(1).isBeforeNow()) {
 					Logger.warn("No SSO session-container received. Stop authentication process after time-out.");
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
index 20fd5ebc4..d0d97e9e8 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
@@ -73,7 +73,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			throws TaskExecutionException {
 		try{
 			// get IDP entityID
-			String idpEntityID = pendingReq.getGenericData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class);
+			String idpEntityID = pendingReq.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class);
 					
 			if (MiscUtil.isEmpty(idpEntityID)) {
 				Logger.info("Interfederation not possible -> not inderfederation IDP EntityID found!");
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
index f5af84405..6b6d1a196 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
@@ -47,6 +47,7 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
 import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
@@ -168,11 +169,11 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			//check if SP is also a federated IDP
 			if (spConfig.isInderfederationIDP()) {
 				//SP is a federated IDP  --> answer only with nameID and wait for attribute-Query
-				pendingReq.setGenericDataToSession(
+				pendingReq.setRawDataToTransaction(
 						MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true);				
-				pendingReq.setGenericDataToSession(
+				pendingReq.setRawDataToTransaction(
 						MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID());
-				pendingReq.setGenericDataToSession(
+				pendingReq.setRawDataToTransaction(
 						MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel());
 
 				authenticatedSessionStorage.
@@ -195,8 +196,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			}
 
 			//store valid assertion into pending-request
-			pendingReq.setGenericDataToSession(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg);
-			pendingReq.setGenericDataToSession(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID());
+			pendingReq.setRawDataToTransaction(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg);
+			pendingReq.setRawDataToTransaction(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID());
 			
 			//store pending-request
 			requestStoreage.storePendingRequest(pendingReq);
@@ -297,6 +298,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			
 			//copy attributes into MOASession
 			Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
+			AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
 			for (String el : includedAttrNames) {
 				String value = extractor.getSingleAttributeValue(el);
 				
@@ -310,13 +312,13 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 					}					
 				} 
 				
-				pendingReq.setGenericDataToSession(el, value);				
+				session.setGenericDataToSession(el, value);				
 				Logger.debug("Add PVP-attribute " + el + " into MOASession");
 				
 			}
 			
 			//set validTo from this federated IDP response
-			pendingReq.setGenericDataToSession(
+			session.setGenericDataToSession(
 					AuthenticationSessionStorageConstants.FEDERATION_RESPONSE_VALIDE_TO, 
 					extractor.getAssertionNotOnOrAfter());
 									
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 92bcce24b..21dbb573a 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -85,14 +85,14 @@ public class GetArtifactAction implements IAction {
 			
 			String samlArtifactBase64 = saml1server.BuildSAMLArtifact(oaParam, authData, sourceID);
 			
-			String oaTargetArea = req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class);
+			String oaTargetArea = req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class);
 			
 			if (authData.isSsoSession()) {
 				String url = req.getAuthURL() + RedirectServlet.SERVICE_ENDPOINT;
 				url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8"));
 				if (MiscUtil.isNotEmpty(oaTargetArea))
 					url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, 
-							URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
+							URLEncoder.encode(req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
 				url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
 				url = httpResp.encodeRedirectURL(url);
 				
@@ -104,7 +104,7 @@ public class GetArtifactAction implements IAction {
 				String redirectURL = oaURL;		
 				if (MiscUtil.isNotEmpty(oaTargetArea)) {
 					redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_TARGET,
-					URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
+					URLEncoder.encode(req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
 
 				}
 				
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 398119a7f..30d740a2a 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -193,7 +193,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
 			revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST);
 			
 			if (MiscUtil.isNotEmpty(target)) {
-				pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target);
+				pendingRequest.setRawDataToTransaction(REQ_DATA_TARGET, target);
 				pendingRequest.setTarget(MOAIDAuthConstants.PREFIX_CDID + target);
 			
 			} else {
@@ -201,7 +201,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
 				pendingRequest.setTarget(targetArea);
 				
 				if (targetArea.startsWith(MOAIDAuthConstants.PREFIX_CDID))
-					pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, 
+					pendingRequest.setRawDataToTransaction(REQ_DATA_TARGET, 
 							targetArea.substring(MOAIDAuthConstants.PREFIX_CDID.length()));
 				
 				
diff --git a/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0-tests.jar b/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0-tests.jar
index e892b3f35..9edec3e82 100644
Binary files a/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0-tests.jar and b/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0-tests.jar differ
diff --git a/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0.jar b/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0.jar
index f3f35cf39..0837eb813 100644
Binary files a/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0.jar and b/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0.jar differ
diff --git a/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_core/1.0.0/eaaf_module_pvp2_core-1.0.0.jar b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_core/1.0.0/eaaf_module_pvp2_core-1.0.0.jar
index 6473df192..612ec0b6c 100644
Binary files a/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_core/1.0.0/eaaf_module_pvp2_core-1.0.0.jar and b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_core/1.0.0/eaaf_module_pvp2_core-1.0.0.jar differ
diff --git a/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_idp/1.0.0/eaaf_module_pvp2_idp-1.0.0.jar b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_idp/1.0.0/eaaf_module_pvp2_idp-1.0.0.jar
index 6317fa4a4..e45f380a6 100644
Binary files a/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_idp/1.0.0/eaaf_module_pvp2_idp-1.0.0.jar and b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_idp/1.0.0/eaaf_module_pvp2_idp-1.0.0.jar differ
diff --git a/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_sp/1.0.0/eaaf_module_pvp2_sp-1.0.0.jar b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_sp/1.0.0/eaaf_module_pvp2_sp-1.0.0.jar
index ff42b691e..c3251bc5f 100644
Binary files a/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_sp/1.0.0/eaaf_module_pvp2_sp-1.0.0.jar and b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_sp/1.0.0/eaaf_module_pvp2_sp-1.0.0.jar differ
-- 
cgit v1.2.3