From 0fe2bed17c674587a60e63fac211a0354ab4ef03 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 10 Mar 2016 16:07:58 +0100
Subject: remove axis 1 implementation completely

---
 .../auth/builder/SignatureVerificationUtils.java   |  2 +-
 .../auth/invoke/SignatureVerificationInvoker.java  | 77 +++++++++++++++-------
 2 files changed, 53 insertions(+), 26 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
index e321c9d05..f2e4da818 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
@@ -81,7 +81,7 @@ public class SignatureVerificationUtils {
 			  Element domVerifyXMLSignatureRequest = build(signature, trustProfileID);
 
 			  //send signature-verification to MOA-SP 
-			  Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
+			  Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance()
 			  		.verifyXMLSignature(domVerifyXMLSignatureRequest);
 			
 			// parses the <VerifyXMLSignatureResponse>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
index 72a7d3ba1..5c96f6ad2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
@@ -46,22 +46,16 @@
 
 package at.gv.egovernment.moa.id.auth.invoke;
 
-import java.util.Vector;
-
 import javax.xml.namespace.QName;
-import javax.xml.rpc.Call;
-import javax.xml.rpc.Service;
-import javax.xml.rpc.ServiceFactory;
 
-import org.apache.axis.message.SOAPBodyElement;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
 import at.gv.egovernment.moa.id.auth.exception.ServiceException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
 import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
 import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser;
 import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder;
@@ -77,9 +71,43 @@ import at.gv.egovernment.moa.util.MiscUtil;
  * @version $Id$
  */
 public class SignatureVerificationInvoker {
-  /** This QName Object identifies the SignatureVerification endpoint of the web service */
+
+	private static SignatureVerificationInvoker instance = null;
+	private SignatureVerificationService svs = null;
+	
+	/** This QName Object identifies the SignatureVerification endpoint of the web service */
   private static final QName SERVICE_QNAME = new QName("SignatureVerification");
 
+  
+  public static SignatureVerificationInvoker getInstance() {
+	  if (instance == null) {
+		  instance = new SignatureVerificationInvoker();
+		  
+	  }
+	  
+	  return instance;
+  }
+  
+  private SignatureVerificationInvoker() {	  
+    try {
+    	AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance();
+		ConnectionParameter authConnParam = authConfigProvider.getMoaSpConnectionParameter();
+		
+		if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) {
+			
+			
+		} else {
+			svs = SignatureVerificationService.getInstance();
+			
+		}
+		
+	} catch (ConfigurationException e) {
+		// TODO Auto-generated catch block
+		e.printStackTrace();
+	}
+	  
+  }
+  
   /**
    * Method verifyXMLSignature.
    * @param request to be sent
@@ -99,29 +127,28 @@ public class SignatureVerificationInvoker {
    */
   protected Element doCall(QName serviceName, Element request) throws ServiceException {
     ConnectionParameter authConnParam = null;
-    try {
-      Service service = ServiceFactory.newInstance().createService(serviceName);
-      Call call = service.createCall();
-      SOAPBodyElement body = new SOAPBodyElement(request);
-      SOAPBodyElement[] params = new SOAPBodyElement[] { body };
-      Vector responses;
-      SOAPBodyElement response;
-
-      String endPoint;
+    try {      
       AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance();
       authConnParam = authConfigProvider.getMoaSpConnectionParameter();
       //If the ConnectionParameter do NOT exist, we try to get the api to work....
       if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) {
-        Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix());
-        endPoint = authConnParam.getUrl();
-        call.setTargetEndpointAddress(endPoint);
-        responses = (Vector) call.invoke(serviceName, params);
-        Logger.debug("Got responses: " + responses.size()); // TODO handle axis 302 response when incorrect service url is used
-        response = (SOAPBodyElement) responses.get(0);
-        return response.getAsDOM();
+    	  
+    	  throw new ServiceException("service.00", new Object[]{"MOA-SP connection via Web-Service is not allowed any more!!!!!!"});
+//        Service service = ServiceFactory.newInstance().createService(serviceName);
+//        Call call = service.createCall();
+//        SOAPBodyElement body = new SOAPBodyElement(request);
+//        SOAPBodyElement[] params = new SOAPBodyElement[] { body };
+//        Vector responses;
+//        SOAPBodyElement response;
+//    	  
+//        Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix());
+//        call.setTargetEndpointAddress(authConnParam.getUrl());
+//        responses = (Vector) call.invoke(serviceName, params);
+//        Logger.debug("Got responses: " + responses.size()); // TODO handle axis 302 response when incorrect service url is used
+//        response = (SOAPBodyElement) responses.get(0);
+//        return response.getAsDOM();
       }
       else {
-        SignatureVerificationService svs = SignatureVerificationService.getInstance();
         VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request);
 		
         VerifyXMLSignatureResponse vsresponse = svs.verifyXMLSignature(vsrequest);
-- 
cgit v1.2.3


From f67427831d1f8c49ce6c474691b880d90a42b584 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 14 Mar 2016 09:17:57 +0100
Subject: refactor the GUI generation for user interaction

---
 id/ConfigWebTool/pom.xml                           |   5 +
 .../auth/pvp2/MetaDataVerificationFilter.java      |   2 +-
 .../configuration/data/FormularCustomization.java  |  20 +-
 .../id/configuration/data/oa/OABPKEncryption.java  |   2 +-
 .../configuration/struts/action/BasicOAAction.java |  60 +-
 .../configuration/struts/action/EditOAAction.java  |  27 +-
 .../id/configuration/struts/action/VIDPAction.java |   2 +-
 .../oa/OAAuthenticationDataValidation.java         |   2 +-
 .../htmlTemplates/loginFormFull.html               | 874 +--------------------
 .../htmlTemplates/sendAssertionFormFull.html       | 581 +-------------
 .../conf/moa-id/htmlTemplates/css_template.css     | 625 +++++++++++++++
 .../conf/moa-id/htmlTemplates/error_message.html   |  37 +
 .../moa-id/htmlTemplates/javascript_tempalte.js    | 200 +++++
 .../conf/moa-id/htmlTemplates/loginFormFull.html   | 874 +--------------------
 .../conf/moa-id/htmlTemplates/redirectForm.html    |  13 +
 .../htmlTemplates/sendAssertionFormFull.html       | 581 +-------------
 .../conf/moa-id/htmlTemplates/slo_template.html    | 372 +--------
 id/server/idserverlib/pom.xml                      |   4 +
 .../moa/id/advancedlogging/MOAReversionLogger.java |   6 +-
 .../moa/id/advancedlogging/StatisticLogger.java    |  10 +-
 .../moa/id/advancedlogging/TransactionIDUtils.java |   2 +-
 .../moa/id/auth/AuthenticationSessionCleaner.java  |   4 +-
 .../moa/id/auth/BaseAuthenticationServer.java      |   3 +-
 .../moa/id/auth/MOAIDAuthConstants.java            | 194 -----
 .../moa/id/auth/MOAIDAuthInitializer.java          |   6 +-
 .../id/auth/builder/AuthenticationDataBuilder.java |  14 +-
 .../builder/CreateXMLSignatureRequestBuilder.java  |   6 +-
 .../moa/id/auth/builder/DataURLBuilder.java        |   2 +-
 .../builder/DynamicOAAuthParameterBuilder.java     |   6 +-
 .../moa/id/auth/builder/GUILayoutBuilder.java      | 157 ----
 .../moa/id/auth/builder/LoginFormBuilder.java      | 171 ----
 .../moa/id/auth/builder/RedirectFormBuilder.java   |  65 --
 .../id/auth/builder/SendAssertionFormBuilder.java  | 147 ----
 .../auth/builder/SignatureVerificationUtils.java   |   2 +-
 .../moa/id/auth/data/AuthenticationSession.java    |   2 +-
 .../id/auth/exception/AuthenticationException.java |   1 +
 .../moa/id/auth/exception/BKUException.java        |   2 +
 .../moa/id/auth/exception/BuildException.java      |   1 +
 .../exception/DatabaseEncryptionException.java     |   2 +
 .../id/auth/exception/DynamicOABuildException.java |   2 +
 .../id/auth/exception/ECDSAConverterException.java |   1 +
 .../exception/InvalidProtocolRequestException.java |   2 +
 .../auth/exception/MISSimpleClientException.java   |   1 +
 .../moa/id/auth/exception/MOAIDException.java      | 222 ------
 .../moa/id/auth/exception/MOASPException.java      |   2 +
 .../moa/id/auth/exception/ParseException.java      |   1 +
 .../auth/exception/ProtocolNotActiveException.java |   2 +
 .../moa/id/auth/exception/ServiceException.java    |   1 +
 .../exception/SessionDataStorageException.java     |  45 --
 .../moa/id/auth/exception/ValidateException.java   |   1 +
 .../auth/exception/WrongParametersException.java   |   1 +
 .../auth/invoke/SignatureVerificationInvoker.java  |  10 +-
 .../id/auth/modules/AbstractAuthServletTask.java   |   6 +-
 .../id/auth/modules/BKUSelectionModuleImpl.java    |   2 +-
 .../id/auth/modules/TaskExecutionException.java    |   2 +-
 .../internal/tasks/EvaluateBKUSelectionTask.java   |   2 +-
 .../tasks/EvaluateSSOConsentsTaskImpl.java         |   2 +-
 .../internal/tasks/FinalizeAuthenticationTask.java |   4 +-
 .../tasks/GenerateBKUSelectionFrameTask.java       |  43 +-
 .../GenerateSSOConsentEvaluatorFrameTask.java      |  37 +-
 .../tasks/RestartAuthProzessManagement.java        |   2 +-
 .../StartAuthentificationParameterParser.java      |  10 +-
 .../moa/id/auth/servlet/AbstractController.java    | 128 +--
 .../AbstractProcessEngineSignalController.java     |   6 +-
 .../id/auth/servlet/GUILayoutBuilderServlet.java   | 128 ---
 .../GeneralProcessEngineSignalController.java      |   6 +-
 .../id/auth/servlet/IDPSingleLogOutServlet.java    |  66 +-
 .../moa/id/auth/servlet/LogOutServlet.java         |   4 +-
 .../moa/id/auth/servlet/RedirectServlet.java       |  48 +-
 .../WebFrontEndSecurityInterceptor.java            |   6 +-
 .../gv/egovernment/moa/id/client/SZRGWClient.java  |  25 +-
 .../moa/id/client/SZRGWClientException.java        |   2 +-
 .../moa/id/client/utils/SZRGWClientUtils.java      |  12 +-
 .../moa/id/config/ConfigurationException.java      |  82 --
 .../moa/id/config/ConfigurationProvider.java       |  66 --
 .../moa/id/config/ConfigurationProviderImpl.java   |   2 +
 .../moa/id/config/ConnectionParameter.java         |   1 +
 .../id/config/ConnectionParameterInterface.java    |  35 -
 .../moa/id/config/auth/AuthConfiguration.java      | 165 ----
 .../auth/AuthConfigurationProviderFactory.java     |   3 +-
 .../moa/id/config/auth/IOAAuthParameters.java      | 224 ------
 .../moa/id/config/auth/OAAuthParameter.java        |  64 +-
 .../PropertyBasedAuthConfigurationProvider.java    |  15 +-
 .../config/auth/data/BPKDecryptionParameters.java  | 137 ----
 .../config/auth/data/DynamicOAAuthParameters.java  |  18 +-
 .../moa/id/config/auth/data/ProtocolAllowed.java   |  91 ---
 .../auth/data/SAML1ConfigurationParameters.java    | 276 -------
 .../gv/egovernment/moa/id/config/stork/CPEPS.java  | 138 ----
 .../moa/id/config/stork/STORKConfig.java           |  33 +-
 .../config/stork/SignatureCreationParameter.java   | 103 ---
 .../stork/SignatureVerificationParameter.java      |  53 --
 .../moa/id/config/stork/StorkAttribute.java        |  27 -
 .../config/stork/StorkAttributeProviderPlugin.java |  81 --
 .../moa/id/data/AuthenticationData.java            |   2 +-
 .../moa/id/moduls/AuthenticationManager.java       |  67 +-
 .../at/gv/egovernment/moa/id/moduls/IAction.java   |   3 +-
 .../gv/egovernment/moa/id/moduls/IModulInfo.java   |   2 +
 .../at/gv/egovernment/moa/id/moduls/IRequest.java  | 202 -----
 .../egovernment/moa/id/moduls/IRequestStorage.java |   3 +-
 .../id/moduls/NoPassivAuthenticationException.java |   2 +-
 .../gv/egovernment/moa/id/moduls/RequestImpl.java  |   9 +-
 .../egovernment/moa/id/moduls/RequestStorage.java  |   3 +-
 .../gv/egovernment/moa/id/moduls/SSOManager.java   |  82 +-
 .../egovernment/moa/id/process/ProcessEngine.java  |   2 +-
 .../moa/id/process/ProcessEngineImpl.java          |   4 +-
 .../at/gv/egovernment/moa/id/process/api/Task.java |   2 +-
 .../moa/id/process/springweb/MoaIdTask.java        |   2 +-
 .../AbstractAuthProtocolModulController.java       |   4 +-
 .../protocols/ProtocolFinalizationController.java  |   6 +-
 .../builder/attributes/BPKAttributeBuilder.java    |   2 +-
 .../attributes/BirthdateAttributeBuilder.java      |   2 +-
 .../protocols/builder/attributes/EIDAuthBlock.java |   2 +-
 .../id/protocols/builder/attributes/EIDCcsURL.java |   2 +-
 .../EIDCitizenQAALevelAttributeBuilder.java        |   2 +-
 .../builder/attributes/EIDIdentityLinkBuilder.java |   2 +-
 .../EIDIssuingNationAttributeBuilder.java          |   2 +-
 .../builder/attributes/EIDSTORKTOKEN.java          |   2 +-
 .../attributes/EIDSectorForIDAttributeBuilder.java |   2 +-
 .../builder/attributes/EIDSignerCertificate.java   |   2 +-
 .../protocols/builder/attributes/EIDSourcePIN.java |   2 +-
 .../builder/attributes/EIDSourcePINType.java       |   2 +-
 .../attributes/EncryptedBPKAttributeBuilder.java   |   2 +-
 .../attributes/GivenNameAttributeBuilder.java      |   2 +-
 .../protocols/builder/attributes/HolderOfKey.java  |   4 +-
 .../builder/attributes/IAttributeBuilder.java      |   2 +-
 .../MandateFullMandateAttributeBuilder.java        |   2 +-
 ...MandateLegalPersonFullNameAttributeBuilder.java |   2 +-
 ...andateLegalPersonSourcePinAttributeBuilder.java |   2 +-
 ...teLegalPersonSourcePinTypeAttributeBuilder.java |   2 +-
 .../MandateNaturalPersonBPKAttributeBuilder.java   |   2 +-
 ...dateNaturalPersonBirthDateAttributeBuilder.java |   2 +-
 ...ateNaturalPersonFamilyNameAttributeBuilder.java |   2 +-
 ...dateNaturalPersonGivenNameAttributeBuilder.java |   2 +-
 ...dateNaturalPersonSourcePinAttributeBuilder.java |   2 +-
 ...NaturalPersonSourcePinTypeAttributeBuilder.java |   2 +-
 .../MandateProfRepDescAttributeBuilder.java        |   2 +-
 .../MandateProfRepOIDAttributeBuilder.java         |   2 +-
 .../MandateReferenceValueAttributeBuilder.java     |   2 +-
 .../attributes/MandateTypeAttributeBuilder.java    |   2 +-
 .../attributes/PVPVersionAttributeBuilder.java     |   2 +-
 .../attributes/PrincipalNameAttributeBuilder.java  |   2 +-
 .../id/protocols/pvp2x/AttributQueryAction.java    |  14 +-
 .../id/protocols/pvp2x/AuthenticationAction.java   |   6 +-
 .../moa/id/protocols/pvp2x/MetadataAction.java     |   4 +-
 .../moa/id/protocols/pvp2x/PVP2XProtocol.java      |  16 +-
 .../moa/id/protocols/pvp2x/SingleLogOutAction.java |   6 +-
 .../id/protocols/pvp2x/binding/PostBinding.java    |   2 +-
 .../pvp2x/builder/AttributQueryBuilder.java        |   4 +-
 .../pvp2x/builder/AuthResponseBuilder.java         |   2 +-
 .../pvp2x/builder/PVPAttributeBuilder.java         |   2 +-
 .../pvp2x/builder/PVPAuthnRequestBuilder.java      |   2 +-
 .../pvp2x/builder/PVPMetadataBuilder.java          |   2 +-
 .../pvp2x/builder/SingleLogOutBuilder.java         |   6 +-
 .../builder/assertion/PVP2AssertionBuilder.java    |   6 +-
 .../pvp2x/config/IDPPVPMetadataConfiguration.java  |   2 +-
 .../protocols/pvp2x/config/PVPConfiguration.java   |   4 +-
 .../exceptions/AssertionValidationExeption.java    |   2 +-
 .../exceptions/AuthnRequestValidatorException.java |   2 +-
 .../protocols/pvp2x/exceptions/PVP2Exception.java  |   2 +-
 .../pvp2x/metadata/MOAMetadataProvider.java        |  12 +-
 .../pvp2x/metadata/SimpleMOAMetadataProvider.java  |   2 +-
 .../signer/CredentialsNotAvailableException.java   |   2 +-
 .../pvp2x/signer/IDPCredentialProvider.java        |   2 +-
 .../protocols/pvp2x/utils/MOASAMLSOAPClient.java   |   2 +-
 .../pvp2x/validation/ChainSAMLValidator.java       |   2 +-
 .../protocols/pvp2x/validation/ISAMLValidator.java |   2 +-
 .../pvp2x/validation/SAMLSignatureValidator.java   |   2 +-
 .../pvp2x/verification/ChainSAMLVerifier.java      |   2 +-
 .../pvp2x/verification/EntityVerifier.java         |   8 +-
 .../pvp2x/verification/ISAMLVerifier.java          |   2 +-
 .../verification/SAMLVerificationEngineSP.java     |   6 +-
 .../metadata/MOASPMetadataSignatureFilter.java     |   2 +-
 .../metadata/MetadataSignatureFilter.java          |   3 +-
 .../metadata/SchemaValidationFilter.java           |   2 +-
 .../storage/DBAuthenticationSessionStoreage.java   |   8 +-
 .../id/storage/IAuthenticationSessionStoreage.java |   2 +-
 .../moa/id/util/ErrorResponseUtils.java            |   2 +-
 .../gv/egovernment/moa/id/util/FormBuildUtils.java | 136 ----
 .../moa/id/util/IdentityLinkReSigner.java          |   4 +-
 .../moa/id/util/MOAIDMessageProvider.java          | 104 ---
 .../moa/id/util/ParamValidatorUtils.java           |   6 +-
 .../at/gv/egovernment/moa/id/util/SSLUtils.java    |   6 +-
 .../moa/id/util/VelocityLogAdapter.java            |  99 ---
 .../egovernment/moa/id/util/VelocityProvider.java  | 112 ---
 .../moa/id/util/legacy/LegacyHelper.java           |   2 +-
 .../resources/properties/id_messages_de.properties |   1 +
 .../resources/resources/templates/css_template.css | 623 ---------------
 .../resources/templates/error_message.html         |  37 -
 .../resources/templates/javascript_tempalte.js     | 196 -----
 .../resources/templates/loginFormFull.html         |  92 ---
 .../resources/templates/redirectForm.html          |  13 -
 .../resources/templates/sendAssertionFormFull.html |  68 --
 .../resources/templates/slo_template.html          |  94 ---
 .../resources/templates/sso_transfer_template.html |  59 --
 .../moa/id/module/test/TestRequestImpl.java        |   6 +-
 .../spring/test/task/CreateSAML1AssertionTask.java |   2 +-
 .../spring/test/task/GetIdentityLinkTask.java      |   2 +-
 .../id/process/spring/test/task/SelectBKUTask.java |   2 +-
 .../spring/test/task/SignAuthBlockTask.java        |   2 +-
 .../spring/test/task/ValidateIdentityLinkTask.java |   2 +-
 .../test/task/ValidateSignedAuthBlockTask.java     |   2 +-
 .../moa/id/process/test/HalloWeltTask.java         |   2 +-
 .../moa/id/process/test/HelloWorldTask.java        |   2 +-
 .../at/gv/egovernment/moa/id/UnitTestCase.java     |   3 +-
 id/server/moa-id-commons/pom.xml                   |  27 +
 .../moa/id/commons/MOAIDAuthConstants.java         | 193 +++++
 .../moa/id/commons/api/AuthConfiguration.java      | 162 ++++
 .../moa/id/commons/api/ConfigurationProvider.java  |  66 ++
 .../commons/api/ConnectionParameterInterface.java  |  35 +
 .../moa/id/commons/api/IOAAuthParameters.java      | 222 ++++++
 .../egovernment/moa/id/commons/api/IRequest.java   | 201 +++++
 .../moa/id/commons/api/IStorkConfig.java           |  51 ++
 .../commons/api/data/BPKDecryptionParameters.java  | 135 ++++
 .../egovernment/moa/id/commons/api/data/CPEPS.java | 138 ++++
 .../moa/id/commons/api/data/ProtocolAllowed.java   |  91 +++
 .../api/data/SAML1ConfigurationParameters.java     | 276 +++++++
 .../api/data/SignatureCreationParameter.java       | 103 +++
 .../api/data/SignatureVerificationParameter.java   |  53 ++
 .../moa/id/commons/api/data/StorkAttribute.java    |  27 +
 .../api/data/StorkAttributeProviderPlugin.java     |  81 ++
 .../api/exceptions/ConfigurationException.java     |  78 ++
 .../id/commons/api/exceptions/MOAIDException.java  | 222 ++++++
 .../exceptions/SessionDataStorageException.java    |  45 ++
 .../moa/id/commons/utils/MOAIDMessageProvider.java | 104 +++
 id/server/moa-id-frontend-resources/pom.xml        |  23 +-
 .../AbstractGUIFormBuilderConfiguration.java       | 106 +++
 .../DefaultGUIFormBuilderConfiguration.java        | 120 +++
 .../auth/frontend/builder/GUIFormBuilderImpl.java  | 221 ++++++
 .../frontend/builder/IGUIBuilderConfiguration.java |  74 ++
 .../id/auth/frontend/builder/IGUIFormBuilder.java  |  67 ++
 ...roviderSpecificGUIFormBuilderConfiguration.java | 186 +++++
 .../auth/frontend/exception/GUIBuildException.java |  46 ++
 .../moa/id/auth/frontend/utils/FormBuildUtils.java | 178 +++++
 .../auth/frontend/velocity/VelocityLogAdapter.java |  99 +++
 .../auth/frontend/velocity/VelocityProvider.java   | 113 +++
 .../src/main/resources/templates/css_template.css  | 625 +++++++++++++++
 .../main/resources/templates/error_message.html    |  37 +
 .../resources/templates/javascript_tempalte.js     | 200 +++++
 .../main/resources/templates/loginFormFull.html    |  92 +++
 .../src/main/resources/templates/redirectForm.html |  13 +
 .../resources/templates/sendAssertionFormFull.html |  52 ++
 .../src/main/resources/templates/slo_template.html |  94 +++
 .../resources/templates/sso_transfer_template.html |  59 ++
 .../moa/id/auth/MOAIDAuthSpringInitializer.java    |   2 +-
 .../moa/id/auth/AuthenticationServer.java          |  11 +-
 .../AuthenticationBlockAssertionBuilder.java       |   4 +-
 .../auth/builder/GetIdentityLinkFormBuilder.java   |  45 +-
 .../internal/DefaultCitizenCardAuthModuleImpl.java |   2 +-
 .../internal/tasks/CertificateReadRequestTask.java |   6 +-
 .../internal/tasks/CreateIdentityLinkFormTask.java |   8 +-
 .../modules/internal/tasks/GetForeignIDTask.java   |  12 +-
 .../internal/tasks/GetMISSessionIDTask.java        |  10 +-
 .../tasks/InitializeBKUAuthenticationTask.java     |   6 +-
 .../tasks/PrepareAuthBlockSignatureTask.java       |   4 +-
 .../internal/tasks/PrepareGetMISMandateTask.java   |  10 +-
 .../tasks/VerifyAuthenticationBlockTask.java       |  10 +-
 .../internal/tasks/VerifyCertificateTask.java      |  12 +-
 .../internal/tasks/VerifyIdentityLinkTask.java     |   8 +-
 .../CreateXMLSignatureResponseValidator.java       |   8 +-
 .../VerifyXMLSignatureResponseValidator.java       |   8 +-
 .../moa/id/auth/validator/parep/ParepUtils.java    |   2 +-
 .../moa/id/util/CitizenCardServletUtils.java       |   6 +-
 .../MOAIDCertificateManagerConfigurationImpl.java  |   8 +-
 .../MOAeIDASSAMLEngineConfigurationImpl.java       |   2 +-
 .../modules/eidas/config/ModifiedEncryptionSW.java |   4 +-
 .../engine/MOAeIDASChainingMetadataProvider.java   |   2 +-
 .../EIDASEngineConfigurationException.java         |   2 +-
 .../eidas/tasks/CreateIdentityLinkTask.java        |   2 +-
 .../eidas/tasks/GenerateAuthnRequestTask.java      |  12 +-
 .../eidas/tasks/ReceiveAuthnResponseTask.java      |   2 +-
 .../moa/id/protocols/eidas/EIDASProtocol.java      |   9 +-
 .../id/protocols/eidas/EidasMetaDataRequest.java   |   4 +-
 .../eidas/eIDASAuthenticationRequest.java          |   6 +-
 .../config/ELGAMandatesMetadataConfiguration.java  |   2 +-
 .../controller/ELGAMandateMetadataController.java  |   2 +-
 .../exceptions/ELGAMetadataException.java          |   2 +-
 .../tasks/ELGAInitializeBKUAuthenticationTask.java |   4 +-
 .../elgamandates/tasks/RequestELGAMandateTask.java |   4 +-
 .../utils/ELGAMandateServiceMetadataProvider.java  |   2 +-
 .../utils/ELGAMandatesCredentialProvider.java      |   2 +-
 .../id/protocols/oauth20/OAuth20Configuration.java |   2 +-
 .../attributes/OAuth20AttributeBuilder.java        |   2 +-
 .../attributes/OpenIdAudiencesAttribute.java       |   2 +-
 .../OpenIdAuthenticationTimeAttribute.java         |   2 +-
 .../attributes/OpenIdExpirationTimeAttribute.java  |   2 +-
 .../attributes/OpenIdIssueInstantAttribute.java    |   2 +-
 .../oauth20/attributes/OpenIdIssuerAttribute.java  |   2 +-
 .../oauth20/attributes/OpenIdNonceAttribute.java   |   2 +-
 .../OpenIdSubjectIdentifierAttribute.java          |   2 +-
 .../attributes/ProfileDateOfBirthAttribute.java    |   2 +-
 .../attributes/ProfileFamilyNameAttribute.java     |   2 +-
 .../attributes/ProfileGivenNameAttribute.java      |   2 +-
 .../oauth20/exceptions/OAuth20Exception.java       |   2 +-
 .../oauth20/protocol/OAuth20AuthAction.java        |   6 +-
 .../oauth20/protocol/OAuth20AuthRequest.java       |   6 +-
 .../oauth20/protocol/OAuth20BaseRequest.java       |   6 +-
 .../oauth20/protocol/OAuth20Protocol.java          |   4 +-
 .../oauth20/protocol/OAuth20TokenAction.java       |   4 +-
 .../oauth20/protocol/OAuth20TokenRequest.java      |   6 +-
 .../modules/moa-id-module-ssoTransfer/pom.xml      |   5 +
 .../data/SSOTransferAuthenticationData.java        |   6 +-
 .../data/SSOTransferOnlineApplication.java         |  19 +-
 .../ssotransfer/servlet/SSOTransferServlet.java    |  61 +-
 .../servlet/SSOTransferSignalServlet.java          |   4 +-
 .../task/InitializeRestoreSSOSessionTask.java      |  13 +-
 .../ssotransfer/task/RestoreSSOSessionTask.java    |   8 +-
 .../auth/modules/ssotransfer/utils/GUIUtils.java   | 136 +---
 .../ssotransfer/utils/SSOContainerUtils.java       |  10 +-
 .../FederatedAuthenticationModuleImpl.java         |   2 +-
 .../config/FederatedAuthMetadataConfiguration.java |   2 +-
 .../FederatedAuthMetadataController.java           |   2 +-
 .../tasks/CreateAuthnRequestTask.java              |  11 +-
 .../tasks/ReceiveAuthnResponseTask.java            |  15 +-
 .../utils/FederatedAuthCredentialProvider.java     |   2 +-
 id/server/modules/moa-id-modules-saml1/pom.xml     |   7 +
 .../moa/id/protocols/saml1/GetArtifactAction.java  |   6 +-
 .../saml1/GetAuthenticationDataService.java        |   6 +-
 .../protocols/saml1/SAML1AuthenticationServer.java |  10 +-
 .../moa/id/protocols/saml1/SAML1Protocol.java      |  11 +-
 .../moa/id/protocols/saml1/SAML1RequestImpl.java   |   2 +-
 .../moa/id/auth/servlet/MonitoringServlet.java     |   4 +-
 .../moa/id/monitoring/DatabaseTestModule.java      |   2 +-
 .../moa/id/monitoring/IdentityLinkTestModule.java  |   5 +-
 .../egovernment/moa/id/monitoring/TestManager.java |   4 +-
 id/server/pom.xml                                  |   6 +-
 325 files changed, 6555 insertions(+), 8637 deletions(-)
 create mode 100644 id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css
 create mode 100644 id/server/data/deploy/conf/moa-id/htmlTemplates/error_message.html
 create mode 100644 id/server/data/deploy/conf/moa-id/htmlTemplates/javascript_tempalte.js
 create mode 100644 id/server/data/deploy/conf/moa-id/htmlTemplates/redirectForm.html
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GUILayoutBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIDException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/SessionDataStorageException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterInterface.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/BPKDecryptionParameters.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/ProtocolAllowed.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/SAML1ConfigurationParameters.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttribute.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttributeProviderPlugin.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityProvider.java
 delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/css_template.css
 delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/error_message.html
 delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/javascript_tempalte.js
 delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
 delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/redirectForm.html
 delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
 delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
 delete mode 100644 id/server/idserverlib/src/main/resources/resources/templates/sso_transfer_template.html
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConnectionParameterInterface.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IStorkConfig.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/CPEPS.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/ProtocolAllowed.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/SAML1ConfigurationParameters.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/SignatureCreationParameter.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/SignatureVerificationParameter.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/StorkAttribute.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/StorkAttributeProviderPlugin.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/ConfigurationException.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/SessionDataStorageException.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java
 create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java
 create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
 create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
 create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIBuilderConfiguration.java
 create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java
 create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java
 create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/exception/GUIBuildException.java
 create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
 create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java
 create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java
 create mode 100644 id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css
 create mode 100644 id/server/moa-id-frontend-resources/src/main/resources/templates/error_message.html
 create mode 100644 id/server/moa-id-frontend-resources/src/main/resources/templates/javascript_tempalte.js
 create mode 100644 id/server/moa-id-frontend-resources/src/main/resources/templates/loginFormFull.html
 create mode 100644 id/server/moa-id-frontend-resources/src/main/resources/templates/redirectForm.html
 create mode 100644 id/server/moa-id-frontend-resources/src/main/resources/templates/sendAssertionFormFull.html
 create mode 100644 id/server/moa-id-frontend-resources/src/main/resources/templates/slo_template.html
 create mode 100644 id/server/moa-id-frontend-resources/src/main/resources/templates/sso_transfer_template.html

(limited to 'id/server/idserverlib/src')

diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml
index 71893fca2..aed716139 100644
--- a/id/ConfigWebTool/pom.xml
+++ b/id/ConfigWebTool/pom.xml
@@ -76,6 +76,11 @@
   					<version>1.0</version>
         </dependency>
         
+        <dependency>
+		    	<groupId>MOA.id.server</groupId>
+  				<artifactId>moa-id-frontend-resources</artifactId>
+    		</dependency>
+        
          <dependency>
             <groupId>MOA.id.server</groupId>
             <artifactId>moa-id-lib</artifactId>
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
index 12016a2bf..e3de84b0b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
@@ -30,7 +30,7 @@ import org.opensaml.saml2.metadata.provider.MetadataFilter;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.security.x509.BasicX509Credential;
 
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
 
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java
index ecf0d19d7..80800543b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java
@@ -36,6 +36,7 @@ import javax.servlet.http.HttpSession;
 
 import org.apache.log4j.Logger;
 
+import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.BKUSelectionCustomizationType;
@@ -50,7 +51,6 @@ import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
 import at.gv.egovernment.moa.id.configuration.validation.FormularCustomizationValitator;
 import at.gv.egovernment.moa.id.configuration.validation.oa.OAFileUploadValidation;
-import at.gv.egovernment.moa.id.util.FormBuildUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class FormularCustomization implements IOnlineApplicationData {
@@ -177,47 +177,47 @@ public class FormularCustomization implements IOnlineApplicationData {
 					
 					if (MiscUtil.isNotEmpty(formcustom.getBackGroundColor())) {
 						backGroundColor = formcustom.getBackGroundColor();
-						map.put(FormBuildUtils.MAIN_BACKGROUNDCOLOR, formcustom.getBackGroundColor());
+						map.put(FormBuildUtils.PARAM_MAIN_BACKGROUNDCOLOR, formcustom.getBackGroundColor());
 					}
 					
 					if (MiscUtil.isNotEmpty(formcustom.getButtonBackGroundColor())) {
 						button_BackGroundColor = formcustom.getButtonBackGroundColor();
-						map.put(FormBuildUtils.BUTTON_BACKGROUNDCOLOR, formcustom.getButtonBackGroundColor());
+						map.put(FormBuildUtils.PARAM_BUTTON_BACKGROUNDCOLOR, formcustom.getButtonBackGroundColor());
 					}
 						
 					if (MiscUtil.isNotEmpty(formcustom.getButtonBackGroundColorFocus())) {
 						button_BackGroundColorFocus = formcustom.getButtonBackGroundColorFocus();
-						map.put(FormBuildUtils.BUTTON_BACKGROUNDCOLOR_FOCUS, formcustom.getButtonBackGroundColorFocus());
+						map.put(FormBuildUtils.PARAM_BUTTON_BACKGROUNDCOLOR_FOCUS, formcustom.getButtonBackGroundColorFocus());
 					}
 					
 					if (MiscUtil.isNotEmpty(formcustom.getButtonFontColor())) {
 						button_FrontColor = formcustom.getButtonFontColor();
-						map.put(FormBuildUtils.BUTTON_COLOR, formcustom.getButtonFontColor());
+						map.put(FormBuildUtils.PARAM_BUTTON_COLOR, formcustom.getButtonFontColor());
 					}
 					
 					if (MiscUtil.isNotEmpty(formcustom.getFontType())) {
 						fontType = formcustom.getFontType();
-						map.put(FormBuildUtils.FONTFAMILY, formcustom.getFontType());
+						map.put(FormBuildUtils.PARAM_FONTFAMILY, formcustom.getFontType());
 					}
 					
 					if (MiscUtil.isNotEmpty(formcustom.getFrontColor())) {
 						frontColor = formcustom.getFrontColor();
-						map.put(FormBuildUtils.MAIN_COLOR, formcustom.getFrontColor());
+						map.put(FormBuildUtils.PARAM_MAIN_COLOR, formcustom.getFrontColor());
 					}
 					
 					if (MiscUtil.isNotEmpty(formcustom.getHeaderBackGroundColor())) {
 						header_BackGroundColor = formcustom.getHeaderBackGroundColor();
-						map.put(FormBuildUtils.HEADER_BACKGROUNDCOLOR, formcustom.getHeaderBackGroundColor());
+						map.put(FormBuildUtils.PARAM_HEADER_BACKGROUNDCOLOR, formcustom.getHeaderBackGroundColor());
 					}
 					
 					if (MiscUtil.isNotEmpty(formcustom.getHeaderFrontColor())) {
 						header_FrontColor = formcustom.getHeaderFrontColor();
-						map.put(FormBuildUtils.HEADER_COLOR, formcustom.getHeaderFrontColor());
+						map.put(FormBuildUtils.PARAM_HEADER_COLOR, formcustom.getHeaderFrontColor());
 					}
 					
 					if (MiscUtil.isNotEmpty(formcustom.getHeaderText())) {
 						header_text = formcustom.getHeaderText();	
-						map.put(FormBuildUtils.HEADER_TEXT, formcustom.getHeaderText());
+						map.put(FormBuildUtils.PARAM_HEADER_TEXT, formcustom.getHeaderText());
 					}
 				}
 			}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java
index 58b0b9d17..b2cd18c26 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java
@@ -36,12 +36,12 @@ import org.apache.commons.lang.SerializationUtils;
 import org.apache.log4j.Logger;
 
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.commons.api.data.BPKDecryptionParameters;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.BPKDecryption;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.EncBPKInformation;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
 import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
-import at.gv.egovernment.moa.id.config.auth.data.BPKDecryptionParameters;
 import at.gv.egovernment.moa.id.configuration.Constants;
 import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
index 9ddb41d83..71639abef 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
@@ -22,22 +22,29 @@
  */
 package at.gv.egovernment.moa.id.configuration.struts.action;
 
-import iaik.utils.URLDecoder;
-
+import java.io.BufferedReader;
 import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.StringWriter;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Iterator;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Map.Entry;
 
 import org.apache.log4j.Logger;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
 
 import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException;
-import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
+import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
+import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
@@ -57,9 +64,9 @@ import at.gv.egovernment.moa.id.configuration.exception.BasicActionException;
 import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
 import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
-import at.gv.egovernment.moa.id.util.FormBuildUtils;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.utils.URLDecoder;
 
 /**
  * @author tlenz
@@ -582,15 +589,16 @@ public class BasicOAAction extends BasicAction {
                     log.info("NO MOA-ID instance URL configurated.");
                     input.close();
                     throw new ConfigurationException("No MOA-ID instance configurated");
+                    
                 }
-
-                preview = LoginFormBuilder.getTemplate(input);
-                preview = preview.replace(LoginFormBuilder.CONTEXTPATH, contextpath);
-
-                Map<String, String> map = (Map<String, String>) mapobj;
-
+                
+                //set parameters
+                Map<String, Object> params =  (Map<String, Object>) mapobj;
+                params.put(
+                		ServiceProviderSpecificGUIFormBuilderConfiguration.PARAM_AUTHCONTEXT, 
+                		contextpath);
+                
                 request.setCharacterEncoding("UTF-8");
-
                 String module = request.getParameter(Constants.REQUEST_FORMCUSTOM_MODULE);
                 String value = request.getParameter(Constants.REQUEST_FORMCUSTOM_VALUE);
 
@@ -599,24 +607,36 @@ public class BasicOAAction extends BasicAction {
                     value = query[1].substring("value=".length());
                 }
 
-                synchronized (map) {
-
+                synchronized (params) {
                     if (MiscUtil.isNotEmpty(module)) {
-                        if (map.containsKey("#" + module + "#")) {
+                        if (params.containsKey(module)) {
                             if (MiscUtil.isNotEmpty(value)) {
-                                if (FormBuildUtils.FONTFAMILY.contains(module) || FormBuildUtils.HEADER_TEXT.contains(module)
+                                if (FormBuildUtils.PARAM_FONTFAMILY.contains(module) || FormBuildUtils.PARAM_HEADER_TEXT.contains(module)
                                         || value.startsWith("#"))
-                                    map.put("#" + module + "#", value);
+                                	params.put(module, value);
                                 else
-                                    map.put("#" + module + "#", "#" + value);
+                                	params.put(module, "#" + value);
 
                             } else {
-                                map.put("#" + module + "#", FormBuildUtils.getDefaultMap().get("#" + module + "#"));
+                            	params.put(module, FormBuildUtils.getDefaultMap().get(module));
                             }
                         }
                     }
-                    preview = FormBuildUtils.customiceLayoutBKUSelection(preview, true, false, map, true);
                 }
+                
+                //write preview
+                VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
+                VelocityContext context = new VelocityContext();                                                                
+       			Iterator<Entry<String, Object>> interator = params.entrySet().iterator();
+       			while (interator.hasNext()) {
+       				Entry<String, Object> el = interator.next();
+       				context.put(el.getKey(), el.getValue());
+       				
+       			}       			
+       			StringWriter writer = new StringWriter();
+    			engine.evaluate(context, writer, "BKUSelection_preview", 
+    					new BufferedReader(new InputStreamReader(input)));                                
+                stream = new ByteArrayInputStream(writer.toString().getBytes("UTF-8"));
 
             } else {
                 preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request);
@@ -629,7 +649,7 @@ public class BasicOAAction extends BasicAction {
 
         }
 
-        stream = new ByteArrayInputStream(preview.getBytes());
+        
 
         return Constants.STRUTS_SUCCESS;
     }    
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
index 1079932b9..a8dd48ca0 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
@@ -22,6 +22,14 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.configuration.struts.action;
 
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.log4j.Logger;
+
+import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.StorkAttribute;
@@ -29,17 +37,22 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
 import at.gv.egovernment.moa.id.configuration.Constants;
 import at.gv.egovernment.moa.id.configuration.data.FormularCustomization;
-import at.gv.egovernment.moa.id.configuration.data.oa.*;
+import at.gv.egovernment.moa.id.configuration.data.oa.AttributeHelper;
+import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData;
+import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData;
+import at.gv.egovernment.moa.id.configuration.data.oa.OABPKEncryption;
+import at.gv.egovernment.moa.id.configuration.data.oa.OAOAuth20Config;
+import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;
+import at.gv.egovernment.moa.id.configuration.data.oa.OARevisionsLogData;
+import at.gv.egovernment.moa.id.configuration.data.oa.OASAML1Config;
+import at.gv.egovernment.moa.id.configuration.data.oa.OASSOConfig;
+import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig;
+import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration;
 import at.gv.egovernment.moa.id.configuration.exception.BasicActionException;
 import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
 import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
-import at.gv.egovernment.moa.id.util.FormBuildUtils;
 import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.util.MiscUtil;
-import org.apache.log4j.Logger;
-
-import java.util.*;
 
 public class EditOAAction extends BasicOAAction {
 
@@ -74,7 +87,7 @@ public class EditOAAction extends BasicOAAction {
 
 		OASTORKConfig storkOA = new OASTORKConfig();
 		formList.put(storkOA.getName(), storkOA);
-
+ 
 		Map<String, String> map = new HashMap<String, String>();
 		map.putAll(FormBuildUtils.getDefaultMap());
 		FormularCustomization formOA = new FormularCustomization(map);
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java
index 8588dd286..c00eb46a5 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java
@@ -26,12 +26,12 @@ import java.util.HashMap;
 import java.util.LinkedHashMap;
 import java.util.Map;
 
+import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
 import at.gv.egovernment.moa.id.configuration.data.FormularCustomization;
 import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData;
 import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData;
 import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig;
 import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration;
-import at.gv.egovernment.moa.id.util.FormBuildUtils;
 
 /**
  * @author tlenz
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
index fd4226c5b..47c8f23b4 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
@@ -30,7 +30,7 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.apache.log4j.Logger;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
 import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
diff --git a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html
index 2b0115d4a..02b86472b 100644
--- a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html
+++ b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html
@@ -4,847 +4,29 @@
 <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
 
    <!-- MOA-ID 2.x BKUSelection Layout CSS -->               
-    <style type="text/css">
-			@media screen and (min-width: 650px) {
-			
-				body {
-					margin:0;
-					padding:0;
-					color : #000;
-					background-color : #fff;
-			  	text-align: center;
-			  	background-color: #6B7B8B;
-				}
-                
-                .browserInfoButton{
-         color: rgb(128, 128, 128); 
-        }
-				
-        #localBKU p {
-          font-size: 0.7em;
-        } 
-        
-        #localBKU input{
-          font-size: 0.85em;
-          /*border-radius: 5px;*/
-        }
-        
-         #bkuselectionarea input[type=button] {
-          font-size: 0.85em;
-          /*border-radius: 7px;*/
-          margin-bottom: 25px;
-          min-width: 80px;
-         }
-        
-        #mandateLogin {
-          font-size: 0.85em;
-        }
-        
-        #bku_header h2 {
-          font-size: 0.8em;
-        } 
-        
-        
-			  #page {
-			    display: block;
-			    border: 2px solid rgb(0,0,0);
-			    width: 650px;
-			    height: 460px;
-			    margin: 0 auto;
-			    margin-top: 5%;
-			    position: relative;
-			    border-radius: 25px;
-			    background: rgb(255,255,255);
-			  }
-			  
-			  #page1 {
-			    text-align: center;
-			  }
-			  
-			  #main {
-			    /*	clear:both; */
-				  position:relative;
-			    margin: 0 auto;
-			    width: 250px;
-			    text-align: center;
-			  }
-			  
-			  .OA_header {
-			/*	  background-color: white;*/
-			    font-size: 20pt;
-			    margin-bottom: 25px;
-			    margin-top: 25px;
-			  }
-			
-			  #leftcontent {
-			    /*float:left; */
-				  width:250px;
-				  margin-bottom: 25px;
-			    text-align: left;
-			    border: 1px solid rgb(0,0,0);
-			  }
-			  			  
-			  #selectArea {
-				 font-size: 15px;
-				 padding-bottom: 65px;
-			  }
-			
-			  #leftcontent {
-				 width: 300px;
-				 margin-top: 30px;
-			  }
-			
-        #bku_header {
-          height: 5%;
-          padding-bottom: 3px;
-          padding-top: 3px;
-        }
-      
-        #bkulogin {
-				  overflow:hidden;	
-          min-width: 190px;
-          min-height: 180px;
-          /*height: 260px;*/	
-			  }
-      
-        h2#tabheader{
-				  font-size: 1.1em; 
-          padding-left: 2%;
-          padding-right: 2%;
-          position: relative;
-			  }
-      	
-        #stork h2 {
-          font-size: 1.0em;
-          margin-bottom: 2%;
-        }
-        		  
-			  .setAssertionButton_full {
-			  	background: #efefef;
-				  cursor: pointer;
-				  margin-top: 15px;
-			    width: 100px;
-			    height: 30px
-			  }
-			
-			  #leftbutton  {
-				 width: 30%; 
-				 float:left; 
-				 margin-left: 40px;
-			  }
-			
-			  #rightbutton {
-				 width: 30%; 
-				 float:right; 
-				 margin-right: 45px; 
-				 text-align: right;
-			  }
-        
-        button {
-          height: 25px;
-          width: 75px;
-          margin-bottom: 10px;
-        }
-        
-        
-        
-       #validation {
-        position: absolute;
-        bottom: 0px;
-        margin-left: 270px;
-        padding-bottom: 10px;
-      }
-			
-			}
-
-      @media screen and (max-width: 205px) {
-        #localBKU p {
-          font-size: 0.6em;
-        }
-       .browserInfoButton{
-         color: rgb(128, 128, 128); 
-        }
-        
-        #localBKU input {
-          font-size: 0.6em;
-          min-width: 60px;
-         /* max-width: 65px; */
-          min-height: 1.0em;
-         /* border-radius: 5px; */
-        }
-        
-        #bkuselectionarea input[type=button] {
-          font-size: 0.7em;
-          min-width: 55px;
-          /*min-height: 1.1em;
-          border-radius: 5px;*/
-          margin-bottom: 2%
-        }
-        
-        #mandateLogin {
-          font-size: 0.65em;
-        }
-        
-        #bku_header h2 {
-          font-size: 0.8em;
-          margin-top: -0.4em;
-          padding-top: 0.4em;
-        }
-        
-        #bkulogin {
-        min-height: 150px;
-        } 
-      }
-
-      @media screen and (max-width: 249px) and (min-width: 206px) {
-        #localBKU p {
-          font-size: 0.7em;
-        } 
-        .browserInfoButton{
-         color: rgb(128, 128, 128); 
-        }
-        
-        #localBKU input {
-          font-size: 0.7em;
-          min-width: 70px;
-       /*    max-width: 75px;    */
-          min-height: 0.95em;
-        /*  border-radius: 6px;    */
-        }
-        
-        #bkuselectionarea input[type=button] {
-          font-size: 0.75em;
-          min-width: 60px;
-      /*    min-height: 0.95em;
-          border-radius: 6px;    */
-          margin-bottom: 5%
-        }
-        
-        #mandateLogin {
-          font-size: 0.75em;
-        }
-        
-        #bku_header h2 {
-          font-size: 0.9em;
-          margin-top: -0.45em;
-          padding-top: 0.45em;
-        }
-        
-        #bkulogin {
-          min-height: 180px;
-        }  
-      }
-
-      @media screen and (max-width: 299px) and (min-width: 250px) {
-        #localBKU p {
-          font-size: 0.9em;
-        } 
-        .browserInfoButton{
-         color: rgb(128, 128, 128); 
-        }
-        
-        #localBKU input {
-          font-size: 0.8em;
-          min-width: 70px;
-       /*    max-width: 75px;      */
-      /*    border-radius: 6px;  */
-        }
-        
-        #bkuselectionarea input[type=button] {
-          font-size: 0.85em;
-     /*     min-height: 1.05em;
-          border-radius: 7px;        */
-          margin-bottom: 10%;
-        }
-        
-        #mandateLogin {
-          font-size: 1em;
-        }
-        
-        #bku_header h2 {
-          font-size: 1.0em;
-          margin-top: -0.50em;
-          padding-top: 0.50em;
-        } 
-      }
-
-      @media screen and (max-width: 399px) and (min-width: 300px) {
-        #localBKU p {
-          font-size: 0.9em;
-        } 
-        .browserInfoButton{
-         color: rgb(128, 128, 128); 
-        }
-        #localBKU input {
-          font-size: 0.8em;
-          min-width: 70px;
-      /*     max-width: 75px;     */
-      /*    border-radius: 6px;       */
-        }
-        
-        #bkuselectionarea input[type=button] {
-          font-size: 0.9em;
-   /*       min-height: 1.2em;
-          border-radius: 8px;          */
-          margin-bottom: 10%;
-          max-width: 80px;
-        }
-        
-        #mandateLogin {
-          font-size: 1em;
-        }
-        
-        #bku_header h2 {
-          font-size: 1.1em;
-          margin-top: -0.55em;
-          padding-top: 0.55em;
-        } 
-      }
-      
-      @media screen and (max-width: 649px) and (min-width: 400px) {
-        #localBKU p {
-          font-size: 0.9em;
-        } 
-       .browserInfoButton{
-         color: rgb(128, 128, 128); 
-        } 
-        #localBKU input {
-          font-size: 0.8em;
-          min-width: 70px;
-      /*     max-width: 80px;       */
-     /*     border-radius: 6px;          */
-        }
-        
-        #bkuselectionarea input[type=button] {
-          font-size: 1.0em;
-     /*      min-height: 1.3em;
-         border-radius: 10px;         */
-          margin-bottom: 10%;
-          max-width: 85px;
-        }
-        
-        #mandateLogin {
-          font-size: 1.2em;
-        }
-        
-        #bku_header h2 {
-          font-size: 1.3em;
-          margin-top: -0.65em;
-          padding-top: 0.65em;
-        } 
-      }
-
-
-			
-			@media screen and (max-width: 649px) {
-				
-        body {
-					margin:0;
-					padding:0;
-					color : #000;
-			  	text-align: center;
-          font-size: 100%;
-			  	background-color: #MAIN_BACKGOUNDCOLOR#;
-				}
-        		.browserInfoButton{
-                    color: rgb(128, 128, 128); 
-                }		
-			  #page {
-			     visibility: hidden;
-			     margin-top: 0%;
-			  }
-			  
-			  #page1 {
-			    visibility: hidden;
-			  }
-			  
-			  #main {
-			    visibility: hidden;
-			  }
-        
-        #validation {
-          visibility: hidden;
-          display: none;
-        }
-			  
-			  .OA_header {
-			    margin-bottom: 0px;
-			    margin-top: 0px;
-			    font-size: 0pt;
-			    visibility: hidden;
-			  }
-			
-			  #leftcontent {
-			    visibility: visible;
-			    margin-bottom: 0px;
-			    text-align: left;
-			    border:none;
-          vertical-align: middle;
-          min-height: 173px;
-          min-width: 204px;
-          
-			  }
-			  
-        #bku_header {
-          height: 10%;
-          min-height: 1.2em;
-          margin-top: 1%;
-        }
-        
-        h2#tabheader{
-          padding-left: 2%;
-          padding-right: 2%;
-          position: relative;
-          top: 50%;
-			  }
-        
-        #stork h2 {
-          font-size: 0.9em;
-          margin-bottom: 2%;
-        }
-        
-       	#bkulogin {	
-          min-width: 190px;
-          min-height: 170px;	
-			 }
-        
-			 .setAssertionButton_full {
-			     	background: #efefef;
-				    cursor: pointer;
-				    margin-top: 15px;
-			      width: 70px;
-			      height: 25px;
-			 }
-       
-        input[type=button] {
-/*          height: 11%;  */
-          width: 70%;
-        }
-			}
-			      
-			* {
-				margin: 0;
-				padding: 0;
-        font-family: #FONTTYPE#;
-			}
-							      			
-			#selectArea {
-				padding-top: 10px;
-				padding-bottom: 55px;
-				padding-left: 10px;
-			}
-			
-			.setAssertionButton {
-				background: #efefef;
-				cursor: pointer;
-				margin-top: 15px;
-			  width: 70px;
-			  height: 25px;
-			}
-			
-			#leftbutton  {
-				width: 35%; 
-				float:left; 
-				margin-left: 15px;
-			}
-			
-			#rightbutton {
-				width: 35%; 
-				float:right; 
-				margin-right: 25px; 
-				text-align: right;
-			}
-			
-			#stork {
-			    /*margin-bottom: 10px;*/
-			   /* margin-top: 5px; */
-			}
-      			
-      #mandateLogin {
-        padding-bottom: 4%;
-        padding-top: 4%;
-        height: 10%;
-        position: relative;
-        text-align: center;
-			}
-      
-      .verticalcenter {
-        vertical-align: middle;
-      }
-      
-      #mandateLogin div {
-        clear: both;
-        margin-top: -1%;
-        position: relative;
-        top: 50%;
-      }
-      
-      #bkuselectionarea {
-          position: relative;
-          display: block;
-      }
-      
-      #localBKU {
-        padding-bottom: 4%;
-        /*padding-top: 4%;*/
-        position: relative;
-        clear: both;     
-        text-align: center;
-			}
-          			
-			#bkukarte {
-				float:left;
-				text-align:center;
-				width:40%;
-        min-height: 70px;
-        padding-left: 5%;
-        padding-top: 2%;
-			}
-			
-			#bkuhandy {
-				float:right;
-				text-align:center;
-				width:40%;
-        min-height: 90px;
-        padding-right: 5%;
-        padding-top: 2%;
-			}
-			
-      .bkuimage {
-        width: 90%;
-        height: auto;
-      }
-      
-			#mandate{
-				text-align:center;
-				padding : 5px 5px 5px 5px;
-			}
-      
-/*		input[type=button], .sendButton {
-				background: #BUTTON_BACKGROUNDCOLOR#;
-        color: #BUTTON_COLOR#;
-/*				border:1px solid #000;  */
-/*				cursor: pointer;
-/*        box-shadow: 3px 3px 3px #222222;  */
-/*			}
-			
-/*      button:hover, button:focus, button:active, 
-      .sendButton:hover , .sendButton:focus, .sendButton:active,
-      #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
-				background: #BUTTON_BACKGROUNDCOLOR_FOCUS#;
-        color: #BUTTON_COLOR#;
-/*				border:1px solid #000;                */
-/*				cursor: pointer;
-/*        box-shadow: -1px -1px 3px #222222;  */
-/*			}
-      
-*/      
-			input {
-				/*border:1px solid #000;*/
-				cursor: pointer;
-			}
-      
-      #localBKU input {
-/*        color: #BUTTON_COLOR#;  */
-        /*border: 0px;*/
-        display: inline-block;
-        
-      }
-			
-      #localBKU input:hover, #localBKU input:focus, #localBKU input:active {
-        /*text-decoration: underline;*/
-      }
-      
-			#installJava, #BrowserNOK {
-				clear:both;
-				font-size:0.8em;
-				padding:4px;
-			}
-						
-			.selectText{
-			
-			}
-			
-			.selectTextHeader{
-			
-			}
-			
-			.sendButton {
-        width: 30%;
-        margin-bottom: 1%;	
-			}
-			
-			#leftcontent a {
-				text-decoration:none; 
-				color: #000;
-			/*	display:block;*/
-				padding:4px;	
-			}
-			
-			#leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
-				text-decoration:underline;
-				color: #000;	
-			}
-						
-			.infobutton {
-				background-color: #005a00;
-				color: white;
-				font-family: serif;
-				text-decoration: none;
-				padding-top: 2px;
-				padding-right: 4px;
-				padding-bottom: 2px;
-				padding-left: 4px;
-				font-weight: bold;
-			}
-			
-			.hell {
-				background-color : #MAIN_BACKGOUNDCOLOR#;
-        color: #MAIN_COLOR#;	
-			}
-			
-			.dunkel {
-				background-color: #HEADER_BACKGROUNDCOLOR#;
-        color: #HEADER_COLOR#;
-			}
-			      
-			.main_header {
-			   color: black;
-			    font-size: 32pt;
-			    position: absolute;
-			    right: 10%;
-			    top: 40px;
-				
-			}
-      
-      #ssoSessionTransferBlock {
-        font-size: 0.8em;
-        margin-left: 5px;
-        margin-bottom: 5px;
-      }
-      			                        
-    </style>       
-<!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
-<script type="text/javascript">
-		function isIE() {
-			return (/MSIE (\d+\.\d+);/.test(navigator.userAgent));
-		}
-		function isFullscreen() {
-			try {
-				return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height));
-			} catch (e) {
-				return false;
-			}
-		}
-		function isActivexEnabled() {
-			var supported = null;
-			try {
-				supported = !!new ActiveXObject("htmlfile");
-			} catch (e) {
-				supported = false;
-			}
-			return supported;
-		}
-		function isMetro() {
-			if (!isIE())
-				return false;
-			return !isActivexEnabled() && isFullscreen();
-		}
-		window.onload=function() {
-			document.getElementById("localBKU").style.display="block";
-			return;
-		}
-    function bkuLocalClicked() {
-       setMandateSelection();
-    }
-    
-		function bkuOnlineClicked() {
-			if (isMetro())
-				document.getElementById("metroDetected").style.display="block";
-			document.getElementById("localBKU").style.display="block";
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-						
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#ONLINE#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-/* 			iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-			iFrameURL += "&MOASessionID=" + "#SESSIONID#";
-			generateIFrame(iFrameURL);
-		}
-		function bkuHandyClicked() {
-			document.getElementById("localBKU").style.display="none";
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-			
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#HANDY#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-/* 			iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-			iFrameURL += "&MOASessionID=" + "#SESSIONID#";
-			generateIFrame(iFrameURL);
-		}
-		function storkClicked() {
-			document.getElementById("localBKU").style.display="none"; 
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-			
-			var ccc = "AT";
-			var countrySelection = document.getElementById("cccSelection");
-			if (countrySelection !=  null) {
-				ccc = document.getElementById("cccSelection").value;
-			}
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#ONLINE#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-			iFrameURL += "&CCC=" + ccc;
-/* 			iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-			iFrameURL += "&MOASessionID=" + "#SESSIONID#";
-			generateIFrame(iFrameURL);
-		}
-		function generateIFrame(iFrameURL) {
-			var el = document.getElementById("bkulogin");
-      var width = el.clientWidth;
-      var heigth = el.clientHeight - 20;
-			var parent = el.parentNode;
-            
-      iFrameURL += "&heigth=" + heigth;
-      iFrameURL += "&width=" + width;
-      
-			var iframe = document.createElement("iframe");
-			iframe.setAttribute("src", iFrameURL);
-			iframe.setAttribute("width", el.clientWidth - 1);
-			iframe.setAttribute("height", el.clientHeight - 1);
-			iframe.setAttribute("frameborder", "0");
-			iframe.setAttribute("scrolling", "no");
-			iframe.setAttribute("title", "Login");
-			parent.replaceChild(iframe, el);
-		}
-		function setMandateSelection() {
-			document.getElementById("moaidform").action = "#AUTH_URL#";
-			document.getElementById("useMandate").value = "false";
-			var checkbox = document.getElementById("mandateCheckBox");
-			if (checkbox !=  null) {
-				if (document.getElementById("mandateCheckBox").checked) {
-					document.getElementById("useMandate").value = "true";
-				}
-			}
-		}
-		function onChangeChecks() {
-      if (self.innerWidth < 650) {
-         document.getElementById("moaidform").setAttribute("target","_parent");
-      } else {
-         document.getElementById("moaidform").removeAttribute("target");
-      }
-      
-    }
-    
-     function checkIfBrowserSupportsJava(){
-        console.log("Browser is Chrome: "+checkIfBrowserIsChrome());
-        console.log("Browser is Safari: "+checkIfBrowserIsSafari());
-        console.log("Browser is Edge: "+checkIfBrowserIsEdge());
-        
-        var cnt = 0;
-        
-        if(checkIfBrowserIsChrome())cnt++;
-        if(checkIfBrowserIsEdge())cnt++;
-        if(checkIfBrowserIsSafari())cnt++;
-           
-        if(cnt==0 || cnt>1)//cnt>1 means perhaps wrong detection
-            return true;
-        
-        var image = document.getElementById("bkuimage");
-        var srcatt = image.getAttribute("src");
-        var last = srcatt.substring(srcatt.lastIndexOf('/')+1);
-        srcatt = srcatt.replace(last,'online-bku-deactivated.png');    
-        image.setAttribute("src",srcatt);
-         
-         
-        var button = document.getElementsByName("bkuButtonOnline")[0];               
-        button.setAttribute("class","browserInfoButton");
-        button.setAttribute("title","Java wird nicht unterstützt, klicken für mehr Informationen.");
-        button.setAttribute("onClick","alert('Java wird von Ihrem Browser nicht unterstützt, ist jedoch für den Betrieb der Online Bürgerkartenumgebung notwendig.\\nWollen Sie dennoch die Online Bürgerkartenumgebung verwenden, wird zur Zeit Java noch von Firefox und MS Internet Explorer unterstützt. \\nAlternativ koennen Sie auch eine lokale Bürgerkartenumgebung verwenden, verfügbar unter www.buergerkarte.at.');");
-         
-        return false;
+   <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=$pendingReqID" />
    
-    }
-    function checkIfBrowserIsChrome(){
-        var chrome_defined = !!window.chrome;//chrome object defined
-        var webstore_defined = false;
-        if(window.chrome){
-            webstore_defined = !!window.chrome.webstore;
-           }
-        return chrome_defined && webstore_defined;
-    }
-    function checkIfBrowserIsEdge(){//edge also defines the chrome object, but not the webapp
-        var chrome_defined = !!window.chrome;//chrome object defined
-        var webstore_defined = true;
-        if(window.chrome){
-            webstore_defined = !!window.chrome.webstore;
-           }
-        return chrome_defined && !webstore_defined;
-    }
-    function checkIfBrowserIsSafari(){
-        var cond1 = Object.prototype.toString.call(window.HTMLElement).indexOf('Constructor') > 0;
-        return cond1;
-    }
-/* 		function setSSOSelection() {
-			document.getElementById("useSSO").value = "false";
-			var checkbox = document.getElementById("SSOCheckBox");
-			if (checkbox !=  null) {
-				if (document.getElementById("SSOCheckBox").checked) {
-					document.getElementById("useSSO").value = "true";
-				}
-			}
-		} */
-		
-/* 		function checkMandateSSO() {
-			var sso = document.getElementById("SSOCheckBox");
-			var mandate = document.getElementById("mandateCheckBox");
-			
-			
-			if (sso.checked && mandate.checked) {
-				alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!")
-				mandate.checked = false;
-				sso.checked = false;
-				return true;
-			} else {
-				return false;
-			}
-		} */
-	</script>
+   <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
+   <script src="$contextPath/js/buildJS?pendingid=$pendingReqID"></script>
+   
+
 <title>Anmeldung mittels Bürgerkarte oder Handy-Signatur</title>
 </head>
 <body onload="onChangeChecks();checkIfBrowserSupportsJava();" onresize="onChangeChecks();">
 	<div id="page">
 		<div id="page1" class="case selected-case" role="main">
-			<h2 class="OA_header" role="heading">Anmeldung an: #OAName#</h2>
+			<h2 class="OA_header" role="heading">Anmeldung an: $OAName</h2>
 			<div id="main">
 				<div id="leftcontent" class="hell" role="application">
 					<div id="bku_header" class="dunkel">
-						<h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2>
+						<h2 id="tabheader" class="dunkel" role="heading">$HEADER_TEXT</h2>
 					</div>
 					<div id="bkulogin" class="hell" role="form">
-						<div id="mandateLogin" style="#MANDATEVISIBLE#">
+						<div id="mandateLogin" style="">
 							<div>
 								<input tabindex="1" type="checkbox" name="Mandate"
 									id="mandateCheckBox" class="verticalcenter" role="checkbox"
-									onClick='document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);'#MANDATECHECKED#>
+									onClick='document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);'$MANDATECHECKED>
 								<label for="mandateCheckBox" class="verticalcenter">in
 									Vertretung anmelden</label>
 								<!--a      href="info_mandates.html" 
@@ -855,43 +37,41 @@
 						</div>
 						<div id="bkuselectionarea">
 							<div id="bkukarte">
-								<img id="bkuimage" class="bkuimage" src="#CONTEXTPATH#/img/online-bku.png"
+								<img id="bkuimage" class="bkuimage" src="$contextPath/img/online-bku.png"
 									alt="OnlineBKU" /> <input name="bkuButtonOnline" type="button"
 									onClick="bkuOnlineClicked();" tabindex="2" role="button"
 									value="Karte" />
 							</div>
 							<div id="bkuhandy">
-								<img class="bkuimage" src="#CONTEXTPATH#/img/mobile-bku.png"
+								<img class="bkuimage" src="$contextPath/img/mobile-bku.png"
 									alt="HandyBKU" /> <input name="bkuButtonHandy" type="button"
 									onClick="bkuHandyClicked();" tabindex="3" role="button"
 									value="HANDY" />
 							</div>
 						</div>
 						<div id="localBKU">
-							<form method="get" id="moaidform" action="#AUTH_URL#"
+							<form method="get" id="moaidform" action="$contextPath$submitEndpoint"
 								class="verticalcenter" target="_parent">
-								<input type="hidden" name="bkuURI" value="#LOCAL#"> <input
-									type="hidden" name="useMandate" id="useMandate"> <input
-									type="hidden" name="SSO" id="useSSO"> <input
-									type="hidden" name="ccc" id="ccc"> <input type="hidden"
-									name="MODUL" value="#MODUL#"> <input type="hidden"
-									name="ACTION" value="#ACTION#"> <input type="hidden"
-									name="MOASessionID" value="#SESSIONID#"> 
-                  <input type="submit" value=" Lokale Bürgerkartenumgebung " tabindex="4"
-									role="button" onclick="setMandateSelection();">
+								<input type="hidden" name="bkuURI" value="$bkuLocal" />
+								<input type="hidden" name="useMandate" id="useMandate" /> 
+								<input type="hidden" name="SSO" id="useSSO" /> 
+								<input type="hidden" name="ccc" id="ccc" /> 
+								<input type="hidden" name="pendingid" value="$pendingReqID" /> 
+                <input type="submit" value=" Lokale Bürgerkartenumgebung " tabindex="4"
+									     role="button" onclick="setMandateSelection();">
                 </form>
               </div>
               
               <!-- Single Sign-On Session transfer functionality -->
               <!--div id="ssoSessionTransferBlock">
-                <a href="#AUTH_URL#?MOASessionID=#SESSIONID#&restoreSSOSession=true">>Restore SSO Session from Smartphone</a>
+                <a href="$contextPath$submitEndpoint?pendingid=$pendingReqID&restoreSSOSession=true">>Restore SSO Session from Smartphone</a>
               </div-->
               
-              <div id="stork" align="center" style="#STORKVISIBLE#">
+              <div id="stork" align="center" style="$STORKVISIBLE">
                 <h2 id="tabheader" class="dunkel">Home Country Selection</h2>
                 <p>
                   <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" >
-                    #PEPSLIST#
+                    $countryList
                   </select>
                   <button name="bkuButton" type="button" onClick="storkClicked();">Proceed</button>
                   <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a>
@@ -907,16 +87,6 @@
 				</div>
 			</div>
 		</div>
-		<!--div id="validation">
-			<a href="http://validator.w3.org/check?uri="> <img
-				style="border: 0; width: 88px; height: 31px"
-				src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
-			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
-				style="border: 0; width: 88px; height: 31px"
-				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
-				alt="CSS ist valide!" />
-			</a>
-		</div-->
 	</div>
 </body>
 </html>
diff --git a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html
index 07d018a94..a9f0c4238 100644
--- a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html
+++ b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html
@@ -3,556 +3,7 @@
 <head>
 	<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
     <!-- MOA-ID 2.x BKUSelection Layout CSS -->               
-    <style type="text/css">
-			@media screen and (min-width: 650px) {
-			
-				body {
-					margin:0;
-					padding:0;
-					color : #000;
-					background-color : #fff;
-			  	text-align: center;
-			  	background-color: #6B7B8B;
-				}
-				
-        #localBKU p {
-          font-size: 0.7em;
-        } 
-        
-        #localBKU input{
-          font-size: 0.7em;
-          border-radius: 5px;
-        }
-        
-         #bkuselectionarea button {
-          font-size: 0.85em;
-          border-radius: 7px;
-          margin-bottom: 25px;
-         }
-        
-        #mandateLogin {
-          font-size: 0.85em;
-        }
-        
-        #bku_header h2 {
-          font-size: 0.8em;
-        } 
-        
-        
-			  #page {
-			    display: block;
-			    border: 2px solid rgb(0,0,0);
-			    width: 650px;
-			    height: 440px;
-			    margin: 0 auto;
-			    margin-top: 5%;
-			    position: relative;
-			    border-radius: 25px;
-			    background: rgb(255,255,255);
-			  }
-			  
-			  #page1 {
-			    text-align: center;
-			  }
-			  
-			  #main {
-			    /*	clear:both; */
-				  position:relative;
-			    margin: 0 auto;
-			    width: 250px;
-			    text-align: center;
-			  }
-			  
-			  .OA_header {
-			/*	  background-color: white;*/
-			    font-size: 20pt;
-			    margin-bottom: 25px;
-			    margin-top: 25px;
-			  }
-			
-			  #leftcontent {
-        	width: 300px;
-				  margin-top: 30px;
-          padding-bottom: 15px;
-				  margin-bottom: 25px;
-			    text-align: left;
-			    border: 1px solid rgb(0,0,0);
-			  }
-			  			  
-			  #selectArea {
-				 font-size: 15px;
-				 padding-bottom: 65px;
-			  }
-			 
-        #selectArea h3 {
-          margin-bottom: 25px;
-        }
-      
-        #bku_header {
-          height: 5%;
-          padding-bottom: 3px;
-          padding-top: 3px;
-        }
-      
-        #bkulogin {
-				  overflow:hidden;	
-          min-width: 190px;
-          min-height: 180px;
-          /*height: 260px;*/	
-			  }
-      
-        h2#tabheader{
-				  font-size: 1.1em; 
-          padding-left: 2%;
-          padding-right: 2%;
-          position: relative;
-			  }
-      			  
-			  .setAssertionButton_full {
-				  margin-top: 15px;
-			    width: 100px;
-			    height: 30px;
-          font-size: 1.3em;
-          min-height: 1.3em;
-/*          border-radius: 10px;*/
-			  }
-			
-			  #leftbutton  {
-				 width: 30%; 
-				 float:left; 
-				 margin-left: 40px;
-			  }
-			
-			  #rightbutton {
-				 width: 30%; 
-				 float:right; 
-				 margin-right: 45px; 
-				 text-align: right;
-			  }
-        
-        button {
-          height: 25px;
-          width: 90px;
-          margin-bottom: 10px;
-        }
-        
-       #validation {
-        position: absolute;
-        bottom: 0px;
-        margin-left: 270px;
-        padding-bottom: 10px;
-      }
-			
-			}
-
-      @media screen and (max-width: 205px) {
-        #localBKU p {
-          font-size: 0.6em;
-        } 
-        
-        #localBKU input {
-          font-size: 0.7em;
-          min-width: 70px;
-          min-height: 1.2em;
-          border-radius: 5px;
-        }
-        
-        #bkuselectionarea button, .setAssertionButton_full {
-          font-size: 0.8em;
-          min-width: 65px;
-          min-height: 1.3em;
-  /*        border-radius: 5px;         */
-          margin-bottom: 2%
-        }
-        
-        #mandateLogin {
-          font-size: 0.65em;
-        }
-        
-        #bku_header h2, #selectArea h3 {
-          font-size: 0.8em;
-          margin-top: -0.4em;
-        } 
-      }
-
-      @media screen and (max-width: 249px) and (min-width: 206px) {
-        #localBKU p {
-          font-size: 0.7em;
-        } 
-        
-        #localBKU input {
-          font-size: 0.85em;
-          min-width: 80px;
-          min-height: 0.95em;
-          border-radius: 6px;
-        }
-        
-        #bkuselectionarea button, .setAssertionButton_full {
-          font-size: 0.85em;
-          min-width: 70px;
-          min-height: 0.95em;
-  /*        border-radius: 6px;        */
-          margin-bottom: 2%
-        }
-        
-        #mandateLogin {
-          font-size: 0.75em;
-        }
-        
-        #bku_header h2, #selectArea h3 {
-          font-size: 0.9em;
-          margin-top: -0.45em;
-        } 
-      }
-
-      @media screen and (max-width: 299px) and (min-width: 250px) {
-        #localBKU p {
-          font-size: 0.9em;
-        } 
-        
-        #localBKU input {
-          font-size: 0.9em;
-          min-width: 100px;
-          border-radius: 6px;
-        }
-        
-        #bkuselectionarea button, .setAssertionButton_full {
-          font-size: 1.0em;
-          min-height: 1.05em;
- /*         border-radius: 7px;          */
-          margin-bottom: 5%;
-        }
-        
-        #mandateLogin {
-          font-size: 1em;
-        }
-        
-        #bku_header h2, #selectArea h3 {
-          font-size: 1.0em;
-          margin-top: -0.50em;
-        } 
-      }
-
-      @media screen and (max-width: 399px) and (min-width: 300px) {
-        #localBKU p {
-          font-size: 0.9em;
-        } 
-        
-        #localBKU input {
-          font-size: 0.9em;
-          min-width: 100px;
-          border-radius: 6px;
-        }
-        
-        #bkuselectionarea button, .setAssertionButton_full {
-          font-size: 1.1em;
-          min-height: 1.2em;
-  /*        border-radius: 8px;     */
-          margin-bottom: 5%;
-        }
-        
-        #mandateLogin {
-          font-size: 1em;
-        }
-        
-        #bku_header h2, #selectArea h3 {
-          font-size: 1.1em;
-          margin-top: -0.55em;
-        } 
-      }
-      
-      @media screen and (max-width: 649px) and (min-width: 400px) {
-        #localBKU p {
-          font-size: 0.9em;
-        } 
-        
-        #localBKU input {
-          font-size: 0.9em;
-          min-width: 100px;
-          border-radius: 6px;
-        }
-        
-        #bkuselectionarea button, .setAssertionButton_full {
-          font-size: 1.3em;
-          min-height: 1.3em;
-/*          border-radius: 10px;  */
-          margin-bottom: 5%;
-        }
-        
-        #mandateLogin {
-          font-size: 1.2em;
-        }
-        
-        #bku_header h2, #selectArea h3 {
-          font-size: 1.3em;
-          margin-top: -0.65em;
-        } 
-      }
-
-
-			
-			@media screen and (max-width: 649px) {
-				
-        body {
-					margin:0;
-					padding:0;
-					color : #000;
-			  	text-align: center;
-          font-size: 100%;
-			  	background-color: #MAIN_BACKGOUNDCOLOR#;
-				}
-        				
-			  #page {
-			     visibility: hidden;
-			     margin-top: 0%;
-			  }
-			  
-			  #page1 {
-			    visibility: hidden;
-			  }
-			  
-			  #main {
-			    visibility: hidden;
-			  }
-        
-        #validation {
-          visibility: hidden;
-          display: none;
-        }
-			  
-			  .OA_header {
-			    margin-bottom: 0px;
-			    margin-top: 0px;
-			    font-size: 0pt;
-			    visibility: hidden;
-			  }
-			
-			  #leftcontent {
-			    visibility: visible;
-			    margin-bottom: 0px;
-			    text-align: left;
-			    border:none;
-          min-width: 190px;
-/*          min-height: 190px;  */
-          vertical-align: middle;
-          
-			  }
-			  
-        #bku_header {
-          height: 10%;
-          min-height: 1.2em;
-          margin-top: 1%;
-        }
-        
-        h2#tabheader{
-          padding-left: 2%;
-          padding-right: 2%;
-          padding-top: 1%;
-          position: relative;
-          top: 50%;
-			  }
-        
-       	#bkulogin {	
-          min-width: 190px;
-          min-height: 150px;	
-			 }
-        
-			 .setAssertionButton_full {
-				    margin-top: 15px;
-			      width: 70%;
-			      height: 11%;
-            min-width: 60px;
-            min-height: 25px;
-			 }
-       
-       #selectArea h3 {
-          margin-top: 2%;
-       }
-       
-        button {
-          height: 11%;
-          width: 70%;
-        }
-			}
-			      
-			* {
-				margin: 0;
-				padding: 0;
-/*				border: 0;  */
-        font-family: #FONTTYPE#;
-			}
-							      			
-			#selectArea {
-				padding-top: 10px;
-				padding-bottom: 55px;
-				padding-left: 10px;
-			}
-			
-			.setAssertionButton {
-				background: #efefef;
-				cursor: pointer;
-				margin-top: 15px;
-			  width: 70px;
-			  height: 25px;
-			}
-			
-			#leftbutton  {
-				width: 35%; 
-				float:left; 
-				margin-left: 15px;
-			}
-			
-			#rightbutton {
-				width: 35%; 
-				float:right; 
-				margin-right: 25px; 
-				text-align: right;
-			}
-			
-			#stork {
-			    margin-bottom: 10px;
-			    margin-top: 5px;
-			}
-			
-      #mandateLogin {
-        padding-bottom: 2%;
-        padding-top: 2%;
-        height: 10%;
-        position: relative;
-        text-align: center;
-			}
-      
-      .verticalcenter {
-        vertical-align: middle;
-      }
-      
-      #mandateLogin > div {
-        clear: both;
-        margin-top: -1%;
-        position: relative;
-        top: 50%;
-      }
-      
-      #bkuselectionarea {
-          position: relative;
-          display: block;
-      }
-      
-      #localBKU {
-        padding-left: 5%;
-        padding-right: 2%;
-        padding-bottom: 2%;
-        position: relative;
-        clear: both;        
-			}
-          			
-			#bkukarte {
-				float:left;
-				text-align:center;
-				width:40%;
-        min-height: 70px;
-        padding-left: 5%;
-        padding-top: 2%;
-			}
-			
-			#bkuhandy {
-				float:right;
-				text-align:center;
-				width:40%;
-        min-height: 90px;
-        padding-right: 5%;
-        padding-top: 2%;
-			}
-			
-      .bkuimage {
-        width: 90%;
-        height: auto;
-      }
-      
-			#mandate{
-				text-align:center;
-				padding : 5px 5px 5px 5px;
-			}
-			
-			button, .sendButton {
-/*				background: #BUTTON_BACKGROUNDCOLOR#;
-        color: #BUTTON_COLOR#;  */
-        cursor: pointer;
-        
-/*				border:1px solid #000;
-        box-shadow: 3px 3px 3px #222222; */
-			}
-			
-      button:hover, button:focus, button:active, 
-      .sendButton:hover , .sendButton:focus, .sendButton:active,
-      #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
-/*				background: #BUTTON_BACKGROUNDCOLOR_FOCUS#;
-        color: #BUTTON_COLOR#;  */        
-        cursor: pointer;
-        
-/*				border:1px solid #000;
-        box-shadow: -1px -1px 3px #222222;  */
-			}
-      			
-			#installJava, #BrowserNOK {
-				clear:both;
-				font-size:0.8em;
-				padding:4px;
-			}
-						
-			.selectText{
-			
-			}
-			
-			.selectTextHeader{
-			
-			}
-						
-			#leftcontent a {
-				text-decoration:none; 
-				color: #000;
-			/*	display:block;*/
-				padding:4px;	
-			}
-			
-			#leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
-				text-decoration:underline;
-				color: #000;	
-			}
-						
-			.infobutton {
-				background-color: #005a00;
-				color: white;
-				font-family: serif;
-				text-decoration: none;
-				padding-top: 2px;
-				padding-right: 4px;
-				padding-bottom: 2px;
-				padding-left: 4px;
-				font-weight: bold;
-			}
-			
-			.hell {
-				background-color : #MAIN_BACKGOUNDCOLOR#;
-        color: #MAIN_COLOR#;	
-			}
-			
-			.dunkel {
-				background-color: #HEADER_BACKGROUNDCOLOR#;
-        color: #HEADER_COLOR#;
-			}
-			      
-			.main_header {
-			   color: black;
-			    font-size: 32pt;
-			    position: absolute;
-			    right: 10%;
-			    top: 40px;
-				
-			}
-      			                        
-    </style>
-    
+    <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=#ID#" />
     
     <title>Anmeldung an Online-Applikation</title>   
 </head>
@@ -574,25 +25,21 @@
             </div>
 					
 						<div id="selectArea" class="hell" role="application">
-							<h3>Anmeldung an: #OAName#</h3>
+							<h3>Anmeldung an: $OAName</h3>
 					
 <!-- 						<div class="hell"> -->
 							<div id="leftbutton">
-									<form method="post" id="moaidform_yes" action="#URL#">
+									<form method="post" id="moaidform_yes" action="$contextPath$submitEndpoint">
 										<input type="hidden" name="value" value="true">
-										<input type="hidden" name="mod" value="#MODUL#">
-								    <input type="hidden" name="action" value="#ACTION#">
-                    <input type="hidden" name="identifier" value="#ID#">
-										<input type="submit" value="Ja" class="setAssertionButton_full sendButton" role="button">
+                    <input type="hidden" name="pendingid" value="$pendingReqID">
+										<input type="submit" value="Ja" class="setAssertionButton_full" role="button">
 									</form>
 							</div>
 							<div id="rightbutton">
-										<form method="post" id="moaidform_no" action="#URL#">
+										<form method="post" id="moaidform_no" action="$contextPath$submitEndpoint">
 										<input type="hidden" name="value" value="false">
-										<input type="hidden" name="mod" value="#MODUL#">
-								    <input type="hidden" name="action" value="#ACTION#">
-                    <input type="hidden" name="identifier" value="#ID#">
-										<input type="submit" value="Nein" class="setAssertionButton_full sendButton" role="button">
+                    <input type="hidden" name="pendingid" value="$pendingReqID">
+										<input type="submit" value="Nein" class="setAssertionButton_full" role="button">
 									</form>
 							</div>
 						
@@ -600,18 +47,6 @@
 					</div>
 				</div>
 		</div>
-    <!--div id="validation">
-        <a href="http://validator.w3.org/check?uri=">
-          <img   style="border:0;width:88px;height:31px"
-                 src="#CONTEXTPATH#/img/valid-html5-blue.png"
-                 alt="HTML5 ist valide!" />
-        </a>
-        <a href="http://jigsaw.w3.org/css-validator/">
-          <img   style="border:0;width:88px;height:31px"
-                 src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
-                 alt="CSS ist valide!" />
-        </a>
-    </div-->
 	</div>
 </body>
 </html>
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css b/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css
new file mode 100644
index 000000000..a8735be60
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css
@@ -0,0 +1,625 @@
+@charset "utf-8";
+	@media screen and (min-width: 650px) {
+			
+				body {
+					margin:0;
+					padding:0;
+					color : #000;
+					background-color : #fff;
+			  	text-align: center;
+			  	background-color: #6B7B8B;
+				}
+                
+                .browserInfoButton{
+         color: rgb(128, 128, 128); 
+        }
+				
+        #localBKU p {
+          font-size: 0.7em;
+        } 
+        
+        #localBKU input{
+          font-size: 0.85em;
+          /*border-radius: 5px;*/
+        }
+        
+         #bkuselectionarea input[type=button] {
+          font-size: 0.85em;
+          /*border-radius: 7px;*/
+          margin-bottom: 25px;
+          min-width: 80px;
+         }
+        
+        #mandateLogin {
+          font-size: 0.85em;
+        }
+        
+        #bku_header h2 {
+          font-size: 0.8em;
+        } 
+        
+        
+			  #page {
+			    display: block;
+			    border: 2px solid rgb(0,0,0);
+			    width: 650px;
+			    height: 460px;
+			    margin: 0 auto;
+			    margin-top: 5%;
+			    position: relative;
+			    border-radius: 25px;
+			    background: rgb(255,255,255);
+			  }
+			  
+			  #page1 {
+			    text-align: center;
+			  }
+			  
+			  #main {
+			    /*	clear:both; */
+				  position:relative;
+			    margin: 0 auto;
+			    width: 250px;
+			    text-align: center;
+			  }
+			  
+			  .OA_header {
+			/*	  background-color: white;*/
+			    font-size: 20pt;
+			    margin-bottom: 25px;
+			    margin-top: 25px;
+			  }
+			
+			  #leftcontent {
+			    /*float:left; */
+				  width:250px;
+				  margin-bottom: 25px;
+			    text-align: left;
+			    border: 1px solid rgb(0,0,0);
+			  }
+			  			  
+			  #selectArea {
+				 font-size: 15px;
+				 padding-bottom: 65px;
+			  }
+			
+			  #leftcontent {
+				 width: 300px;
+				 margin-top: 30px;
+			  }
+			
+        #bku_header {
+          height: 5%;
+          padding-bottom: 3px;
+          padding-top: 3px;
+        }
+      
+        #bkulogin {
+				  overflow:hidden;	
+          min-width: 190px;
+          min-height: 180px;
+          /*height: 260px;*/	
+			  }
+      
+        h2#tabheader{
+				  font-size: 1.1em; 
+          padding-left: 2%;
+          padding-right: 2%;
+          position: relative;
+			  }
+      	
+        #stork h2 {
+          font-size: 1.0em;
+          margin-bottom: 2%;
+        }
+        		  
+			  .setAssertionButton_full {
+			  	background: #efefef;
+				  cursor: pointer;
+				  margin-top: 15px;
+			    width: 100px;
+			    height: 30px
+			  }
+			
+			  #leftbutton  {
+				 width: 30%; 
+				 float:left; 
+				 margin-left: 40px;
+			  }
+			
+			  #rightbutton {
+				 width: 30%; 
+				 float:right; 
+				 margin-right: 45px; 
+				 text-align: right;
+			  }
+        
+        button {
+          height: 25px;
+          width: 75px;
+          margin-bottom: 10px;
+        }
+        
+        
+        
+       #validation {
+        position: absolute;
+        bottom: 0px;
+        margin-left: 270px;
+        padding-bottom: 10px;
+      }
+			
+			}
+
+      @media screen and (max-width: 205px) {
+        #localBKU p {
+          font-size: 0.6em;
+        }
+       .browserInfoButton{
+         color: rgb(128, 128, 128); 
+        }
+        
+        #localBKU input {
+          font-size: 0.6em;
+          min-width: 60px;
+         /* max-width: 65px; */
+          min-height: 1.0em;
+         /* border-radius: 5px; */
+        }
+        
+        #bkuselectionarea input[type=button] {
+          font-size: 0.7em;
+          min-width: 55px;
+          /*min-height: 1.1em;
+          border-radius: 5px;*/
+          margin-bottom: 2%
+        }
+        
+        #mandateLogin {
+          font-size: 0.65em;
+        }
+        
+        #bku_header h2 {
+          font-size: 0.8em;
+          margin-top: -0.4em;
+          padding-top: 0.4em;
+        }
+        
+        #bkulogin {
+        min-height: 150px;
+        } 
+      }
+
+      @media screen and (max-width: 249px) and (min-width: 206px) {
+        #localBKU p {
+          font-size: 0.7em;
+        } 
+        .browserInfoButton{
+         color: rgb(128, 128, 128); 
+        }
+        
+        #localBKU input {
+          font-size: 0.7em;
+          min-width: 70px;
+       /*    max-width: 75px;    */
+          min-height: 0.95em;
+        /*  border-radius: 6px;    */
+        }
+        
+        #bkuselectionarea input[type=button] {
+          font-size: 0.75em;
+          min-width: 60px;
+      /*    min-height: 0.95em;
+          border-radius: 6px;    */
+          margin-bottom: 5%
+        }
+        
+        #mandateLogin {
+          font-size: 0.75em;
+        }
+        
+        #bku_header h2 {
+          font-size: 0.9em;
+          margin-top: -0.45em;
+          padding-top: 0.45em;
+        }
+        
+        #bkulogin {
+          min-height: 180px;
+        }  
+      }
+
+      @media screen and (max-width: 299px) and (min-width: 250px) {
+        #localBKU p {
+          font-size: 0.9em;
+        } 
+        .browserInfoButton{
+         color: rgb(128, 128, 128); 
+        }
+        
+        #localBKU input {
+          font-size: 0.8em;
+          min-width: 70px;
+       /*    max-width: 75px;      */
+      /*    border-radius: 6px;  */
+        }
+        
+        #bkuselectionarea input[type=button] {
+          font-size: 0.85em;
+     /*     min-height: 1.05em;
+          border-radius: 7px;        */
+          margin-bottom: 10%;
+        }
+        
+        #mandateLogin {
+          font-size: 1em;
+        }
+        
+        #bku_header h2 {
+          font-size: 1.0em;
+          margin-top: -0.50em;
+          padding-top: 0.50em;
+        } 
+      }
+
+      @media screen and (max-width: 399px) and (min-width: 300px) {
+        #localBKU p {
+          font-size: 0.9em;
+        } 
+        .browserInfoButton{
+         color: rgb(128, 128, 128); 
+        }
+        #localBKU input {
+          font-size: 0.8em;
+          min-width: 70px;
+      /*     max-width: 75px;     */
+      /*    border-radius: 6px;       */
+        }
+        
+        #bkuselectionarea input[type=button] {
+          font-size: 0.9em;
+   /*       min-height: 1.2em;
+          border-radius: 8px;          */
+          margin-bottom: 10%;
+          max-width: 80px;
+        }
+        
+        #mandateLogin {
+          font-size: 1em;
+        }
+        
+        #bku_header h2 {
+          font-size: 1.1em;
+          margin-top: -0.55em;
+          padding-top: 0.55em;
+        } 
+      }
+      
+      @media screen and (max-width: 649px) and (min-width: 400px) {
+        #localBKU p {
+          font-size: 0.9em;
+        } 
+       .browserInfoButton{
+         color: rgb(128, 128, 128); 
+        } 
+        #localBKU input {
+          font-size: 0.8em;
+          min-width: 70px;
+      /*     max-width: 80px;       */
+     /*     border-radius: 6px;          */
+        }
+        
+        #bkuselectionarea input[type=button] {
+          font-size: 1.0em;
+     /*      min-height: 1.3em;
+         border-radius: 10px;         */
+          margin-bottom: 10%;
+          max-width: 85px;
+        }
+        
+        #mandateLogin {
+          font-size: 1.2em;
+        }
+        
+        #bku_header h2 {
+          font-size: 1.3em;
+          margin-top: -0.65em;
+          padding-top: 0.65em;
+        } 
+      }
+
+
+			
+			@media screen and (max-width: 649px) {
+				
+        body {
+					margin:0;
+					padding:0;
+					color : #000;
+			  	text-align: center;
+          font-size: 100%;
+			  	background-color: $MAIN_BACKGOUNDCOLOR;
+				}
+        		.browserInfoButton{
+                    color: rgb(128, 128, 128); 
+                }		
+			  #page {
+			     visibility: hidden;
+			     margin-top: 0%;
+			  }
+			  
+			  #page1 {
+			    visibility: hidden;
+			  }
+			  
+			  #main {
+			    visibility: hidden;
+			  }
+        
+        #validation {
+          visibility: hidden;
+          display: none;
+        }
+			  
+			  .OA_header {
+			    margin-bottom: 0px;
+			    margin-top: 0px;
+			    font-size: 0pt;
+			    visibility: hidden;
+			  }
+			
+			  #leftcontent {
+			    visibility: visible;
+			    margin-bottom: 0px;
+			    text-align: left;
+			    border:none;
+          vertical-align: middle;
+          min-height: 173px;
+          min-width: 204px;
+          
+			  }
+			  
+        #bku_header {
+          height: 10%;
+          min-height: 1.2em;
+          margin-top: 1%;
+        }
+        
+        h2#tabheader{
+          padding-left: 2%;
+          padding-right: 2%;
+          position: relative;
+          top: 50%;
+			  }
+        
+        #stork h2 {
+          font-size: 0.9em;
+          margin-bottom: 2%;
+        }
+        
+       	#bkulogin {	
+          min-width: 190px;
+          min-height: 155px;	
+			 }
+        
+			 .setAssertionButton_full {
+			     	background: #efefef;
+				    cursor: pointer;
+				    margin-top: 15px;
+			      width: 70px;
+			      height: 25px;
+			 }
+       
+        input[type=button] {
+/*          height: 11%;  */
+          width: 70%;
+        }
+			}
+			      
+			* {
+				margin: 0;
+				padding: 0;
+				#if($FONTTYPE)
+        	font-family: $FONTTYPE;
+        #end
+			}
+							      			
+			#selectArea {
+				padding-top: 10px;
+				padding-bottom: 55px;
+				padding-left: 10px;
+			}
+			
+			.setAssertionButton {
+				background: #efefef;
+				cursor: pointer;
+				margin-top: 15px;
+			  width: 70px;
+			  height: 25px;
+			}
+			
+			#leftbutton  {
+				width: 35%; 
+				float:left; 
+				margin-left: 15px;
+			}
+			
+			#rightbutton {
+				width: 35%; 
+				float:right; 
+				margin-right: 25px; 
+				text-align: right;
+			}
+			
+			#stork {
+			    /*margin-bottom: 10px;*/
+			   /* margin-top: 5px; */
+			}
+      			
+      #mandateLogin {
+        padding-bottom: 4%;
+        padding-top: 4%;
+        height: 10%;
+        position: relative;
+        text-align: center;
+			}
+      
+      .verticalcenter {
+        vertical-align: middle;
+      }
+      
+      #mandateLogin div {
+        clear: both;
+        margin-top: -1%;
+        position: relative;
+        top: 50%;
+      }
+      
+      #bkuselectionarea {
+          position: relative;
+          display: block;
+      }
+      
+      #localBKU {
+        padding-bottom: 4%;
+        /*padding-top: 4%;*/
+        position: relative;
+        clear: both;     
+        text-align: center;
+			}
+          			
+			#bkukarte {
+				float:left;
+				text-align:center;
+				width:40%;
+        min-height: 70px;
+        padding-left: 5%;
+        padding-top: 2%;
+			}
+			
+			#bkuhandy {
+				float:right;
+				text-align:center;
+				width:40%;
+        min-height: 90px;
+        padding-right: 5%;
+        padding-top: 2%;
+			}
+			
+      .bkuimage {
+        width: 90%;
+        height: auto;
+      }
+      
+			#mandate{
+				text-align:center;
+				padding : 5px 5px 5px 5px;
+			}
+      
+/*		input[type=button], .sendButton {
+				background: $BUTTON_BACKGROUNDCOLOR;
+        color: $BUTTON_COLOR;
+/*				border:1px solid #000;  */
+/*				cursor: pointer;
+/*        box-shadow: 3px 3px 3px #222222;  */
+/*			}
+			
+/*      button:hover, button:focus, button:active, 
+      .sendButton:hover , .sendButton:focus, .sendButton:active,
+      #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
+				background: $BUTTON_BACKGROUNDCOLOR_FOCUS;
+        color: $BUTTON_COLOR;
+/*				border:1px solid #000;                */
+/*				cursor: pointer;
+/*        box-shadow: -1px -1px 3px #222222;  */
+/*			}
+      
+*/      
+			input {
+				/*border:1px solid #000;*/
+				cursor: pointer;
+			}
+      
+      #localBKU input {
+/*        color: $BUTTON_COLOR;  */
+        /*border: 0px;*/
+        display: inline-block;
+        
+      }
+			
+      #localBKU input:hover, #localBKU input:focus, #localBKU input:active {
+        /*text-decoration: underline;*/
+      }
+      
+			#installJava, #BrowserNOK {
+				clear:both;
+				font-size:0.8em;
+				padding:4px;
+			}
+						
+			.selectText{
+			
+			}
+			
+			.selectTextHeader{
+			
+			}
+			
+			.sendButton {
+        width: 30%;
+        margin-bottom: 1%;	
+			}
+			
+			#leftcontent a {
+				text-decoration:none; 
+				color: #000;
+			/*	display:block;*/
+				padding:4px;	
+			}
+			
+			#leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
+				text-decoration:underline;
+				color: #000;	
+			}
+						
+			.infobutton {
+				background-color: #005a00;
+				color: white;
+				font-family: serif;
+				text-decoration: none;
+				padding-top: 2px;
+				padding-right: 4px;
+				padding-bottom: 2px;
+				padding-left: 4px;
+				font-weight: bold;
+			}
+			
+			.hell {
+				background-color : $MAIN_BACKGOUNDCOLOR;
+        color: $MAIN_COLOR;	
+			}
+			
+			.dunkel {
+				background-color: $HEADER_BACKGROUNDCOLOR;
+        color: $HEADER_COLOR;
+			}
+			      
+			.main_header {
+			   color: black;
+			    font-size: 32pt;
+			    position: absolute;
+			    right: 10%;
+			    top: 40px;
+				
+			}
+      
+      #ssoSessionTransferBlock {
+        font-size: 0.8em;
+        margin-left: 5px;
+        margin-bottom: 5px;
+      }
+      
+      #alert_area {
+        width: 500px;
+        padding-left: 80px;
+      }
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/error_message.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/error_message.html
new file mode 100644
index 000000000..4fd4d63cd
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/error_message.html
@@ -0,0 +1,37 @@
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+<head>
+  <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+  <link rel="stylesheet" href="$contextPath/css/buildCSS" />
+  
+  <title>An error arise ...  </title>
+</head>
+
+	<body>
+  <div id="page">
+		<div id="page1" class="case selected-case" role="main">
+			<h2 class="OA_header" role="heading">Authentication error arise</h2>
+			<!--div id="main"-->
+				<!--div id="leftcontent" class="hell" role="application"-->
+          
+          
+          
+	        <div id="alert_area" class="hell" role="application" >
+            <p>The authentication stops on account of a process error:</p>
+            <br/>
+		        <p><b>Error    Code:</b> $errorCode</p> 
+		        <p><b>Error Message:</b >$errorMsg</p>
+	        </div>	
+
+
+	        #if($stacktrace)
+	         <div>
+		        <p><b>Stacktrace:</b> $stacktrace</p> 
+	         </div>	
+	        #end
+          
+				<!--/div--->
+			<!--/div-->
+		</div>
+	</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/javascript_tempalte.js b/id/server/data/deploy/conf/moa-id/htmlTemplates/javascript_tempalte.js
new file mode 100644
index 000000000..e4e05bace
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/javascript_tempalte.js
@@ -0,0 +1,200 @@
+function isIE() {
+			return (/MSIE (\d+\.\d+);/.test(navigator.userAgent));
+		}
+		function isFullscreen() {
+			try {
+				return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height));
+			} catch (e) {
+				return false;
+			}
+		}
+		function isActivexEnabled() {
+			var supported = null;
+			try {
+				supported = !!new ActiveXObject("htmlfile");
+			} catch (e) {
+				supported = false;
+			}
+			return supported;
+		}
+		function isMetro() {
+			if (!isIE())
+				return false;
+			return !isActivexEnabled() && isFullscreen();
+		}
+		window.onload=function() {
+			document.getElementById("localBKU").style.display="block";
+			return;
+		}
+    function bkuLocalClicked() {
+       setMandateSelection();
+    }
+    
+		function bkuOnlineClicked() {
+			if (isMetro())
+				document.getElementById("metroDetected").style.display="block";
+			document.getElementById("localBKU").style.display="block";
+/* 			if (checkMandateSSO())
+				return; */
+			
+			setMandateSelection();
+/* 			setSSOSelection(); */
+						
+			var iFrameURL = "$contextPath$submitEndpoint" + "?";
+			iFrameURL += "&pendingid=" + "$pendingReqID";
+			
+			iFrameURL += "bkuURI=" + "$bkuOnline";
+			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
+
+			generateIFrame(iFrameURL);
+		}
+		function bkuHandyClicked() {
+			document.getElementById("localBKU").style.display="none";
+/* 			if (checkMandateSSO())
+				return; */
+			
+			setMandateSelection();
+/* 			setSSOSelection(); */
+			
+			var iFrameURL = "$contextPath$submitEndpoint" + "?";
+			iFrameURL += "&pendingid=" + "$pendingReqID";
+			
+			iFrameURL += "bkuURI=" + "$bkuHandy";
+			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
+			
+			generateIFrame(iFrameURL);
+		}
+		function storkClicked() {
+			document.getElementById("localBKU").style.display="none"; 
+/* 			if (checkMandateSSO())
+				return; */
+			
+			setMandateSelection();
+/* 			setSSOSelection(); */
+			
+			var ccc = "AT";
+			var countrySelection = document.getElementById("cccSelection");
+			if (countrySelection !=  null) {
+				ccc = document.getElementById("cccSelection").value;
+			}
+			var iFrameURL = "$contextPath$submitEndpoint" + "?";			
+			iFrameURL += "&pendingid=" + "$pendingReqID";
+			
+			#if($bkuOnline)
+				iFrameURL += "bkuURI=" + "$bkuOnline";
+			#end
+			
+			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
+			iFrameURL += "&CCC=" + ccc;
+						
+			generateIFrame(iFrameURL);
+		}
+		function generateIFrame(iFrameURL) {
+			var el = document.getElementById("bkulogin");
+      var width = el.clientWidth;
+      var heigth = el.clientHeight - 20;
+			var parent = el.parentNode;
+            
+      iFrameURL += "&heigth=" + heigth;
+      iFrameURL += "&width=" + width;
+      
+			var iframe = document.createElement("iframe");
+			iframe.setAttribute("src", iFrameURL);
+			iframe.setAttribute("width", el.clientWidth - 1);
+			iframe.setAttribute("height", el.clientHeight - 1);
+			iframe.setAttribute("frameborder", "0");
+			iframe.setAttribute("scrolling", "no");
+			iframe.setAttribute("title", "Login");
+			parent.replaceChild(iframe, el);
+		}
+		function setMandateSelection() {
+			document.getElementById("useMandate").value = "false";
+			var checkbox = document.getElementById("mandateCheckBox");
+			if (checkbox !=  null) {
+				if (document.getElementById("mandateCheckBox").checked) {
+					document.getElementById("useMandate").value = "true";
+				}
+			}
+		}
+		function onChangeChecks() {
+      if (self.innerWidth < 650) {
+         document.getElementById("moaidform").setAttribute("target","_parent");
+      } else {
+         document.getElementById("moaidform").removeAttribute("target");
+      }
+      
+    }
+    
+     function checkIfBrowserSupportsJava(){
+        console.log("Browser is Chrome: "+checkIfBrowserIsChrome());
+        console.log("Browser is Safari: "+checkIfBrowserIsSafari());
+        console.log("Browser is Edge: "+checkIfBrowserIsEdge());
+        
+        var cnt = 0;
+        
+        if(checkIfBrowserIsChrome())cnt++;
+        if(checkIfBrowserIsEdge())cnt++;
+        if(checkIfBrowserIsSafari())cnt++;
+           
+        if(cnt==0 || cnt>1)//cnt>1 means perhaps wrong detection
+            return true;
+        
+        var image = document.getElementById("bkuimage");
+        var srcatt = image.getAttribute("src");
+        var last = srcatt.substring(srcatt.lastIndexOf('/')+1);
+        srcatt = srcatt.replace(last,'online-bku-deactivated.png');    
+        image.setAttribute("src",srcatt);
+         
+         
+        var button = document.getElementsByName("bkuButtonOnline")[0];               
+        button.setAttribute("class","browserInfoButton");
+        button.setAttribute("title","Java wird nicht unterstützt, klicken für mehr Informationen.");
+        button.setAttribute("onClick","alert('Java wird von Ihrem Browser nicht unterstützt, ist jedoch für den Betrieb der Online Bürgerkartenumgebung notwendig.\\nWollen Sie dennoch die Online Bürgerkartenumgebung verwenden, wird zur Zeit Java noch von Firefox und MS Internet Explorer unterstützt. \\nAlternativ koennen Sie auch eine lokale Bürgerkartenumgebung verwenden, verfügbar unter www.buergerkarte.at.');");
+         
+        return false;
+   
+    }
+    function checkIfBrowserIsChrome(){
+        var chrome_defined = !!window.chrome;//chrome object defined
+        var webstore_defined = false;
+        if(window.chrome){
+            webstore_defined = !!window.chrome.webstore;
+           }
+        return chrome_defined && webstore_defined;
+    }
+    function checkIfBrowserIsEdge(){//edge also defines the chrome object, but not the webapp
+        var chrome_defined = !!window.chrome;//chrome object defined
+        var webstore_defined = true;
+        if(window.chrome){
+            webstore_defined = !!window.chrome.webstore;
+           }
+        return chrome_defined && !webstore_defined;
+    }
+    function checkIfBrowserIsSafari(){
+        var cond1 = Object.prototype.toString.call(window.HTMLElement).indexOf('Constructor') > 0;
+        return cond1;
+    }
+/* 		function setSSOSelection() {
+			document.getElementById("useSSO").value = "false";
+			var checkbox = document.getElementById("SSOCheckBox");
+			if (checkbox !=  null) {
+				if (document.getElementById("SSOCheckBox").checked) {
+					document.getElementById("useSSO").value = "true";
+				}
+			}
+		} */
+		
+/* 		function checkMandateSSO() {
+			var sso = document.getElementById("SSOCheckBox");
+			var mandate = document.getElementById("mandateCheckBox");
+			
+			
+			if (sso.checked && mandate.checked) {
+				alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!")
+				mandate.checked = false;
+				sso.checked = false;
+				return true;
+			} else {
+				return false;
+			}
+		} */
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
index af133525e..02b86472b 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
@@ -4,847 +4,29 @@
 <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
 
    <!-- MOA-ID 2.x BKUSelection Layout CSS -->               
-    <style type="text/css">
-			@media screen and (min-width: 650px) {
-			
-				body {
-					margin:0;
-					padding:0;
-					color : #000;
-					background-color : #fff;
-			  	text-align: center;
-			  	background-color: #6B7B8B;
-				}
-                
-                .browserInfoButton{
-         color: rgb(128, 128, 128); 
-        }
-				
-        #localBKU p {
-          font-size: 0.7em;
-        } 
-        
-        #localBKU input{
-          font-size: 0.85em;
-          /*border-radius: 5px;*/
-        }
-        
-         #bkuselectionarea input[type=button] {
-          font-size: 0.85em;
-          /*border-radius: 7px;*/
-          margin-bottom: 25px;
-          min-width: 80px;
-         }
-        
-        #mandateLogin {
-          font-size: 0.85em;
-        }
-        
-        #bku_header h2 {
-          font-size: 0.8em;
-        } 
-        
-        
-			  #page {
-			    display: block;
-			    border: 2px solid rgb(0,0,0);
-			    width: 650px;
-			    height: 460px;
-			    margin: 0 auto;
-			    margin-top: 5%;
-			    position: relative;
-			    border-radius: 25px;
-			    background: rgb(255,255,255);
-			  }
-			  
-			  #page1 {
-			    text-align: center;
-			  }
-			  
-			  #main {
-			    /*	clear:both; */
-				  position:relative;
-			    margin: 0 auto;
-			    width: 250px;
-			    text-align: center;
-			  }
-			  
-			  .OA_header {
-			/*	  background-color: white;*/
-			    font-size: 20pt;
-			    margin-bottom: 25px;
-			    margin-top: 25px;
-			  }
-			
-			  #leftcontent {
-			    /*float:left; */
-				  width:250px;
-				  margin-bottom: 25px;
-			    text-align: left;
-			    border: 1px solid rgb(0,0,0);
-			  }
-			  			  
-			  #selectArea {
-				 font-size: 15px;
-				 padding-bottom: 65px;
-			  }
-			
-			  #leftcontent {
-				 width: 300px;
-				 margin-top: 30px;
-			  }
-			
-        #bku_header {
-          height: 5%;
-          padding-bottom: 3px;
-          padding-top: 3px;
-        }
-      
-        #bkulogin {
-				  overflow:hidden;	
-          min-width: 190px;
-          min-height: 180px;
-          /*height: 260px;*/	
-			  }
-      
-        h2#tabheader{
-				  font-size: 1.1em; 
-          padding-left: 2%;
-          padding-right: 2%;
-          position: relative;
-			  }
-      	
-        #stork h2 {
-          font-size: 1.0em;
-          margin-bottom: 2%;
-        }
-        		  
-			  .setAssertionButton_full {
-			  	background: #efefef;
-				  cursor: pointer;
-				  margin-top: 15px;
-			    width: 100px;
-			    height: 30px
-			  }
-			
-			  #leftbutton  {
-				 width: 30%; 
-				 float:left; 
-				 margin-left: 40px;
-			  }
-			
-			  #rightbutton {
-				 width: 30%; 
-				 float:right; 
-				 margin-right: 45px; 
-				 text-align: right;
-			  }
-        
-        button {
-          height: 25px;
-          width: 75px;
-          margin-bottom: 10px;
-        }
-        
-        
-        
-       #validation {
-        position: absolute;
-        bottom: 0px;
-        margin-left: 270px;
-        padding-bottom: 10px;
-      }
-			
-			}
-
-      @media screen and (max-width: 205px) {
-        #localBKU p {
-          font-size: 0.6em;
-        }
-       .browserInfoButton{
-         color: rgb(128, 128, 128); 
-        }
-        
-        #localBKU input {
-          font-size: 0.6em;
-          min-width: 60px;
-         /* max-width: 65px; */
-          min-height: 1.0em;
-         /* border-radius: 5px; */
-        }
-        
-        #bkuselectionarea input[type=button] {
-          font-size: 0.7em;
-          min-width: 55px;
-          /*min-height: 1.1em;
-          border-radius: 5px;*/
-          margin-bottom: 2%
-        }
-        
-        #mandateLogin {
-          font-size: 0.65em;
-        }
-        
-        #bku_header h2 {
-          font-size: 0.8em;
-          margin-top: -0.4em;
-          padding-top: 0.4em;
-        }
-        
-        #bkulogin {
-        min-height: 150px;
-        } 
-      }
-
-      @media screen and (max-width: 249px) and (min-width: 206px) {
-        #localBKU p {
-          font-size: 0.7em;
-        } 
-        .browserInfoButton{
-         color: rgb(128, 128, 128); 
-        }
-        
-        #localBKU input {
-          font-size: 0.7em;
-          min-width: 70px;
-       /*    max-width: 75px;    */
-          min-height: 0.95em;
-        /*  border-radius: 6px;    */
-        }
-        
-        #bkuselectionarea input[type=button] {
-          font-size: 0.75em;
-          min-width: 60px;
-      /*    min-height: 0.95em;
-          border-radius: 6px;    */
-          margin-bottom: 5%
-        }
-        
-        #mandateLogin {
-          font-size: 0.75em;
-        }
-        
-        #bku_header h2 {
-          font-size: 0.9em;
-          margin-top: -0.45em;
-          padding-top: 0.45em;
-        }
-        
-        #bkulogin {
-          min-height: 180px;
-        }  
-      }
-
-      @media screen and (max-width: 299px) and (min-width: 250px) {
-        #localBKU p {
-          font-size: 0.9em;
-        } 
-        .browserInfoButton{
-         color: rgb(128, 128, 128); 
-        }
-        
-        #localBKU input {
-          font-size: 0.8em;
-          min-width: 70px;
-       /*    max-width: 75px;      */
-      /*    border-radius: 6px;  */
-        }
-        
-        #bkuselectionarea input[type=button] {
-          font-size: 0.85em;
-     /*     min-height: 1.05em;
-          border-radius: 7px;        */
-          margin-bottom: 10%;
-        }
-        
-        #mandateLogin {
-          font-size: 1em;
-        }
-        
-        #bku_header h2 {
-          font-size: 1.0em;
-          margin-top: -0.50em;
-          padding-top: 0.50em;
-        } 
-      }
-
-      @media screen and (max-width: 399px) and (min-width: 300px) {
-        #localBKU p {
-          font-size: 0.9em;
-        } 
-        .browserInfoButton{
-         color: rgb(128, 128, 128); 
-        }
-        #localBKU input {
-          font-size: 0.8em;
-          min-width: 70px;
-      /*     max-width: 75px;     */
-      /*    border-radius: 6px;       */
-        }
-        
-        #bkuselectionarea input[type=button] {
-          font-size: 0.9em;
-   /*       min-height: 1.2em;
-          border-radius: 8px;          */
-          margin-bottom: 10%;
-          max-width: 80px;
-        }
-        
-        #mandateLogin {
-          font-size: 1em;
-        }
-        
-        #bku_header h2 {
-          font-size: 1.1em;
-          margin-top: -0.55em;
-          padding-top: 0.55em;
-        } 
-      }
-      
-      @media screen and (max-width: 649px) and (min-width: 400px) {
-        #localBKU p {
-          font-size: 0.9em;
-        } 
-       .browserInfoButton{
-         color: rgb(128, 128, 128); 
-        } 
-        #localBKU input {
-          font-size: 0.8em;
-          min-width: 70px;
-      /*     max-width: 80px;       */
-     /*     border-radius: 6px;          */
-        }
-        
-        #bkuselectionarea input[type=button] {
-          font-size: 1.0em;
-     /*      min-height: 1.3em;
-         border-radius: 10px;         */
-          margin-bottom: 10%;
-          max-width: 85px;
-        }
-        
-        #mandateLogin {
-          font-size: 1.2em;
-        }
-        
-        #bku_header h2 {
-          font-size: 1.3em;
-          margin-top: -0.65em;
-          padding-top: 0.65em;
-        } 
-      }
-
-
-			
-			@media screen and (max-width: 649px) {
-				
-        body {
-					margin:0;
-					padding:0;
-					color : #000;
-			  	text-align: center;
-          font-size: 100%;
-			  	background-color: #MAIN_BACKGOUNDCOLOR#;
-				}
-        		.browserInfoButton{
-                    color: rgb(128, 128, 128); 
-                }		
-			  #page {
-			     visibility: hidden;
-			     margin-top: 0%;
-			  }
-			  
-			  #page1 {
-			    visibility: hidden;
-			  }
-			  
-			  #main {
-			    visibility: hidden;
-			  }
-        
-        #validation {
-          visibility: hidden;
-          display: none;
-        }
-			  
-			  .OA_header {
-			    margin-bottom: 0px;
-			    margin-top: 0px;
-			    font-size: 0pt;
-			    visibility: hidden;
-			  }
-			
-			  #leftcontent {
-			    visibility: visible;
-			    margin-bottom: 0px;
-			    text-align: left;
-			    border:none;
-          vertical-align: middle;
-          min-height: 173px;
-          min-width: 204px;
-          
-			  }
-			  
-        #bku_header {
-          height: 10%;
-          min-height: 1.2em;
-          margin-top: 1%;
-        }
-        
-        h2#tabheader{
-          padding-left: 2%;
-          padding-right: 2%;
-          position: relative;
-          top: 50%;
-			  }
-        
-        #stork h2 {
-          font-size: 0.9em;
-          margin-bottom: 2%;
-        }
-        
-       	#bkulogin {	
-          min-width: 190px;
-          min-height: 170px;	
-			 }
-        
-			 .setAssertionButton_full {
-			     	background: #efefef;
-				    cursor: pointer;
-				    margin-top: 15px;
-			      width: 70px;
-			      height: 25px;
-			 }
-       
-        input[type=button] {
-/*          height: 11%;  */
-          width: 70%;
-        }
-			}
-			      
-			* {
-				margin: 0;
-				padding: 0;
-        font-family: #FONTTYPE#;
-			}
-							      			
-			#selectArea {
-				padding-top: 10px;
-				padding-bottom: 55px;
-				padding-left: 10px;
-			}
-			
-			.setAssertionButton {
-				background: #efefef;
-				cursor: pointer;
-				margin-top: 15px;
-			  width: 70px;
-			  height: 25px;
-			}
-			
-			#leftbutton  {
-				width: 35%; 
-				float:left; 
-				margin-left: 15px;
-			}
-			
-			#rightbutton {
-				width: 35%; 
-				float:right; 
-				margin-right: 25px; 
-				text-align: right;
-			}
-			
-			#stork {
-			    /*margin-bottom: 10px;*/
-			   /* margin-top: 5px; */
-			}
-      			
-      #mandateLogin {
-        padding-bottom: 4%;
-        padding-top: 4%;
-        height: 10%;
-        position: relative;
-        text-align: center;
-			}
-      
-      .verticalcenter {
-        vertical-align: middle;
-      }
-      
-      #mandateLogin div {
-        clear: both;
-        margin-top: -1%;
-        position: relative;
-        top: 50%;
-      }
-      
-      #bkuselectionarea {
-          position: relative;
-          display: block;
-      }
-      
-      #localBKU {
-        padding-bottom: 4%;
-        /*padding-top: 4%;*/
-        position: relative;
-        clear: both;     
-        text-align: center;
-			}
-          			
-			#bkukarte {
-				float:left;
-				text-align:center;
-				width:40%;
-        min-height: 70px;
-        padding-left: 5%;
-        padding-top: 2%;
-			}
-			
-			#bkuhandy {
-				float:right;
-				text-align:center;
-				width:40%;
-        min-height: 90px;
-        padding-right: 5%;
-        padding-top: 2%;
-			}
-			
-      .bkuimage {
-        width: 90%;
-        height: auto;
-      }
-      
-			#mandate{
-				text-align:center;
-				padding : 5px 5px 5px 5px;
-			}
-      
-/*		input[type=button], .sendButton {
-				background: #BUTTON_BACKGROUNDCOLOR#;
-        color: #BUTTON_COLOR#;
-/*				border:1px solid #000;  */
-/*				cursor: pointer;
-/*        box-shadow: 3px 3px 3px #222222;  */
-/*			}
-			
-/*      button:hover, button:focus, button:active, 
-      .sendButton:hover , .sendButton:focus, .sendButton:active,
-      #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
-				background: #BUTTON_BACKGROUNDCOLOR_FOCUS#;
-        color: #BUTTON_COLOR#;
-/*				border:1px solid #000;                */
-/*				cursor: pointer;
-/*        box-shadow: -1px -1px 3px #222222;  */
-/*			}
-      
-*/      
-			input {
-				/*border:1px solid #000;*/
-				cursor: pointer;
-			}
-      
-      #localBKU input {
-/*        color: #BUTTON_COLOR#;  */
-        /*border: 0px;*/
-        display: inline-block;
-        
-      }
-			
-      #localBKU input:hover, #localBKU input:focus, #localBKU input:active {
-        /*text-decoration: underline;*/
-      }
-      
-			#installJava, #BrowserNOK {
-				clear:both;
-				font-size:0.8em;
-				padding:4px;
-			}
-						
-			.selectText{
-			
-			}
-			
-			.selectTextHeader{
-			
-			}
-			
-			.sendButton {
-        width: 30%;
-        margin-bottom: 1%;	
-			}
-			
-			#leftcontent a {
-				text-decoration:none; 
-				color: #000;
-			/*	display:block;*/
-				padding:4px;	
-			}
-			
-			#leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
-				text-decoration:underline;
-				color: #000;	
-			}
-						
-			.infobutton {
-				background-color: #005a00;
-				color: white;
-				font-family: serif;
-				text-decoration: none;
-				padding-top: 2px;
-				padding-right: 4px;
-				padding-bottom: 2px;
-				padding-left: 4px;
-				font-weight: bold;
-			}
-			
-			.hell {
-				background-color : #MAIN_BACKGOUNDCOLOR#;
-        color: #MAIN_COLOR#;	
-			}
-			
-			.dunkel {
-				background-color: #HEADER_BACKGROUNDCOLOR#;
-        color: #HEADER_COLOR#;
-			}
-			      
-			.main_header {
-			   color: black;
-			    font-size: 32pt;
-			    position: absolute;
-			    right: 10%;
-			    top: 40px;
-				
-			}
-      
-      #ssoSessionTransferBlock {
-        font-size: 0.8em;
-        margin-left: 5px;
-        margin-bottom: 5px;
-      }
-      			                        
-    </style>       
-<!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
-<script type="text/javascript">
-		function isIE() {
-			return (/MSIE (\d+\.\d+);/.test(navigator.userAgent));
-		}
-		function isFullscreen() {
-			try {
-				return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height));
-			} catch (e) {
-				return false;
-			}
-		}
-		function isActivexEnabled() {
-			var supported = null;
-			try {
-				supported = !!new ActiveXObject("htmlfile");
-			} catch (e) {
-				supported = false;
-			}
-			return supported;
-		}
-		function isMetro() {
-			if (!isIE())
-				return false;
-			return !isActivexEnabled() && isFullscreen();
-		}
-		window.onload=function() {
-			document.getElementById("localBKU").style.display="block";
-			return;
-		}
-    function bkuLocalClicked() {
-       setMandateSelection();
-    }
-    
-		function bkuOnlineClicked() {
-			if (isMetro())
-				document.getElementById("metroDetected").style.display="block";
-			document.getElementById("localBKU").style.display="block";
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-						
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#ONLINE#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-/* 			iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-			iFrameURL += "&pendingid=" + "#SESSIONID#";
-			generateIFrame(iFrameURL);
-		}
-		function bkuHandyClicked() {
-			document.getElementById("localBKU").style.display="none";
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-			
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#HANDY#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-/* 			iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-			iFrameURL += "&pendingid=" + "#SESSIONID#";
-			generateIFrame(iFrameURL);
-		}
-		function storkClicked() {
-			document.getElementById("localBKU").style.display="none"; 
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-			
-			var ccc = "AT";
-			var countrySelection = document.getElementById("cccSelection");
-			if (countrySelection !=  null) {
-				ccc = document.getElementById("cccSelection").value;
-			}
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#ONLINE#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-			iFrameURL += "&CCC=" + ccc;
-/* 			iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-			iFrameURL += "&pendingid=" + "#SESSIONID#";
-			generateIFrame(iFrameURL);
-		}
-		function generateIFrame(iFrameURL) {
-			var el = document.getElementById("bkulogin");
-      var width = el.clientWidth;
-      var heigth = el.clientHeight - 20;
-			var parent = el.parentNode;
-            
-      iFrameURL += "&heigth=" + heigth;
-      iFrameURL += "&width=" + width;
-      
-			var iframe = document.createElement("iframe");
-			iframe.setAttribute("src", iFrameURL);
-			iframe.setAttribute("width", el.clientWidth - 1);
-			iframe.setAttribute("height", el.clientHeight - 1);
-			iframe.setAttribute("frameborder", "0");
-			iframe.setAttribute("scrolling", "no");
-			iframe.setAttribute("title", "Login");
-			parent.replaceChild(iframe, el);
-		}
-		function setMandateSelection() {
-			document.getElementById("moaidform").action = "#AUTH_URL#";
-			document.getElementById("useMandate").value = "false";
-			var checkbox = document.getElementById("mandateCheckBox");
-			if (checkbox !=  null) {
-				if (document.getElementById("mandateCheckBox").checked) {
-					document.getElementById("useMandate").value = "true";
-				}
-			}
-		}
-		function onChangeChecks() {
-      if (self.innerWidth < 650) {
-         document.getElementById("moaidform").setAttribute("target","_parent");
-      } else {
-         document.getElementById("moaidform").removeAttribute("target");
-      }
-      
-    }
-    
-     function checkIfBrowserSupportsJava(){
-        console.log("Browser is Chrome: "+checkIfBrowserIsChrome());
-        console.log("Browser is Safari: "+checkIfBrowserIsSafari());
-        console.log("Browser is Edge: "+checkIfBrowserIsEdge());
-        
-        var cnt = 0;
-        
-        if(checkIfBrowserIsChrome())cnt++;
-        if(checkIfBrowserIsEdge())cnt++;
-        if(checkIfBrowserIsSafari())cnt++;
-           
-        if(cnt==0 || cnt>1)//cnt>1 means perhaps wrong detection
-            return true;
-        
-        var image = document.getElementById("bkuimage");
-        var srcatt = image.getAttribute("src");
-        var last = srcatt.substring(srcatt.lastIndexOf('/')+1);
-        srcatt = srcatt.replace(last,'online-bku-deactivated.png');    
-        image.setAttribute("src",srcatt);
-         
-         
-        var button = document.getElementsByName("bkuButtonOnline")[0];               
-        button.setAttribute("class","browserInfoButton");
-        button.setAttribute("title","Java wird nicht unterstützt, klicken für mehr Informationen.");
-        button.setAttribute("onClick","alert('Java wird von Ihrem Browser nicht unterstützt, ist jedoch für den Betrieb der Online Bürgerkartenumgebung notwendig.\\nWollen Sie dennoch die Online Bürgerkartenumgebung verwenden, wird zur Zeit Java noch von Firefox und MS Internet Explorer unterstützt. \\nAlternativ koennen Sie auch eine lokale Bürgerkartenumgebung verwenden, verfügbar unter www.buergerkarte.at.');");
-         
-        return false;
+   <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=$pendingReqID" />
    
-    }
-    function checkIfBrowserIsChrome(){
-        var chrome_defined = !!window.chrome;//chrome object defined
-        var webstore_defined = false;
-        if(window.chrome){
-            webstore_defined = !!window.chrome.webstore;
-           }
-        return chrome_defined && webstore_defined;
-    }
-    function checkIfBrowserIsEdge(){//edge also defines the chrome object, but not the webapp
-        var chrome_defined = !!window.chrome;//chrome object defined
-        var webstore_defined = true;
-        if(window.chrome){
-            webstore_defined = !!window.chrome.webstore;
-           }
-        return chrome_defined && !webstore_defined;
-    }
-    function checkIfBrowserIsSafari(){
-        var cond1 = Object.prototype.toString.call(window.HTMLElement).indexOf('Constructor') > 0;
-        return cond1;
-    }
-/* 		function setSSOSelection() {
-			document.getElementById("useSSO").value = "false";
-			var checkbox = document.getElementById("SSOCheckBox");
-			if (checkbox !=  null) {
-				if (document.getElementById("SSOCheckBox").checked) {
-					document.getElementById("useSSO").value = "true";
-				}
-			}
-		} */
-		
-/* 		function checkMandateSSO() {
-			var sso = document.getElementById("SSOCheckBox");
-			var mandate = document.getElementById("mandateCheckBox");
-			
-			
-			if (sso.checked && mandate.checked) {
-				alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!")
-				mandate.checked = false;
-				sso.checked = false;
-				return true;
-			} else {
-				return false;
-			}
-		} */
-	</script>
+   <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
+   <script src="$contextPath/js/buildJS?pendingid=$pendingReqID"></script>
+   
+
 <title>Anmeldung mittels Bürgerkarte oder Handy-Signatur</title>
 </head>
 <body onload="onChangeChecks();checkIfBrowserSupportsJava();" onresize="onChangeChecks();">
 	<div id="page">
 		<div id="page1" class="case selected-case" role="main">
-			<h2 class="OA_header" role="heading">Anmeldung an: #OAName#</h2>
+			<h2 class="OA_header" role="heading">Anmeldung an: $OAName</h2>
 			<div id="main">
 				<div id="leftcontent" class="hell" role="application">
 					<div id="bku_header" class="dunkel">
-						<h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2>
+						<h2 id="tabheader" class="dunkel" role="heading">$HEADER_TEXT</h2>
 					</div>
 					<div id="bkulogin" class="hell" role="form">
-						<div id="mandateLogin" style="#MANDATEVISIBLE#">
+						<div id="mandateLogin" style="">
 							<div>
 								<input tabindex="1" type="checkbox" name="Mandate"
 									id="mandateCheckBox" class="verticalcenter" role="checkbox"
-									onClick='document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);'#MANDATECHECKED#>
+									onClick='document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);'$MANDATECHECKED>
 								<label for="mandateCheckBox" class="verticalcenter">in
 									Vertretung anmelden</label>
 								<!--a      href="info_mandates.html" 
@@ -855,43 +37,41 @@
 						</div>
 						<div id="bkuselectionarea">
 							<div id="bkukarte">
-								<img id="bkuimage" class="bkuimage" src="#CONTEXTPATH#/img/online-bku.png"
+								<img id="bkuimage" class="bkuimage" src="$contextPath/img/online-bku.png"
 									alt="OnlineBKU" /> <input name="bkuButtonOnline" type="button"
 									onClick="bkuOnlineClicked();" tabindex="2" role="button"
 									value="Karte" />
 							</div>
 							<div id="bkuhandy">
-								<img class="bkuimage" src="#CONTEXTPATH#/img/mobile-bku.png"
+								<img class="bkuimage" src="$contextPath/img/mobile-bku.png"
 									alt="HandyBKU" /> <input name="bkuButtonHandy" type="button"
 									onClick="bkuHandyClicked();" tabindex="3" role="button"
 									value="HANDY" />
 							</div>
 						</div>
 						<div id="localBKU">
-							<form method="get" id="moaidform" action="#AUTH_URL#"
+							<form method="get" id="moaidform" action="$contextPath$submitEndpoint"
 								class="verticalcenter" target="_parent">
-								<input type="hidden" name="bkuURI" value="#LOCAL#"> <input
-									type="hidden" name="useMandate" id="useMandate"> <input
-									type="hidden" name="SSO" id="useSSO"> <input
-									type="hidden" name="ccc" id="ccc"> <input type="hidden"
-									name="MODUL" value="#MODUL#"> <input type="hidden"
-									name="ACTION" value="#ACTION#"> <input type="hidden"
-									name="pendingid" value="#SESSIONID#"> 
-                  <input type="submit" value=" Lokale Bürgerkartenumgebung " tabindex="4"
-									role="button" onclick="setMandateSelection();">
+								<input type="hidden" name="bkuURI" value="$bkuLocal" />
+								<input type="hidden" name="useMandate" id="useMandate" /> 
+								<input type="hidden" name="SSO" id="useSSO" /> 
+								<input type="hidden" name="ccc" id="ccc" /> 
+								<input type="hidden" name="pendingid" value="$pendingReqID" /> 
+                <input type="submit" value=" Lokale Bürgerkartenumgebung " tabindex="4"
+									     role="button" onclick="setMandateSelection();">
                 </form>
               </div>
               
               <!-- Single Sign-On Session transfer functionality -->
               <!--div id="ssoSessionTransferBlock">
-                <a href="#AUTH_URL#?MOASessionID=#SESSIONID#&restoreSSOSession=true">>Restore SSO Session from Smartphone</a>
+                <a href="$contextPath$submitEndpoint?pendingid=$pendingReqID&restoreSSOSession=true">>Restore SSO Session from Smartphone</a>
               </div-->
               
-              <div id="stork" align="center" style="#STORKVISIBLE#">
+              <div id="stork" align="center" style="$STORKVISIBLE">
                 <h2 id="tabheader" class="dunkel">Home Country Selection</h2>
                 <p>
                   <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" >
-                    #PEPSLIST#
+                    $countryList
                   </select>
                   <button name="bkuButton" type="button" onClick="storkClicked();">Proceed</button>
                   <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a>
@@ -907,16 +87,6 @@
 				</div>
 			</div>
 		</div>
-		<!--div id="validation">
-			<a href="http://validator.w3.org/check?uri="> <img
-				style="border: 0; width: 88px; height: 31px"
-				src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
-			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
-				style="border: 0; width: 88px; height: 31px"
-				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
-				alt="CSS ist valide!" />
-			</a>
-		</div-->
 	</div>
 </body>
 </html>
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/redirectForm.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/redirectForm.html
new file mode 100644
index 000000000..ac3242c89
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/redirectForm.html
@@ -0,0 +1,13 @@
+<html>
+<head>
+<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+<script type="text/javascript">
+  </script>
+</head>
+
+
+<body onload="document.getElementById('link').click();">
+	<a href="$URL" target="$TARGET" id="link">CLICK to perform a
+		redirect back to Online Application</a>
+</body>
+</html>
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html
index 07d018a94..a9f0c4238 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html
@@ -3,556 +3,7 @@
 <head>
 	<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
     <!-- MOA-ID 2.x BKUSelection Layout CSS -->               
-    <style type="text/css">
-			@media screen and (min-width: 650px) {
-			
-				body {
-					margin:0;
-					padding:0;
-					color : #000;
-					background-color : #fff;
-			  	text-align: center;
-			  	background-color: #6B7B8B;
-				}
-				
-        #localBKU p {
-          font-size: 0.7em;
-        } 
-        
-        #localBKU input{
-          font-size: 0.7em;
-          border-radius: 5px;
-        }
-        
-         #bkuselectionarea button {
-          font-size: 0.85em;
-          border-radius: 7px;
-          margin-bottom: 25px;
-         }
-        
-        #mandateLogin {
-          font-size: 0.85em;
-        }
-        
-        #bku_header h2 {
-          font-size: 0.8em;
-        } 
-        
-        
-			  #page {
-			    display: block;
-			    border: 2px solid rgb(0,0,0);
-			    width: 650px;
-			    height: 440px;
-			    margin: 0 auto;
-			    margin-top: 5%;
-			    position: relative;
-			    border-radius: 25px;
-			    background: rgb(255,255,255);
-			  }
-			  
-			  #page1 {
-			    text-align: center;
-			  }
-			  
-			  #main {
-			    /*	clear:both; */
-				  position:relative;
-			    margin: 0 auto;
-			    width: 250px;
-			    text-align: center;
-			  }
-			  
-			  .OA_header {
-			/*	  background-color: white;*/
-			    font-size: 20pt;
-			    margin-bottom: 25px;
-			    margin-top: 25px;
-			  }
-			
-			  #leftcontent {
-        	width: 300px;
-				  margin-top: 30px;
-          padding-bottom: 15px;
-				  margin-bottom: 25px;
-			    text-align: left;
-			    border: 1px solid rgb(0,0,0);
-			  }
-			  			  
-			  #selectArea {
-				 font-size: 15px;
-				 padding-bottom: 65px;
-			  }
-			 
-        #selectArea h3 {
-          margin-bottom: 25px;
-        }
-      
-        #bku_header {
-          height: 5%;
-          padding-bottom: 3px;
-          padding-top: 3px;
-        }
-      
-        #bkulogin {
-				  overflow:hidden;	
-          min-width: 190px;
-          min-height: 180px;
-          /*height: 260px;*/	
-			  }
-      
-        h2#tabheader{
-				  font-size: 1.1em; 
-          padding-left: 2%;
-          padding-right: 2%;
-          position: relative;
-			  }
-      			  
-			  .setAssertionButton_full {
-				  margin-top: 15px;
-			    width: 100px;
-			    height: 30px;
-          font-size: 1.3em;
-          min-height: 1.3em;
-/*          border-radius: 10px;*/
-			  }
-			
-			  #leftbutton  {
-				 width: 30%; 
-				 float:left; 
-				 margin-left: 40px;
-			  }
-			
-			  #rightbutton {
-				 width: 30%; 
-				 float:right; 
-				 margin-right: 45px; 
-				 text-align: right;
-			  }
-        
-        button {
-          height: 25px;
-          width: 90px;
-          margin-bottom: 10px;
-        }
-        
-       #validation {
-        position: absolute;
-        bottom: 0px;
-        margin-left: 270px;
-        padding-bottom: 10px;
-      }
-			
-			}
-
-      @media screen and (max-width: 205px) {
-        #localBKU p {
-          font-size: 0.6em;
-        } 
-        
-        #localBKU input {
-          font-size: 0.7em;
-          min-width: 70px;
-          min-height: 1.2em;
-          border-radius: 5px;
-        }
-        
-        #bkuselectionarea button, .setAssertionButton_full {
-          font-size: 0.8em;
-          min-width: 65px;
-          min-height: 1.3em;
-  /*        border-radius: 5px;         */
-          margin-bottom: 2%
-        }
-        
-        #mandateLogin {
-          font-size: 0.65em;
-        }
-        
-        #bku_header h2, #selectArea h3 {
-          font-size: 0.8em;
-          margin-top: -0.4em;
-        } 
-      }
-
-      @media screen and (max-width: 249px) and (min-width: 206px) {
-        #localBKU p {
-          font-size: 0.7em;
-        } 
-        
-        #localBKU input {
-          font-size: 0.85em;
-          min-width: 80px;
-          min-height: 0.95em;
-          border-radius: 6px;
-        }
-        
-        #bkuselectionarea button, .setAssertionButton_full {
-          font-size: 0.85em;
-          min-width: 70px;
-          min-height: 0.95em;
-  /*        border-radius: 6px;        */
-          margin-bottom: 2%
-        }
-        
-        #mandateLogin {
-          font-size: 0.75em;
-        }
-        
-        #bku_header h2, #selectArea h3 {
-          font-size: 0.9em;
-          margin-top: -0.45em;
-        } 
-      }
-
-      @media screen and (max-width: 299px) and (min-width: 250px) {
-        #localBKU p {
-          font-size: 0.9em;
-        } 
-        
-        #localBKU input {
-          font-size: 0.9em;
-          min-width: 100px;
-          border-radius: 6px;
-        }
-        
-        #bkuselectionarea button, .setAssertionButton_full {
-          font-size: 1.0em;
-          min-height: 1.05em;
- /*         border-radius: 7px;          */
-          margin-bottom: 5%;
-        }
-        
-        #mandateLogin {
-          font-size: 1em;
-        }
-        
-        #bku_header h2, #selectArea h3 {
-          font-size: 1.0em;
-          margin-top: -0.50em;
-        } 
-      }
-
-      @media screen and (max-width: 399px) and (min-width: 300px) {
-        #localBKU p {
-          font-size: 0.9em;
-        } 
-        
-        #localBKU input {
-          font-size: 0.9em;
-          min-width: 100px;
-          border-radius: 6px;
-        }
-        
-        #bkuselectionarea button, .setAssertionButton_full {
-          font-size: 1.1em;
-          min-height: 1.2em;
-  /*        border-radius: 8px;     */
-          margin-bottom: 5%;
-        }
-        
-        #mandateLogin {
-          font-size: 1em;
-        }
-        
-        #bku_header h2, #selectArea h3 {
-          font-size: 1.1em;
-          margin-top: -0.55em;
-        } 
-      }
-      
-      @media screen and (max-width: 649px) and (min-width: 400px) {
-        #localBKU p {
-          font-size: 0.9em;
-        } 
-        
-        #localBKU input {
-          font-size: 0.9em;
-          min-width: 100px;
-          border-radius: 6px;
-        }
-        
-        #bkuselectionarea button, .setAssertionButton_full {
-          font-size: 1.3em;
-          min-height: 1.3em;
-/*          border-radius: 10px;  */
-          margin-bottom: 5%;
-        }
-        
-        #mandateLogin {
-          font-size: 1.2em;
-        }
-        
-        #bku_header h2, #selectArea h3 {
-          font-size: 1.3em;
-          margin-top: -0.65em;
-        } 
-      }
-
-
-			
-			@media screen and (max-width: 649px) {
-				
-        body {
-					margin:0;
-					padding:0;
-					color : #000;
-			  	text-align: center;
-          font-size: 100%;
-			  	background-color: #MAIN_BACKGOUNDCOLOR#;
-				}
-        				
-			  #page {
-			     visibility: hidden;
-			     margin-top: 0%;
-			  }
-			  
-			  #page1 {
-			    visibility: hidden;
-			  }
-			  
-			  #main {
-			    visibility: hidden;
-			  }
-        
-        #validation {
-          visibility: hidden;
-          display: none;
-        }
-			  
-			  .OA_header {
-			    margin-bottom: 0px;
-			    margin-top: 0px;
-			    font-size: 0pt;
-			    visibility: hidden;
-			  }
-			
-			  #leftcontent {
-			    visibility: visible;
-			    margin-bottom: 0px;
-			    text-align: left;
-			    border:none;
-          min-width: 190px;
-/*          min-height: 190px;  */
-          vertical-align: middle;
-          
-			  }
-			  
-        #bku_header {
-          height: 10%;
-          min-height: 1.2em;
-          margin-top: 1%;
-        }
-        
-        h2#tabheader{
-          padding-left: 2%;
-          padding-right: 2%;
-          padding-top: 1%;
-          position: relative;
-          top: 50%;
-			  }
-        
-       	#bkulogin {	
-          min-width: 190px;
-          min-height: 150px;	
-			 }
-        
-			 .setAssertionButton_full {
-				    margin-top: 15px;
-			      width: 70%;
-			      height: 11%;
-            min-width: 60px;
-            min-height: 25px;
-			 }
-       
-       #selectArea h3 {
-          margin-top: 2%;
-       }
-       
-        button {
-          height: 11%;
-          width: 70%;
-        }
-			}
-			      
-			* {
-				margin: 0;
-				padding: 0;
-/*				border: 0;  */
-        font-family: #FONTTYPE#;
-			}
-							      			
-			#selectArea {
-				padding-top: 10px;
-				padding-bottom: 55px;
-				padding-left: 10px;
-			}
-			
-			.setAssertionButton {
-				background: #efefef;
-				cursor: pointer;
-				margin-top: 15px;
-			  width: 70px;
-			  height: 25px;
-			}
-			
-			#leftbutton  {
-				width: 35%; 
-				float:left; 
-				margin-left: 15px;
-			}
-			
-			#rightbutton {
-				width: 35%; 
-				float:right; 
-				margin-right: 25px; 
-				text-align: right;
-			}
-			
-			#stork {
-			    margin-bottom: 10px;
-			    margin-top: 5px;
-			}
-			
-      #mandateLogin {
-        padding-bottom: 2%;
-        padding-top: 2%;
-        height: 10%;
-        position: relative;
-        text-align: center;
-			}
-      
-      .verticalcenter {
-        vertical-align: middle;
-      }
-      
-      #mandateLogin > div {
-        clear: both;
-        margin-top: -1%;
-        position: relative;
-        top: 50%;
-      }
-      
-      #bkuselectionarea {
-          position: relative;
-          display: block;
-      }
-      
-      #localBKU {
-        padding-left: 5%;
-        padding-right: 2%;
-        padding-bottom: 2%;
-        position: relative;
-        clear: both;        
-			}
-          			
-			#bkukarte {
-				float:left;
-				text-align:center;
-				width:40%;
-        min-height: 70px;
-        padding-left: 5%;
-        padding-top: 2%;
-			}
-			
-			#bkuhandy {
-				float:right;
-				text-align:center;
-				width:40%;
-        min-height: 90px;
-        padding-right: 5%;
-        padding-top: 2%;
-			}
-			
-      .bkuimage {
-        width: 90%;
-        height: auto;
-      }
-      
-			#mandate{
-				text-align:center;
-				padding : 5px 5px 5px 5px;
-			}
-			
-			button, .sendButton {
-/*				background: #BUTTON_BACKGROUNDCOLOR#;
-        color: #BUTTON_COLOR#;  */
-        cursor: pointer;
-        
-/*				border:1px solid #000;
-        box-shadow: 3px 3px 3px #222222; */
-			}
-			
-      button:hover, button:focus, button:active, 
-      .sendButton:hover , .sendButton:focus, .sendButton:active,
-      #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
-/*				background: #BUTTON_BACKGROUNDCOLOR_FOCUS#;
-        color: #BUTTON_COLOR#;  */        
-        cursor: pointer;
-        
-/*				border:1px solid #000;
-        box-shadow: -1px -1px 3px #222222;  */
-			}
-      			
-			#installJava, #BrowserNOK {
-				clear:both;
-				font-size:0.8em;
-				padding:4px;
-			}
-						
-			.selectText{
-			
-			}
-			
-			.selectTextHeader{
-			
-			}
-						
-			#leftcontent a {
-				text-decoration:none; 
-				color: #000;
-			/*	display:block;*/
-				padding:4px;	
-			}
-			
-			#leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
-				text-decoration:underline;
-				color: #000;	
-			}
-						
-			.infobutton {
-				background-color: #005a00;
-				color: white;
-				font-family: serif;
-				text-decoration: none;
-				padding-top: 2px;
-				padding-right: 4px;
-				padding-bottom: 2px;
-				padding-left: 4px;
-				font-weight: bold;
-			}
-			
-			.hell {
-				background-color : #MAIN_BACKGOUNDCOLOR#;
-        color: #MAIN_COLOR#;	
-			}
-			
-			.dunkel {
-				background-color: #HEADER_BACKGROUNDCOLOR#;
-        color: #HEADER_COLOR#;
-			}
-			      
-			.main_header {
-			   color: black;
-			    font-size: 32pt;
-			    position: absolute;
-			    right: 10%;
-			    top: 40px;
-				
-			}
-      			                        
-    </style>
-    
+    <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=#ID#" />
     
     <title>Anmeldung an Online-Applikation</title>   
 </head>
@@ -574,25 +25,21 @@
             </div>
 					
 						<div id="selectArea" class="hell" role="application">
-							<h3>Anmeldung an: #OAName#</h3>
+							<h3>Anmeldung an: $OAName</h3>
 					
 <!-- 						<div class="hell"> -->
 							<div id="leftbutton">
-									<form method="post" id="moaidform_yes" action="#URL#">
+									<form method="post" id="moaidform_yes" action="$contextPath$submitEndpoint">
 										<input type="hidden" name="value" value="true">
-										<input type="hidden" name="mod" value="#MODUL#">
-								    <input type="hidden" name="action" value="#ACTION#">
-                    <input type="hidden" name="identifier" value="#ID#">
-										<input type="submit" value="Ja" class="setAssertionButton_full sendButton" role="button">
+                    <input type="hidden" name="pendingid" value="$pendingReqID">
+										<input type="submit" value="Ja" class="setAssertionButton_full" role="button">
 									</form>
 							</div>
 							<div id="rightbutton">
-										<form method="post" id="moaidform_no" action="#URL#">
+										<form method="post" id="moaidform_no" action="$contextPath$submitEndpoint">
 										<input type="hidden" name="value" value="false">
-										<input type="hidden" name="mod" value="#MODUL#">
-								    <input type="hidden" name="action" value="#ACTION#">
-                    <input type="hidden" name="identifier" value="#ID#">
-										<input type="submit" value="Nein" class="setAssertionButton_full sendButton" role="button">
+                    <input type="hidden" name="pendingid" value="$pendingReqID">
+										<input type="submit" value="Nein" class="setAssertionButton_full" role="button">
 									</form>
 							</div>
 						
@@ -600,18 +47,6 @@
 					</div>
 				</div>
 		</div>
-    <!--div id="validation">
-        <a href="http://validator.w3.org/check?uri=">
-          <img   style="border:0;width:88px;height:31px"
-                 src="#CONTEXTPATH#/img/valid-html5-blue.png"
-                 alt="HTML5 ist valide!" />
-        </a>
-        <a href="http://jigsaw.w3.org/css-validator/">
-          <img   style="border:0;width:88px;height:31px"
-                 src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
-                 alt="CSS ist valide!" />
-        </a>
-    </div-->
 	</div>
 </body>
 </html>
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html
index a9d73e0d3..b3eb18082 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html
@@ -3,377 +3,7 @@
   <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
   
    <!-- MOA-ID 2.x BKUSelection Layout CSS -->               
-    <style type="text/css">
-			@media screen and (min-width: 650px) {
-			
-				body {
-					margin:0;
-					padding:0;
-					color : #000;
-					background-color : #fff;
-			  	text-align: center;
-			  	background-color: #6B7B8B;
-				}
-  
-			  #page {
-			    display: block;
-			    border: 2px solid rgb(0,0,0);
-			    width: 650px;
-			    height: 460px;
-			    margin: 0 auto;
-			    margin-top: 5%;
-			    position: relative;
-			    border-radius: 25px;
-			    background: rgb(255,255,255);
-			  }
-			  
-			  #page1 {
-			    text-align: center;
-			  }
-			  
-			  #main {
-			    /*	clear:both; */
-				  position:relative;
-			    margin: 0 auto;
-			    width: 250px;
-			    text-align: center;
-			  }
-			  
-			  .OA_header {
-			/*	  background-color: white;*/
-			    font-size: 20pt;
-			    margin-bottom: 25px;
-			    margin-top: 25px;
-			  }
-			
-			  #leftcontent {
-			    /*float:left; */
-				  width:250px;
-				  margin-bottom: 25px;
-			    text-align: left;
-			    /*border: 1px solid rgb(0,0,0);*/
-			  }
-			
-			  #leftcontent {
-				 width: 300px;
-				 margin-top: 30px;
-			  }
-      
-        h2#tabheader{
-				  font-size: 1.1em; 
-          padding-left: 2%;
-          padding-right: 2%;
-          position: relative;
-			  }
-        		  
-			  .setAssertionButton_full {
-			  	background: #efefef;
-				  cursor: pointer;
-				  margin-top: 15px;
-			    width: 100px;
-			    height: 30px
-			  }
-			
-			  #leftbutton  {
-				 width: 30%; 
-				 float:left; 
-				 margin-left: 40px;
-			  }
-			
-			  #rightbutton {
-				 width: 30%; 
-				 float:right; 
-				 margin-right: 45px; 
-				 text-align: right;
-			  }
-        
-        button {
-          height: 25px;
-          width: 75px;
-          margin-bottom: 10px;
-        }
-        
-       #validation {
-        position: absolute;
-        bottom: 0px;
-        margin-left: 270px;
-        padding-bottom: 10px;
-      }
-			
-			}
-
-      @media screen and (max-width: 205px) {
-        #localBKU p {
-          font-size: 0.6em;
-        } 
-        
-        #localBKU input {
-          font-size: 0.6em;
-          min-width: 60px;
-         /* max-width: 65px; */
-          min-height: 1.0em;
-         /* border-radius: 5px; */
-        }
-        
-      }
-
-      @media screen and (max-width: 249px) and (min-width: 206px) {
-        #localBKU p {
-          font-size: 0.7em;
-        } 
-        
-        #localBKU input {
-          font-size: 0.7em;
-          min-width: 70px;
-       /*    max-width: 75px;    */
-          min-height: 0.95em;
-        /*  border-radius: 6px;    */
-        }
-         
-      }
-
-      @media screen and (max-width: 299px) and (min-width: 250px) {
-        #localBKU p {
-          font-size: 0.9em;
-        } 
-        
-        #localBKU input {
-          font-size: 0.8em;
-          min-width: 70px;
-       /*    max-width: 75px;      */
-      /*    border-radius: 6px;  */
-        }
-
-      }
-
-      @media screen and (max-width: 399px) and (min-width: 300px) {
-        #localBKU p {
-          font-size: 0.9em;
-        } 
-        
-        #localBKU input {
-          font-size: 0.8em;
-          min-width: 70px;
-      /*     max-width: 75px;     */
-      /*    border-radius: 6px;       */
-        }
-
-      }
-      
-      @media screen and (max-width: 649px) and (min-width: 400px) {
-        #localBKU p {
-          font-size: 0.9em;
-        } 
-        
-        #localBKU input {
-          font-size: 0.8em;
-          min-width: 70px;
-      /*     max-width: 80px;       */
-     /*     border-radius: 6px;          */
-        }
-
-      }
-
-
-			
-			@media screen and (max-width: 649px) {
-				
-        body {
-					margin:0;
-					padding:0;
-					color : #000;
-			  	text-align: center;
-          font-size: 100%;
-			  	background-color: #MAIN_BACKGOUNDCOLOR#;
-				}
-        				
-			  #page {
-			     visibility: hidden;
-			     margin-top: 0%;
-			  }
-			  
-			  #page1 {
-			    visibility: hidden;
-			  }
-			  
-			  #main {
-			    visibility: hidden;
-			  }
-        
-        #validation {
-          visibility: hidden;
-          display: none;
-        }
-			  
-			  .OA_header {
-			    margin-bottom: 0px;
-			    margin-top: 0px;
-			    font-size: 0pt;
-			    visibility: hidden;
-			  }
-			
-			  #leftcontent {
-			    visibility: visible;
-			    margin-bottom: 0px;
-			    text-align: left;
-			    border:none;
-          vertical-align: middle;
-          min-height: 173px;
-          min-width: 204px;
-          
-			  }
-        
-        input[type=button] {
-/*          height: 11%;  */
-          width: 70%;
-        }
-			}
-			      
-			* {
-				margin: 0;
-				padding: 0;
-        font-family: #FONTTYPE#;
-			}
-							      			
-			#selectArea {
-				padding-top: 10px;
-				padding-bottom: 55px;
-				padding-left: 10px;
-			}
-			
-			.setAssertionButton {
-				background: #efefef;
-				cursor: pointer;
-				margin-top: 15px;
-			  width: 70px;
-			  height: 25px;
-			}
-			
-			#leftbutton  {
-				width: 35%; 
-				float:left; 
-				margin-left: 15px;
-			}
-			
-			#rightbutton {
-				width: 35%; 
-				float:right; 
-				margin-right: 25px; 
-				text-align: right;
-			}
-
-/*		input[type=button], .sendButton {
-				background: #BUTTON_BACKGROUNDCOLOR#;
-        color: #BUTTON_COLOR#;
-/*				border:1px solid #000;  */
-/*				cursor: pointer;
-/*        box-shadow: 3px 3px 3px #222222;  */
-/*			}
-			
-/*      button:hover, button:focus, button:active, 
-      .sendButton:hover , .sendButton:focus, .sendButton:active,
-      #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
-				background: #BUTTON_BACKGROUNDCOLOR_FOCUS#;
-        color: #BUTTON_COLOR#;
-/*				border:1px solid #000;                */
-/*				cursor: pointer;
-/*        box-shadow: -1px -1px 3px #222222;  */
-/*			}
-      
-*/      
-			input {
-				/*border:1px solid #000;*/
-				cursor: pointer;
-			}
-      
-      #localBKU input {
-/*        color: #BUTTON_COLOR#;  */
-        border: 0px;
-        display: inline-block;
-        
-      }
-			
-      #localBKU input:hover, #localBKU input:focus, #localBKU input:active {
-        text-decoration: underline;
-      }
-      
-			#installJava, #BrowserNOK {
-				clear:both;
-				font-size:0.8em;
-				padding:4px;
-			}
-						
-			.selectText{
-			
-			}
-			
-			.selectTextHeader{
-			
-			}
-			
-			.sendButton {
-        width: 30%;
-        margin-bottom: 1%;	
-			}
-			
-			#leftcontent a {
-				text-decoration:none; 
-				color: #000;
-			/*	display:block;*/
-				padding:4px;	
-			}
-			
-			#leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
-				text-decoration:underline;
-				color: #000;	
-			}
-						
-			.infobutton {
-				background-color: #005a00;
-				color: white;
-				font-family: serif;
-				text-decoration: none;
-				padding-top: 2px;
-				padding-right: 4px;
-				padding-bottom: 2px;
-				padding-left: 4px;
-				font-weight: bold;
-			}
-			
-			.hell {
-				background-color : #MAIN_BACKGOUNDCOLOR#;
-        color: #MAIN_COLOR#;	
-			}
-			
-			.dunkel {
-				background-color: #HEADER_BACKGROUNDCOLOR#;
-        color: #HEADER_COLOR#;
-			}
-			      
-			.main_header {
-			   color: black;
-			    font-size: 32pt;
-			    position: absolute;
-			    right: 10%;
-			    top: 40px;
-				
-			}
-      
-     	#alert {
-		    margin: 100px 250px;
-		    font-family: Verdana, Arial, Helvetica, sans-serif;
-		    font-size: 14px;
-		    font-weight: normal;
-		    color: red;
-	    }
-	
-	    .reqframe {
-		    /*display: none;*/
-        visibility: hidden;
-		  
-	    }
-      			                        
-    </style> 
+  <link rel="stylesheet" href="$contextPath/css/buildCSS" />
 
 	#if($timeoutURL)
 		<script type="text/javascript">
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 9975fee54..1c8d89fb4 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -58,6 +58,10 @@
     	<version>0.1</version>
     </dependency>
     
+    <dependency>
+    	<groupId>MOA.id.server</groupId>
+  		<artifactId>moa-id-frontend-resources</artifactId>
+    </dependency>
     <dependency>
     		<groupId>MOA.id.server</groupId>
     		<artifactId>moa-id-commons</artifactId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index 17e39f766..4620a5c6b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -32,10 +32,10 @@ import org.springframework.stereotype.Service;
 
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.data.MISMandate;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
index 8efdf6014..0171f9d90 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
@@ -41,19 +41,19 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBod
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.BKUException;
 import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ServiceException;
 import at.gv.egovernment.moa.id.client.SZRGWClientException;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.MISMandate;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java
index 7f6f2c6b3..6d53fd510 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/TransactionIDUtils.java
@@ -25,7 +25,7 @@ package at.gv.egovernment.moa.id.advancedlogging;
 
 import java.util.Date;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
index a1ba00e02..94138e0fc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
@@ -8,10 +8,10 @@ import java.util.Date;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.storage.ITransactionStorage;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java
index 1ce6fa1e9..20f2029cb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/BaseAuthenticationServer.java
@@ -5,8 +5,9 @@ import org.springframework.beans.factory.annotation.Autowired;
 
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
deleted file mode 100644
index 27c87ccbf..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ /dev/null
@@ -1,194 +0,0 @@
-
-
-
-package at.gv.egovernment.moa.id.auth;
-
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import at.gv.egovernment.moa.id.commons.MOAIDConstants;
-import iaik.asn1.ObjectID;
-
-
-/**
- * Constants used throughout moa-id-auth component.
- * 
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class MOAIDAuthConstants extends MOAIDConstants{
-
-  /** servlet parameter &quot;Target&quot; */
-  public static final String PARAM_TARGET = "Target";
-  /** servlet parameter &quot;useMandate&quot; */
-  public static final String PARAM_USEMANDATE = "useMandate";
-  public static final String PARAM_USEMISMANDATE = "useMISMandate";
-  public static final String PARAM_USEELGAMANDATE = "useELGAMandate";
-  /** servlet parameter &quot;OA&quot; */
-  public static final String PARAM_OA = "OA";
-  /** servlet parameter &quot;bkuURI&quot; */
-  public static final String PARAM_BKU = "bkuURI";
-  public static final String PARAM_MODUL = "MODUL";
-  public static final String PARAM_ACTION = "ACTION";
-  public static final String PARAM_SSO = "SSO";
-  public static final String INTERFEDERATION_IDP = "interIDP";
-  public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid";
-  
-  public static final String PARAM_SLOSTATUS = "status";
-  public static final String PARAM_SLORESTART = "restart";
-  public static final String SLOSTATUS_SUCCESS = "success";
-  public static final String SLOSTATUS_ERROR = "error";
-  
-  /** servlet parameter &quot;sourceID&quot; */
-  public static final String PARAM_SOURCEID = "sourceID";  
-  /** servlet parameter &quot;BKUSelectionTemplate&quot; */
-  public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate";
-  /** servlet parameter &quot;CCC (Citizen Country Code)&quot; */
-  public static final String PARAM_CCC = "CCC";  
-  /** servlet parameter &quot;BKUSelectionTemplate&quot; */
-  public static final String PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE = "InputProcessorSignTemplate";
-  /** default BKU URL */
-  public static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request";
-  /** default BKU URL for https connections*/
-  public static final String DEFAULT_BKU_HTTPS = "https://127.0.0.1:3496/https-security-layer-request";
-  /** servlet parameter &quot;returnURI&quot; */
-  public static final String PARAM_RETURN = "returnURI";
-  /** servlet parameter &quot;Template&quot; */
-  public static final String PARAM_TEMPLATE = "Template";
-  /** servlet parameter &quot;MOASessionID&quot; */
-  public static final String PARAM_SESSIONID = "MOASessionID";
-  /** servlet parameter &quot;XMLResponse&quot; */
-  public static final String PARAM_XMLRESPONSE = "XMLResponse";
-  /** servlet parameter &quot;SAMLArtifact&quot; */
-  public static final String PARAM_SAMLARTIFACT = "SAMLArtifact";
-  /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.StartAuthenticationServlet} is mapped to */
-  public static final String REQ_START_AUTHENTICATION = "StartAuthentication";
-  /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet} is mapped to */
-  public static final String REQ_VERIFY_IDENTITY_LINK = "VerifyIdentityLink";
-  /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet} is mapped to */
-  public static final String REQ_GET_FOREIGN_ID = "GetForeignID";
-  /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet} is mapped to */
-  public static final String REQ_VERIFY_CERTIFICATE = "VerifyCertificate";
-  /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet} is mapped to */
-  public static final String GET_MIS_SESSIONID = "GetMISSessionID";
-  /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet} is mapped to */
-  public static final String REQ_PROCESS_VALIDATOR_INPUT = "ProcessInput";
-  /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */
-  public static final String REQ_VERIFY_AUTH_BLOCK = "VerifyAuthBlock";
-  /** Logging hierarchy used for controlling debug output of XML structures to files */
-  public static final String DEBUG_OUTPUT_HIERARCHY = "moa.id.auth";
-  /** Header Name for controlling the caching mechanism of the browser */
-  public static final String HEADER_EXPIRES = "Expires";
-  /** Header Value for controlling the caching mechanism of the browser */
-  public static final String HEADER_VALUE_EXPIRES = "Sat, 6 May 1995 12:00:00 GMT";
-  /** Header Name for controlling the caching mechanism of the browser */
-  public static final String HEADER_PRAGMA = "Pragma";
-  /** Header Value for controlling the caching mechanism of the browser */
-  public static final String HEADER_VALUE_PRAGMA = "no-cache";
-  /** Header Name for controlling the caching mechanism of the browser */
-  public static final String HEADER_CACHE_CONTROL = "Cache-control";
-  /** Header Value for controlling the caching mechanism of the browser */
-  public static final String HEADER_VALUE_CACHE_CONTROL = "no-store, no-cache, must-revalidate";
-  /** Header Value for controlling the caching mechanism of the browser */
-  public static final String HEADER_VALUE_CACHE_CONTROL_IE = "post-check=0, pre-check=0";
-  /** 
-   * the identity link signer X509Subject names of those identity link signer certificates 
-   * not including the identity link signer OID. The authorisation for signing the identity
-   * link must be checked by using their issuer names. After february 19th 2007 the OID of
-   * the certificate will be used fo checking the authorisation for signing identity links.
-   */ 
-  public static final String[] IDENTITY_LINK_SIGNERS_WITHOUT_OID = 
-    new String[] {"T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission",
-                  "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission"};
-  				   
-  /** the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" */
-  public static final String IDENTITY_LINK_SIGNER_OID_NUMBER = "1.2.40.0.10.1.7.1";
-  /** 
-   * the OID of the identity link signer certificate (Eigenschaft zur Ausstellung von Personenbindungen);
-   * used for checking the authorisation for signing the identity link for identity links signed after february 19th 2007
-   */
-  public static final ObjectID IDENTITY_LINK_SIGNER_OID = new ObjectID(IDENTITY_LINK_SIGNER_OID_NUMBER);
-  
-  /** the number of the certifcate extension for party representatives */
-  public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3";
-  
-//  /** the number of the certifcate extension for party organ representatives */
-//  public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10";
-    
-  /** OW */
-  public static final String OW_ORGANWALTER = PARTY_REPRESENTATION_OID_NUMBER + ".4";
-  
-  /** List of OWs */
-  public static final List<ObjectID> OW_LIST = Arrays.asList( 
-		  new ObjectID(OW_ORGANWALTER));  
-  
-  /**BKU type identifiers to use bkuURI from configuration*/ 
-  public static final String REQ_BKU_TYPE_LOCAL = "local";
-  public static final String REQ_BKU_TYPE_ONLINE = "online"; 
-  public static final String REQ_BKU_TYPE_HANDY = "handy"; 
-  public static final List<String> REQ_BKU_TYPES = Arrays.asList(REQ_BKU_TYPE_LOCAL, REQ_BKU_TYPE_ONLINE, REQ_BKU_TYPE_HANDY);
-
-  public static final List<String> LEGACYPARAMETERWHITELIST 
-  	= Arrays.asList(PARAM_TARGET, PARAM_BKU, PARAM_OA, PARAM_TEMPLATE, PARAM_USEMANDATE, PARAM_CCC, PARAM_SOURCEID);
-
-  public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription";
-  public final static String EXT_SAML_MANDATE_OID = "OID";
-  public final static String EXT_SAML_MANDATE_RAW = "Mandate";
-  public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
-  public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
-  public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
-  public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType";
-  public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";
-  public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
-  
-  public static final String PARAM_APPLET_HEIGTH = "heigth";
-  public static final String PARAM_APPLET_WIDTH = "width";
-  
-  public static final Map<String, String> COUNTRYCODE_XX_TO_NAME = 
-			Collections.unmodifiableMap(new HashMap<String, String>() {
-				private static final long serialVersionUID = 1L;
-				{
-					put("AT", "Other Countries");//"Workaround for PEPS Simulator"
-					put("BE", "Belgi&euml;/Belgique");
-					//put("CH", "Schweiz");
-					put("EE", "Eesti");
-					put("ES", "Espa&ntilde;a");
-					put("FI", "Suomi");
-					put("IS", "&Iacute;sland");
-					put("IT", "Italia");
-					put("LI", "Liechtenstein");
-					put("LT", "Lithuania");
-					put("LU", "Luxemburg");
-					put("PT", "Portugal");
-					put("SE", "Sverige");
-					put("SI", "Slovenija");
-				}
-			});	
-  
-  public static final String COUNTRYCODE_AUSTRIA = "AT";
-  
-  public static final String REGEX_PATTERN_TARGET = "^[A-Za-z]{2}(-.*)?$";
-  
-  public static final String MDC_TRANSACTION_ID = "transactionId";
-  public static final String MDC_SESSION_ID = "sessionId";
-  
-  //AuthnRequest IssueInstant validation
-  public static final int TIME_JITTER = 5;  //all 5 minutes time jitter 
-  
-  public static final String PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH = "interfederationAuthentication";
-  public static final String PROCESSCONTEXT_REQUIRELOCALAUTHENTICATION = "requireLocalAuthentication";
-  public static final String PROCESSCONTEXT_PERFORM_BKUSELECTION = "performBKUSelection";
-  public static final String PROCESSCONTEXT_ISLEGACYREQUEST = "isLegacyRequest";
-  
-  //General protocol-request data-store keys
-  public static final String AUTHPROCESS_DATA_TARGET = "authProces_Target";
-  public static final String AUTHPROCESS_DATA_TARGETFRIENDLYNAME = "authProces_TargetFriendlyName";
-  public static final String AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE = "authProces_SecurityLayerTemplate";
-  
-  //General MOASession data-store keys
-  public static final String MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE = "holderofkey_cert";
-  
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 458f9afe6..a8b9509bc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -32,11 +32,11 @@ import javax.activation.MailcapCommandMap;
 
 import org.springframework.web.context.support.GenericWebApplicationContext;
 
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 32fabc3f4..4c83d0ea4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -47,7 +47,6 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
@@ -55,21 +54,22 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.AuthenticationData;
 import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index e763c5355..73fe961eb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -50,10 +50,10 @@ import java.text.MessageFormat;
 import java.util.Calendar;
 import java.util.List;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DateTimeUtils;
 import at.gv.egovernment.moa.util.StringUtils;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
index 9a2baf873..8334780ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
@@ -46,7 +46,7 @@
 
 package at.gv.egovernment.moa.id.auth.builder;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 
 /**
  * Builds a DataURL parameter meant for the security layer implementation
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
index 8c0de1121..f4f6e82ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
@@ -28,13 +28,13 @@ import java.util.List;
 import org.opensaml.saml2.core.Attribute;
 
 import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GUILayoutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GUILayoutBuilder.java
deleted file mode 100644
index b95cbbc16..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GUILayoutBuilder.java
+++ /dev/null
@@ -1,157 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.StringWriter;
-import java.net.URI;
-
-import org.apache.commons.io.IOUtils;
-
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.util.FormBuildUtils;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class GUILayoutBuilder {
-	private static final String CSS_LAYOUTTEMPLATE = "css_template.css";
-	private static final String JS_LAYOUTTEMPLATE = "javascript_tempalte.js";	
-	private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
-
-	private static String CONTEXTPATH = "#CONTEXTPATH#";
-	private static String MOASESSIONID = "#SESSIONID#";
-	private static String AUTH_URL = "#AUTH_URL#";
-	private static String BKU_ONLINE = "#ONLINE#";
-	private static String BKU_HANDY =  "#HANDY#"; 
-	private static String BKU_LOCAL =  "#LOCAL#"; 
-	
-	
-	public static String buildCSS(IRequest pendingReq, String authURL) {
-		return buildForm(pendingReq, authURL, CSS_LAYOUTTEMPLATE);
-		
-	}
-	
-	public static String buildJS(IRequest pendingReq, String authURL) {
-		return buildForm(pendingReq, authURL, JS_LAYOUTTEMPLATE);
-		
-	}
-	
-	
-	
-	private static String getTemplate(String templateName) {		
-		String pathLocation;
-		InputStream input = null;
-		try {
-			String rootconfigdir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir();	
-			pathLocation = rootconfigdir + HTMLTEMPLATESDIR + templateName;
-		
-			try {
-				File file = new File(new URI(pathLocation));
-				input = new  FileInputStream(file);
-			
-			} catch (FileNotFoundException e)  {				
-				Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package.");			
-				pathLocation = "resources/templates/" + templateName;			
-				input = Thread.currentThread()
-						.getContextClassLoader()
-						.getResourceAsStream(pathLocation);
-			
-			}
-			
-			return getTemplate(input);
-			
-		} catch (Exception e) {			
-			return null;
-			
-		} finally {
-			try {
-				if (input != null)
-					input.close();
-				
-			} catch (IOException e) {
-				Logger.warn("SendAssertionTemplate inputstream can not be closed.", e);
-				
-			}
-		}		
-	}
-	
-	private static String getTemplate(InputStream input) {
-			String template = null;			
-		try {				
-
-			StringWriter writer = new StringWriter();
-			IOUtils.copy(input, writer);
-			template = writer.toString();
-							
-		} catch (Exception e) {
-			Logger.error("Failed to read template", e);
-			
-		}			
-		return template;
-	}
-	
-	private static String buildForm(IRequest pendingReq, String authURL, String templateName) {
-		//load default GUI-Layout template template
-		String value = getTemplate(templateName);
-
-		if (pendingReq != null) {
-			IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
-				
-			if(value != null) {
-				//only for BKU-Selection step and JavaScript generation
-				value = value.replace(AUTH_URL, LoginFormBuilder.SERVLET);
-				
-				value = value.replace(CONTEXTPATH, pendingReq.getAuthURL());
-				value = value.replace(MOASESSIONID, pendingReq.getRequestID());
-								
-				value = value.replace(BKU_ONLINE, IOAAuthParameters.ONLINEBKU);
-				value = value.replace(BKU_HANDY, IOAAuthParameters.HANDYBKU);
-				value = value.replace(BKU_LOCAL, IOAAuthParameters.LOCALBKU);
-				
-				
-				value = FormBuildUtils.customiceLayoutBKUSelection(value, 
-						oaParam.isShowMandateCheckBox(),
-						oaParam.isOnlyMandateAllowed(),
-						oaParam.getFormCustomizaten(),
-						oaParam.isShowStorkLogin());			
-			}
-						
-		} else {
-			value = FormBuildUtils.defaultLayoutBKUSelection(value);
-			value = value.replace(CONTEXTPATH, authURL);
-								
-		}
-		
-		return value;		
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
deleted file mode 100644
index e1aa41ce2..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
+++ /dev/null
@@ -1,171 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.StringWriter;
-import java.net.URI;
-
-import org.apache.commons.io.IOUtils;
-
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.stork.CPEPS;
-import at.gv.egovernment.moa.id.util.FormBuildUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class LoginFormBuilder {
-
-	private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
-	private static final String HTMLTEMPLATEFULL = "loginFormFull.html";
-		
-	private static String AUTH_URL = "#AUTH_URL#";
-	private static String OANAME = "#OAName#";
-	private static String BKU_ONLINE = "#ONLINE#";
-	private static String BKU_HANDY =  "#HANDY#"; 
-	private static String BKU_LOCAL =  "#LOCAL#"; 
-	public static String CONTEXTPATH = "#CONTEXTPATH#";
-	private static String MOASESSIONID = "#SESSIONID#";
-	private static String PEPSLIST = "#PEPSLIST#";
-		
-	public static String SERVLET = CONTEXTPATH+"/GenerateIframeTemplate";
-	
-	private static String getTemplate() {
-		String pathLocation ="";
-		InputStream input = null;
-		
-		try {
-			String rootconfigdir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir();
-			pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL;
-			File file = new File(new URI(pathLocation));
-			input = new  FileInputStream(file);
-			
-		} catch (ConfigurationException e) {
-			Logger.warn("MOA-ID configuration can not be loaded.");
-			
-		} catch (Exception e) {
-			
-		} 
-		
-		return getTemplate(input);		
-		
-	}
-	
-	public static String getTemplate(InputStream input) {
-
-			String template = null; 
-			
-			try {
-				if (input == null) {					
-					
-					Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package.");
-					
-					String pathLocation = "resources/templates/" + HTMLTEMPLATEFULL;
-					input = Thread.currentThread()
-							.getContextClassLoader()
-							.getResourceAsStream(pathLocation);
-					
-				}
-			
-				StringWriter writer = new StringWriter();
-				IOUtils.copy(input, writer);
-				template = writer.toString();
-				template = template.replace(AUTH_URL, SERVLET);
-				template = template.replace(BKU_ONLINE, IOAAuthParameters.ONLINEBKU);
-				template = template.replace(BKU_HANDY, IOAAuthParameters.HANDYBKU);
-				template = template.replace(BKU_LOCAL, IOAAuthParameters.LOCALBKU);
-								
-			} catch (Exception e) {
-				Logger.error("Failed to read template", e);
-				
-			} finally {
-				try {
-					input.close();
-					
-				} catch (IOException e) {
-					Logger.warn("SendAssertionTemplate inputstream can not be closed.", e);
-				}
-			}
-			return template;
-	}
-	
-	public static String buildLoginForm(String modul, String action, IOAAuthParameters oaParam, String contextpath, String moaSessionID) {
-		
-		String value = null;
-		
-		byte[] oatemplate = oaParam.getBKUSelectionTemplate();
-		// OA specific template requires a size of 8 bits minimum
-		if (oatemplate != null && oatemplate.length > 7) {
-			InputStream is = new ByteArrayInputStream(oatemplate);
-			value = getTemplate(is);
-			
-		} else {
-			//load default BKU-selection template
-			value = getTemplate();
-			
-		}
-			
-		if(value != null) {
-			value = value.replace(OANAME, oaParam.getFriendlyName());
-			value = value.replace(CONTEXTPATH, contextpath);
-			value = value.replace(MOASESSIONID, moaSessionID);
-			
-			if (oaParam.isShowStorkLogin()) {
-				String pepslist = "";
-				try {				
-					for (CPEPS current : oaParam.getPepsList()) {
-						String countryName = null;							
-						if (MiscUtil.isNotEmpty(MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getCountryCode().toUpperCase())))
-							countryName = MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getCountryCode().toUpperCase());
-						else
-							countryName = current.getCountryCode().toUpperCase();
-						
-						pepslist += "<option value=" + current.getCountryCode() + ">" 
-								+  countryName
-								+ "</option>\n";
-													
-					}
-					value = value.replace(PEPSLIST, pepslist);
-							
-				} catch (NullPointerException e) {
-					
-				}
-			}
-			
-			value = FormBuildUtils.customiceLayoutBKUSelection(value, 
-					oaParam.isShowMandateCheckBox(),
-					oaParam.isOnlyMandateAllowed(),
-					oaParam.getFormCustomizaten(),
-					oaParam.isShowStorkLogin());
-						
-		}
-		return value;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java
deleted file mode 100644
index 2a5c8d418..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.io.InputStream;
-import java.io.StringWriter;
-
-import org.apache.commons.io.IOUtils;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-public class RedirectFormBuilder {
-	
-	private static String URL = "#URL#";
-	private static String TARGET = "#TARGET#";
-	private static String template;
-
-	private static String getTemplate() {
-
-		if (template == null) {
-			try {
-				String classpathLocation = "resources/templates/redirectForm.html";
-				InputStream input = Thread.currentThread()
-						.getContextClassLoader()
-						.getResourceAsStream(classpathLocation);
-				StringWriter writer = new StringWriter();
-				IOUtils.copy(input, writer);
-				template = writer.toString();
-			} catch (Exception e) {
-				Logger.error("Failed to read template", e);
-			}
-		}
-		
-		return template;
-	}
-
-	public static String buildLoginForm(String url, String redirectTarget) {
-		String value = getTemplate();
-		value = value.replace(URL, url);
-		value = value.replace(TARGET, redirectTarget);
-		
-		return value;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
deleted file mode 100644
index 7121935b0..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
+++ /dev/null
@@ -1,147 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.io.ByteArrayInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.StringWriter;
-import java.net.URI;
-
-import org.apache.commons.io.IOUtils;
-
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.util.FormBuildUtils;
-import at.gv.egovernment.moa.logging.Logger;
-
-public class SendAssertionFormBuilder {
-	
-	private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
-	private static final String HTMLTEMPLATEFULL = "sendAssertionFormFull.html";
-	
-	private static final String TEMPLATEBGCOLOR = "style=\"background-color: #COLOR#\"";
-	
-	private static String URL = "#URL#";
-	private static String ID = "#ID#";
-	private static String OANAME = "#OAName#";
-	private static String CONTEXTPATH = "#CONTEXTPATH#";
-	private static String BACKGROUNDCOLOR = "#BACKGROUNDCOLOR#";
-	private static String COLOR = "#COLOR#";
-	
-	private static String SERVLET = CONTEXTPATH+"/SSOSendAssertionServlet";
-	
-	private static String getTemplate() {		
-		String pathLocation;
-		InputStream input = null;
-		try {
-			String rootconfigdir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir();	
-			pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL;
-		
-			try {
-				File file = new File(new URI(pathLocation));
-				input = new  FileInputStream(file);
-			
-			} catch (FileNotFoundException e)  {				
-				Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package.");			
-				pathLocation = "resources/templates/" + HTMLTEMPLATEFULL;			
-				input = Thread.currentThread()
-						.getContextClassLoader()
-						.getResourceAsStream(pathLocation);
-			
-			}
-			
-			return getTemplate(input);
-			
-		} catch (Exception e) {			
-			return null;
-			
-		} finally {
-			try {
-				if (input != null)
-					input.close();
-				
-			} catch (IOException e) {
-				Logger.warn("SendAssertionTemplate inputstream can not be closed.", e);
-				
-			}
-		}		
-	}
-	
-	private static String getTemplate(InputStream input) {
-			String template = null;			
-		try {				
-
-			StringWriter writer = new StringWriter();
-			IOUtils.copy(input, writer);
-			template = writer.toString();
-			template = template.replace(URL, SERVLET);
-							
-		} catch (Exception e) {
-			Logger.error("Failed to read template", e);
-			
-		}			
-		return template;
-	}
-
-	public static String buildForm(IRequest pendingReq) {
-		String value = null;
-		
-		String contextpath = pendingReq.getAuthURL();
-		IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
-		
-		byte[] oatemplate = oaParam.getSendAssertionTemplate();
-		// OA specific template requires a size of 8 bits minimum
-		if (oatemplate != null && oatemplate.length > 7) {
-			InputStream is = new ByteArrayInputStream(oatemplate);
-			value = getTemplate(is);
-			
-		} else {
-			//load default BKU-selection template
-			value = getTemplate();
-			
-		}
-		
-		if(value != null) {
-			value = value.replace(ID, pendingReq.getRequestID());
-			value = value.replace(OANAME, oaParam.getFriendlyName());
-			
-			if (contextpath.endsWith("/"))
-				contextpath = contextpath.substring(0, contextpath.length() - 1);
-			value = value.replace(CONTEXTPATH, contextpath);
-			
-			value = FormBuildUtils.customiceLayoutBKUSelection(value, 
-					oaParam.isShowMandateCheckBox(),
-					oaParam.isOnlyMandateAllowed(),
-					oaParam.getFormCustomizaten(),
-					oaParam.isShowStorkLogin());
-						
-		}
-		return value;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
index f2e4da818..ec94101d1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java
@@ -31,11 +31,11 @@ import org.w3c.dom.Node;
 
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.exception.ServiceException;
 import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
 import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 7873fb96d..a72f6c2ea 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -46,7 +46,7 @@ import java.util.Map;
 
 import org.apache.commons.collections4.map.HashedMap;
 
-import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/AuthenticationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/AuthenticationException.java
index 31a3e38dc..8fc6368fc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/AuthenticationException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/AuthenticationException.java
@@ -46,6 +46,7 @@
 
 package at.gv.egovernment.moa.id.auth.exception;
 
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 
 /**
  * Exception thrown during handling of AuthenticationSession
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java
index 9c2960c4c..ffbb6a19e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java
@@ -22,6 +22,8 @@
  ******************************************************************************/
 package at.gv.egovernment.moa.id.auth.exception;
 
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+
 public class BKUException extends MOAIDException {
 
 	private static final long serialVersionUID = -4646544256490397419L;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BuildException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BuildException.java
index 155a18f15..b31354927 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BuildException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BuildException.java
@@ -46,6 +46,7 @@
 
 package at.gv.egovernment.moa.id.auth.exception;
 
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 
 /**
  * Exception thrown while building an XML or HTML structure.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DatabaseEncryptionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DatabaseEncryptionException.java
index 69802d7e6..f62bbc4bd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DatabaseEncryptionException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DatabaseEncryptionException.java
@@ -22,6 +22,8 @@
  */
 package at.gv.egovernment.moa.id.auth.exception;
 
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+
 /**
  * @author tlenz
  *
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java
index 554cf7370..f43471f0a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java
@@ -22,6 +22,8 @@
  */
 package at.gv.egovernment.moa.id.auth.exception;
 
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+
 /**
  * @author tlenz
  *
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ECDSAConverterException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ECDSAConverterException.java
index 2b277736d..20e544330 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ECDSAConverterException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ECDSAConverterException.java
@@ -46,6 +46,7 @@
 
 package at.gv.egovernment.moa.id.auth.exception;
 
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 
 /**
  * Exception thrown while converting ECDSAKeys from/to an XML structure.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java
index 4f68bbac0..712d90fd8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java
@@ -22,6 +22,8 @@
  */
 package at.gv.egovernment.moa.id.auth.exception;
 
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+
 /**
  * @author tlenz
  *
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
index c80cbea26..718c35df3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
@@ -46,6 +46,7 @@
 
 package at.gv.egovernment.moa.id.auth.exception;
 
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 
 public class MISSimpleClientException extends MOAIDException {
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIDException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIDException.java
deleted file mode 100644
index ef6aaa75c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIDException.java
+++ /dev/null
@@ -1,222 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.exception;
-
-import java.io.PrintStream;
-import java.io.PrintWriter;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.w3c.dom.DOMImplementation;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.util.Constants;
-
-/**
- * Base class of technical MOA exceptions.
- * 
- * Technical exceptions are exceptions that originate from system failure (e.g.,
- * a database connection fails, a component is not available, etc.)
- * 
- * @author Patrick Peck, Ivancsics Paul
- * @version $Id$
- */
-public class MOAIDException extends Exception {
-  /**
-	 * 
-	 */
-	private static final long serialVersionUID = -1507246171708083912L;
-/** message ID */
-  private String messageId;
-  /** wrapped exception */
-  private Throwable wrapped;
-
-  private Object[] parameters;
-  
-  /**
-   * Create a new <code>MOAIDException</code>.
-   * 
-   * @param messageId The identifier of the message associated with this 
-   * exception.
-   * @param parameters Additional message parameters.
-   */
-  public MOAIDException(String messageId, Object[] parameters) {
-    super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
-    this.messageId = messageId;
-    this.parameters = parameters;
-  }
-
-  /**
-   * Create a new <code>MOAIDException</code>.
-   * 
-   * @param messageId The identifier of the message associated with this 
-   * <code>MOAIDException</code>.
-   * @param parameters Additional message parameters.
-   * @param wrapped The exception wrapped by this
-   * <code>MOAIDException</code>.
-   */
-  public MOAIDException(
-    String messageId,
-    Object[] parameters,
-    Throwable wrapped) {
-      
-    super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
-    this.messageId = messageId;
-    this.wrapped = wrapped;
-    this.parameters = parameters;
-  }
-
-  /**
-   * Print a stack trace of this exception to <code>System.err</code>.
-   * 
-   * @see java.lang.Throwable#printStackTrace()
-   */
-  public void printStackTrace() {
-    printStackTrace(System.err);
-  }
-
-  /**
-   * Print a stack trace of this exception, including the wrapped exception.
-   * 
-   * @param s The stream to write the stack trace to.
-   * @see java.lang.Throwable#printStackTrace(java.io.PrintStream)
-   */
-  public void printStackTrace(PrintStream s) {
-    if (getWrapped() == null)
-      super.printStackTrace(s);
-    else {
-      s.print("Root exception: ");
-      getWrapped().printStackTrace(s);
-    }
-  }
-
-  /**
-   * Print a stack trace of this exception, including the wrapped exception.
-   * 
-   * @param s The stream to write the stacktrace to.
-   * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter)
-   */
-  public void printStackTrace(PrintWriter s) {
-    if (getWrapped() == null)
-      super.printStackTrace(s);
-    else {
-      s.print("Root exception: ");
-      getWrapped().printStackTrace(s);
-    }
-  }
-
-  /**
-   * @return message ID
-   */
-  public String getMessageId() {
-    return messageId;
-  }
-
-  /**
-   * @return wrapped exception
-   */
-  public Throwable getWrapped() {
-    return wrapped;
-  }
-
-  
-  
-  /**
- * @return the parameters
- */
-public Object[] getParameters() {
-	return parameters;
-}
-
-/**
-   * Convert this <code>MOAIDException</code> to an <code>ErrorResponse</code>
-   * element from the MOA namespace.
-   * 
-   * @return An <code>ErrorResponse</code> element, containing the subelements
-   * <code>ErrorCode</code> and <code>Info</code> required by the MOA schema.
-   */
-  public Element toErrorResponse() {
-    DocumentBuilder builder;
-    DOMImplementation impl;
-    Document doc;
-    Element errorResponse;
-    Element errorCode;
-    Element info;
-
-    // create a new document
-    try {
-      builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
-      impl = builder.getDOMImplementation();
-    } catch (ParserConfigurationException e) {
-      return null;
-    }
-
-    // build the ErrorResponse element
-    doc = impl.createDocument(Constants.MOA_NS_URI, "ErrorResponse", null);
-    errorResponse = doc.getDocumentElement();
-
-    // add MOA namespace declaration
-    errorResponse.setAttributeNS(
-      Constants.XMLNS_NS_URI,
-      "xmlns",
-      Constants.MOA_NS_URI);
-
-    // build the child elements    
-    errorCode = doc.createElementNS(Constants.MOA_NS_URI, "ErrorCode");
-    errorCode.appendChild(doc.createTextNode(messageId));
-    info = doc.createElementNS(Constants.MOA_NS_URI, "Info");
-    info.appendChild(doc.createTextNode(toString()));
-    errorResponse.appendChild(errorCode);
-    errorResponse.appendChild(info);
-    return errorResponse;
-  }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOASPException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOASPException.java
index 42fa5c6a7..d498c3209 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOASPException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOASPException.java
@@ -22,6 +22,8 @@
  ******************************************************************************/
 package at.gv.egovernment.moa.id.auth.exception;
 
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+
 public class MOASPException extends MOAIDException {
 
 	private static final long serialVersionUID = -4646544256490397419L;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ParseException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ParseException.java
index 83d0a398b..aac5fcddb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ParseException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ParseException.java
@@ -46,6 +46,7 @@
 
 package at.gv.egovernment.moa.id.auth.exception;
 
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 
 /**
  * Exception thrown while parsing an XML structure.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java
index fe2bcedca..2d09384a3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ProtocolNotActiveException.java
@@ -22,6 +22,8 @@
  */
 package at.gv.egovernment.moa.id.auth.exception;
 
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+
 /**
  * @author tlenz
  *
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ServiceException.java
index 3bdf8f743..b892424d9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ServiceException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ServiceException.java
@@ -46,6 +46,7 @@
 
 package at.gv.egovernment.moa.id.auth.exception;
 
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 
 /**
  * Exception thrown while calling the MOA-SPSS web service.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/SessionDataStorageException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/SessionDataStorageException.java
deleted file mode 100644
index 203be784e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/SessionDataStorageException.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.exception;
-
-/**
- * @author tlenz
- *
- */
-public class SessionDataStorageException extends MOAIDException {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 5743057708136365929L;
-
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public SessionDataStorageException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-		
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ValidateException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ValidateException.java
index 0385352d2..124ae771a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ValidateException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ValidateException.java
@@ -46,6 +46,7 @@
 
 package at.gv.egovernment.moa.id.auth.exception;
 
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 
 /**
  * Exception thrown while validating an incoming XML structure
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/WrongParametersException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/WrongParametersException.java
index 895a2aeef..c83d1580b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/WrongParametersException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/WrongParametersException.java
@@ -46,6 +46,7 @@
 
 package at.gv.egovernment.moa.id.auth.exception;
 
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 
 /**
  * Exception thrown when the <code>AuthenticationServer</code> API is
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
index 5c96f6ad2..a82ba501c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
@@ -52,9 +52,9 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
 import at.gv.egovernment.moa.id.auth.exception.ServiceException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
 import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser;
@@ -91,7 +91,7 @@ public class SignatureVerificationInvoker {
   private SignatureVerificationInvoker() {	  
     try {
     	AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance();
-		ConnectionParameter authConnParam = authConfigProvider.getMoaSpConnectionParameter();
+		ConnectionParameterInterface authConnParam = authConfigProvider.getMoaSpConnectionParameter();
 		
 		if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) {
 			
@@ -126,7 +126,7 @@ public class SignatureVerificationInvoker {
    * @throws ServiceException if an error occurs
    */
   protected Element doCall(QName serviceName, Element request) throws ServiceException {
-    ConnectionParameter authConnParam = null;
+	  ConnectionParameterInterface authConnParam = null;
     try {      
       AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance();
       authConnParam = authConfigProvider.getMoaSpConnectionParameter();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
index 8c7583855..84ca9fa05 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
@@ -23,10 +23,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.IRequestStorage;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.springweb.MoaIdTask;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
index c96167e71..90795a416 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
@@ -22,7 +22,7 @@
  */
 package at.gv.egovernment.moa.id.auth.modules;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java
index 932019d2c..1128cbab3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java
@@ -22,7 +22,7 @@
  */
 package at.gv.egovernment.moa.id.auth.modules;
 
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.process.ProcessExecutionException;
 import at.gv.egovernment.moa.util.MiscUtil;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
index bd8dd709f..42789d01d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
@@ -30,9 +30,9 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.lang.StringEscapeUtils;
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
index 5b53a43bd..dfb90da3a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
@@ -31,10 +31,10 @@ import org.springframework.stereotype.Component;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
index c8e379bc1..6a1ed7203 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
@@ -27,10 +27,10 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
index 2cf2bfd9b..c582050ad 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
@@ -22,20 +22,23 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
 
-import java.io.PrintWriter;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
+import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -45,7 +48,9 @@ import at.gv.egovernment.moa.logging.Logger;
  */
 @Component("GenerateBKUSelectionFrameTask")
 public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask {
-
+	
+	@Autowired IGUIFormBuilder guiBuilder;
+	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
@@ -63,20 +68,20 @@ public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask {
 				throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() });
 				
 			}
-						
-			//Build authentication form						
-			String publicURLPreFix = pendingReq.getAuthURL();
-			if (publicURLPreFix.endsWith("/"))
-				publicURLPreFix = publicURLPreFix.substring(0, publicURLPreFix.length() - 1);
-			String loginForm = LoginFormBuilder.buildLoginForm(pendingReq.requestedModule(), 
-					pendingReq.requestedAction(), oaParam, publicURLPreFix, pendingReq.getRequestID());
-						
-			response.setContentType("text/html;charset=UTF-8");
-			PrintWriter out = new PrintWriter(response.getOutputStream()); 
-			out.print(loginForm);
-			out.flush(); 
+												
+			IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+					pendingReq, 
+					ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_BKUSELECTION, 
+					GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION);
+			
+			guiBuilder.build(response, config, "BKU-Selection form");
+			
+		} catch (GUIBuildException e) {	
+			Logger.warn("Can not build GUI:'BKU-Selection'. Msg:" + e.getMessage());
+			throw new TaskExecutionException(pendingReq, 
+					"Can not build GUI. Msg:" + e.getMessage(), 
+					new MOAIDException("builder.09", new Object[]{e.getMessage()}, e));
 			
-		
 		} catch (MOAIDException e) {
 			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
index 47afe5795..ca99e9ba3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateSSOConsentEvaluatorFrameTask.java
@@ -22,18 +22,21 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
 
-import java.io.PrintWriter;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
+import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -46,6 +49,8 @@ import at.gv.egovernment.moa.logging.Logger;
 @Component("GenerateSSOConsentEvaluatorFrameTask")
 public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTask {
 
+	@Autowired IGUIFormBuilder guiBuilder;
+	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
@@ -59,22 +64,26 @@ public class GenerateSSOConsentEvaluatorFrameTask extends AbstractAuthServletTas
 			//set authenticated flag to false, because user consents is required
 			pendingReq.setAuthenticated(false);
 		
-			//build consents evaluator form
-			String form = SendAssertionFormBuilder.buildForm(pendingReq);
-
 			//store pending request
 			requestStoreage.storePendingRequest(pendingReq);
+					
+			//build consents evaluator form
+			IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+					pendingReq, 
+					ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_SENDASSERTION, 
+					GeneralProcessEngineSignalController.ENDPOINT_SENDASSERTION_EVALUATION);
 			
+			guiBuilder.build(response, config, "SendAssertion-Evaluation");
+
 			//Log consents evaluator event to revisionslog
 			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
 					pendingReq, MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START);
-			
-			//write form to response object
-			response.setContentType("text/html;charset=UTF-8");
-			PrintWriter out = new PrintWriter(response.getOutputStream()); 
-			out.print(form);
-			out.flush();
-			
+		
+		} catch (GUIBuildException e) {	
+			Logger.warn("Can not build GUI:'SendAssertion-Evaluation'. Msg:" + e.getMessage());
+			throw new TaskExecutionException(pendingReq, 
+					"Can not build GUI. Msg:" + e.getMessage(), 
+					new MOAIDException("builder.09", new Object[]{e.getMessage()}, e));
 			
 		} catch (MOAIDException e) {
 			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
index ddda86ecc..c1d02a029 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
@@ -30,10 +30,10 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
 import at.gv.egovernment.moa.id.process.ProcessEngine;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index a4abbbcfa..f91dc6d3e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -30,15 +30,15 @@ import org.apache.commons.lang.StringEscapeUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
index 04e4e7bdb..1a029a9fa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -22,34 +22,30 @@
  */
 package at.gv.egovernment.moa.id.auth.servlet;
 
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileInputStream;
 import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
 import java.io.PrintWriter;
 import java.io.StringWriter;
-import java.net.URI;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
+import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
+import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.moduls.IRequestStorage;
 import at.gv.egovernment.moa.id.process.ProcessExecutionException;
 import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
@@ -57,10 +53,8 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidator
 import at.gv.egovernment.moa.id.storage.ITransactionStorage;
 import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
 import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.id.util.ServletUtils;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -72,16 +66,13 @@ public abstract class AbstractController extends MOAIDAuthConstants {
 
 	public static final String ERROR_CODE_PARAM = "errorid";
 	
-	private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
-	private static final String HTMLTEMPLATEFULL = "error_message.html";
-	private static String CONTEXTPATH = "contextPath";
-	
 	@Autowired protected StatisticLogger statisticLogger;
 	@Autowired protected IRequestStorage requestStorage;
 	@Autowired protected ITransactionStorage transactionStorage;
 	@Autowired protected MOAReversionLogger revisionsLogger;
 	@Autowired protected AuthConfiguration authConfig;
-
+	@Autowired protected IGUIFormBuilder guiBuilder;
+	
 	@ExceptionHandler({MOAIDException.class})
 	public void MOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception e) throws IOException {				
 		Logger.error(e.getMessage() , e);
@@ -227,89 +218,40 @@ public abstract class AbstractController extends MOAIDAuthConstants {
 	}
 	
 	private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, String msg, String errorCode, Exception error) throws IOException {
-		VelocityContext context = new VelocityContext();
-		
-		//add errorcode and errormessage
-		context.put("errorMsg", msg);
-		context.put("errorCode", errorCode);
+
+		try {
+			DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+					HTTPUtils.extractAuthURLFromRequest(req), 
+					DefaultGUIFormBuilderConfiguration.VIEW_ERRORMESSAGE, 
+					null);
+				
+			//add errorcode and errormessage
+			config.putCustomParameter("errorMsg", msg);
+			config.putCustomParameter("errorCode", errorCode);
 		
-		//add stacktrace if debug is enabled
-		if (Logger.isTraceEnabled()) {
-			context.put("stacktrace", getStacktraceFromException(error));
+			//add stacktrace if debug is enabled
+			if (Logger.isTraceEnabled()) {
+				config.putCustomParameter("stacktrace", getStacktraceFromException(error));
 			
-		}
-		
-		writeHTMLErrorResponse(req, httpResp, context);
-		
-	}
-	
-	private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, Exception error) throws IOException {		
-		VelocityContext context = new VelocityContext();
-		
-		//add errorcode and errormessage
-		context.put("errorMsg", error.getMessage());
-		context.put("errorCode", ErrorResponseUtils.getInstance().getResponseErrorCode(error));
-		
-		//add stacktrace if debug is enabled
-		if (Logger.isTraceEnabled()) {
-			context.put("stacktrace", getStacktraceFromException(error));
+			}
+			
+			guiBuilder.build(httpResp, config, "Error-Message");
+			
+		} catch (GUIBuildException e) {
+			Logger.warn("Can not build error-message GUI.", e);
+			GenericExceptionHandler(httpResp, e);
 			
 		}
 		
-		writeHTMLErrorResponse(req, httpResp, context);
 	}
 	
-	private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, VelocityContext context) throws IOException {
-		try {
-			String authURL = HTTPUtils.extractAuthURLFromRequest(req);
-			context.put(CONTEXTPATH, authURL);
-			
-			InputStream is = null;
-			String pathLocation = null;
-			try {
-				String rootconfigdir = authConfig.getRootConfigFileDir();
-				pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL;
-				File file = new File(new URI(pathLocation));
-				is = new  FileInputStream(file);
-				evaluateErrorTemplate(context, httpResp, is);
-				
-			} catch (Exception e) {
-				Logger.warn("SLO Template is not found in configuration directory (" +
-						pathLocation + "). Load template from project library ... ");
-				
-				try  {
-					pathLocation = "resources/templates/" + HTMLTEMPLATEFULL;
-					is = Thread.currentThread()
-							.getContextClassLoader()
-							.getResourceAsStream(pathLocation);				
-					evaluateErrorTemplate(context, httpResp, is);
-					
-				} catch (Exception e1) {
-					Logger.error("Single LogOut form can not created.", e);
-					throw new MOAIDException("Create Single LogOut information FAILED.", null, e);
-				}
-				
-			} finally {
-				if (is != null)
-					is.close();
-				
-			}			
-		} catch (Exception e) {
-			Logger.error("Error-message form can not created.", e);
-			IOExceptionHandler(httpResp, e);
-			
-		}		
+	private void writeHTMLErrorResponse(HttpServletRequest req, HttpServletResponse httpResp, Exception error) throws IOException {				
+		writeHTMLErrorResponse(req, httpResp, 
+				error.getMessage(), 
+				ErrorResponseUtils.getInstance().getResponseErrorCode(error), 
+				error);		
 	}
 	
-	private void evaluateErrorTemplate(VelocityContext context, HttpServletResponse httpResp, InputStream is) throws Exception {		
-		VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();		
-		BufferedReader reader = new BufferedReader(new InputStreamReader(is ));				
-		StringWriter writer = new StringWriter();						
-		engine.evaluate(context, writer, "Error Template", reader);		
-		httpResp.setContentType("text/html;charset=UTF-8");            
-		httpResp.getOutputStream().write(writer.toString().getBytes("UTF-8"));
-		
-	}
 	
 	private String getStacktraceFromException(Exception ex) {
 		StringWriter errors = new StringWriter();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
index 6be0fce90..a23938f97 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
@@ -9,9 +9,9 @@ import org.apache.commons.lang.StringEscapeUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 
 import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.ProcessEngine;
 import at.gv.egovernment.moa.logging.Logger;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
deleted file mode 100644
index 3f9093a21..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.builder.GUILayoutBuilder;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.IRequestStorage;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-@Controller
-public class GUILayoutBuilderServlet extends AbstractController {
-
-	public static final String ENDPOINT_CSS = "/css/buildCSS";
-	public static final String ENDPOINT_JS = "/js/buildJS";
-	
-	@Autowired AuthConfiguration authConfig;
-	@Autowired IRequestStorage requestStoreage;
-	
-	public GUILayoutBuilderServlet() {
-		super();
-		Logger.debug("Registering servlet " + getClass().getName() 
-				+ " with mappings '" + ENDPOINT_CSS 
-				+ "' and '" + ENDPOINT_JS + "'.");
-		
-	}
-	
-	@RequestMapping(value = "/css/buildCSS", method = {RequestMethod.GET})
-	public void buildCSS(HttpServletRequest req, HttpServletResponse resp) throws IOException {		
-		IRequest pendingReq = extractPendingRequest(req);
-
-		//build Service-Provider specific CSS
-		String css = GUILayoutBuilder.buildCSS(pendingReq, HTTPUtils.extractAuthURLFromRequest(req));
-
-		resp.setContentType("text/css;charset=UTF-8");
-		writeResponse(resp, css, "CSS");
-							
-	}
-	
-	@RequestMapping(value = "/js/buildJS", method = {RequestMethod.GET})
-	public void buildJavaScript(HttpServletRequest req, HttpServletResponse resp) throws IOException {
-		IRequest pendingReq = extractPendingRequest(req);
-		
-		//build Service-Provider specific CSS
-		String js = GUILayoutBuilder.buildJS(pendingReq, HTTPUtils.extractAuthURLFromRequest(req));
-			
-		resp.setContentType("text/javascript;charset=UTF-8");			
-		writeResponse(resp, js, "JavaScript");
-					
-	}
-	
-	private void writeResponse(HttpServletResponse resp, String value, String ressourceID) throws IOException {
-		if (MiscUtil.isNotEmpty(value)) {
-			PrintWriter out = new PrintWriter(resp.getOutputStream()); 
-			out.print(value);
-			out.flush();
-			
-		} else {
-			Logger.warn("GUI ressource: " + ressourceID + " generation FAILED.");
-			resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Created resource failed");
-			
-		}
-		
-	}
-	
-	private IRequest extractPendingRequest(HttpServletRequest req) {
-		try {		
-			String pendingReqID = StringEscapeUtils.escapeHtml(
-					req.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));
-		
-			if (MiscUtil.isNotEmpty(pendingReqID)) {		
-				IRequest pendingReq = requestStorage.getPendingRequest(pendingReqID);
-				if (pendingReq != null) {
-					Logger.trace("GUI-Layout builder: Pending-request:"
-							+ pendingReqID + " found -> Build specific template");
-					return pendingReq;
-					
-				}			
-			}
-			
-			Logger.trace("GUI-Layout builder: No pending-request found -> Use default templates");
-			
-		} catch (Exception e) {
-			Logger.warn("GUI-Layout builder-servlet has an error during request-preprocessing.", e);
-		}	
-		
-		return null;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java
index 26a0488ca..dfa923558 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GeneralProcessEngineSignalController.java
@@ -39,9 +39,11 @@ import org.springframework.web.bind.annotation.RequestMethod;
 public class GeneralProcessEngineSignalController extends AbstractProcessEngineSignalController {
 
 	
+	public static final String ENDPOINT_BKUSELECTION_EVALUATION = "/EvaluateBKUSelection";
+	public static final String ENDPOINT_SENDASSERTION_EVALUATION = "/SSOSendAssertionServlet";
+	public static final String ENDPOINT_GENERIC = "/signalProcess";
 	
-	
-	@RequestMapping(value = {"/GenerateIframeTemplate", 
+	@RequestMapping(value = {"/EvaluateBKUSelection", 
 							 "/SSOSendAssertionServlet",
 							 "/signalProcess"
 			                }, 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index 9397f1132..66e8757ad 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -28,7 +28,6 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.velocity.VelocityContext;
 import org.opensaml.saml2.core.LogoutResponse;
 import org.opensaml.saml2.metadata.SingleLogoutService;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -36,10 +35,13 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.data.ISLOInformationContainer;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
@@ -50,7 +52,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescripto
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -68,6 +69,7 @@ public class IDPSingleLogOutServlet extends AbstractController {
 	@Autowired IAuthenticationSessionStoreage authenicationStorage;
 	@Autowired SingleLogOutBuilder sloBuilder;
 	
+	
 	@RequestMapping(value = "/idpSingleLogout", method = {RequestMethod.GET})
 	public void doGet(HttpServletRequest req, HttpServletResponse resp)
 			    throws ServletException, IOException {
@@ -104,18 +106,22 @@ public class IDPSingleLogOutServlet extends AbstractController {
 					transactionStorage.remove(tokken);
 					
 				}
-				VelocityContext context = new VelocityContext();
+				
+				DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+						authURL, 
+						DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
+						null);
+				
 				if (MOAIDAuthConstants.SLOSTATUS_SUCCESS.equals(status))
-					context.put("successMsg",
+					config.putCustomParameter("successMsg",
 							MOAIDMessageProvider.getInstance().getMessage("slo.00", null));
 				else
-					context.put("errorMsg", 
-							MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
-				
-				ssoManager.printSingleLogOutInfo(context, resp, authURL);				
-					
-			} catch (MOAIDException e) {
-				handleErrorNoRedirect(e, req, resp, false);
+					config.putCustomParameter("errorMsg", 
+							MOAIDMessageProvider.getInstance().getMessage("slo.01", null));			
+				guiBuilder.build(resp, config, "Single-LogOut GUI");
+			
+			} catch (GUIBuildException e) {
+				handleErrorNoRedirect(e, req, resp, false);	
 				
 			} catch (MOADatabaseException e) {
 				handleErrorNoRedirect(e, req, resp, false);
@@ -202,28 +208,36 @@ public class IDPSingleLogOutServlet extends AbstractController {
 						
 					}
 					
-					VelocityContext context = new VelocityContext();
-					context.put("errorMsg", 
-							MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
-		                	
 					try {
-						ssoManager.printSingleLogOutInfo(context, resp, authURL);
+						DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+								authURL, 
+								DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
+								null);					
 						
-					} catch (MOAIDException e) {
+						config.putCustomParameter("errorMsg", 
+								MOAIDMessageProvider.getInstance().getMessage("slo.01", null));		                	
+				
+						guiBuilder.build(resp, config, "Single-LogOut GUI");
+											
+					} catch (GUIBuildException e) {
 						e.printStackTrace();
 						
 					}
 					return;
 			}			
 		}
-		
-		VelocityContext context = new VelocityContext();
-		context.put("successMsg",
-				MOAIDMessageProvider.getInstance().getMessage("slo.02", null));
-		try {			
-			ssoManager.printSingleLogOutInfo(context, resp, authURL);
+		try {	
+			DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+					authURL, 
+					DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
+					null);	
+			
+			config.putCustomParameter("successMsg", 
+					MOAIDMessageProvider.getInstance().getMessage("slo.02", null));	
+				
+			guiBuilder.build(resp, config, "Single-LogOut GUI");
 						
-		} catch (MOAIDException e) {
+		} catch (GUIBuildException e) {
 			e.printStackTrace();
 			
 		}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 4fcf166c9..15333a933 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -56,8 +56,8 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
@@ -91,7 +91,7 @@ public class LogOutServlet {
 				
 			} else {
 				//return an error if RedirectURL is not a active Online-Applikation
-				OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(redirectUrl);			
+				IOAAuthParameters oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(redirectUrl);			
 				if (oa == null) {		
 					Logger.info("RedirctURL does not match to OA configuration. Set default RedirectURL back to MOA-ID-Auth");
 					redirectUrl = HTTPUtils.extractAuthURLFromRequest(req);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index ba8ace6c9..f39421a21 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -23,7 +23,6 @@
 package at.gv.egovernment.moa.id.auth.servlet;
 
 import java.io.IOException;
-import java.io.PrintWriter;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -33,12 +32,13 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder;
+import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.util.FormBuildUtils;
 import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -51,7 +51,11 @@ public class RedirectServlet {
 	public static final String REDIRCT_PARAM_URL = "redirecturl";
 	private static final String DEFAULT_REDIRECTTARGET = "_parent";
 	
+	private static final String URL = "URL";
+	private static final String TARGET = "TARGET";
+	
 	@Autowired SSOManager ssoManager;
+	@Autowired IGUIFormBuilder guiBuilder;
 	
 	@RequestMapping(value = "/RedirectServlet", method = RequestMethod.GET)
 	public void performLogOut(HttpServletRequest req, HttpServletResponse resp) throws IOException {
@@ -63,7 +67,7 @@ public class RedirectServlet {
 		String interIDP = req.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP);
 				
 		Logger.debug("Check URL against online-applications");
-		OAAuthParameter oa = null;
+		IOAAuthParameters oa = null;
 		String redirectTarget = DEFAULT_REDIRECTTARGET;
 		try {
 			oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(url);
@@ -77,7 +81,7 @@ public class RedirectServlet {
 				//Redirect is a SAML1 send Artifact redirct
 				if (MiscUtil.isNotEmpty(artifact)) {
 					try {
-						String test = oa.getFormCustomizaten().get(FormBuildUtils.REDIRECTTARGET);
+						String test = oa.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET);
 						if (MiscUtil.isNotEmpty(test))
 							redirectTarget = test;
 					
@@ -99,14 +103,15 @@ public class RedirectServlet {
 							URLEncoder.encode(artifact, "UTF-8"));
 					url = resp.encodeRedirectURL(url);
 					
-					String redirect_form = RedirectFormBuilder.buildLoginForm(url, redirectTarget);
-				
-					resp.setContentType("text/html;charset=UTF-8");
-					resp.setStatus(HttpServletResponse.SC_OK);
-					PrintWriter out = new PrintWriter(resp.getOutputStream()); 
-					out.write(redirect_form);
-					out.flush();
-					
+
+					DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+							authURL, 
+							DefaultGUIFormBuilderConfiguration.VIEW_REDIRECT, 
+							null);
+					config.putCustomParameter(URL, url);
+					config.putCustomParameter(TARGET, redirectTarget);
+					guiBuilder.build(resp, config, "RedirectForm");
+									
 				} else if (MiscUtil.isNotEmpty(interIDP)) {
 					//store IDP identifier and redirect to generate AuthRequst service					
 					Logger.info("Receive an interfederation redirect request for IDP " + interIDP);					
@@ -121,13 +126,12 @@ public class RedirectServlet {
 					
 				} else {					
 					Logger.debug("Redirect to " + url);					
-					String redirect_form = RedirectFormBuilder.buildLoginForm(url, DEFAULT_REDIRECTTARGET);
-					
-					resp.setContentType("text/html;charset=UTF-8");
-					resp.setStatus(HttpServletResponse.SC_OK);
-					PrintWriter out = new PrintWriter(resp.getOutputStream()); 
-					out.write(redirect_form);
-					out.flush();
+					DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+							authURL, 
+							DefaultGUIFormBuilderConfiguration.VIEW_REDIRECT, 
+							null);
+					config.putCustomParameter(URL, url);
+					guiBuilder.build(resp, config, "RedirectForm");
 						
 				}
 				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
index ce384d1a0..87804ea6c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/WebFrontEndSecurityInterceptor.java
@@ -29,10 +29,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java
index 672d2a35e..1548f11b3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java
@@ -27,8 +27,15 @@ import java.util.Map;
 
 import javax.net.ssl.SSLSocketFactory;
 import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
+
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.apache.cxf.endpoint.Client;
+import org.apache.cxf.frontend.ClientProxy;
+import org.apache.cxf.transport.http.HTTPConduit;
+import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
 
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -38,20 +45,12 @@ import at.gv.util.wsdl.szrgw.SZRGWType;
 import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest;
 import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
 
-import javax.xml.ws.BindingProvider;
-
-import org.apache.cxf.configuration.jsse.TLSClientParameters;
-import org.apache.cxf.endpoint.Client;
-import org.apache.cxf.frontend.ClientProxy;
-import org.apache.cxf.transport.http.HTTPConduit;
-import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
-
 public class SZRGWClient {
 
 	private SSLSocketFactory sslContext = null;
 	
-	public SZRGWClient(ConnectionParameter szrgwconnection) throws SZRGWClientException {
-		initial(szrgwconnection);
+	public SZRGWClient(ConnectionParameterInterface connectionParameters) throws SZRGWClientException {
+		initial(connectionParameters);
 	}
 	
 	public CreateIdentityLinkResponse sentCreateIDLRequest(CreateIdentityLinkRequest request, String serviceUrl) throws SZRGWClientException {
@@ -101,11 +100,11 @@ public class SZRGWClient {
 	}
 	
 	
-	private void initial(ConnectionParameter szrgwconnection) throws at.gv.egovernment.moa.id.client.SZRGWClientException{ 
+	private void initial(ConnectionParameterInterface connectionParameters) throws at.gv.egovernment.moa.id.client.SZRGWClientException{ 
 		try {
 			sslContext = SSLUtils.getSSLSocketFactory(
 					AuthConfigurationProviderFactory.getInstance(),
-					szrgwconnection);
+					connectionParameters);
 			
 		} catch (Exception e) {
 			Logger.warn("SZRGW Client initialization FAILED.", e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java
index 2038e3f18..991e748de 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.client;
 
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 
 public class SZRGWClientException extends MOAIDException{
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java
index b0b2029ec..622eca0a5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/utils/SZRGWClientUtils.java
@@ -31,19 +31,19 @@ import org.w3c.dom.Element;
 
 import at.gv.egovernment.moa.id.client.SZRGWClient;
 import at.gv.egovernment.moa.id.client.SZRGWClientException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.util.xsd.mis.MandateIdentifiers;
 import at.gv.util.xsd.mis.Target;
 import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest;
+import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData;
 import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
 import at.gv.util.xsd.srzgw.MISType;
-import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest.PEPSData;
 import at.gv.util.xsd.srzgw.MISType.Filters;
 
 /**
@@ -127,7 +127,7 @@ public class SZRGWClientUtils {
 
 		try {
 			AuthConfiguration authConf = AuthConfigurationProviderFactory.getInstance();
-			ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
+			ConnectionParameterInterface connectionParameters = authConf.getForeignIDConnectionParameter();
 
 			String requestID = UUID.randomUUID().toString();			
 			SZRGWClient client = new SZRGWClient(connectionParameters);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java
deleted file mode 100644
index a0223853a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java
+++ /dev/null
@@ -1,82 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.config;
-
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-
-/**
- * Exception signalling an error in the configuration.
- * 
- * @author Patrick Peck
- * @version $Id$
- */
-public class ConfigurationException extends MOAIDException {
-
-  /**
-	 * 
-	 */
-	private static final long serialVersionUID = -7199539463319751278L;
-
-/**
-   * Create a <code>MOAConfigurationException</code>.
-   */
-  public ConfigurationException(String messageId, Object[] parameters) {
-    super(messageId, parameters);
-  }
-
-  /**
-   * Create a <code>MOAConfigurationException</code>.
-   */
-  public ConfigurationException(
-    String messageId,
-    Object[] parameters,
-    Throwable wrapped) {
-
-    super(messageId, parameters, wrapped);
-  }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
deleted file mode 100644
index 5ec0a5bc6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.config;
-
-/**
- * @author tlenz
- *
- */
-public interface ConfigurationProvider {
-
-	  /** 
-	   * The name of the system property which contains the file name of the 
-	   * configuration file.
-	   */
-	  public static final String CONFIG_PROPERTY_NAME =
-	    "moa.id.configuration";
-
-	  /** 
-	   * The name of the system property which contains the file name of the 
-	   * configuration file.
-	   */
-	  public static final String PROXY_CONFIG_PROPERTY_NAME =
-	    "moa.id.proxy.configuration";
-	  
-	  /**
-	   * The name of the generic configuration property giving the certstore directory path.
-	   */
-	  public static final String DIRECTORY_CERTSTORE_PARAMETER_PROPERTY =
-	    "DirectoryCertStoreParameters.RootDir";    
-
-		/**
-		 * The name of the generic configuration property switching the ssl revocation checking on/off
-		 */
-		public static final String TRUST_MANAGER_REVOCATION_CHECKING =
-			"TrustManager.RevocationChecking";   
-		
-		public String getRootConfigFileDir();
-		
-		public String getDefaultChainingMode();
-	
-		public String getTrustedCACertificates();
-		
-		public String getCertstoreDirectory();
-		
-		public boolean isTrustmanagerrevoationchecking();
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
index 60d676868..db6ff8d9b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
@@ -51,6 +51,8 @@ import java.util.Properties;
 
 import org.hibernate.cfg.Configuration;
 
+import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
 import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
index e38a4f360..9d78c348b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.config;
 
 import java.util.Properties;
 
+import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public abstract class ConnectionParameter implements ConnectionParameterInterface{
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterInterface.java
deleted file mode 100644
index 8e95c106d..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterInterface.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.config;
-
-public interface ConnectionParameterInterface {
-
-	
-	public boolean isHTTPSURL();
-	public String getUrl();
-	public String getAcceptedServerCertificates();
-	
-	public String getClientKeyStore();
-	public String getClientKeyStorePassword();
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java
deleted file mode 100644
index 1f9259696..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java
+++ /dev/null
@@ -1,165 +0,0 @@
-package at.gv.egovernment.moa.id.config.auth;
-
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed;
-import at.gv.egovernment.moa.id.config.stork.STORKConfig;
-import at.gv.util.config.EgovUtilPropertiesConfiguration;
-
-public interface AuthConfiguration extends ConfigurationProvider{
-
-	public static final String DEFAULT_X509_CHAININGMODE = "pkix";
-	
-	public Properties getGeneralPVP2ProperiesConfig();
-
-	public Properties getGeneralOAuth20ProperiesConfig();
-
-	public ProtocolAllowed getAllowedProtocols();
-	
-	public Map<String, String> getConfigurationWithPrefix(final String Prefix);
-	
-	public String getConfigurationWithKey(final String key);
-	
-	/**
-	 * Get a configuration value from basic file based MOA-ID configuration
-	 * 
-	 * @param key configuration key 
-	 * @return configuration value
-	 */
-	public String getBasicMOAIDConfiguration(final String key);
-	
-	public int getTransactionTimeOut();
-	public int getSSOCreatedTimeOut();
-	public int getSSOUpdatedTimeOut();
-	
-	public String getAlternativeSourceID() throws ConfigurationException;
-
-	public List<String> getLegacyAllowedProtocols();
-
-	public OAAuthParameter getOnlineApplicationParameter(String oaURL);
-
-	public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException;
-
-	public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException;
-
-	public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException;
-
-	public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException;
-
-	public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException;
-	
-	public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore) throws ConfigurationException;
-
-	public List<String> getTransformsInfos() throws ConfigurationException;
-
-	public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException;
-
-	public List<String> getSLRequestTemplates() throws ConfigurationException;
-
-	public String getSLRequestTemplates(String type) throws ConfigurationException;
-
-	public List<String> getDefaultBKUURLs() throws ConfigurationException;
-
-	public String getDefaultBKUURL(String type) throws ConfigurationException;
-
-	public String getSSOTagetIdentifier() throws ConfigurationException;
-
-	public String getSSOFriendlyName();
-
-	public String getSSOSpecialText();
-
-	public String getMOASessionEncryptionKey();
-
-	public String getMOAConfigurationEncryptionKey();
-
-	public boolean isIdentityLinkResigning();
-
-	public String getIdentityLinkResigningKey();
-
-	public boolean isMonitoringActive();
-
-	public String getMonitoringTestIdentityLinkURL();
-
-	public String getMonitoringMessageSuccess();
-
-	public boolean isAdvancedLoggingActive();
-
-	/**
-	 * Returns the PublicURLPrefix.
-	 * 
-	 * @return the PublicURLPrefix (one or more) of this IDP instance. All publicURLPrefix URLs are ends without / 
-	 * @throws ConfigurationException if no PublicURLPrefix is found.
-	 */
-	public List<String> getPublicURLPrefix()  throws ConfigurationException;
-
-	public boolean isVirtualIDPsEnabled(); 
-	
-	public boolean isPVP2AssertionEncryptionActive();
-
-	public boolean isCertifiacteQCActive();
-
-	public STORKConfig getStorkConfig() throws ConfigurationException;
-
-	public EgovUtilPropertiesConfiguration geteGovUtilsConfig();
-
-	public String getDocumentServiceUrl();
-
-	/**
-	 * Notify, if the STORK fake IdentityLink functionality is active
-	 * 
-	 * @return true/false 
-	 */
-	public boolean isStorkFakeIdLActive();
-
-	/**
-	 * Get a list of all STORK countries for which a faked IdentityLink should be created
-	 * 
-	 * @return {List<String>} of country codes
-	 */
-	public List<String> getStorkFakeIdLCountries();
-
-	/**
-	 * Get a list of all STORK countries for which no signature is required
-	 * 
-	 * @return {List<String>} of country codes
-	 */
-	public List<String> getStorkNoSignatureCountries();
-	
-	/**
-	 * Get the MOA-SS key-group identifier for fake IdentityLink signing
-	 * 
-	 * @return MOA-SS key-group identifier {String}
-	 */
-	public String getStorkFakeIdLResigningKey();
-
-	
-	/**
-	 * Notify, if the PVP2x metadata schema validation is active
-	 * 
-	 * @return true/false 
-	 */
-	public boolean isPVPSchemaValidationActive();
-
-	/**
-	 * Get all configuration values with prefix and wildcard
-	 * 
-	 * @param key: Search key. * and % can be used as wildcards
-	 * @return Key/Value pairs {Map<String, String>}, which key maps the search key
-	 */
-	Map<String, String> getConfigurationWithWildCard(String key);
-
-	/**
-	 * Get configured default revisions-log event codes which should be logged
-	 * 
-	 * @return {List<Integer>} if event codes or null
-	 */
-	List<Integer> getDefaultRevisionsLogEventCodes();
-	
-	@Deprecated
-	public boolean isHTTPAuthAllowed();
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java
index a00d3d313..94bcae672 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProviderFactory.java
@@ -24,7 +24,8 @@ package at.gv.egovernment.moa.id.config.auth;
 
 import org.springframework.context.ApplicationContext;
 
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
deleted file mode 100644
index 58034cc7b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
+++ /dev/null
@@ -1,224 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.config.auth;
-
-import java.security.PrivateKey;
-import java.util.Collection;
-import java.util.List;
-import java.util.Map;
-
-import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
-import at.gv.egovernment.moa.id.config.stork.CPEPS;
-import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
-import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin;
-
-/**
- * @author tlenz
- *
- */
-public interface IOAAuthParameters {
-
-	public static final String ONLINEBKU = "online";
-	public static final String HANDYBKU = "handy";
-	public static final String LOCALBKU = "local";
-	public static final String INDERFEDERATEDIDP = "interfederated";
-
-	/**
-	 * Get the full key/value configuration for this online application
-	 * 
-	 * @return an unmodifiable map of key/value pairs
-	 */
-	public Map<String, String> getFullConfiguration();
-	
-	  /**
-	   * Get a configuration value from online application key/value configuration
-	   * 
-	   * @param key: The key identifier of a configuration value   * 
-	   * @return The configuration value {String} or null if the key does not exist
-	   */  
-	public String getConfigurationValue(String key);
-	
-	public String getFriendlyName();
-	
-	public String getPublicURLPrefix();
-
-	public String getOaType();
-	
-	public boolean getBusinessService();
-	
-	/**
-	 * Get target of a public service-provider
-	 * 
-	 * @return target identifier without prefix
-	 */
-	public String getTarget();
-	
-	public String getTargetFriendlyName();
-	
-	public boolean isInderfederationIDP();
-	
-	public boolean isSTORKPVPGateway();
-	
-	public boolean isRemovePBKFromAuthBlock();
-	
-	/**
-	 * Return the private-service domain-identifier with PreFix
-	 * 
-	 * @return the identityLinkDomainIdentifier
-	 */
-	public String getIdentityLinkDomainIdentifier();
-
-	/**
-	 * @return the keyBoxIdentifier
-	 */
-	public String getKeyBoxIdentifier();
-
-	public SAML1ConfigurationParameters getSAML1Parameter();
-
-	/**
-	 * Get a list of online application specific trusted security layer templates 
-	 * 
-	 * @return a {List<String>} with template URLs, maybe empty but never null
-	 */
-	public List<String> getTemplateURL();
-
-	
-	/**
-	 * Return the additional AuthBlock text for this online application
-	 * 
-	 * @return authblock text {String} or null if no text is configured
-	 */
-	public String getAditionalAuthBlockText();
-
-	/**
-	 * Return an online application specific BKU URL for a requested BKU type
-	 * 
-	 * @param bkutype: defines the type of BKU 
-	 * @return BKU URL {String} or null if no BKU URL is configured
-	 */
-	public String getBKUURL(String bkutype);
-
-	/**
-	 * Return a list of all configured BKU URLs for this online application
-	 * 
-	 * @return List<String> of BKU URLs or an empty list if no BKU is configured
-	 */
-	public List<String> getBKUURL();
-
-	public boolean useSSO();
-
-	public boolean useSSOQuestion();
-
-	/**
-	 * Return all mandate-profile types configured for this online application
-	 * 
-	 * @return the mandateProfiles {List<String>} or null if no profile is defined
-	 */
-	public List<String> getMandateProfiles();
-
-	/**
-	 * @return the identityLinkDomainIdentifierType
-	 */
-	public String getIdentityLinkDomainIdentifierType();
-
-	public boolean isShowMandateCheckBox();
-
-	public boolean isOnlyMandateAllowed();
-
-	/**
-	 * Shall we show the stork login in the bku selection frontend?
-	 * 
-	 * @return true, if is we should show stork login
-	 */
-	public boolean isShowStorkLogin();
-
-	public Map<String, String> getFormCustomizaten();
-
-	public Integer getQaaLevel();
-
-	public boolean isRequireConsentForStorkAttributes();
-
-	/**
-	 * Return a {Collection} of requested STORK attributes
-	 * 
-	 * @return {Collection<StorkAttribute>} maybe empty but never null
-	 */
-	public Collection<StorkAttribute> getRequestedSTORKAttributes();
-
-	public byte[] getBKUSelectionTemplate();
-
-	public byte[] getSendAssertionTemplate();
-
-	/**
-	 * Return a {Collection} of configured STORK CPEPS 
-	 * 
-	 * @return {Collection<CPEPS>} maybe empty but never null
-	 */
-	public Collection<CPEPS> getPepsList();
-
-	public String getIDPAttributQueryServiceURL();
-
-	/**
-	 * @return
-	 */
-	boolean isInboundSSOInterfederationAllowed();
-
-	/**
-	 * @return
-	 */
-	boolean isInterfederationSSOStorageAllowed();
-
-	/**
-	 * @return
-	 */
-	boolean isOutboundSSOInterfederationAllowed();
-	
-	boolean isTestCredentialEnabled();
-
-	List<String> getTestCredentialOIDs();
-	
-	boolean isUseIDLTestTrustStore();
-	boolean isUseAuthBlockTestTestStore();
-	
-	PrivateKey getBPKDecBpkDecryptionKey();
-
-	/**
-	 * @return
-	 */
-	boolean isPassivRequestUsedForInterfederation();
-
-	/**
-	 * @return
-	 */
-	boolean isPerformLocalAuthenticationOnInterfederationError();
-
-	/**
-	 * Get a {Collection} of configured STORK attribute provider plug-ins
-	 * 
-	 * @return {Collection<StorkAttributeProviderPlugins>} maybe empty but never null
-	 */
-	public Collection<StorkAttributeProviderPlugin> getStorkAPs();
-	
-	public List<Integer> getReversionsLoggingEventCodes();
-	
-}
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index fdd125156..b1bba6c17 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -61,19 +61,19 @@ import org.apache.commons.lang.SerializationUtils;
 
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IStorkConfig;
+import at.gv.egovernment.moa.id.commons.api.data.BPKDecryptionParameters;
+import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
+import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.commons.validation.TargetValidator;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.data.BPKDecryptionParameters;
-import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
-import at.gv.egovernment.moa.id.config.stork.CPEPS;
-import at.gv.egovernment.moa.id.config.stork.STORKConfig;
-import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
-import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin;
 import at.gv.egovernment.moa.id.data.EncryptedData;
 import at.gv.egovernment.moa.id.util.ConfigurationEncrytionUtil;
-import at.gv.egovernment.moa.id.util.FormBuildUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -390,52 +390,6 @@ public boolean isOnlyMandateAllowed() {
 		}
 	}
 
-/* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten()
- */
-@Override
-public Map<String, String> getFormCustomizaten() {	
-	Map<String, String> map = new HashMap<String, String>();
-	map.putAll(FormBuildUtils.getDefaultMap());
-	
-	if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR)))
-		map.put(FormBuildUtils.MAIN_BACKGROUNDCOLOR, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR));
-	
-	if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACKGROUNDCOLOR)))
-		map.put(FormBuildUtils.BUTTON_BACKGROUNDCOLOR, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACKGROUNDCOLOR));
-	
-	if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACLGROUNDCOLORFOCUS)))
-		map.put(FormBuildUtils.BUTTON_BACKGROUNDCOLOR_FOCUS, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACLGROUNDCOLORFOCUS));
-	
-	if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONFRONTCOLOR)))
-		map.put(FormBuildUtils.BUTTON_COLOR, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONFRONTCOLOR));
-	
-	if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE)))
-		map.put(FormBuildUtils.FONTFAMILY, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE));
-	
-	if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FRONTCOLOR)))
-		map.put(FormBuildUtils.MAIN_COLOR, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FRONTCOLOR));
-	
-	if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERBACKGROUNDCOLOR)))
-		map.put(FormBuildUtils.HEADER_BACKGROUNDCOLOR, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERBACKGROUNDCOLOR));
-	
-	if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERFRONTCOLOR)))
-		map.put(FormBuildUtils.HEADER_COLOR, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERFRONTCOLOR));
-	
-	if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT)))
-		map.put(FormBuildUtils.HEADER_TEXT, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT));
-	
-	if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET)))
-		map.put(FormBuildUtils.REDIRECTTARGET, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET));
-	
-	if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT)))
-		map.put(FormBuildUtils.APPLET_HEIGHT, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT));
-	
-	if (MiscUtil.isNotEmpty(oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH)))
-		map.put(FormBuildUtils.APPLET_WIDTH, oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH));
-				
-	return map;
-}
 
 /* (non-Javadoc)
  * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
@@ -615,7 +569,7 @@ public byte[] getSendAssertionTemplate() {
 public Collection<CPEPS> getPepsList() {
 	Map<String, CPEPS> cPEPSMap = new HashMap<String, CPEPS>();
 	try {
-		STORKConfig availableSTORKConfig = AuthConfigurationProviderFactory.getInstance().getStorkConfig();	
+		IStorkConfig availableSTORKConfig = AuthConfigurationProviderFactory.getInstance().getStorkConfig();	
 		if (availableSTORKConfig != null) {	
 			Set<String> configKeys = oaConfiguration.keySet();	
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index ed2f4d96b..210bda3e6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -19,8 +19,14 @@ import java.util.Properties;
 
 import org.springframework.beans.factory.annotation.Autowired;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IStorkConfig;
+import at.gv.egovernment.moa.id.commons.api.data.ProtocolAllowed;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.commons.config.persistence.MOAIDConfiguration;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral;
@@ -29,15 +35,12 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplicati
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.SecurityLayer;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.VerifyIdentityLink;
 import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
 import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl;
 import at.gv.egovernment.moa.id.config.ConfigurationUtils;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
 import at.gv.egovernment.moa.id.config.ConnectionParameterForeign;
 import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP;
 import at.gv.egovernment.moa.id.config.ConnectionParameterMandate;
-import at.gv.egovernment.moa.id.config.auth.data.ProtocolAllowed;
 import at.gv.egovernment.moa.id.config.stork.STORKConfig;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
 import at.gv.egovernment.moa.logging.Logger;
@@ -916,8 +919,8 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 	 * @return a new STORK Configuration or {@code null}
 	 * @throws ConfigurationException is thrown in case of missing {@link AuthComponentGeneral}
 	 */
-	public STORKConfig getStorkConfig() throws ConfigurationException {
-		STORKConfig result = null;
+	public IStorkConfig getStorkConfig() throws ConfigurationException {
+		IStorkConfig result = null;
 		try {
 			Map<String, String> storkProps = configuration.getPropertySubset(
 					MOAIDConfigurationConstants.GENERAL_AUTH_STORK + ".");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/BPKDecryptionParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/BPKDecryptionParameters.java
deleted file mode 100644
index b7d5ebed5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/BPKDecryptionParameters.java
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.config.auth.data;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.Serializable;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.Certificate;
-
-import org.apache.commons.lang.SerializationUtils;
-
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
-
-
-/**
- * @author tlenz
- *
- */
-public class BPKDecryptionParameters implements Serializable{
-
-	private static final long serialVersionUID = 1L;
-	
-	private byte[] keyStore = null;
-	private String keyStorePassword = null;
-	private String keyAlias = null;
-	private String keyPassword = null;
-	
-	/**
-	 * @return
-	 * @throws IOException 
-	 */
-	public PrivateKey getPrivateKey() {
-		InputStream in = null;
-		try {
-			in = new ByteArrayInputStream(keyStore);
-			KeyStore store = KeyStoreUtils.loadKeyStore(in , keyStorePassword);
-			
-		    char[] chPassword = " ".toCharArray();
-		    if (keyPassword != null)
-		      chPassword = keyPassword.toCharArray();
-		    
-//		    Certificate test = store.getCertificate(keyAlias);
-//		    Base64Utils.encode(test.getPublicKey().getEncoded());
-		    
-			return (PrivateKey) store.getKey(keyAlias, chPassword);
-			
-			
-		} catch (KeyStoreException e) {
-			Logger.error("Can not load private key from keystore.", e);
-			
-		} catch (IOException e) {
-			Logger.error("Can not load private key from keystore.", e);
-			
-		} catch (UnrecoverableKeyException e) {
-			Logger.error("Can not load private key from keystore.", e);
-
-		} catch (NoSuchAlgorithmException e) {
-			Logger.error("Can not load private key from keystore.", e);
-			
-		} finally {
-			if (in != null) {
-				try {
-					in.close();
-				} catch (IOException e) {
-					Logger.warn("Close InputStream failed." , e);
-				}
-			}			
-		}
-		
-		return null;		
-	}
-	
-	public byte[] serialize() {
-		return SerializationUtils.serialize(this);
-		
-	}
-
-	/**
-	 * @param keyStore the keyStore to set
-	 */
-	public void setKeyStore(byte[] keyStore) {
-		this.keyStore = keyStore;
-	}
-
-	/**
-	 * @param keyStorePassword the keyStorePassword to set
-	 */
-	public void setKeyStorePassword(String keyStorePassword) {
-		this.keyStorePassword = keyStorePassword;
-	}
-
-	/**
-	 * @param keyAlias the keyAlias to set
-	 */
-	public void setKeyAlias(String keyAlias) {
-		this.keyAlias = keyAlias;
-	}
-
-	/**
-	 * @param keyPassword the keyPassword to set
-	 */
-	public void setKeyPassword(String keyPassword) {
-		this.keyPassword = keyPassword;
-	}
-	
-	
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index 171940063..8d70b1444 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -28,9 +28,10 @@ import java.util.Collection;
 import java.util.List;
 import java.util.Map;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
-import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin;
 
 /**
  * @author tlenz
@@ -196,15 +197,6 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 		return false;
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten()
-	 */
-	@Override
-	public Map<String, String> getFormCustomizaten() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
 	 */
@@ -254,7 +246,7 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPepsList()
 	 */
 	@Override
-	public Collection<at.gv.egovernment.moa.id.config.stork.CPEPS> getPepsList() {
+	public Collection<at.gv.egovernment.moa.id.commons.api.data.CPEPS> getPepsList() {
 		// TODO Auto-generated method stub
 		return null;
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/ProtocolAllowed.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/ProtocolAllowed.java
deleted file mode 100644
index a04fb1626..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/ProtocolAllowed.java
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.config.auth.data;
-
-/**
- * @author tlenz
- *
- */
-public class ProtocolAllowed {
-
-	private boolean isSAML1Active = false;
-	private boolean isPVP21Active = true;
-	private boolean isOAUTHActive = true;
-	
-	/**
-	 * 
-	 */
-	public ProtocolAllowed() {
-		
-	}
-	
-	/**
-	 * 
-	 */
-	public ProtocolAllowed(boolean saml1, boolean pvp21, boolean oauth) {
-		this.isOAUTHActive = oauth;
-		this.isPVP21Active = pvp21;
-		this.isSAML1Active = saml1;
-		
-	}
-	
-	/**
-	 * @return the isSAML1Active
-	 */
-	public boolean isSAML1Active() {
-		return isSAML1Active;
-	}
-	/**
-	 * @param isSAML1Active the isSAML1Active to set
-	 */
-	public void setSAML1Active(boolean isSAML1Active) {
-		this.isSAML1Active = isSAML1Active;
-	}
-	/**
-	 * @return the isPVP21Active
-	 */
-	public boolean isPVP21Active() {
-		return isPVP21Active;
-	}
-	/**
-	 * @param isPVP21Active the isPVP21Active to set
-	 */
-	public void setPVP21Active(boolean isPVP21Active) {
-		this.isPVP21Active = isPVP21Active;
-	}
-	/**
-	 * @return the isOAUTHActive
-	 */
-	public boolean isOAUTHActive() {
-		return isOAUTHActive;
-	}
-	/**
-	 * @param isOAUTHActive the isOAUTHActive to set
-	 */
-	public void setOAUTHActive(boolean isOAUTHActive) {
-		this.isOAUTHActive = isOAUTHActive;
-	}
-	
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/SAML1ConfigurationParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/SAML1ConfigurationParameters.java
deleted file mode 100644
index 8ff64f188..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/SAML1ConfigurationParameters.java
+++ /dev/null
@@ -1,276 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.config.auth.data;
-
-/**
- * @author tlenz
- *
- */
-public class SAML1ConfigurationParameters {
-
-		private boolean isActive = false;
-		private boolean provideBaseId = false;
-		private boolean provideAuthBlock = false;
-		private boolean provideIdl = false;
-		private boolean provideCertificate = false;
-		private boolean provideMandate = false;
-		private boolean provideAllErrors = true;
-		private boolean useCondition = false;
-		private String sourceID = null;
-		private String condition = new String();
-		
-		
-		/**
-		 * 
-		 */
-		public SAML1ConfigurationParameters(boolean isActive,
-				boolean provideBaseId, boolean provideAuthBlock,
-				boolean provideIdl, boolean provideCertificate,
-				boolean provideMandate, boolean provideAllErrors,
-				boolean useCondition, String condition,
-				String sourceID) {
-			this.condition = condition;
-			this.isActive = isActive;
-			this.provideAllErrors = provideAllErrors;
-			this.provideAuthBlock = provideAuthBlock;
-			this.provideBaseId = provideBaseId;
-			this.provideCertificate = provideCertificate;
-			this.provideIdl = provideIdl;
-			this.provideMandate = provideMandate;
-			this.useCondition = useCondition;
-			this.sourceID = sourceID;
-			
-		}
-		
-		
-		/**
-		 * 
-		 */
-		public SAML1ConfigurationParameters() {
-			
-		}
-
-
-		/**
-		 * Gets the value of the isActive property.
-		 * 
-		 * @return
-		 *     possible object is
-		 *     {@link String }
-		 *     
-		 */
-		public Boolean isIsActive() {
-			return this.isActive;
-		}
-
-		/**
-		 * @param isActive the isActive to set
-		 */
-		public void setActive(boolean isActive) {
-			this.isActive = isActive;
-		}
-
-
-		/**
-		 * @param provideBaseId the provideBaseId to set
-		 */
-		public void setProvideBaseId(boolean provideBaseId) {
-			this.provideBaseId = provideBaseId;
-		}
-
-
-		/**
-		 * @param provideAuthBlock the provideAuthBlock to set
-		 */
-		public void setProvideAuthBlock(boolean provideAuthBlock) {
-			this.provideAuthBlock = provideAuthBlock;
-		}
-
-
-		/**
-		 * @param provideIdl the provideIdl to set
-		 */
-		public void setProvideIdl(boolean provideIdl) {
-			this.provideIdl = provideIdl;
-		}
-
-
-		/**
-		 * @param provideCertificate the provideCertificate to set
-		 */
-		public void setProvideCertificate(boolean provideCertificate) {
-			this.provideCertificate = provideCertificate;
-		}
-
-
-		/**
-		 * @param provideMandate the provideMandate to set
-		 */
-		public void setProvideMandate(boolean provideMandate) {
-			this.provideMandate = provideMandate;
-		}
-
-
-		/**
-		 * @param provideAllErrors the provideAllErrors to set
-		 */
-		public void setProvideAllErrors(boolean provideAllErrors) {
-			this.provideAllErrors = provideAllErrors;
-		}
-
-
-		/**
-		 * @param useCondition the useCondition to set
-		 */
-		public void setUseCondition(boolean useCondition) {
-			this.useCondition = useCondition;
-		}
-
-
-		/**
-		 * @param sourceID the sourceID to set
-		 */
-		public void setSourceID(String sourceID) {
-			this.sourceID = sourceID;
-		}
-
-
-		/**
-		 * @param condition the condition to set
-		 */
-		public void setCondition(String condition) {
-			this.condition = condition;
-		}
-
-
-		/**
-		 * Gets the value of the provideStammzahl property.
-		 * 
-		 * @return
-		 *     possible object is
-		 *     {@link String }
-		 *     
-		 */
-		public Boolean isProvideStammzahl() {
-			return this.provideBaseId;
-		}
-		
-		/**
-		 * Gets the value of the provideAUTHBlock property.
-		 * 
-		 * @return
-		 *     possible object is
-		 *     {@link String }
-		 *     
-		 */
-		public Boolean isProvideAUTHBlock() {
-			return this.provideAuthBlock;
-		}
-
-		/**
-		 * Gets the value of the provideIdentityLink property.
-		 * 
-		 * @return
-		 *     possible object is
-		 *     {@link String }
-		 *     
-		 */
-		public Boolean isProvideIdentityLink() {
-			return this.provideIdl;
-		}
-
-		/**
-		 * Gets the value of the provideCertificate property.
-		 * 
-		 * @return
-		 *     possible object is
-		 *     {@link String }
-		 *     
-		 */
-		public Boolean isProvideCertificate() {
-			return this.provideCertificate;
-		}
-
-		/**
-		 * Gets the value of the provideFullMandatorData property.
-		 * 
-		 * @return
-		 *     possible object is
-		 *     {@link String }
-		 *     
-		 */
-		public Boolean isProvideFullMandatorData() {
-			return this.provideMandate;
-		}
-
-		/**
-		 * Gets the value of the useCondition property.
-		 * 
-		 * @return
-		 *     possible object is
-		 *     {@link String }
-		 *     
-		 */
-		public Boolean isUseCondition() {
-			return this.useCondition;
-		}
-
-		/**
-		 * Gets the value of the conditionLength property.
-		 * 
-		 * @return
-		 *     possible object is
-		 *     {@link BigInteger }
-		 *     
-		 */
-
-		public int getConditionLength() {
-			return condition.length();
-		}
-
-		/**
-		 * Gets the value of the sourceID property.
-		 * 
-		 * @return
-		 *     possible object is
-		 *     {@link String }
-		 *     
-		 */
-		public String getSourceID() {
-			return this.sourceID;
-		}
-
-		/**
-		 * Gets the value of the provideAllErrors property.
-		 * 
-		 * @return
-		 *     possible object is
-		 *     {@link String }
-		 *     
-		 */
-		public Boolean isProvideAllErrors() {
-			return this.provideAllErrors;
-		}
-
-}
-
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java
deleted file mode 100644
index 3f4be5093..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java
+++ /dev/null
@@ -1,138 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/**
- * 
- */
-package at.gv.egovernment.moa.id.config.stork;
-
-import java.net.URL;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.opensaml.saml2.metadata.RequestedAttribute;
-
-/**
- * Encpasulates C-PEPS information according MOA configuration
- * 
- * @author bzwattendorfer
- *
- */
-public class CPEPS {
-	
-	/**  Country Code of C-PEPS */
-	private String countryCode;
-	
-	/**  URL of C-PEPS */
-	private URL pepsURL;
-	
-	private Boolean isXMLSignatureSupported;
-
-	/** Specific attributes to be requested for this C-PEPS */
-	private List<RequestedAttribute> countrySpecificRequestedAttributes = new ArrayList<RequestedAttribute>();
-	
-	/**
-	 * Constructs a C-PEPS
-	 * @param countryCode ISO Country Code of C-PEPS
-	 * @param pepsURL URL of C-PEPS
-	 */
-	public CPEPS(String countryCode, URL pepsURL, Boolean isXMLSignatureSupported) {
-		super();
-		this.countryCode = countryCode;
-		this.pepsURL = pepsURL;
-		this.isXMLSignatureSupported = isXMLSignatureSupported;
-	}
-
-	/**
-	 * Gets the country code of this C-PEPS
-	 * @return ISO country code
-	 */
-	public String getCountryCode() {
-		return countryCode;
-	}
-
-	/**
-	 * Sets the country code of this C-PEPS
-	 * @param countryCode ISO country code
-	 */
-	public void setCountryCode(String countryCode) {
-		this.countryCode = countryCode;
-	}
-
-	/**
-	 * Gets the URL of this C-PEPS
-	 * @return C-PEPS URL
-	 */
-	public URL getPepsURL() {
-		return pepsURL;
-	}
-
-	/**
-	 * Sets the C-PEPS URL
-	 * @param pepsURL C-PEPS URL
-	 */
-	public void setPepsURL(URL pepsURL) {
-		this.pepsURL = pepsURL;
-	}
-
-	/**
-	 * Returns weather the C-PEPS supports XMl Signatures or not (important for ERnB)
-	 */
-	public Boolean isXMLSignatureSupported() {
-		return isXMLSignatureSupported;
-	}
-
-	/**
-	 * Sets weather the C-PEPS supports XMl Signatures or not (important for ERnB)
-	 * @param isXMLSignatureSupported C-PEPS XML Signature support
-	 */
-	public void setXMLSignatureSupported(boolean isXMLSignatureSupported) {
-		this.isXMLSignatureSupported = isXMLSignatureSupported;
-	}
-	
-	/**
-	 * Gets the country specific attributes of this C-PEPS
-	 * @return List of country specific attributes
-	 */
-	public List<RequestedAttribute> getCountrySpecificRequestedAttributes() {
-		return countrySpecificRequestedAttributes;
-	}
-
-	/**
-	 * Sets the country specific attributes
-	 * @param countrySpecificRequestedAttributes List of country specific requested attributes
-	 */
-	public void setCountrySpecificRequestedAttributes(
-			List<RequestedAttribute> countrySpecificRequestedAttributes) {
-		this.countrySpecificRequestedAttributes = countrySpecificRequestedAttributes;
-	}
-	
-	/**
-	 * Adds a Requested attribute to the country specific attribute List
-	 * @param countrySpecificRequestedAttribute Additional country specific requested attribute to add 
-	 */
-	public void addCountrySpecificRequestedAttribute(RequestedAttribute countrySpecificRequestedAttribute) {
-		this.countrySpecificRequestedAttributes.add(countrySpecificRequestedAttribute);
-	}
-	
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
index 9532aa9ab..8f6dff849 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
@@ -34,8 +34,13 @@ import java.util.Map;
 import java.util.Properties;
 import java.util.Set;
 
+import at.gv.egovernment.moa.id.commons.api.IStorkConfig;
+import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
+import at.gv.egovernment.moa.id.commons.api.data.SignatureCreationParameter;
+import at.gv.egovernment.moa.id.commons.api.data.SignatureVerificationParameter;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -47,7 +52,7 @@ import at.gv.egovernment.moa.util.StringUtils;
  * @author bzwattendorfer
  *
  */
-public class STORKConfig {
+public class STORKConfig implements IStorkConfig {
 
 	/** STORK SAML signature creation parameters */
 	private Properties props = null;
@@ -118,20 +123,36 @@ public class STORKConfig {
         }
 	}
 
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.stork.IStorkConfig#getSignatureCreationParameter()
+	 */
+	@Override
 	public SignatureCreationParameter getSignatureCreationParameter() {
 
 		return new SignatureCreationParameter(props, basedirectory);
 	}
 
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.stork.IStorkConfig#getSignatureVerificationParameter()
+	 */
+	@Override
 	public SignatureVerificationParameter getSignatureVerificationParameter() {
 
 		return sigverifyparam;
 	}
 
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.stork.IStorkConfig#getCpepsMap()
+	 */
+	@Override
 	public Map<String, CPEPS> getCpepsMap() {
 		return cpepsMap;
 	}
 
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.stork.IStorkConfig#isSTORKAuthentication(java.lang.String)
+	 */
+	@Override
 	public boolean isSTORKAuthentication(String ccc) {
 
 		  if (StringUtils.isEmpty(ccc) || this.cpepsMap.isEmpty())
@@ -144,6 +165,10 @@ public class STORKConfig {
 
 	}
 
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.stork.IStorkConfig#getCPEPS(java.lang.String)
+	 */
+	@Override
 	public CPEPS getCPEPS(String ccc) {
 		if (isSTORKAuthentication(ccc))
 			return this.cpepsMap.get(ccc);
@@ -151,6 +176,10 @@ public class STORKConfig {
 			return null;
 	}
 
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.stork.IStorkConfig#getStorkAttributes()
+	 */
+	@Override
 	public List<StorkAttribute> getStorkAttributes() {
 		return attr;
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java
deleted file mode 100644
index f188daf0d..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java
+++ /dev/null
@@ -1,103 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-package at.gv.egovernment.moa.id.config.stork;
-
-import java.util.Properties;
-
-/**
- * Encapsulates signature creation parameters according MOA configuration
- * 
- * @author bzwattendorfer
- *
- */
-public class SignatureCreationParameter {
-	
-	private static final String PROPS_PREFIX = "stork.samlsigningparameter.signaturecreation.";
-	private static final String PROPS_KEYSTORE_FILE = "keystore.file";
-	private static final String PROPS_KEYSTORE_PASS = "keystore.password";
-	private static final String PROPS_KEYNAME_NAME = "keyname.name";
-	private static final String PROPS_KEYNAME_PASS = "keyname.password";
-	
-	private Properties props;
-	private String basedirectory;
-	
-	SignatureCreationParameter(Properties props, String basedirectory) {
-		this.props = props;
-		this.basedirectory = basedirectory;
-	}
-	
-	/**
-	 * Gets the KeyStore Path
-	 * @return File Path to KeyStore
-	 */
-	public String getKeyStorePath() {
-		return basedirectory + props.getProperty(PROPS_PREFIX+PROPS_KEYSTORE_FILE);
-	}
-
-	/**
-	 * Gets the KeyStore Password
-	 * @return Password to KeyStore
-	 */
-	public String getKeyStorePassword() {
-		return props.getProperty(PROPS_PREFIX+PROPS_KEYSTORE_PASS);
-	}
-
-	/**
-	 * Gets the Signing Key Name
-	 * @return Siging Key Name
-	 */
-	public String getKeyName() {
-		return props.getProperty(PROPS_PREFIX+PROPS_KEYNAME_NAME);
-	}
-
-	/**
-	 * Gets the Signing Key Password
-	 * @return Signing Key Password
-	 */
-	public String getKeyPassword() {
-		return props.getProperty(PROPS_PREFIX+PROPS_KEYNAME_PASS);
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java
deleted file mode 100644
index 9b3e24c46..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/**
- * 
- */
-package at.gv.egovernment.moa.id.config.stork;
-
-/**
- * Encapsulates Signature Verification data for STORK according MOA configuration
- * 
- * @author bzwattendorfer
- *
- */
-public class SignatureVerificationParameter {
-	
-	/** ID of the MOA-SP TrustProfile to be used for STORK SAML signature verification */
-	private String trustProfileID;
-
-	public SignatureVerificationParameter(String trustProfileID2) {
-		this.trustProfileID = trustProfileID2;
-	}
-
-	/**
-	 * Gets the MOA-SP TrustProfileID
-	 * @return TrustProfileID of MOA-SP for STORK signature verification
-	 */
-	public String getTrustProfileID() {
-		return trustProfileID;
-	}
-
-	
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttribute.java
deleted file mode 100644
index 87ec7fb0c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttribute.java
+++ /dev/null
@@ -1,27 +0,0 @@
-package at.gv.egovernment.moa.id.config.stork;
-
-public class StorkAttribute {
-
-	protected Boolean mandatory;
-	protected String name;
-	
-	public StorkAttribute(String name, boolean mandatory) {
-		this.name = name;
-		this.mandatory = mandatory;
-	}
-	
-	public Boolean getMandatory() {
-		return mandatory;
-	}
-	public void setMandatory(Boolean mandatory) {
-		this.mandatory = mandatory;
-	}
-	public String getName() {
-		return name;
-	}
-	public void setName(String name) {
-		this.name = name;
-	}
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttributeProviderPlugin.java
deleted file mode 100644
index 619af2358..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/StorkAttributeProviderPlugin.java
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.config.stork;
-
-/**
- * @author tlenz
- *
- */
-public class StorkAttributeProviderPlugin {
-	private String name = null;
-	private String url = null;
-	private String attributes = null;
-	
-	/**
-	 * 
-	 */
-	public StorkAttributeProviderPlugin(String name, String url, String attributes) {
-		this.name = name;
-		this.url = url;
-		this.attributes = attributes;
-	}
-	
-	/**
-	 * @return the name
-	 */
-	public String getName() {
-		return name;
-	}
-	/**
-	 * @param name the name to set
-	 */
-	public void setName(String name) {
-		this.name = name;
-	}
-	/**
-	 * @return the url
-	 */
-	public String getUrl() {
-		return url;
-	}
-	/**
-	 * @param url the url to set
-	 */
-	public void setUrl(String url) {
-		this.url = url;
-	}
-	/**
-	 * @return the attributes
-	 */
-	public String getAttributes() {
-		return attributes;
-	}
-	/**
-	 * @param attributes the attributes to set
-	 */
-	public void setAttributes(String attributes) {
-		this.attributes = attributes;
-	}
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index aa9a0824d..d306ec005 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -35,7 +35,7 @@ import org.apache.commons.collections4.map.HashedMap;
 import org.w3c.dom.Element;
 
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index f065bbc56..5aceb8eec 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -35,7 +35,6 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.velocity.VelocityContext;
 import org.opensaml.saml2.core.LogoutRequest;
 import org.opensaml.saml2.core.LogoutResponse;
 import org.opensaml.saml2.core.StatusCode;
@@ -48,19 +47,23 @@ import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
+import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
 import at.gv.egovernment.moa.id.auth.modules.SingleSignOnConsentsModuleImpl;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
@@ -76,7 +79,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEng
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.storage.ITransactionStorage;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
@@ -101,6 +103,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 	@Autowired protected AuthConfiguration authConfig;
 	@Autowired private SingleLogOutBuilder sloBuilder;
 	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
+	@Autowired private IGUIFormBuilder guiBuilder;
 			
 	public void performSingleLogOut(HttpServletRequest httpReq,
 	HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException {
@@ -551,12 +554,17 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 						+ "/idpSingleLogout"
 						+ "?restart=" + relayState;
 				
-		        VelocityContext context = new VelocityContext();
-		        context.put("redirectURLs", sloReqList);
-		        context.put("timeoutURL", timeOutURL);
-		        context.put("timeout", SLOTIMEOUT);
-		        ssoManager.printSingleLogOutInfo(context, httpResp, authURL);
+				DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+						authURL, 
+						DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
+						null);
 				
+				config.putCustomParameter("redirectURLs", sloReqList);
+				config.putCustomParameter("timeoutURL", timeOutURL);
+				config.putCustomParameter("timeout", SLOTIMEOUT);
+		        
+		        guiBuilder.build(httpResp, config, "Single-LogOut GUI");
+		        
 								
 			} else {
 				if (pvpReq != null) {
@@ -567,20 +575,29 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 					
 				} else {
 					//print SLO information directly
-			        VelocityContext context = new VelocityContext();
+					DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+							authURL, 
+							DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
+							null);
+					
 			        if (sloContainer.getSloFailedOAs() == null || 
 			        		sloContainer.getSloFailedOAs().size() == 0)
-			        	context.put("successMsg", 
+			        	config.putCustomParameter("successMsg", 
 			        			MOAIDMessageProvider.getInstance().getMessage("slo.00", null));
 			        else
-			        	context.put("errorMsg", 
+			        	config.putCustomParameter("errorMsg", 
 			        			MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
-			        ssoManager.printSingleLogOutInfo(context, httpResp, authURL);
+			        
+			        guiBuilder.build(httpResp, config, "Single-LogOut GUI");
 										
 				}
 									
 			}	
-								
+		
+		} catch (GUIBuildException e) {
+			Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage());
+			throw  new MOAIDException("builder.09", new Object[]{e.getMessage()}, e);
+			
 		} catch (MOADatabaseException e) {
 			Logger.error("MOA AssertionDatabase ERROR", e);
 			if (pvpReq != null) {
@@ -590,10 +607,22 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 				
 			}else {
 				//print SLO information directly
-		        VelocityContext context = new VelocityContext();
-	        	context.put("errorMsg", 
+				DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+						authURL, 
+						DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
+						null);
+				
+				config.putCustomParameter("errorMsg", 
 	        			MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
-		        ssoManager.printSingleLogOutInfo(context, httpResp, authURL);
+	        	
+	        	try {
+					guiBuilder.build(httpResp, config, "Single-LogOut GUI");
+					
+				} catch (GUIBuildException e1) {
+					Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage());
+					throw  new MOAIDException("builder.09", new Object[]{e.getMessage()}, e);
+					
+				}
 									
 			}
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
index 7833e795e..ae2771427 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
@@ -25,7 +25,8 @@ package at.gv.egovernment.moa.id.moduls;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
index 79e52f6e1..b9b161bb6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
@@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.moduls;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+
 
 public interface IModulInfo {
 	//public List<ServletInfo> getServlets();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
deleted file mode 100644
index d5d0e6c48..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
+++ /dev/null
@@ -1,202 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.moduls;
-
-import java.util.Collection;
-
-import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-
-public interface IRequest {
-		
-	/**
-	 * Indicates the module, which implements this authentication protocol.
-	 * The class, which is referenced, had to implement the 'IModulInfo' interface.
-	 * 
-	 * @return Full-qualified name of the class which implements this protocol
-	 */
-	public String requestedModule();
-	
-	/**
-	 * Indicates the protocol specific action, which should executed if the request is processed. 
-	 * The class, which is referenced, had to implement the 'IAction' interface.
-	 * 
-	 * @return Full-qualified name of the class which implements the action  
-	 */
-	public String requestedAction();
-	
-	/**
-	 * Unique identifier, which indicates the service provider. 
-	 * In case of SAML1 protocol, it is the OA http-GET parameter
-	 * 
-	 * @return Unique identifier for the service provider
-	 */
-	public String getOAURL();
-	
-	/**
-	 * Indicates the passive flag in authentication requests.
-	 * If the passive flag is set, the identification and authentication process 
-	 * failed if no active SSO session is found. 
-	 * 
-	 * @return true, if the is passive flag is set in authentication request, otherwise false
-	 */
-	public boolean isPassiv();
-	
-	/**
-	 * Indicates the force authentication flag in authentication request
-	 * If this flag is set, a new identification and authentication process
-	 * is carried out in any case.
-	 * 
-	 * @return true, if the force authentication flag is set, otherwise false
-	 */
-	public boolean forceAuth();
-	
-	
-	/**
-	 * Returns a generic request-data object with is stored with a specific identifier 
-	 * 
-	 * @param key The specific identifier of the request-data object
-	 * @return The request-data object or null if no data is found with this key
-	 */
-	public Object getGenericData(String key);
-	
-	/**
-	 * Returns a generic request-data object with is stored with a specific identifier 
-	 * 
-	 * @param key The specific identifier of the request-data object
-	 * @param clazz The class type which is stored with this key
-	 * @return The request-data object or null if no data is found with this key
-	 */
-	public <T> T getGenericData(String key, final Class<T> clazz);
-	
-	/**
-	 * Store a generic data-object to request with a specific identifier
-	 * 
-	 * @param key Identifier for this data-object
-	 * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
-	 * @throws SessionDataStorageException Error message if the data-object can not stored to generic request-data storage
-	 */
-	public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException;
-		
-	/**
-	 * Hold the identifier of this request object. 
-	 * This identifier can be used to load the request from request storage 
-	 * 
-	 * @return Request identifier
-	 */
-	public String getRequestID();
-	
-
-	/**
-	 * Hold the identifier of the MOASession which is associated with this request
-	 * 
-	 * @return MOASession identifier if a associated session exists, otherwise null
-	 */
-	public String getMOASessionIdentifier();
-
-	
-	/**
-	 * Holds a unique transaction identifier, which could be used for looging
-	 * This transaction identifier is unique for a single identification and authentication process
-	 * 
-	 * @return Unique transaction identifier. 
-	 */
-	public String getUniqueTransactionIdentifier();
-	
-	/**
-	 * Holds a unique session identifier, which could be used for logging 
-	 * This session identifier is unique for the full Single Sign-On session time
-	 * 
-	 * @return Unique session identifier
-	 */
-	public String getUniqueSessionIdentifier();
-	
-	
-	/**
-	 * Hold the identifier if the process instance, which is associated with this request 
-	 * 
-	 * @return ProcessInstanceID if this request is associated with a authentication process, otherwise null
-	 */
-	public String getProcessInstanceId();
-	
-	
-	/**
-	 * get the IDP URL PreFix, which was used for authentication request
-	 * 
-	 * @return IDP URL PreFix <String>. The URL prefix always ends without /
-	 */
-	public String getAuthURL();
-	public String getAuthURLWithOutSlash();
-	
-	/**
-	 * Indicates if this pending request needs authentication
-	 * 
-	 * @return true if this request needs authentication, otherwise false
-	 */
-	public boolean isNeedAuthentication();
-	
-	/**
-	 * Indicates, if this pending request needs Single Sign-On (SSO) functionality 
-	 * 
-	 * @return true if this request needs SSO, otherwise false
-	 */
-	public boolean needSingleSignOnFunctionality();
-	public void setNeedSingleSignOnFunctionality(boolean needSSO);
-	
-	/**
-	 * Indicates, if this pending request is already authenticated
-	 * 
-	 * @return true if this request is already authenticated, otherwise false
-	 */
-	public boolean isAuthenticated();
-	public void setAuthenticated(boolean isAuthenticated);
-	
-	/**
-	 * Get get Service-Provider configuration which is associated with this request.
-	 * 
-	 * @return Service-Provider configuration
-	 */
-	public IOAAuthParameters getOnlineApplicationConfiguration();
-
-	/**
-	 * Indicates, if this pending-request is aborted by the user
-	 * 
-	 * @return true, if it is aborted, otherwise false
-	 */
-	public boolean isAbortedByUser();
-
-	/**
-	 * Set the 'isAboredByUser' flag of this pending-request
-	 * 
-	 * @param b true, if the user has abort the authentication process, otherwise false
-	 */
-	public void setAbortedByUser(boolean isAborted);
-	
-	/**
-	 * This method get a Set of PVP 2.1 attribute, which are request by this pending-request.
-	 * 
-	 * @return A set of PVP attribute names or null if no attributes are requested 
-	 * 			or the Service Provider, which sends this request needs no attributes
-	 */
-	public Collection<String> getRequestedAttributes();
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java
index d26af89a2..987d92e16 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequestStorage.java
@@ -22,7 +22,8 @@
  */
 package at.gv.egovernment.moa.id.moduls;
 
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java
index 6551b88a3..f1db466e9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.moduls;
 
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 
 public class NoPassivAuthenticationException extends MOAIDException {
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index aec5ad124..85e4dc99b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -33,12 +33,13 @@ import java.util.Map;
 import javax.servlet.http.HttpServletRequest;
 
 import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
-import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
index c49df43fa..1b550881e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
@@ -26,7 +26,8 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAO;
 import at.gv.egovernment.moa.id.storage.ITransactionStorage;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index db4022cdc..bc7dd272b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -22,13 +22,6 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.moduls;
 
-import java.io.BufferedReader;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.StringWriter;
-import java.net.URI;
 import java.util.Date;
 import java.util.List;
 
@@ -36,27 +29,24 @@ import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
 import org.hibernate.Query;
 import org.hibernate.Session;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -312,69 +302,7 @@ public class SSOManager {
 			return false;
 		
 	}
-	
-	public void printSingleLogOutInfo(VelocityContext context, HttpServletResponse httpResp, String authURL) throws MOAIDException {		
-		try {			
-			Logger.trace("Initialize VelocityEngine...");
-			context.put(CONTEXTPATH, authURL);
-			
-			InputStream is = null;
-			String pathLocation = null;
-			try {
-				String rootconfigdir = authConfig.getRootConfigFileDir();
-				pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL;
-				File file = new File(new URI(pathLocation));
-				is = new  FileInputStream(file);
-				evaluateSLOTemplate(context, httpResp, is);
-				
-			} catch (Exception e) {
-				Logger.warn("SLO Template is not found in configuration directory (" +
-						pathLocation + "). Load template from project library ... ");
-				
-				try  {
-					pathLocation = "resources/templates/" + HTMLTEMPLATEFULL;
-					is = Thread.currentThread()
-							.getContextClassLoader()
-							.getResourceAsStream(pathLocation);				
-					evaluateSLOTemplate(context, httpResp, is);
-					
-				} catch (Exception e1) {
-					Logger.error("Single LogOut form can not created.", e);
-					throw new MOAIDException("Create Single LogOut information FAILED.", null, e);
-				}
-				
-			} finally {
-				if (is != null)
-					is.close();
-				
-			}
-			
-		} catch (Exception e) {
-			Logger.error("Single LogOut form can not created.", e);
-			throw new MOAIDException("Create Single LogOut information FAILED.", null, e);
-		}
 			
-	}
-	
-	private void evaluateSLOTemplate(VelocityContext context, HttpServletResponse httpResp, InputStream is) throws Exception {
-		
-		VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
-		
-		BufferedReader reader = new BufferedReader(new InputStreamReader(is ));
-		
-		//set default elements to velocity context
-		//context.put(CONTEXTPATH, authConfig.getPublicURLPrefix());
-		
-		StringWriter writer = new StringWriter();			
-		//velocityEngine.evaluate(context, writer, "SLO_Template", reader);			
-		engine.evaluate(context, writer, "SLO Template", reader);
-
-		
-		httpResp.setContentType("text/html;charset=UTF-8");            
-		httpResp.getOutputStream().write(writer.toString().getBytes("UTF-8"));
-		
-	}
-	
 	private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) {
 		Cookie[] cookies = httpReq.getCookies();
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java
index b68f170c8..44f622fa0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java
@@ -3,7 +3,7 @@ package at.gv.egovernment.moa.id.process;
 
 import java.io.InputStream;
 
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.model.ProcessDefinition;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
index 437eee63c..f9986dccb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
@@ -15,9 +15,9 @@ import org.slf4j.MDC;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext;
 import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java
index 88048d23e..cff85ad60 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java
@@ -1,7 +1,7 @@
 package at.gv.egovernment.moa.id.process.api;
 
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java
index b60434b2a..dd0d87dd7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java
@@ -9,7 +9,7 @@ import org.springframework.web.context.request.ServletRequestAttributes;
 import org.springframework.web.filter.RequestContextFilter;
 
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.Task;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java
index bf00cadaf..4e44f4043 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java
@@ -34,14 +34,14 @@ import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.servlet.AbstractController;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
 import at.gv.egovernment.moa.id.moduls.IAction;
 import at.gv.egovernment.moa.id.moduls.IModulInfo;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
index 0ab630dc2..302c60c5e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
@@ -34,10 +34,10 @@ import org.springframework.web.bind.annotation.RequestMethod;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java
index 048293fc2..eff839e4e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BirthdateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BirthdateAttributeBuilder.java
index 0e6dc1838..f1d88f877 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BirthdateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BirthdateAttributeBuilder.java
@@ -25,7 +25,7 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes;
 import java.text.DateFormat;
 import java.text.SimpleDateFormat;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
index 2d15edc7b..dab3810e3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDAuthBlock.java
@@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
 import java.io.IOException;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java
index 998377472..623acd18e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCcsURL.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
index 14199d808..cfc6b102c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java
index 13addc1fd..9e5d4198c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java
@@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
 import java.io.IOException;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIssuingNationAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIssuingNationAttributeBuilder.java
index 3d7260af1..ab41b1229 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIssuingNationAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIssuingNationAttributeBuilder.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java
index 43a0458cb..b1474acda 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSTORKTOKEN.java
@@ -25,7 +25,7 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes;
 import java.io.IOException;
 
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java
index 2ca56a791..c3300d60f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java
index 204c0c15d..1172d3cec 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java
@@ -25,7 +25,7 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
 import java.io.IOException;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePIN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePIN.java
index 69f0c3088..a6a5f1dd4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePIN.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePIN.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributePolicyException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePINType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePINType.java
index 58f18ee23..1d836802a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePINType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSourcePINType.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
index 76866c336..9dfbe00b2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/GivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/GivenNameAttributeBuilder.java
index 61771de66..af87a319a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/GivenNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/GivenNameAttributeBuilder.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java
index 4def39d54..1d3faff2d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java
@@ -24,8 +24,8 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
 import java.io.IOException;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IAttributeBuilder.java
index ace4c0be0..5b44f02aa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/IAttributeBuilder.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
index ca66700a2..53cfbecc1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -26,7 +26,7 @@ import java.io.IOException;
 
 import javax.xml.transform.TransformerException;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
index 67eb92d9b..97043a3a0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
@@ -26,7 +26,7 @@ import org.w3c.dom.Element;
 
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
index 9474cd832..46472c983 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
@@ -26,7 +26,7 @@ import org.w3c.dom.Element;
 
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
index 8391c8230..41c35dad3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
@@ -26,7 +26,7 @@ import org.w3c.dom.Element;
 
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index df077a631..df8f86f7e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -29,7 +29,7 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.Identificati
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
index 663e927fc..a64880889 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
@@ -31,7 +31,7 @@ import org.w3c.dom.Element;
 
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.InvalidDateFormatAttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
index dd49b2a1e..085579108 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
@@ -29,7 +29,7 @@ import org.w3c.dom.Element;
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType.FamilyName;
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
index 55c864335..4cd2ca670 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
@@ -28,7 +28,7 @@ import org.w3c.dom.Element;
 
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
index 53eca141e..69a731e53 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
@@ -28,7 +28,7 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.AuthenticationData;
 import at.gv.egovernment.moa.id.data.IAuthData;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
index 46562c506..41a821c98 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
@@ -27,7 +27,7 @@ import org.w3c.dom.Element;
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
index d1da36aa3..b4eed85d0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
@@ -25,7 +25,7 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes;
 import org.w3c.dom.Element;
 
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
index 3cfc40d22..bef9afd8f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java
index a1fa6c2a8..5ad562ffa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java
index 573f0584a..a531e31fc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java
@@ -25,7 +25,7 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes;
 import org.w3c.dom.Element;
 
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PVPVersionAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PVPVersionAttributeBuilder.java
index 456634fb1..285a6977f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PVPVersionAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PVPVersionAttributeBuilder.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PrincipalNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PrincipalNameAttributeBuilder.java
index 33f3a1d05..b2465b5c1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PrincipalNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/PrincipalNameAttributeBuilder.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index 142810d45..f992737b6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -44,19 +44,19 @@ import org.springframework.stereotype.Service;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
 import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
@@ -217,14 +217,16 @@ public class AttributQueryAction implements IAction {
 					+ " for authentication information.");
 	
 				//load configuration of next IDP
-				OAAuthParameter idp = authConfig.getOnlineApplicationParameter(nextIDPInformation.getIdpurlprefix());
-				if (idp == null) {
+				IOAAuthParameters idpLoaded = authConfig.getOnlineApplicationParameter(nextIDPInformation.getIdpurlprefix());
+				if (idpLoaded == null || !(idpLoaded instanceof OAAuthParameter)) {
 					Logger.warn("Configuration for federated IDP:" + nextIDPInformation.getIdpurlprefix() 
 						+ "is not loadable.");
 					throw new MOAIDException("auth.32", new Object[]{nextIDPInformation.getIdpurlprefix()});
 					
 				}
 
+				OAAuthParameter idp = (OAAuthParameter) idpLoaded;
+				
 				//check if next IDP config allows inbound messages
 				if (!idp.isInboundSSOInterfederationAllowed()) {
 					Logger.warn("Configuration for federated IDP:" + nextIDPInformation.getIdpurlprefix() 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index a214dad9d..2d13609d8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -37,13 +37,13 @@ import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 15fe1e9d7..2a688da68 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -30,11 +30,11 @@ import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.IDPPVPMetadataConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 8065af1a6..eec1ccb78 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -56,15 +56,16 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityLogAdapter;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
 import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
@@ -95,7 +96,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
 import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.VelocityLogAdapter;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -496,7 +496,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController  {
 
 			String oaURL = metadata.getEntityID();
 			oaURL = StringEscapeUtils.escapeHtml(oaURL);
-			OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL);
+			IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(oaURL);
 			
 			Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding());
 						
@@ -579,7 +579,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController  {
 			throw new WrongParametersException("StartAuthentication",
 					PARAM_OA, "auth.12");
 		
-		OAAuthParameter oa = authConfig.getOnlineApplicationParameter(moaRequest.getEntityID());
+		IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(moaRequest.getEntityID());
 		if (!oa.isInderfederationIDP()) {
 			Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs.");
 			throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null);
@@ -733,7 +733,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController  {
 						
 		String oaURL = moaRequest.getEntityMetadata().getEntityID();
 		oaURL = StringEscapeUtils.escapeHtml(oaURL);
-		OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL);
+		IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(oaURL);
 		
 		Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());		
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index 5afa10a72..ae88f3ea4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -40,11 +40,12 @@ import org.opensaml.saml2.metadata.SingleLogoutService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -54,7 +55,6 @@ import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
 import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index 46381fcc2..9977e607b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -50,6 +50,7 @@ import org.opensaml.xml.parse.BasicParserPool;
 import org.opensaml.xml.security.SecurityException;
 import org.opensaml.xml.security.credential.Credential;
 
+import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
@@ -58,7 +59,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 import at.gv.egovernment.moa.id.protocols.pvp2x.validation.MOAPVPSignedRequestPolicyRule;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
index 9c097780b..2df72637d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
@@ -49,8 +49,8 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.Document;
 
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
index aea3c2ee7..78ddab488 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
@@ -51,7 +51,7 @@ import org.opensaml.xml.security.criteria.UsageCriteria;
 import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
 import org.opensaml.xml.security.x509.X509Credential;
 
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
index c48caed29..b82e6c1f0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
@@ -32,7 +32,7 @@ import java.util.ServiceLoader;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.metadata.RequestedAttribute;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
index d5d84dd51..ba5c19de7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
@@ -44,7 +44,7 @@ import org.opensaml.ws.message.encoder.MessageEncodingException;
 import org.opensaml.xml.security.SecurityException;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
index 3418ffb69..62e3b9620 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
@@ -72,7 +72,7 @@ import org.opensaml.xml.signature.Signer;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.Document;
 
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index 63452bee0..c793b5dee 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -63,10 +63,11 @@ import org.springframework.stereotype.Service;
 import org.w3c.dom.Document;
 
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.data.ISLOInformationContainer;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
@@ -83,7 +84,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 3aa05bb2d..3ca6a64e0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -61,9 +61,9 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.Identificati
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
index 9a51e75e4..91f43b10b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
@@ -32,7 +32,7 @@ import org.opensaml.saml2.metadata.Organization;
 import org.opensaml.saml2.metadata.RequestedAttribute;
 import org.opensaml.xml.security.credential.Credential;
 
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index 58210a72c..480656e30 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -44,10 +44,10 @@ import org.opensaml.saml2.metadata.OrganizationURL;
 import org.opensaml.saml2.metadata.SurName;
 import org.opensaml.saml2.metadata.TelephoneNumber;
 
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java
index fcd8472b1..1e029f567 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java
@@ -22,7 +22,7 @@
  */
 package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
 
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 
 /**
  * @author tlenz
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestValidatorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestValidatorException.java
index 7ed438471..f65c4d265 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestValidatorException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestValidatorException.java
@@ -22,7 +22,7 @@
  */
 package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
 
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 
 /**
  * @author tlenz
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
index 709c1e34b..00fb97151 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
@@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
 
 import org.opensaml.saml2.core.StatusCode;
 
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 
 public abstract class PVP2Exception extends MOAIDException {
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 618346485..3002ca179 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -45,12 +45,12 @@ import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
 import org.opensaml.xml.XMLObject;
 
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing;
 import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
@@ -121,7 +121,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 	@Override
 	public boolean refreshMetadataProvider(String entityID) {
 		try {
-			OAAuthParameter oaParam = 
+			IOAAuthParameters oaParam = 
 					AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID);
 			if (oaParam != null) {
 				String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
@@ -230,7 +230,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 				while (oaInterator.hasNext()) {
 					Entry<String, String> oaKeyPair = oaInterator.next();
 					
-					OAAuthParameter oaParam = 
+					IOAAuthParameters oaParam = 
 							AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaKeyPair.getValue());
 					if (oaParam != null) {
 						String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
@@ -361,7 +361,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 				while (oaInterator.hasNext()) {
 					Entry<String, String> oaKeyPair = oaInterator.next();
 					
-					OAAuthParameter oaParam = 
+					IOAAuthParameters oaParam = 
 							AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaKeyPair.getValue());
 					if (oaParam != null) {
 						String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
@@ -425,7 +425,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 		internalProvider = chainProvider;
 	}
 	
-	private PVPMetadataFilterChain buildMetadataFilterChain(OAAuthParameter oaParam, String metadataURL, byte[] certificate) throws CertificateException {
+	private PVPMetadataFilterChain buildMetadataFilterChain(IOAAuthParameters oaParam, String metadataURL, byte[] certificate) throws CertificateException {
 		PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
 		filterChain.getFilters().add(new SchemaValidationFilter());
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
index 6d646c609..442455d4b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
@@ -32,9 +32,9 @@ import org.opensaml.saml2.metadata.provider.MetadataFilter;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.xml.parse.BasicParserPool;
 
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
 import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
index a47c34c0b..1e1c37621 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
 
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 
 public class CredentialsNotAvailableException extends MOAIDException {
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
index abc4eb4a9..381289824 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
@@ -27,7 +27,7 @@ import java.util.Properties;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
index 75ef7e5a1..0426c2a6a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
@@ -35,9 +35,9 @@ import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.parse.BasicParserPool;
 import org.opensaml.xml.security.SecurityException;
 
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
 import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
index 0b2bbafeb..a9f9b206e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
@@ -28,7 +28,7 @@ import java.util.List;
 
 import org.opensaml.saml2.core.RequestAbstractType;
 
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 
 public class ChainSAMLValidator implements ISAMLValidator {
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java
index f9dab1cb5..4f697d986 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java
@@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
 
 import org.opensaml.saml2.core.RequestAbstractType;
 
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 
 public interface ISAMLValidator {
 	public void validateRequest(RequestAbstractType request) throws MOAIDException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
index d65b847dc..952a6024a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
@@ -27,7 +27,7 @@ import org.opensaml.saml2.core.RequestAbstractType;
 import org.opensaml.security.SAMLSignatureProfileValidator;
 import org.opensaml.xml.validation.ValidationException;
 
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
 
 public class SAMLSignatureValidator implements ISAMLValidator {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java
index 749f613f8..d0596d50b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java
@@ -28,7 +28,7 @@ import java.util.List;
 
 import org.opensaml.saml2.core.RequestAbstractType;
 
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 
 public class ChainSAMLVerifier implements ISAMLVerifier {
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
index 4650327b4..2ded32bac 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
@@ -34,11 +34,11 @@ import org.opensaml.xml.security.x509.BasicX509Credential;
 import org.opensaml.xml.signature.SignatureValidator;
 import org.opensaml.xml.validation.ValidationException;
 
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
@@ -53,7 +53,7 @@ public class EntityVerifier {
 //		List<OnlineApplication> oaList = ConfigurationDBRead
 //				.getAllActiveOnlineApplications();
 		try {
-			OAAuthParameter oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID);
+			IOAAuthParameters oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID);
 		
 			String certBase64 = oa.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
 			if (MiscUtil.isNotEmpty(certBase64)) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java
index 8bbf8ee1a..e032edc9b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java
@@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
 
 import org.opensaml.saml2.core.RequestAbstractType;
 
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 
 public interface ISAMLVerifier {
 	public void verifyRequest(RequestAbstractType request) throws MOAIDException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
index 1e13da179..d9bc7daaf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
@@ -47,9 +47,9 @@ import org.opensaml.xml.validation.ValidationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
index f67c475bb..a4ab92f58 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
@@ -39,7 +39,7 @@ import org.opensaml.xml.XMLObject;
 
 import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
index 149874ce0..679bdd10f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
@@ -36,8 +36,7 @@ import org.opensaml.saml2.metadata.provider.MetadataFilter;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.security.x509.BasicX509Credential;
 
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
index 69fe0ee6a..83a2b61d2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
@@ -31,7 +31,7 @@ import org.opensaml.saml2.metadata.provider.MetadataFilter;
 import org.opensaml.xml.XMLObject;
 import org.xml.sax.SAXException;
 
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
index 10594d6fc..43b4ecf17 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
@@ -41,6 +41,9 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
@@ -48,11 +51,8 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.commons.utils.JsonMapper;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.EncryptedData;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.util.Random;
@@ -804,7 +804,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			idp.setIdpurlprefix(idpEntityID);
 			idp.setAuthURL(req.getAuthURL());
 			
-			OAAuthParameter oa = authConfig.getOnlineApplicationParameter(idp.getIdpurlprefix());			
+			IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(idp.getIdpurlprefix());			
 			idp.setStoreSSOInformation(oa.isInterfederationSSOStorageAllowed());						
 			idp.setMoasession(dbsession);
 			idpList.add(idp);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
index 666511425..b5d816eaf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
@@ -29,12 +29,12 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java
index 8bd682421..655675f00 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java
@@ -26,7 +26,7 @@ import java.util.Locale;
 
 import at.gv.egovernment.moa.id.auth.exception.BKUException;
 import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.ProcessExecutionException;
 import at.gv.egovernment.moa.util.Messages;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java
deleted file mode 100644
index 9a1237b80..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java
+++ /dev/null
@@ -1,136 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.util;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class FormBuildUtils {
-
-	private static Map<String, String> defaultmap = null;
-	
-	public static String MAIN_BACKGROUNDCOLOR = "#MAIN_BACKGOUNDCOLOR#";
-	public static String MAIN_COLOR = "#MAIN_COLOR#";
-	public static String HEADER_BACKGROUNDCOLOR = "#HEADER_BACKGROUNDCOLOR#";
-	public static String HEADER_COLOR = "#HEADER_COLOR#";
-	public static String BUTTON_BACKGROUNDCOLOR = "#BUTTON_BACKGROUNDCOLOR#";
-	public static String BUTTON_BACKGROUNDCOLOR_FOCUS = "#BUTTON_BACKGROUNDCOLOR_FOCUS#";
-	public static String BUTTON_COLOR = "#BUTTON_COLOR#";
-	public static String FONTFAMILY = "#FONTTYPE#";
-	public static String HEADER_TEXT = "#HEADER_TEXT#";
-	public static String REDIRECTTARGET = "#REDIRECTTARGET#";
-	public static String APPLET_HEIGHT = "#APPLETHEIGHT#";
-	public static String APPLET_WIDTH = "#APPLETWIDTH#";
-	
-	private static String MANDATEVISIBLE = "#MANDATEVISIBLE#";
-	private static String MANDATECHECKED = "#MANDATECHECKED#";
-
-	private static String STORKVISIBLE = "#STORKVISIBLE#";
-
-	private static final String TEMPLATEVISIBLE = " display: none";
-	private static final String TEMPLATEDISABLED =  "disabled=\"true\"";
-	private static final String TEMPLATECHECKED = "checked=\"true\"";
-	private static final String TEMPLATE_ARIACHECKED = "aria-checked=";
-	
-	
-	static {
-			if (defaultmap == null) {
-				defaultmap = new HashMap<String, String>();
-				defaultmap.put(MAIN_BACKGROUNDCOLOR, "#F7F8F7");
-				defaultmap.put(MAIN_COLOR, "#000000");
-			
-				defaultmap.put(HEADER_BACKGROUNDCOLOR, "#C3D2E2");
-				defaultmap.put(HEADER_COLOR, "#000000");
-				defaultmap.put(HEADER_TEXT, "Login");
-			
-				defaultmap.put(BUTTON_BACKGROUNDCOLOR, "#EBEBEB");
-				defaultmap.put(BUTTON_BACKGROUNDCOLOR_FOCUS, "#EBEBEB");
-				defaultmap.put(BUTTON_COLOR, "#000000");
-			
-				defaultmap.put(FONTFAMILY, "Verdana,Geneva,Arial,sans-serif");
-				
-				defaultmap.put(REDIRECTTARGET, "_top");
-			}
-	}
-	
-	
-	public static String customiceLayoutBKUSelection(String value, boolean isShowMandateCheckbox,
-													 boolean isOnlyMandateAllowed,
-													 Map<String, String> map, boolean showStorkLogin) {
-		
-		if (isShowMandateCheckbox)
-			value = value.replace(MANDATEVISIBLE, "");
-		else
-			value = value.replace(MANDATEVISIBLE, TEMPLATEVISIBLE);
-		
-		if (isOnlyMandateAllowed) {
-			value = value.replace(MANDATECHECKED, 	TEMPLATECHECKED + " " + 
-													TEMPLATEDISABLED + " " +
-													TEMPLATE_ARIACHECKED + "\"true\"");
-			
-		} else
-			value = value.replace(MANDATECHECKED, TEMPLATE_ARIACHECKED + "\"false\"");
-		
-		if (showStorkLogin)
-			value = value.replace(STORKVISIBLE, "");
-		else
-			value = value.replace(STORKVISIBLE, TEMPLATEVISIBLE);
-
-		String fonttype = map.get(FONTFAMILY);
-		if (MiscUtil.isNotEmpty(fonttype)) {
-			String[] fonttypeList = fonttype.split(",");
-			String fonttypeformated = "\"" + fonttypeList[0].trim().replace("\"", "") + "\"";
-			
-			for (int i=1; i<fonttypeList.length; i++) {
-				fonttypeformated += ",\"" + fonttypeList[i].trim().replace("\"", "") + "\"";
-			}
-			
-			map.put(FONTFAMILY, fonttypeformated);
-		}
-		
-		Set<String> elements = map.keySet();
-		for (String element: elements) {
-			value = value.replace(element, map.get(element));
-		}
-		
-		return value;
-	}
-	
-	public static Map<String, String> getDefaultMap() {
-		return defaultmap;
-	}
-
-	/**
-	 * @param value
-	 * @return
-	 */
-	public static String defaultLayoutBKUSelection(String value) {
-		return customiceLayoutBKUSelection(value, false, false, getDefaultMap(), false);
-		
-	}
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
index 0b517e783..81041260c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
@@ -35,8 +35,8 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.spss.MOAException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java
deleted file mode 100644
index b7a866370..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java
+++ /dev/null
@@ -1,104 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.util;
-
-import java.util.Locale;
-
-import at.gv.egovernment.moa.util.Messages;
-
-/**
- * A singleton wrapper around a <code>Message</code> object, providing the messages used in MOA-ID.
- * 
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class MOAIDMessageProvider {
-  
-  /** DEFAULT_MESSAGE_RESOURCES are resources/properties/id_messages */
-  private static final String[] DEFAULT_MESSAGE_RESOURCES =
-    { "resources/properties/id_messages" };
-  /** DEFAULT_MESSAGE_LOCALES are "de", "AT" */  
-  private static final Locale[] DEFAULT_MESSAGE_LOCALES =
-    new Locale[] { new Locale("de", "AT") };
-   /** The instance for our singleton */  
-  private static MOAIDMessageProvider instance;
-  /** The Messages */
-  private Messages messages;
-  
-  /**
-   * Returns the single instance of <code>MOAIDMessageProvider</code>.
-   * 
-   * @return the single instance of <code>MOAIDMessageProvider</code>
-   */
-  public static MOAIDMessageProvider getInstance() {
-    if (instance == null)
-      instance = new MOAIDMessageProvider(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES);
-    return instance;
-  }
-  
-  /**
-   * Create a <code>MOAIDMessageProvider</code>.
-   * 
-   * @param resourceNames The names of the resources containing the messages.
-   * @param locales The corresponding locales.
-   */
-  protected MOAIDMessageProvider(String[] resourceNames, Locale[] locales) {
-    this.messages = new Messages(resourceNames, locales);
-  }
-  
-  /**
-   * Get the message corresponding to a given message ID.
-   *
-   * @param messageId The ID of the message.
-   * @param parameters The parameters to fill in into the message arguments.
-   * @return The formatted message. 
-   */
-  public String getMessage(String messageId, Object[] parameters) {
-    return messages.getMessage(messageId, parameters);
-  }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index 47010a735..f97d646b6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -62,10 +62,10 @@ import javax.xml.parsers.ParserConfigurationException;
 import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index af3424881..f0cec1d61 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -65,11 +65,11 @@ import javax.net.ssl.SSLSocketFactory;
 import org.apache.regexp.RE;
 import org.apache.regexp.RESyntaxException;
 
+import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
+import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.ConnectionParameterInterface;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java
deleted file mode 100644
index 269e21d4f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java
+++ /dev/null
@@ -1,99 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.util;
-
-import org.apache.velocity.app.Velocity;
-import org.apache.velocity.runtime.RuntimeServices;
-import org.apache.velocity.runtime.log.LogChute;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-public class VelocityLogAdapter implements LogChute {
-
-	public VelocityLogAdapter() {
-		try
-	    {
-	      /*
-	       *  register this class as a logger with the Velocity singleton
-	       *  (NOTE: this would not work for the non-singleton method.)
-	       */
-	      Velocity.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, this );
-	      Velocity.init();
-	    }
-	    catch (Exception e)
-	    {
-	      Logger.error("Failed to register Velocity logger");
-	    }
-	}
-	
-	public void init(RuntimeServices arg0) throws Exception {
-	}
-
-	public boolean isLevelEnabled(int arg0) {
-		switch(arg0) {
-		case LogChute.DEBUG_ID:
-			return Logger.isDebugEnabled();
-		case LogChute.TRACE_ID:
-			return Logger.isTraceEnabled();
-		default:
-			return true;
-		}
-	}
-
-	public void log(int arg0, String arg1) {
-		switch(arg0) {
-		case LogChute.DEBUG_ID:
-			Logger.debug(arg1);
-			break;
-		case LogChute.TRACE_ID:
-			Logger.trace(arg1);
-			break;
-		case LogChute.INFO_ID:
-			Logger.info(arg1);
-			break;
-		case LogChute.WARN_ID:
-			Logger.warn(arg1);
-			break;
-		case LogChute.ERROR_ID:
-		default:
-			Logger.error(arg1);
-			break;
-		}
-	}
-
-	public void log(int arg0, String arg1, Throwable arg2) {
-		switch(arg0) {
-		case LogChute.DEBUG_ID:
-		case LogChute.TRACE_ID:
-		case LogChute.INFO_ID:
-		case LogChute.WARN_ID:
-			Logger.warn(arg1, arg2);
-			break;
-		case LogChute.ERROR_ID:
-		default:
-			Logger.error(arg1, arg2);
-			break;
-		}
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityProvider.java
deleted file mode 100644
index 231f36fa8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityProvider.java
+++ /dev/null
@@ -1,112 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-/**
- * 
- */
-package at.gv.egovernment.moa.id.util;
-
-import org.apache.velocity.app.VelocityEngine;
-import org.apache.velocity.runtime.RuntimeConstants;
-
-/**
- * Gets a Velocity Engine
- * 
- * @author bzwattendorfer
- *
- */
-public class VelocityProvider {
-
-	/**
-	 * Gets velocityEngine from Classpath
-	 * @return VelocityEngine
-	 * @throws Exception
-	 */
-	public static VelocityEngine getClassPathVelocityEngine() throws Exception {
-		VelocityEngine velocityEngine = getBaseVelocityEngine();
-        velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
-        velocityEngine.setProperty("classpath.resource.loader.class",
-                "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
-        
-		velocityEngine.init();
-		
-		return velocityEngine;
-	}
-	
-	/**
-	 * Gets VelocityEngine from File
-	 * @param rootPath File Path to template file
-	 * @return VelocityEngine
-	 * @throws Exception
-	 */
-	public static VelocityEngine getFileVelocityEngine(String rootPath) throws Exception {
-		VelocityEngine velocityEngine = getBaseVelocityEngine();
-        velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "file");
-        velocityEngine.setProperty("file.resource.loader.class",
-                "org.apache.velocity.runtime.resource.loader.FileResourceLoader");
-        velocityEngine.setProperty("file.resource.loader.path", rootPath);
-        
-		velocityEngine.init();
-		
-		return velocityEngine;
-	}
-	
-	/**
-	 * Gets a basic VelocityEngine
-	 * @return VelocityEngine
-	 */
-	private static VelocityEngine getBaseVelocityEngine() {
-		VelocityEngine velocityEngine = new VelocityEngine();
-        velocityEngine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
-        velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
-        velocityEngine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
-				"org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
-        
-        return velocityEngine;
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java
index dd4e67bcd..48e1460f9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java
@@ -26,8 +26,8 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.lang.StringEscapeUtils;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 
 public class LegacyHelper extends MOAIDAuthConstants{
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 34ef9c1d0..86aa13fb8 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -106,6 +106,7 @@ builder.05=Beim resignieren der Personenbindung ist ein allgemeiner Fehler aufge
 builder.06=Fehler beim generieren der Anmeldedaten aus SSO IDP Interfederation Informationen. 
 builder.07=Fehlerhaftes SecurityLayer Template.
 builder.08=Authentication process could NOT completed. Reason: {0}
+builder.09=Can not build GUI component. Reason: {0}
 
 service.00=Fehler beim Aufruf des Web Service: {0}
 service.01=Fehler beim Aufruf des Web Service: kein Endpoint
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/css_template.css b/id/server/idserverlib/src/main/resources/resources/templates/css_template.css
deleted file mode 100644
index 4a771fcac..000000000
--- a/id/server/idserverlib/src/main/resources/resources/templates/css_template.css
+++ /dev/null
@@ -1,623 +0,0 @@
-@charset "utf-8";
-	@media screen and (min-width: 650px) {
-			
-				body {
-					margin:0;
-					padding:0;
-					color : #000;
-					background-color : #fff;
-			  	text-align: center;
-			  	background-color: #6B7B8B;
-				}
-                
-                .browserInfoButton{
-         color: rgb(128, 128, 128); 
-        }
-				
-        #localBKU p {
-          font-size: 0.7em;
-        } 
-        
-        #localBKU input{
-          font-size: 0.85em;
-          /*border-radius: 5px;*/
-        }
-        
-         #bkuselectionarea input[type=button] {
-          font-size: 0.85em;
-          /*border-radius: 7px;*/
-          margin-bottom: 25px;
-          min-width: 80px;
-         }
-        
-        #mandateLogin {
-          font-size: 0.85em;
-        }
-        
-        #bku_header h2 {
-          font-size: 0.8em;
-        } 
-        
-        
-			  #page {
-			    display: block;
-			    border: 2px solid rgb(0,0,0);
-			    width: 650px;
-			    height: 460px;
-			    margin: 0 auto;
-			    margin-top: 5%;
-			    position: relative;
-			    border-radius: 25px;
-			    background: rgb(255,255,255);
-			  }
-			  
-			  #page1 {
-			    text-align: center;
-			  }
-			  
-			  #main {
-			    /*	clear:both; */
-				  position:relative;
-			    margin: 0 auto;
-			    width: 250px;
-			    text-align: center;
-			  }
-			  
-			  .OA_header {
-			/*	  background-color: white;*/
-			    font-size: 20pt;
-			    margin-bottom: 25px;
-			    margin-top: 25px;
-			  }
-			
-			  #leftcontent {
-			    /*float:left; */
-				  width:250px;
-				  margin-bottom: 25px;
-			    text-align: left;
-			    border: 1px solid rgb(0,0,0);
-			  }
-			  			  
-			  #selectArea {
-				 font-size: 15px;
-				 padding-bottom: 65px;
-			  }
-			
-			  #leftcontent {
-				 width: 300px;
-				 margin-top: 30px;
-			  }
-			
-        #bku_header {
-          height: 5%;
-          padding-bottom: 3px;
-          padding-top: 3px;
-        }
-      
-        #bkulogin {
-				  overflow:hidden;	
-          min-width: 190px;
-          min-height: 180px;
-          /*height: 260px;*/	
-			  }
-      
-        h2#tabheader{
-				  font-size: 1.1em; 
-          padding-left: 2%;
-          padding-right: 2%;
-          position: relative;
-			  }
-      	
-        #stork h2 {
-          font-size: 1.0em;
-          margin-bottom: 2%;
-        }
-        		  
-			  .setAssertionButton_full {
-			  	background: #efefef;
-				  cursor: pointer;
-				  margin-top: 15px;
-			    width: 100px;
-			    height: 30px
-			  }
-			
-			  #leftbutton  {
-				 width: 30%; 
-				 float:left; 
-				 margin-left: 40px;
-			  }
-			
-			  #rightbutton {
-				 width: 30%; 
-				 float:right; 
-				 margin-right: 45px; 
-				 text-align: right;
-			  }
-        
-        button {
-          height: 25px;
-          width: 75px;
-          margin-bottom: 10px;
-        }
-        
-        
-        
-       #validation {
-        position: absolute;
-        bottom: 0px;
-        margin-left: 270px;
-        padding-bottom: 10px;
-      }
-			
-			}
-
-      @media screen and (max-width: 205px) {
-        #localBKU p {
-          font-size: 0.6em;
-        }
-       .browserInfoButton{
-         color: rgb(128, 128, 128); 
-        }
-        
-        #localBKU input {
-          font-size: 0.6em;
-          min-width: 60px;
-         /* max-width: 65px; */
-          min-height: 1.0em;
-         /* border-radius: 5px; */
-        }
-        
-        #bkuselectionarea input[type=button] {
-          font-size: 0.7em;
-          min-width: 55px;
-          /*min-height: 1.1em;
-          border-radius: 5px;*/
-          margin-bottom: 2%
-        }
-        
-        #mandateLogin {
-          font-size: 0.65em;
-        }
-        
-        #bku_header h2 {
-          font-size: 0.8em;
-          margin-top: -0.4em;
-          padding-top: 0.4em;
-        }
-        
-        #bkulogin {
-        min-height: 150px;
-        } 
-      }
-
-      @media screen and (max-width: 249px) and (min-width: 206px) {
-        #localBKU p {
-          font-size: 0.7em;
-        } 
-        .browserInfoButton{
-         color: rgb(128, 128, 128); 
-        }
-        
-        #localBKU input {
-          font-size: 0.7em;
-          min-width: 70px;
-       /*    max-width: 75px;    */
-          min-height: 0.95em;
-        /*  border-radius: 6px;    */
-        }
-        
-        #bkuselectionarea input[type=button] {
-          font-size: 0.75em;
-          min-width: 60px;
-      /*    min-height: 0.95em;
-          border-radius: 6px;    */
-          margin-bottom: 5%
-        }
-        
-        #mandateLogin {
-          font-size: 0.75em;
-        }
-        
-        #bku_header h2 {
-          font-size: 0.9em;
-          margin-top: -0.45em;
-          padding-top: 0.45em;
-        }
-        
-        #bkulogin {
-          min-height: 180px;
-        }  
-      }
-
-      @media screen and (max-width: 299px) and (min-width: 250px) {
-        #localBKU p {
-          font-size: 0.9em;
-        } 
-        .browserInfoButton{
-         color: rgb(128, 128, 128); 
-        }
-        
-        #localBKU input {
-          font-size: 0.8em;
-          min-width: 70px;
-       /*    max-width: 75px;      */
-      /*    border-radius: 6px;  */
-        }
-        
-        #bkuselectionarea input[type=button] {
-          font-size: 0.85em;
-     /*     min-height: 1.05em;
-          border-radius: 7px;        */
-          margin-bottom: 10%;
-        }
-        
-        #mandateLogin {
-          font-size: 1em;
-        }
-        
-        #bku_header h2 {
-          font-size: 1.0em;
-          margin-top: -0.50em;
-          padding-top: 0.50em;
-        } 
-      }
-
-      @media screen and (max-width: 399px) and (min-width: 300px) {
-        #localBKU p {
-          font-size: 0.9em;
-        } 
-        .browserInfoButton{
-         color: rgb(128, 128, 128); 
-        }
-        #localBKU input {
-          font-size: 0.8em;
-          min-width: 70px;
-      /*     max-width: 75px;     */
-      /*    border-radius: 6px;       */
-        }
-        
-        #bkuselectionarea input[type=button] {
-          font-size: 0.9em;
-   /*       min-height: 1.2em;
-          border-radius: 8px;          */
-          margin-bottom: 10%;
-          max-width: 80px;
-        }
-        
-        #mandateLogin {
-          font-size: 1em;
-        }
-        
-        #bku_header h2 {
-          font-size: 1.1em;
-          margin-top: -0.55em;
-          padding-top: 0.55em;
-        } 
-      }
-      
-      @media screen and (max-width: 649px) and (min-width: 400px) {
-        #localBKU p {
-          font-size: 0.9em;
-        } 
-       .browserInfoButton{
-         color: rgb(128, 128, 128); 
-        } 
-        #localBKU input {
-          font-size: 0.8em;
-          min-width: 70px;
-      /*     max-width: 80px;       */
-     /*     border-radius: 6px;          */
-        }
-        
-        #bkuselectionarea input[type=button] {
-          font-size: 1.0em;
-     /*      min-height: 1.3em;
-         border-radius: 10px;         */
-          margin-bottom: 10%;
-          max-width: 85px;
-        }
-        
-        #mandateLogin {
-          font-size: 1.2em;
-        }
-        
-        #bku_header h2 {
-          font-size: 1.3em;
-          margin-top: -0.65em;
-          padding-top: 0.65em;
-        } 
-      }
-
-
-			
-			@media screen and (max-width: 649px) {
-				
-        body {
-					margin:0;
-					padding:0;
-					color : #000;
-			  	text-align: center;
-          font-size: 100%;
-			  	background-color: #MAIN_BACKGOUNDCOLOR#;
-				}
-        		.browserInfoButton{
-                    color: rgb(128, 128, 128); 
-                }		
-			  #page {
-			     visibility: hidden;
-			     margin-top: 0%;
-			  }
-			  
-			  #page1 {
-			    visibility: hidden;
-			  }
-			  
-			  #main {
-			    visibility: hidden;
-			  }
-        
-        #validation {
-          visibility: hidden;
-          display: none;
-        }
-			  
-			  .OA_header {
-			    margin-bottom: 0px;
-			    margin-top: 0px;
-			    font-size: 0pt;
-			    visibility: hidden;
-			  }
-			
-			  #leftcontent {
-			    visibility: visible;
-			    margin-bottom: 0px;
-			    text-align: left;
-			    border:none;
-          vertical-align: middle;
-          min-height: 173px;
-          min-width: 204px;
-          
-			  }
-			  
-        #bku_header {
-          height: 10%;
-          min-height: 1.2em;
-          margin-top: 1%;
-        }
-        
-        h2#tabheader{
-          padding-left: 2%;
-          padding-right: 2%;
-          position: relative;
-          top: 50%;
-			  }
-        
-        #stork h2 {
-          font-size: 0.9em;
-          margin-bottom: 2%;
-        }
-        
-       	#bkulogin {	
-          min-width: 190px;
-          min-height: 155px;	
-			 }
-        
-			 .setAssertionButton_full {
-			     	background: #efefef;
-				    cursor: pointer;
-				    margin-top: 15px;
-			      width: 70px;
-			      height: 25px;
-			 }
-       
-        input[type=button] {
-/*          height: 11%;  */
-          width: 70%;
-        }
-			}
-			      
-			* {
-				margin: 0;
-				padding: 0;
-        font-family: #FONTTYPE#;
-			}
-							      			
-			#selectArea {
-				padding-top: 10px;
-				padding-bottom: 55px;
-				padding-left: 10px;
-			}
-			
-			.setAssertionButton {
-				background: #efefef;
-				cursor: pointer;
-				margin-top: 15px;
-			  width: 70px;
-			  height: 25px;
-			}
-			
-			#leftbutton  {
-				width: 35%; 
-				float:left; 
-				margin-left: 15px;
-			}
-			
-			#rightbutton {
-				width: 35%; 
-				float:right; 
-				margin-right: 25px; 
-				text-align: right;
-			}
-			
-			#stork {
-			    /*margin-bottom: 10px;*/
-			   /* margin-top: 5px; */
-			}
-      			
-      #mandateLogin {
-        padding-bottom: 4%;
-        padding-top: 4%;
-        height: 10%;
-        position: relative;
-        text-align: center;
-			}
-      
-      .verticalcenter {
-        vertical-align: middle;
-      }
-      
-      #mandateLogin div {
-        clear: both;
-        margin-top: -1%;
-        position: relative;
-        top: 50%;
-      }
-      
-      #bkuselectionarea {
-          position: relative;
-          display: block;
-      }
-      
-      #localBKU {
-        padding-bottom: 4%;
-        /*padding-top: 4%;*/
-        position: relative;
-        clear: both;     
-        text-align: center;
-			}
-          			
-			#bkukarte {
-				float:left;
-				text-align:center;
-				width:40%;
-        min-height: 70px;
-        padding-left: 5%;
-        padding-top: 2%;
-			}
-			
-			#bkuhandy {
-				float:right;
-				text-align:center;
-				width:40%;
-        min-height: 90px;
-        padding-right: 5%;
-        padding-top: 2%;
-			}
-			
-      .bkuimage {
-        width: 90%;
-        height: auto;
-      }
-      
-			#mandate{
-				text-align:center;
-				padding : 5px 5px 5px 5px;
-			}
-      
-/*		input[type=button], .sendButton {
-				background: #BUTTON_BACKGROUNDCOLOR#;
-        color: #BUTTON_COLOR#;
-/*				border:1px solid #000;  */
-/*				cursor: pointer;
-/*        box-shadow: 3px 3px 3px #222222;  */
-/*			}
-			
-/*      button:hover, button:focus, button:active, 
-      .sendButton:hover , .sendButton:focus, .sendButton:active,
-      #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
-				background: #BUTTON_BACKGROUNDCOLOR_FOCUS#;
-        color: #BUTTON_COLOR#;
-/*				border:1px solid #000;                */
-/*				cursor: pointer;
-/*        box-shadow: -1px -1px 3px #222222;  */
-/*			}
-      
-*/      
-			input {
-				/*border:1px solid #000;*/
-				cursor: pointer;
-			}
-      
-      #localBKU input {
-/*        color: #BUTTON_COLOR#;  */
-        /*border: 0px;*/
-        display: inline-block;
-        
-      }
-			
-      #localBKU input:hover, #localBKU input:focus, #localBKU input:active {
-        /*text-decoration: underline;*/
-      }
-      
-			#installJava, #BrowserNOK {
-				clear:both;
-				font-size:0.8em;
-				padding:4px;
-			}
-						
-			.selectText{
-			
-			}
-			
-			.selectTextHeader{
-			
-			}
-			
-			.sendButton {
-        width: 30%;
-        margin-bottom: 1%;	
-			}
-			
-			#leftcontent a {
-				text-decoration:none; 
-				color: #000;
-			/*	display:block;*/
-				padding:4px;	
-			}
-			
-			#leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
-				text-decoration:underline;
-				color: #000;	
-			}
-						
-			.infobutton {
-				background-color: #005a00;
-				color: white;
-				font-family: serif;
-				text-decoration: none;
-				padding-top: 2px;
-				padding-right: 4px;
-				padding-bottom: 2px;
-				padding-left: 4px;
-				font-weight: bold;
-			}
-			
-			.hell {
-				background-color : #MAIN_BACKGOUNDCOLOR#;
-        color: #MAIN_COLOR#;	
-			}
-			
-			.dunkel {
-				background-color: #HEADER_BACKGROUNDCOLOR#;
-        color: #HEADER_COLOR#;
-			}
-			      
-			.main_header {
-			   color: black;
-			    font-size: 32pt;
-			    position: absolute;
-			    right: 10%;
-			    top: 40px;
-				
-			}
-      
-      #ssoSessionTransferBlock {
-        font-size: 0.8em;
-        margin-left: 5px;
-        margin-bottom: 5px;
-      }
-      
-      #alert_area {
-        width: 500px;
-        padding-left: 80px;
-      }
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/error_message.html b/id/server/idserverlib/src/main/resources/resources/templates/error_message.html
deleted file mode 100644
index 4fd4d63cd..000000000
--- a/id/server/idserverlib/src/main/resources/resources/templates/error_message.html
+++ /dev/null
@@ -1,37 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
-<head>
-  <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
-  <link rel="stylesheet" href="$contextPath/css/buildCSS" />
-  
-  <title>An error arise ...  </title>
-</head>
-
-	<body>
-  <div id="page">
-		<div id="page1" class="case selected-case" role="main">
-			<h2 class="OA_header" role="heading">Authentication error arise</h2>
-			<!--div id="main"-->
-				<!--div id="leftcontent" class="hell" role="application"-->
-          
-          
-          
-	        <div id="alert_area" class="hell" role="application" >
-            <p>The authentication stops on account of a process error:</p>
-            <br/>
-		        <p><b>Error    Code:</b> $errorCode</p> 
-		        <p><b>Error Message:</b >$errorMsg</p>
-	        </div>	
-
-
-	        #if($stacktrace)
-	         <div>
-		        <p><b>Stacktrace:</b> $stacktrace</p> 
-	         </div>	
-	        #end
-          
-				<!--/div--->
-			<!--/div-->
-		</div>
-	</div>
-</body>
-</html>
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/javascript_tempalte.js b/id/server/idserverlib/src/main/resources/resources/templates/javascript_tempalte.js
deleted file mode 100644
index ae621f0cb..000000000
--- a/id/server/idserverlib/src/main/resources/resources/templates/javascript_tempalte.js
+++ /dev/null
@@ -1,196 +0,0 @@
-function isIE() {
-			return (/MSIE (\d+\.\d+);/.test(navigator.userAgent));
-		}
-		function isFullscreen() {
-			try {
-				return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height));
-			} catch (e) {
-				return false;
-			}
-		}
-		function isActivexEnabled() {
-			var supported = null;
-			try {
-				supported = !!new ActiveXObject("htmlfile");
-			} catch (e) {
-				supported = false;
-			}
-			return supported;
-		}
-		function isMetro() {
-			if (!isIE())
-				return false;
-			return !isActivexEnabled() && isFullscreen();
-		}
-		window.onload=function() {
-			document.getElementById("localBKU").style.display="block";
-			return;
-		}
-    function bkuLocalClicked() {
-       setMandateSelection();
-    }
-    
-		function bkuOnlineClicked() {
-			if (isMetro())
-				document.getElementById("metroDetected").style.display="block";
-			document.getElementById("localBKU").style.display="block";
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-						
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#ONLINE#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-/* 			iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
-			iFrameURL += "&pendingid=" + "#SESSIONID#";
-			generateIFrame(iFrameURL);
-		}
-		function bkuHandyClicked() {
-			document.getElementById("localBKU").style.display="none";
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-			
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#HANDY#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-/* 			iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
-			iFrameURL += "&pendingid=" + "#SESSIONID#";
-			generateIFrame(iFrameURL);
-		}
-		function storkClicked() {
-			document.getElementById("localBKU").style.display="none"; 
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-			
-			var ccc = "AT";
-			var countrySelection = document.getElementById("cccSelection");
-			if (countrySelection !=  null) {
-				ccc = document.getElementById("cccSelection").value;
-			}
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#ONLINE#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-			iFrameURL += "&CCC=" + ccc;
-/* 			iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-			iFrameURL += "&pendingid=" + "#SESSIONID#";
-			generateIFrame(iFrameURL);
-		}
-		function generateIFrame(iFrameURL) {
-			var el = document.getElementById("bkulogin");
-      var width = el.clientWidth;
-      var heigth = el.clientHeight - 20;
-			var parent = el.parentNode;
-            
-      iFrameURL += "&heigth=" + heigth;
-      iFrameURL += "&width=" + width;
-      
-			var iframe = document.createElement("iframe");
-			iframe.setAttribute("src", iFrameURL);
-			iframe.setAttribute("width", el.clientWidth - 1);
-			iframe.setAttribute("height", el.clientHeight - 1);
-			iframe.setAttribute("frameborder", "0");
-			iframe.setAttribute("scrolling", "no");
-			iframe.setAttribute("title", "Login");
-			parent.replaceChild(iframe, el);
-		}
-		function setMandateSelection() {
-			document.getElementById("useMandate").value = "false";
-			var checkbox = document.getElementById("mandateCheckBox");
-			if (checkbox !=  null) {
-				if (document.getElementById("mandateCheckBox").checked) {
-					document.getElementById("useMandate").value = "true";
-				}
-			}
-		}
-		function onChangeChecks() {
-      if (self.innerWidth < 650) {
-         document.getElementById("moaidform").setAttribute("target","_parent");
-      } else {
-         document.getElementById("moaidform").removeAttribute("target");
-      }
-      
-    }
-    
-     function checkIfBrowserSupportsJava(){
-        console.log("Browser is Chrome: "+checkIfBrowserIsChrome());
-        console.log("Browser is Safari: "+checkIfBrowserIsSafari());
-        console.log("Browser is Edge: "+checkIfBrowserIsEdge());
-        
-        var cnt = 0;
-        
-        if(checkIfBrowserIsChrome())cnt++;
-        if(checkIfBrowserIsEdge())cnt++;
-        if(checkIfBrowserIsSafari())cnt++;
-           
-        if(cnt==0 || cnt>1)//cnt>1 means perhaps wrong detection
-            return true;
-        
-        var image = document.getElementById("bkuimage");
-        var srcatt = image.getAttribute("src");
-        var last = srcatt.substring(srcatt.lastIndexOf('/')+1);
-        srcatt = srcatt.replace(last,'online-bku-deactivated.png');    
-        image.setAttribute("src",srcatt);
-         
-         
-        var button = document.getElementsByName("bkuButtonOnline")[0];               
-        button.setAttribute("class","browserInfoButton");
-        button.setAttribute("title","Java wird nicht unterstützt, klicken für mehr Informationen.");
-        button.setAttribute("onClick","alert('Java wird von Ihrem Browser nicht unterstützt, ist jedoch für den Betrieb der Online Bürgerkartenumgebung notwendig.\\nWollen Sie dennoch die Online Bürgerkartenumgebung verwenden, wird zur Zeit Java noch von Firefox und MS Internet Explorer unterstützt. \\nAlternativ koennen Sie auch eine lokale Bürgerkartenumgebung verwenden, verfügbar unter www.buergerkarte.at.');");
-         
-        return false;
-   
-    }
-    function checkIfBrowserIsChrome(){
-        var chrome_defined = !!window.chrome;//chrome object defined
-        var webstore_defined = false;
-        if(window.chrome){
-            webstore_defined = !!window.chrome.webstore;
-           }
-        return chrome_defined && webstore_defined;
-    }
-    function checkIfBrowserIsEdge(){//edge also defines the chrome object, but not the webapp
-        var chrome_defined = !!window.chrome;//chrome object defined
-        var webstore_defined = true;
-        if(window.chrome){
-            webstore_defined = !!window.chrome.webstore;
-           }
-        return chrome_defined && !webstore_defined;
-    }
-    function checkIfBrowserIsSafari(){
-        var cond1 = Object.prototype.toString.call(window.HTMLElement).indexOf('Constructor') > 0;
-        return cond1;
-    }
-/* 		function setSSOSelection() {
-			document.getElementById("useSSO").value = "false";
-			var checkbox = document.getElementById("SSOCheckBox");
-			if (checkbox !=  null) {
-				if (document.getElementById("SSOCheckBox").checked) {
-					document.getElementById("useSSO").value = "true";
-				}
-			}
-		} */
-		
-/* 		function checkMandateSSO() {
-			var sso = document.getElementById("SSOCheckBox");
-			var mandate = document.getElementById("mandateCheckBox");
-			
-			
-			if (sso.checked && mandate.checked) {
-				alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!")
-				mandate.checked = false;
-				sso.checked = false;
-				return true;
-			} else {
-				return false;
-			}
-		} */
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
deleted file mode 100644
index 53d04c282..000000000
--- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
+++ /dev/null
@@ -1,92 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
-
-   <!-- MOA-ID 2.x BKUSelection Layout CSS -->               
-   <link rel="stylesheet" href="#CONTEXTPATH#/css/buildCSS?pendingid=#SESSIONID#" />
-   
-   <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
-   <script src="#CONTEXTPATH#/js/buildJS?pendingid=#SESSIONID#"></script>
-   
-
-<title>Anmeldung mittels Bürgerkarte oder Handy-Signatur</title>
-</head>
-<body onload="onChangeChecks();checkIfBrowserSupportsJava();" onresize="onChangeChecks();">
-	<div id="page">
-		<div id="page1" class="case selected-case" role="main">
-			<h2 class="OA_header" role="heading">Anmeldung an: #OAName#</h2>
-			<div id="main">
-				<div id="leftcontent" class="hell" role="application">
-					<div id="bku_header" class="dunkel">
-						<h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2>
-					</div>
-					<div id="bkulogin" class="hell" role="form">
-						<div id="mandateLogin" style="">
-							<div>
-								<input tabindex="1" type="checkbox" name="Mandate"
-									id="mandateCheckBox" class="verticalcenter" role="checkbox"
-									onClick='document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);'#MANDATECHECKED#>
-								<label for="mandateCheckBox" class="verticalcenter">in
-									Vertretung anmelden</label>
-								<!--a      href="info_mandates.html" 
-                        target="_blank"
-                        class="infobutton verticalcenter" 
-                        tabindex="5">i</a-->
-							</div>
-						</div>
-						<div id="bkuselectionarea">
-							<div id="bkukarte">
-								<img id="bkuimage" class="bkuimage" src="#CONTEXTPATH#/img/online-bku.png"
-									alt="OnlineBKU" /> <input name="bkuButtonOnline" type="button"
-									onClick="bkuOnlineClicked();" tabindex="2" role="button"
-									value="Karte" />
-							</div>
-							<div id="bkuhandy">
-								<img class="bkuimage" src="#CONTEXTPATH#/img/mobile-bku.png"
-									alt="HandyBKU" /> <input name="bkuButtonHandy" type="button"
-									onClick="bkuHandyClicked();" tabindex="3" role="button"
-									value="HANDY" />
-							</div>
-						</div>
-						<div id="localBKU">
-							<form method="get" id="moaidform" action="#AUTH_URL#"
-								class="verticalcenter" target="_parent">
-								<input type="hidden" name="bkuURI" value="#LOCAL#"> <input
-									type="hidden" name="useMandate" id="useMandate"> <input
-									type="hidden" name="SSO" id="useSSO"> <input
-									type="hidden" name="ccc" id="ccc"> <input type="hidden"
-									name="pendingid" value="#SESSIONID#"> 
-                  <input type="submit" value=" Lokale Bürgerkartenumgebung " tabindex="4"
-									role="button" onclick="setMandateSelection();">
-                </form>
-              </div>
-              
-              <!-- Single Sign-On Session transfer functionality -->
-              <!--div id="ssoSessionTransferBlock">
-                <a href="#AUTH_URL#?pendingid=#SESSIONID#&restoreSSOSession=true">>Restore SSO Session from Smartphone</a>
-              </div-->
-              
-              <div id="stork" align="center" style="#STORKVISIBLE#">
-                <h2 id="tabheader" class="dunkel">Home Country Selection</h2>
-                <p>
-                  <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" >
-                    #PEPSLIST#
-                  </select>
-                  <button name="bkuButton" type="button" onClick="storkClicked();">Proceed</button>
-                  <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a>
-                </p>
-              </div>
-
-						<div id="metroDetected" style="display: none">
-							<p>Anscheinend verwenden Sie Internet Explorer im
-								Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den
-								Optionen um die Karten-Anmeldung starten zu können.</p>
-						</div>
-					</div>
-				</div>
-			</div>
-		</div>
-	</div>
-</body>
-</html>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/redirectForm.html b/id/server/idserverlib/src/main/resources/resources/templates/redirectForm.html
deleted file mode 100644
index 9bddee931..000000000
--- a/id/server/idserverlib/src/main/resources/resources/templates/redirectForm.html
+++ /dev/null
@@ -1,13 +0,0 @@
-<html>
-<head>
-<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
-<script type="text/javascript">
-  </script>
-</head>
-
-
-<body onload="document.getElementById('link').click();">
-	<a href="#URL#" target="#TARGET#" id="link">CLICK to perform a
-		redirect back to Online Application</a>
-</body>
-</html>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
deleted file mode 100644
index ecda6550b..000000000
--- a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
+++ /dev/null
@@ -1,68 +0,0 @@
-<!DOCTYPE html> 
-<html>
-<head>
-	<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
-    <!-- MOA-ID 2.x BKUSelection Layout CSS -->               
-    <link rel="stylesheet" href="#CONTEXTPATH#/css/buildCSS?pendingid=#ID#" />
-    
-    <title>Anmeldung an Online-Applikation</title>   
-</head>
-
-
-<body>
-		<div id="page">
-
-			<div id="page1" class="case selected-case" role="main">
-
-<!-- 					<h2 class="OA_header">Anmeldung an: #OAName#</h2> -->
-
-					<div id="main">
-					<div id="leftcontent" class="hell">
-            <div id="bku_header" class="dunkel">
-						  <h2 id="tabheader" class="dunkel" role="heading">
-							 Anmeldeinformationen:							  
-						  </h2>
-            </div>
-					
-						<div id="selectArea" class="hell" role="application">
-							<h3>Anmeldung an: #OAName#</h3>
-					
-<!-- 						<div class="hell"> -->
-							<div id="leftbutton">
-									<form method="post" id="moaidform_yes" action="#URL#">
-										<input type="hidden" name="value" value="true">
-										<input type="hidden" name="mod" value="#MODUL#">
-								    <input type="hidden" name="action" value="#ACTION#">
-                    <input type="hidden" name="pendingid" value="#ID#">
-										<input type="submit" value="Ja" class="setAssertionButton_full" role="button">
-									</form>
-							</div>
-							<div id="rightbutton">
-										<form method="post" id="moaidform_no" action="#URL#">
-										<input type="hidden" name="value" value="false">
-										<input type="hidden" name="mod" value="#MODUL#">
-								    <input type="hidden" name="action" value="#ACTION#">
-                    <input type="hidden" name="pendingid" value="#ID#">
-										<input type="submit" value="Nein" class="setAssertionButton_full" role="button">
-									</form>
-							</div>
-						
-						</div>												
-					</div>
-				</div>
-		</div>
-    <!--div id="validation">
-        <a href="http://validator.w3.org/check?uri=">
-          <img   style="border:0;width:88px;height:31px"
-                 src="#CONTEXTPATH#/img/valid-html5-blue.png"
-                 alt="HTML5 ist valide!" />
-        </a>
-        <a href="http://jigsaw.w3.org/css-validator/">
-          <img   style="border:0;width:88px;height:31px"
-                 src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
-                 alt="CSS ist valide!" />
-        </a>
-    </div-->
-	</div>
-</body>
-</html>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
deleted file mode 100644
index b3eb18082..000000000
--- a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
+++ /dev/null
@@ -1,94 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
-<head>
-  <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
-  
-   <!-- MOA-ID 2.x BKUSelection Layout CSS -->               
-  <link rel="stylesheet" href="$contextPath/css/buildCSS" />
-
-	#if($timeoutURL)
-		<script type="text/javascript">
-			function sloTimeOut() {
-				window.location.href="$timeoutURL";
-			
-			}
-      function RestartAfterDelay() {
-        var eDate = null;
-        var MilliSekZeit = 0;
-        var SysDatumJetzt = new Date();
-        var SysDatumJetztMilli = SysDatumJetzt.getTime();
-
-        do {
-          eDate = new Date();
-          MilliSekZeit = eDate.getTime();
-
-        } while ((MilliSekZeit-SysDatumJetztMilli) < $timeout);
-
-        sloTimeOut();
-      }	
-	
-		</script>
-	#end
-
-  <title>Single LogOut Vorgang ... </title>
-</head>
-
-#if($timeoutURL)
-	<body onload='setTimeout(sloTimeOut, $timeout);'>
-#else
-	<body>
-#end
-  <noscript>
-		<p>
-			<strong>Note:</strong> Since your browser does not support
-			JavaScript, you must press the Continue button once to proceed.
-		</p>
-	</noscript>
-
-  <div id="page">
-		<div id="page1" class="case selected-case" role="main">
-			<h2 class="OA_header" role="heading">MOA-ID Single LogOut Information</h2>
-			<div id="main">
-				<div id="leftcontent" class="hell" role="application">
-          
-          #if($errorMsg)
-	         <div class="alert">
-		        <p>$errorMsg</p> 
-	         </div>	
-	        #end
-
-	        #if($successMsg)
-	         <div>
-		        <p>$successMsg</p> 
-	         </div>	
-	        #end
-
-	        #if($redirectURLs)
-		        <div>
-			       <p>
-				        Sie werden von allen Online-Applikationen abgemeldet. <br>
-				        Dieser Vorgang kann einige Zeit in Anspruch nehmen.
-			       </p>
-		       </div>
-	       #end
-          
-				</div>
-			</div>
-		</div>
-		<!--div id="validation">
-			<a href="http://validator.w3.org/check?uri="> <img
-				style="border: 0; width: 88px; height: 31px"
-				src="$contextpath/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
-			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
-				style="border: 0; width: 88px; height: 31px"
-				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
-				alt="CSS ist valide!" />
-			</a>
-		</div-->
-	</div>
-
-
-  #foreach( $el in $redirectURLs )
-	   <iframe src=$el class="reqframe"></iframe>
-  #end
-</body>
-</html>
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sso_transfer_template.html b/id/server/idserverlib/src/main/resources/resources/templates/sso_transfer_template.html
deleted file mode 100644
index e9c2fae76..000000000
--- a/id/server/idserverlib/src/main/resources/resources/templates/sso_transfer_template.html
+++ /dev/null
@@ -1,59 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
-<head>
-  <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
-  
-   <!-- MOA-ID 2.x BKUSelection Layout CSS -->               
-  <link rel="stylesheet" href="#CONTEXTPATH#/css/buildCSS" />
-
-  <title>Single Sign-On Session Transfer</title>
-</head>
-
-	<body>
-  <noscript>
-		<p>
-			<strong>Note:</strong> Since your browser does not support
-			JavaScript, you must press the Continue button once to proceed.
-		</p>
-	</noscript>
-
-  <div id="page">
-		<div id="page1" class="case selected-case" role="main">
-			<h2 class="OA_header" role="heading">MOA-ID Single Sign-On Session Transfer Service</h2>
-			<div id="main">
-				<div id="leftcontent" class="hell" role="application">
-          
-          #if($errorMsg)
-	         <div class="alert">
-		        <p>$errorMsg</p> 
-	         </div>	
-	        #end
-
-	        #if($successMsg)
-	         <div>
-		        <p>$successMsg</p> 
-	         </div>	
-	        #end
-          
-          #if($QRImage)
-	         <div>
-	         	<img id="qrCode" src="data:image/gif;base64,$QRImage">
-	         </div>	
-	        #end
-          
-				</div>
-			</div>
-		</div>
-		<!--div id="validation">
-			<a href="http://validator.w3.org/check?uri="> <img
-				style="border: 0; width: 88px; height: 31px"
-				src="$contextpath/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
-			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
-				style="border: 0; width: 88px; height: 31px"
-				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
-				alt="CSS ist valide!" />
-			</a>
-		</div-->
-	</div>
-
-</body>
-</html>
\ No newline at end of file
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
index 125d83d6d..66dffe311 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
@@ -24,9 +24,9 @@ package at.gv.egovernment.moa.id.module.test;
 
 import java.util.Collection;
 
-import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
 
 /**
  * @author tlenz
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java
index 005ad8bcc..54515ab8e 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java
@@ -11,7 +11,7 @@ import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.Task;
 
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java
index 6ba2f24e4..266878d7e 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java
@@ -11,7 +11,7 @@ import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.Task;
 
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java
index 89b5a5e2a..915cb3b1e 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java
@@ -4,7 +4,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.Task;
 
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java
index 6c91c574c..41ccb4451 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java
@@ -11,7 +11,7 @@ import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.Task;
 
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java
index 766f9fadb..818e8b479 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java
@@ -6,7 +6,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.Task;
 
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java
index 7a4d5f70d..2ee67ec27 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java
@@ -7,7 +7,7 @@ import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.Task;
 
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java
index 32e7bda2f..1f77eadbc 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java
@@ -2,7 +2,7 @@ package at.gv.egovernment.moa.id.process.test;
 
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.Task;
 
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java
index 81fc32d24..bc640e97a 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java
@@ -2,7 +2,7 @@ package at.gv.egovernment.moa.id.process.test;
 
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.Task;
 
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/UnitTestCase.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/UnitTestCase.java
index a645aa5a2..a05159c27 100644
--- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/UnitTestCase.java
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/UnitTestCase.java
@@ -46,10 +46,9 @@
 
 package test.at.gv.egovernment.moa.id;
 
+import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
 import test.MOAIDTestCase;
 
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-
 /**
  * Base class for MOA ID test cases.
  * 
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index bbaba6a50..c722b265e 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -50,6 +50,33 @@
 
 
     <dependencies>
+    		<dependency>
+    			 <groupId>at.gv.util</groupId>
+           <artifactId>egovutils</artifactId>
+           <exclusions>
+           		<exclusion>
+           			<groupId>*</groupId>
+           			<artifactId>*</artifactId>
+           		</exclusion>
+           </exclusions>
+    		</dependency>
+    
+       	<dependency>
+    			 <groupId>org.opensaml</groupId>
+  				 <artifactId>opensaml</artifactId>
+           <exclusions>
+           		<exclusion>
+           			<groupId>*</groupId>
+           			<artifactId>*</artifactId>
+           		</exclusion>
+           </exclusions>
+    		</dependency>
+    
+       <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+        </dependency>
+    
     		<dependency>
 	    		<groupId>at.gv.egiz.components</groupId>
 	    		<artifactId>egiz-configuration-api</artifactId>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
new file mode 100644
index 000000000..8d893be9d
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
@@ -0,0 +1,193 @@
+
+
+
+package at.gv.egovernment.moa.id.commons;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import iaik.asn1.ObjectID;
+
+
+/**
+ * Constants used throughout moa-id-auth component.
+ * 
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class MOAIDAuthConstants extends MOAIDConstants{
+
+  /** servlet parameter &quot;Target&quot; */
+  public static final String PARAM_TARGET = "Target";
+  /** servlet parameter &quot;useMandate&quot; */
+  public static final String PARAM_USEMANDATE = "useMandate";
+  public static final String PARAM_USEMISMANDATE = "useMISMandate";
+  public static final String PARAM_USEELGAMANDATE = "useELGAMandate";
+  /** servlet parameter &quot;OA&quot; */
+  public static final String PARAM_OA = "OA";
+  /** servlet parameter &quot;bkuURI&quot; */
+  public static final String PARAM_BKU = "bkuURI";
+  public static final String PARAM_MODUL = "MODUL";
+  public static final String PARAM_ACTION = "ACTION";
+  public static final String PARAM_SSO = "SSO";
+  public static final String INTERFEDERATION_IDP = "interIDP";
+  public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid";
+  
+  public static final String PARAM_SLOSTATUS = "status";
+  public static final String PARAM_SLORESTART = "restart";
+  public static final String SLOSTATUS_SUCCESS = "success";
+  public static final String SLOSTATUS_ERROR = "error";
+  
+  /** servlet parameter &quot;sourceID&quot; */
+  public static final String PARAM_SOURCEID = "sourceID";  
+  /** servlet parameter &quot;BKUSelectionTemplate&quot; */
+  public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate";
+  /** servlet parameter &quot;CCC (Citizen Country Code)&quot; */
+  public static final String PARAM_CCC = "CCC";  
+  /** servlet parameter &quot;BKUSelectionTemplate&quot; */
+  public static final String PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE = "InputProcessorSignTemplate";
+  /** default BKU URL */
+  public static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request";
+  /** default BKU URL for https connections*/
+  public static final String DEFAULT_BKU_HTTPS = "https://127.0.0.1:3496/https-security-layer-request";
+  /** servlet parameter &quot;returnURI&quot; */
+  public static final String PARAM_RETURN = "returnURI";
+  /** servlet parameter &quot;Template&quot; */
+  public static final String PARAM_TEMPLATE = "Template";
+  /** servlet parameter &quot;MOASessionID&quot; */
+  public static final String PARAM_SESSIONID = "MOASessionID";
+  /** servlet parameter &quot;XMLResponse&quot; */
+  public static final String PARAM_XMLRESPONSE = "XMLResponse";
+  /** servlet parameter &quot;SAMLArtifact&quot; */
+  public static final String PARAM_SAMLARTIFACT = "SAMLArtifact";
+  /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.StartAuthenticationServlet} is mapped to */
+  public static final String REQ_START_AUTHENTICATION = "StartAuthentication";
+  /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet} is mapped to */
+  public static final String REQ_VERIFY_IDENTITY_LINK = "VerifyIdentityLink";
+  /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet} is mapped to */
+  public static final String REQ_GET_FOREIGN_ID = "GetForeignID";
+  /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet} is mapped to */
+  public static final String REQ_VERIFY_CERTIFICATE = "VerifyCertificate";
+  /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet} is mapped to */
+  public static final String GET_MIS_SESSIONID = "GetMISSessionID";
+  /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet} is mapped to */
+  public static final String REQ_PROCESS_VALIDATOR_INPUT = "ProcessInput";
+  /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */
+  public static final String REQ_VERIFY_AUTH_BLOCK = "VerifyAuthBlock";
+  /** Logging hierarchy used for controlling debug output of XML structures to files */
+  public static final String DEBUG_OUTPUT_HIERARCHY = "moa.id.auth";
+  /** Header Name for controlling the caching mechanism of the browser */
+  public static final String HEADER_EXPIRES = "Expires";
+  /** Header Value for controlling the caching mechanism of the browser */
+  public static final String HEADER_VALUE_EXPIRES = "Sat, 6 May 1995 12:00:00 GMT";
+  /** Header Name for controlling the caching mechanism of the browser */
+  public static final String HEADER_PRAGMA = "Pragma";
+  /** Header Value for controlling the caching mechanism of the browser */
+  public static final String HEADER_VALUE_PRAGMA = "no-cache";
+  /** Header Name for controlling the caching mechanism of the browser */
+  public static final String HEADER_CACHE_CONTROL = "Cache-control";
+  /** Header Value for controlling the caching mechanism of the browser */
+  public static final String HEADER_VALUE_CACHE_CONTROL = "no-store, no-cache, must-revalidate";
+  /** Header Value for controlling the caching mechanism of the browser */
+  public static final String HEADER_VALUE_CACHE_CONTROL_IE = "post-check=0, pre-check=0";
+  /** 
+   * the identity link signer X509Subject names of those identity link signer certificates 
+   * not including the identity link signer OID. The authorisation for signing the identity
+   * link must be checked by using their issuer names. After february 19th 2007 the OID of
+   * the certificate will be used fo checking the authorisation for signing identity links.
+   */ 
+  public static final String[] IDENTITY_LINK_SIGNERS_WITHOUT_OID = 
+    new String[] {"T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission",
+                  "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission"};
+  				   
+  /** the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" */
+  public static final String IDENTITY_LINK_SIGNER_OID_NUMBER = "1.2.40.0.10.1.7.1";
+  /** 
+   * the OID of the identity link signer certificate (Eigenschaft zur Ausstellung von Personenbindungen);
+   * used for checking the authorisation for signing the identity link for identity links signed after february 19th 2007
+   */
+  public static final ObjectID IDENTITY_LINK_SIGNER_OID = new ObjectID(IDENTITY_LINK_SIGNER_OID_NUMBER);
+  
+  /** the number of the certifcate extension for party representatives */
+  public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3";
+  
+//  /** the number of the certifcate extension for party organ representatives */
+//  public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10";
+    
+  /** OW */
+  public static final String OW_ORGANWALTER = PARTY_REPRESENTATION_OID_NUMBER + ".4";
+  
+  /** List of OWs */
+  public static final List<ObjectID> OW_LIST = Arrays.asList( 
+		  new ObjectID(OW_ORGANWALTER));  
+  
+  /**BKU type identifiers to use bkuURI from configuration*/ 
+  public static final String REQ_BKU_TYPE_LOCAL = "local";
+  public static final String REQ_BKU_TYPE_ONLINE = "online"; 
+  public static final String REQ_BKU_TYPE_HANDY = "handy"; 
+  public static final List<String> REQ_BKU_TYPES = Arrays.asList(REQ_BKU_TYPE_LOCAL, REQ_BKU_TYPE_ONLINE, REQ_BKU_TYPE_HANDY);
+
+  public static final List<String> LEGACYPARAMETERWHITELIST 
+  	= Arrays.asList(PARAM_TARGET, PARAM_BKU, PARAM_OA, PARAM_TEMPLATE, PARAM_USEMANDATE, PARAM_CCC, PARAM_SOURCEID);
+
+  public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription";
+  public final static String EXT_SAML_MANDATE_OID = "OID";
+  public final static String EXT_SAML_MANDATE_RAW = "Mandate";
+  public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
+  public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
+  public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
+  public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType";
+  public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";
+  public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
+  
+  public static final String PARAM_APPLET_HEIGTH = "heigth";
+  public static final String PARAM_APPLET_WIDTH = "width";
+  
+  public static final Map<String, String> COUNTRYCODE_XX_TO_NAME = 
+			Collections.unmodifiableMap(new HashMap<String, String>() {
+				private static final long serialVersionUID = 1L;
+				{
+					put("AT", "Other Countries");//"Workaround for PEPS Simulator"
+					put("BE", "Belgi&euml;/Belgique");
+					//put("CH", "Schweiz");
+					put("EE", "Eesti");
+					put("ES", "Espa&ntilde;a");
+					put("FI", "Suomi");
+					put("IS", "&Iacute;sland");
+					put("IT", "Italia");
+					put("LI", "Liechtenstein");
+					put("LT", "Lithuania");
+					put("LU", "Luxemburg");
+					put("PT", "Portugal");
+					put("SE", "Sverige");
+					put("SI", "Slovenija");
+				}
+			});	
+  
+  public static final String COUNTRYCODE_AUSTRIA = "AT";
+  
+  public static final String REGEX_PATTERN_TARGET = "^[A-Za-z]{2}(-.*)?$";
+  
+  public static final String MDC_TRANSACTION_ID = "transactionId";
+  public static final String MDC_SESSION_ID = "sessionId";
+  
+  //AuthnRequest IssueInstant validation
+  public static final int TIME_JITTER = 5;  //all 5 minutes time jitter 
+  
+  public static final String PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH = "interfederationAuthentication";
+  public static final String PROCESSCONTEXT_REQUIRELOCALAUTHENTICATION = "requireLocalAuthentication";
+  public static final String PROCESSCONTEXT_PERFORM_BKUSELECTION = "performBKUSelection";
+  public static final String PROCESSCONTEXT_ISLEGACYREQUEST = "isLegacyRequest";
+  
+  //General protocol-request data-store keys
+  public static final String AUTHPROCESS_DATA_TARGET = "authProces_Target";
+  public static final String AUTHPROCESS_DATA_TARGETFRIENDLYNAME = "authProces_TargetFriendlyName";
+  public static final String AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE = "authProces_SecurityLayerTemplate";
+  
+  //General MOASession data-store keys
+  public static final String MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE = "holderofkey_cert";
+  
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
new file mode 100644
index 000000000..fa08dcab6
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/AuthConfiguration.java
@@ -0,0 +1,162 @@
+package at.gv.egovernment.moa.id.commons.api;
+
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.commons.api.data.ProtocolAllowed;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.util.config.EgovUtilPropertiesConfiguration;
+
+public interface AuthConfiguration extends ConfigurationProvider{
+
+	public static final String DEFAULT_X509_CHAININGMODE = "pkix";
+	
+	public Properties getGeneralPVP2ProperiesConfig();
+
+	public Properties getGeneralOAuth20ProperiesConfig();
+
+	public ProtocolAllowed getAllowedProtocols();
+	
+	public Map<String, String> getConfigurationWithPrefix(final String Prefix);
+	
+	public String getConfigurationWithKey(final String key);
+	
+	/**
+	 * Get a configuration value from basic file based MOA-ID configuration
+	 * 
+	 * @param key configuration key 
+	 * @return configuration value 
+	 */
+	public String getBasicMOAIDConfiguration(final String key);
+	
+	public int getTransactionTimeOut();
+	public int getSSOCreatedTimeOut();
+	public int getSSOUpdatedTimeOut();
+	 
+	public String getAlternativeSourceID() throws ConfigurationException;
+
+	public List<String> getLegacyAllowedProtocols();
+
+	public IOAAuthParameters getOnlineApplicationParameter(String oaURL);
+
+	public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException;
+
+	public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException;
+
+	public ConnectionParameterInterface getMoaSpConnectionParameter() throws ConfigurationException;
+ 
+	public ConnectionParameterInterface getForeignIDConnectionParameter() throws ConfigurationException;
+
+	public ConnectionParameterInterface getOnlineMandatesConnectionParameter() throws ConfigurationException;
+	
+	public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore) throws ConfigurationException;
+
+	public List<String> getTransformsInfos() throws ConfigurationException;
+
+	public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException;
+
+	public List<String> getSLRequestTemplates() throws ConfigurationException;
+
+	public String getSLRequestTemplates(String type) throws ConfigurationException;
+
+	public List<String> getDefaultBKUURLs() throws ConfigurationException;
+
+	public String getDefaultBKUURL(String type) throws ConfigurationException;
+
+	public String getSSOTagetIdentifier() throws ConfigurationException;
+
+	public String getSSOFriendlyName();
+
+	public String getSSOSpecialText();
+
+	public String getMOASessionEncryptionKey();
+
+	public String getMOAConfigurationEncryptionKey();
+
+	public boolean isIdentityLinkResigning();
+
+	public String getIdentityLinkResigningKey();
+
+	public boolean isMonitoringActive();
+
+	public String getMonitoringTestIdentityLinkURL();
+
+	public String getMonitoringMessageSuccess();
+
+	public boolean isAdvancedLoggingActive();
+
+	/**
+	 * Returns the PublicURLPrefix.
+	 * 
+	 * @return the PublicURLPrefix (one or more) of this IDP instance. All publicURLPrefix URLs are ends without / 
+	 * @throws ConfigurationException if no PublicURLPrefix is found.
+	 */
+	public List<String> getPublicURLPrefix()  throws ConfigurationException;
+
+	public boolean isVirtualIDPsEnabled(); 
+	
+	public boolean isPVP2AssertionEncryptionActive();
+
+	public boolean isCertifiacteQCActive();
+
+	public IStorkConfig getStorkConfig() throws ConfigurationException;
+
+	public EgovUtilPropertiesConfiguration geteGovUtilsConfig();
+
+	public String getDocumentServiceUrl();
+
+	/**
+	 * Notify, if the STORK fake IdentityLink functionality is active
+	 * 
+	 * @return true/false 
+	 */
+	public boolean isStorkFakeIdLActive();
+
+	/**
+	 * Get a list of all STORK countries for which a faked IdentityLink should be created
+	 * 
+	 * @return {List<String>} of country codes
+	 */
+	public List<String> getStorkFakeIdLCountries();
+
+	/**
+	 * Get a list of all STORK countries for which no signature is required
+	 * 
+	 * @return {List<String>} of country codes
+	 */
+	public List<String> getStorkNoSignatureCountries();
+	
+	/**
+	 * Get the MOA-SS key-group identifier for fake IdentityLink signing
+	 * 
+	 * @return MOA-SS key-group identifier {String}
+	 */
+	public String getStorkFakeIdLResigningKey();
+
+	
+	/**
+	 * Notify, if the PVP2x metadata schema validation is active
+	 * 
+	 * @return true/false 
+	 */
+	public boolean isPVPSchemaValidationActive();
+
+	/**
+	 * Get all configuration values with prefix and wildcard
+	 * 
+	 * @param key: Search key. * and % can be used as wildcards
+	 * @return Key/Value pairs {Map<String, String>}, which key maps the search key
+	 */
+	Map<String, String> getConfigurationWithWildCard(String key);
+
+	/**
+	 * Get configured default revisions-log event codes which should be logged
+	 * 
+	 * @return {List<Integer>} if event codes or null
+	 */
+	List<Integer> getDefaultRevisionsLogEventCodes();
+	
+	@Deprecated
+	public boolean isHTTPAuthAllowed();
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java
new file mode 100644
index 000000000..ca0a56049
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.api;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface ConfigurationProvider {
+
+	  /** 
+	   * The name of the system property which contains the file name of the 
+	   * configuration file.
+	   */
+	  public static final String CONFIG_PROPERTY_NAME =
+	    "moa.id.configuration";
+
+	  /** 
+	   * The name of the system property which contains the file name of the 
+	   * configuration file.
+	   */
+	  public static final String PROXY_CONFIG_PROPERTY_NAME =
+	    "moa.id.proxy.configuration";
+	  
+	  /**
+	   * The name of the generic configuration property giving the certstore directory path.
+	   */
+	  public static final String DIRECTORY_CERTSTORE_PARAMETER_PROPERTY =
+	    "DirectoryCertStoreParameters.RootDir";    
+
+		/**
+		 * The name of the generic configuration property switching the ssl revocation checking on/off
+		 */
+		public static final String TRUST_MANAGER_REVOCATION_CHECKING =
+			"TrustManager.RevocationChecking";   
+		
+		public String getRootConfigFileDir();
+		
+		public String getDefaultChainingMode();
+	
+		public String getTrustedCACertificates();
+		
+		public String getCertstoreDirectory();
+		
+		public boolean isTrustmanagerrevoationchecking();
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConnectionParameterInterface.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConnectionParameterInterface.java
new file mode 100644
index 000000000..89a21661b
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConnectionParameterInterface.java
@@ -0,0 +1,35 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.commons.api;
+
+public interface ConnectionParameterInterface {
+
+	
+	public boolean isHTTPSURL();
+	public String getUrl();
+	public String getAcceptedServerCertificates();
+	
+	public String getClientKeyStore();
+	public String getClientKeyStorePassword();
+	
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
new file mode 100644
index 000000000..be6d34275
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
@@ -0,0 +1,222 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.api;
+
+import java.security.PrivateKey;
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
+import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IOAAuthParameters {
+
+	public static final String ONLINEBKU = "online";
+	public static final String HANDYBKU = "handy";
+	public static final String LOCALBKU = "local";
+	public static final String INDERFEDERATEDIDP = "interfederated";
+
+	/**
+	 * Get the full key/value configuration for this online application
+	 * 
+	 * @return an unmodifiable map of key/value pairs
+	 */
+	public Map<String, String> getFullConfiguration();
+	
+	  /**
+	   * Get a configuration value from online application key/value configuration
+	   * 
+	   * @param key: The key identifier of a configuration value   * 
+	   * @return The configuration value {String} or null if the key does not exist
+	   */  
+	public String getConfigurationValue(String key);
+	
+	public String getFriendlyName();
+	
+	public String getPublicURLPrefix();
+
+	public String getOaType();
+	
+	public boolean getBusinessService();
+	
+	/**
+	 * Get target of a public service-provider
+	 * 
+	 * @return target identifier without prefix
+	 */
+	public String getTarget();
+	
+	public String getTargetFriendlyName();
+	
+	public boolean isInderfederationIDP();
+	
+	public boolean isSTORKPVPGateway();
+	
+	public boolean isRemovePBKFromAuthBlock();
+	
+	/**
+	 * Return the private-service domain-identifier with PreFix
+	 * 
+	 * @return the identityLinkDomainIdentifier
+	 */
+	public String getIdentityLinkDomainIdentifier();
+
+	/**
+	 * @return the keyBoxIdentifier
+	 */
+	public String getKeyBoxIdentifier();
+
+	public SAML1ConfigurationParameters getSAML1Parameter();
+
+	/**
+	 * Get a list of online application specific trusted security layer templates 
+	 * 
+	 * @return a {List<String>} with template URLs, maybe empty but never null
+	 */
+	public List<String> getTemplateURL();
+
+	
+	/**
+	 * Return the additional AuthBlock text for this online application
+	 * 
+	 * @return authblock text {String} or null if no text is configured
+	 */
+	public String getAditionalAuthBlockText();
+
+	/**
+	 * Return an online application specific BKU URL for a requested BKU type
+	 * 
+	 * @param bkutype: defines the type of BKU 
+	 * @return BKU URL {String} or null if no BKU URL is configured
+	 */
+	public String getBKUURL(String bkutype);
+
+	/**
+	 * Return a list of all configured BKU URLs for this online application
+	 * 
+	 * @return List<String> of BKU URLs or an empty list if no BKU is configured
+	 */
+	public List<String> getBKUURL();
+
+	public boolean useSSO();
+
+	public boolean useSSOQuestion();
+
+	/**
+	 * Return all mandate-profile types configured for this online application
+	 * 
+	 * @return the mandateProfiles {List<String>} or null if no profile is defined
+	 */
+	public List<String> getMandateProfiles();
+
+	/**
+	 * @return the identityLinkDomainIdentifierType
+	 */
+	public String getIdentityLinkDomainIdentifierType();
+
+	public boolean isShowMandateCheckBox();
+
+	public boolean isOnlyMandateAllowed();
+
+	/**
+	 * Shall we show the stork login in the bku selection frontend?
+	 * 
+	 * @return true, if is we should show stork login
+	 */
+	public boolean isShowStorkLogin();
+
+	public Integer getQaaLevel();
+
+	public boolean isRequireConsentForStorkAttributes();
+
+	/**
+	 * Return a {Collection} of requested STORK attributes
+	 * 
+	 * @return {Collection<StorkAttribute>} maybe empty but never null
+	 */
+	public Collection<StorkAttribute> getRequestedSTORKAttributes();
+
+	public byte[] getBKUSelectionTemplate();
+
+	public byte[] getSendAssertionTemplate();
+
+	/**
+	 * Return a {Collection} of configured STORK CPEPS 
+	 * 
+	 * @return {Collection<CPEPS>} maybe empty but never null
+	 */
+	public Collection<CPEPS> getPepsList();
+
+	public String getIDPAttributQueryServiceURL();
+
+	/**
+	 * @return
+	 */
+	boolean isInboundSSOInterfederationAllowed();
+
+	/**
+	 * @return
+	 */
+	boolean isInterfederationSSOStorageAllowed();
+
+	/**
+	 * @return
+	 */
+	boolean isOutboundSSOInterfederationAllowed();
+	
+	boolean isTestCredentialEnabled();
+
+	List<String> getTestCredentialOIDs();
+	
+	boolean isUseIDLTestTrustStore();
+	boolean isUseAuthBlockTestTestStore();
+	
+	PrivateKey getBPKDecBpkDecryptionKey();
+
+	/** 
+	 * @return
+	 */
+	boolean isPassivRequestUsedForInterfederation();
+
+	/**
+	 * @return
+	 */
+	boolean isPerformLocalAuthenticationOnInterfederationError();
+
+	/**
+	 * Get a {Collection} of configured STORK attribute provider plug-ins
+	 * 
+	 * @return {Collection<StorkAttributeProviderPlugins>} maybe empty but never null
+	 */
+	public Collection<StorkAttributeProviderPlugin> getStorkAPs();
+	
+	public List<Integer> getReversionsLoggingEventCodes();
+	
+}
\ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java
new file mode 100644
index 000000000..b23b4474b
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java
@@ -0,0 +1,201 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.commons.api;
+
+import java.util.Collection;
+
+import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
+
+public interface IRequest {
+		
+	/**
+	 * Indicates the module, which implements this authentication protocol.
+	 * The class, which is referenced, had to implement the 'IModulInfo' interface.
+	 * 
+	 * @return Full-qualified name of the class which implements this protocol
+	 */
+	public String requestedModule();
+	
+	/**
+	 * Indicates the protocol specific action, which should executed if the request is processed. 
+	 * The class, which is referenced, had to implement the 'IAction' interface.
+	 * 
+	 * @return Full-qualified name of the class which implements the action  
+	 */
+	public String requestedAction();
+	
+	/**
+	 * Unique identifier, which indicates the service provider. 
+	 * In case of SAML1 protocol, it is the OA http-GET parameter
+	 * 
+	 * @return Unique identifier for the service provider
+	 */
+	public String getOAURL();
+	
+	/**
+	 * Indicates the passive flag in authentication requests.
+	 * If the passive flag is set, the identification and authentication process 
+	 * failed if no active SSO session is found. 
+	 * 
+	 * @return true, if the is passive flag is set in authentication request, otherwise false
+	 */
+	public boolean isPassiv();
+	
+	/**
+	 * Indicates the force authentication flag in authentication request
+	 * If this flag is set, a new identification and authentication process
+	 * is carried out in any case.
+	 * 
+	 * @return true, if the force authentication flag is set, otherwise false
+	 */
+	public boolean forceAuth();
+	
+	
+	/**
+	 * Returns a generic request-data object with is stored with a specific identifier 
+	 * 
+	 * @param key The specific identifier of the request-data object
+	 * @return The request-data object or null if no data is found with this key
+	 */
+	public Object getGenericData(String key);
+	
+	/**
+	 * Returns a generic request-data object with is stored with a specific identifier 
+	 * 
+	 * @param key The specific identifier of the request-data object
+	 * @param clazz The class type which is stored with this key
+	 * @return The request-data object or null if no data is found with this key
+	 */
+	public <T> T getGenericData(String key, final Class<T> clazz);
+	
+	/** 
+	 * Store a generic data-object to request with a specific identifier
+	 * 
+	 * @param key Identifier for this data-object
+	 * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
+	 * @throws SessionDataStorageException Error message if the data-object can not stored to generic request-data storage
+	 */
+	public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException;
+		
+	/**
+	 * Hold the identifier of this request object. 
+	 * This identifier can be used to load the request from request storage 
+	 * 
+	 * @return Request identifier
+	 */
+	public String getRequestID();
+	
+
+	/**
+	 * Hold the identifier of the MOASession which is associated with this request
+	 * 
+	 * @return MOASession identifier if a associated session exists, otherwise null
+	 */
+	public String getMOASessionIdentifier();
+
+	
+	/**
+	 * Holds a unique transaction identifier, which could be used for looging
+	 * This transaction identifier is unique for a single identification and authentication process
+	 * 
+	 * @return Unique transaction identifier. 
+	 */
+	public String getUniqueTransactionIdentifier();
+	
+	/**
+	 * Holds a unique session identifier, which could be used for logging 
+	 * This session identifier is unique for the full Single Sign-On session time
+	 * 
+	 * @return Unique session identifier
+	 */
+	public String getUniqueSessionIdentifier();
+	
+	
+	/**
+	 * Hold the identifier if the process instance, which is associated with this request 
+	 * 
+	 * @return ProcessInstanceID if this request is associated with a authentication process, otherwise null
+	 */
+	public String getProcessInstanceId();
+	
+	
+	/**
+	 * get the IDP URL PreFix, which was used for authentication request
+	 * 
+	 * @return IDP URL PreFix <String>. The URL prefix always ends without /
+	 */
+	public String getAuthURL();
+	public String getAuthURLWithOutSlash();
+	
+	/**
+	 * Indicates if this pending request needs authentication
+	 * 
+	 * @return true if this request needs authentication, otherwise false
+	 */
+	public boolean isNeedAuthentication();
+	
+	/**
+	 * Indicates, if this pending request needs Single Sign-On (SSO) functionality 
+	 * 
+	 * @return true if this request needs SSO, otherwise false
+	 */
+	public boolean needSingleSignOnFunctionality();
+	public void setNeedSingleSignOnFunctionality(boolean needSSO);
+	
+	/**
+	 * Indicates, if this pending request is already authenticated
+	 * 
+	 * @return true if this request is already authenticated, otherwise false
+	 */
+	public boolean isAuthenticated();
+	public void setAuthenticated(boolean isAuthenticated);
+	
+	/**
+	 * Get get Service-Provider configuration which is associated with this request.
+	 * 
+	 * @return Service-Provider configuration
+	 */
+	public IOAAuthParameters getOnlineApplicationConfiguration();
+
+	/**
+	 * Indicates, if this pending-request is aborted by the user
+	 * 
+	 * @return true, if it is aborted, otherwise false
+	 */
+	public boolean isAbortedByUser();
+
+	/**
+	 * Set the 'isAboredByUser' flag of this pending-request
+	 * 
+	 * @param b true, if the user has abort the authentication process, otherwise false
+	 */
+	public void setAbortedByUser(boolean isAborted);
+	
+	/**
+	 * This method get a Set of PVP 2.1 attribute, which are request by this pending-request.
+	 * 
+	 * @return A set of PVP attribute names or null if no attributes are requested 
+	 * 			or the Service Provider, which sends this request needs no attributes
+	 */
+	public Collection<String> getRequestedAttributes();
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IStorkConfig.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IStorkConfig.java
new file mode 100644
index 000000000..b2d90aed4
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IStorkConfig.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.api;
+
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
+import at.gv.egovernment.moa.id.commons.api.data.SignatureCreationParameter;
+import at.gv.egovernment.moa.id.commons.api.data.SignatureVerificationParameter;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IStorkConfig {
+
+	SignatureCreationParameter getSignatureCreationParameter();
+
+	SignatureVerificationParameter getSignatureVerificationParameter();
+
+	Map<String, CPEPS> getCpepsMap();
+
+	boolean isSTORKAuthentication(String ccc);
+
+	CPEPS getCPEPS(String ccc);
+
+	List<StorkAttribute> getStorkAttributes();
+
+}
\ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java
new file mode 100644
index 000000000..cb81fe79e
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java
@@ -0,0 +1,135 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.api.data;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.Serializable;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+
+import org.apache.commons.lang3.SerializationUtils;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.KeyStoreUtils;
+
+
+/**
+ * @author tlenz 
+ *
+ */
+public class BPKDecryptionParameters implements Serializable{
+
+	private static final long serialVersionUID = 1L;
+	
+	private byte[] keyStore = null;
+	private String keyStorePassword = null;
+	private String keyAlias = null;
+	private String keyPassword = null;
+	
+	/**
+	 * @return
+	 * @throws IOException 
+	 */
+	public PrivateKey getPrivateKey() {
+		InputStream in = null;
+		try {
+			in = new ByteArrayInputStream(keyStore);
+			KeyStore store = KeyStoreUtils.loadKeyStore(in , keyStorePassword);
+			
+		    char[] chPassword = " ".toCharArray();
+		    if (keyPassword != null)
+		      chPassword = keyPassword.toCharArray();
+		    
+//		    Certificate test = store.getCertificate(keyAlias);
+//		    Base64Utils.encode(test.getPublicKey().getEncoded());
+		    
+			return (PrivateKey) store.getKey(keyAlias, chPassword);
+			
+			
+		} catch (KeyStoreException e) {
+			Logger.error("Can not load private key from keystore.", e);
+			
+		} catch (IOException e) {
+			Logger.error("Can not load private key from keystore.", e);
+			
+		} catch (UnrecoverableKeyException e) {
+			Logger.error("Can not load private key from keystore.", e);
+
+		} catch (NoSuchAlgorithmException e) {
+			Logger.error("Can not load private key from keystore.", e);
+			
+		} finally {
+			if (in != null) {
+				try {
+					in.close();
+				} catch (IOException e) {
+					Logger.warn("Close InputStream failed." , e);
+				}
+			}			
+		}
+		
+		return null;		
+	}
+	
+	public byte[] serialize() {
+		return SerializationUtils.serialize(this);
+		
+	}
+
+	/**
+	 * @param keyStore the keyStore to set
+	 */
+	public void setKeyStore(byte[] keyStore) {
+		this.keyStore = keyStore;
+	}
+
+	/**
+	 * @param keyStorePassword the keyStorePassword to set
+	 */
+	public void setKeyStorePassword(String keyStorePassword) {
+		this.keyStorePassword = keyStorePassword;
+	}
+
+	/**
+	 * @param keyAlias the keyAlias to set
+	 */
+	public void setKeyAlias(String keyAlias) {
+		this.keyAlias = keyAlias;
+	}
+
+	/**
+	 * @param keyPassword the keyPassword to set
+	 */
+	public void setKeyPassword(String keyPassword) {
+		this.keyPassword = keyPassword;
+	}
+	
+	
+	
+	
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/CPEPS.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/CPEPS.java
new file mode 100644
index 000000000..a88aa2171
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/CPEPS.java
@@ -0,0 +1,138 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+/**
+ * 
+ */
+package at.gv.egovernment.moa.id.commons.api.data;
+
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+
+/**
+ * Encpasulates C-PEPS information according MOA configuration
+ * 
+ * @author bzwattendorfer
+ *
+ */
+public class CPEPS {
+	
+	/**  Country Code of C-PEPS */
+	private String countryCode;
+	
+	/**  URL of C-PEPS */
+	private URL pepsURL;
+	
+	private Boolean isXMLSignatureSupported;
+
+	/** Specific attributes to be requested for this C-PEPS */
+	private List<RequestedAttribute> countrySpecificRequestedAttributes = new ArrayList<RequestedAttribute>();
+	
+	/**
+	 * Constructs a C-PEPS
+	 * @param countryCode ISO Country Code of C-PEPS
+	 * @param pepsURL URL of C-PEPS
+	 */
+	public CPEPS(String countryCode, URL pepsURL, Boolean isXMLSignatureSupported) {
+		super();
+		this.countryCode = countryCode;
+		this.pepsURL = pepsURL;
+		this.isXMLSignatureSupported = isXMLSignatureSupported;
+	}
+
+	/**
+	 * Gets the country code of this C-PEPS
+	 * @return ISO country code
+	 */
+	public String getCountryCode() {
+		return countryCode;
+	}
+
+	/**
+	 * Sets the country code of this C-PEPS
+	 * @param countryCode ISO country code
+	 */
+	public void setCountryCode(String countryCode) {
+		this.countryCode = countryCode;
+	}
+
+	/**
+	 * Gets the URL of this C-PEPS
+	 * @return C-PEPS URL
+	 */
+	public URL getPepsURL() {
+		return pepsURL;
+	}
+
+	/**
+	 * Sets the C-PEPS URL
+	 * @param pepsURL C-PEPS URL
+	 */
+	public void setPepsURL(URL pepsURL) {
+		this.pepsURL = pepsURL;
+	}
+
+	/**
+	 * Returns weather the C-PEPS supports XMl Signatures or not (important for ERnB)
+	 */
+	public Boolean isXMLSignatureSupported() {
+		return isXMLSignatureSupported;
+	}
+
+	/**
+	 * Sets weather the C-PEPS supports XMl Signatures or not (important for ERnB)
+	 * @param isXMLSignatureSupported C-PEPS XML Signature support
+	 */
+	public void setXMLSignatureSupported(boolean isXMLSignatureSupported) {
+		this.isXMLSignatureSupported = isXMLSignatureSupported;
+	}
+	
+	/**
+	 * Gets the country specific attributes of this C-PEPS
+	 * @return List of country specific attributes
+	 */
+	public List<RequestedAttribute> getCountrySpecificRequestedAttributes() {
+		return countrySpecificRequestedAttributes;
+	}
+
+	/**
+	 * Sets the country specific attributes
+	 * @param countrySpecificRequestedAttributes List of country specific requested attributes
+	 */
+	public void setCountrySpecificRequestedAttributes(
+			List<RequestedAttribute> countrySpecificRequestedAttributes) {
+		this.countrySpecificRequestedAttributes = countrySpecificRequestedAttributes;
+	}
+	
+	/**
+	 * Adds a Requested attribute to the country specific attribute List
+	 * @param countrySpecificRequestedAttribute Additional country specific requested attribute to add 
+	 */
+	public void addCountrySpecificRequestedAttribute(RequestedAttribute countrySpecificRequestedAttribute) {
+		this.countrySpecificRequestedAttributes.add(countrySpecificRequestedAttribute);
+	}
+	
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/ProtocolAllowed.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/ProtocolAllowed.java
new file mode 100644
index 000000000..4f63dca54
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/ProtocolAllowed.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.api.data;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ProtocolAllowed {
+
+	private boolean isSAML1Active = false;
+	private boolean isPVP21Active = true;
+	private boolean isOAUTHActive = true;
+	
+	/**
+	 * 
+	 */
+	public ProtocolAllowed() {
+		
+	}
+	
+	/**
+	 * 
+	 */
+	public ProtocolAllowed(boolean saml1, boolean pvp21, boolean oauth) {
+		this.isOAUTHActive = oauth;
+		this.isPVP21Active = pvp21;
+		this.isSAML1Active = saml1;
+		
+	}
+	
+	/**
+	 * @return the isSAML1Active
+	 */
+	public boolean isSAML1Active() {
+		return isSAML1Active;
+	}
+	/**
+	 * @param isSAML1Active the isSAML1Active to set
+	 */
+	public void setSAML1Active(boolean isSAML1Active) {
+		this.isSAML1Active = isSAML1Active;
+	}
+	/**
+	 * @return the isPVP21Active
+	 */
+	public boolean isPVP21Active() {
+		return isPVP21Active;
+	}
+	/**
+	 * @param isPVP21Active the isPVP21Active to set
+	 */
+	public void setPVP21Active(boolean isPVP21Active) {
+		this.isPVP21Active = isPVP21Active;
+	}
+	/**
+	 * @return the isOAUTHActive
+	 */
+	public boolean isOAUTHActive() {
+		return isOAUTHActive;
+	}
+	/**
+	 * @param isOAUTHActive the isOAUTHActive to set
+	 */
+	public void setOAUTHActive(boolean isOAUTHActive) {
+		this.isOAUTHActive = isOAUTHActive;
+	}
+	
+	
+	
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/SAML1ConfigurationParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/SAML1ConfigurationParameters.java
new file mode 100644
index 000000000..eb709a6f1
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/SAML1ConfigurationParameters.java
@@ -0,0 +1,276 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.api.data;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SAML1ConfigurationParameters {
+
+		private boolean isActive = false;
+		private boolean provideBaseId = false;
+		private boolean provideAuthBlock = false;
+		private boolean provideIdl = false;
+		private boolean provideCertificate = false;
+		private boolean provideMandate = false;
+		private boolean provideAllErrors = true;
+		private boolean useCondition = false;
+		private String sourceID = null;
+		private String condition = new String();
+		
+		
+		/**
+		 * 
+		 */
+		public SAML1ConfigurationParameters(boolean isActive,
+				boolean provideBaseId, boolean provideAuthBlock,
+				boolean provideIdl, boolean provideCertificate,
+				boolean provideMandate, boolean provideAllErrors,
+				boolean useCondition, String condition,
+				String sourceID) {
+			this.condition = condition;
+			this.isActive = isActive;
+			this.provideAllErrors = provideAllErrors;
+			this.provideAuthBlock = provideAuthBlock;
+			this.provideBaseId = provideBaseId;
+			this.provideCertificate = provideCertificate;
+			this.provideIdl = provideIdl;
+			this.provideMandate = provideMandate;
+			this.useCondition = useCondition;
+			this.sourceID = sourceID;
+			
+		}
+		
+		
+		/**
+		 * 
+		 */
+		public SAML1ConfigurationParameters() {
+			
+		}
+
+
+		/**
+		 * Gets the value of the isActive property.
+		 * 
+		 * @return
+		 *     possible object is
+		 *     {@link String }
+		 *     
+		 */
+		public Boolean isIsActive() {
+			return this.isActive;
+		}
+
+		/**
+		 * @param isActive the isActive to set
+		 */
+		public void setActive(boolean isActive) {
+			this.isActive = isActive;
+		}
+
+
+		/**
+		 * @param provideBaseId the provideBaseId to set
+		 */
+		public void setProvideBaseId(boolean provideBaseId) {
+			this.provideBaseId = provideBaseId;
+		}
+
+
+		/**
+		 * @param provideAuthBlock the provideAuthBlock to set
+		 */
+		public void setProvideAuthBlock(boolean provideAuthBlock) {
+			this.provideAuthBlock = provideAuthBlock;
+		}
+
+
+		/**
+		 * @param provideIdl the provideIdl to set
+		 */
+		public void setProvideIdl(boolean provideIdl) {
+			this.provideIdl = provideIdl;
+		}
+
+
+		/**
+		 * @param provideCertificate the provideCertificate to set
+		 */
+		public void setProvideCertificate(boolean provideCertificate) {
+			this.provideCertificate = provideCertificate;
+		}
+
+
+		/**
+		 * @param provideMandate the provideMandate to set
+		 */
+		public void setProvideMandate(boolean provideMandate) {
+			this.provideMandate = provideMandate;
+		}
+
+
+		/**
+		 * @param provideAllErrors the provideAllErrors to set
+		 */
+		public void setProvideAllErrors(boolean provideAllErrors) {
+			this.provideAllErrors = provideAllErrors;
+		}
+
+
+		/**
+		 * @param useCondition the useCondition to set
+		 */
+		public void setUseCondition(boolean useCondition) {
+			this.useCondition = useCondition;
+		}
+
+
+		/**
+		 * @param sourceID the sourceID to set
+		 */
+		public void setSourceID(String sourceID) {
+			this.sourceID = sourceID;
+		}
+
+
+		/**
+		 * @param condition the condition to set
+		 */
+		public void setCondition(String condition) {
+			this.condition = condition;
+		}
+
+
+		/**
+		 * Gets the value of the provideStammzahl property.
+		 * 
+		 * @return
+		 *     possible object is
+		 *     {@link String }
+		 *     
+		 */
+		public Boolean isProvideStammzahl() {
+			return this.provideBaseId;
+		}
+		
+		/**
+		 * Gets the value of the provideAUTHBlock property.
+		 * 
+		 * @return
+		 *     possible object is
+		 *     {@link String }
+		 *     
+		 */
+		public Boolean isProvideAUTHBlock() {
+			return this.provideAuthBlock;
+		}
+
+		/**
+		 * Gets the value of the provideIdentityLink property.
+		 * 
+		 * @return
+		 *     possible object is
+		 *     {@link String }
+		 *     
+		 */
+		public Boolean isProvideIdentityLink() {
+			return this.provideIdl;
+		}
+
+		/**
+		 * Gets the value of the provideCertificate property.
+		 * 
+		 * @return
+		 *     possible object is
+		 *     {@link String }
+		 *     
+		 */
+		public Boolean isProvideCertificate() {
+			return this.provideCertificate;
+		}
+
+		/**
+		 * Gets the value of the provideFullMandatorData property.
+		 * 
+		 * @return
+		 *     possible object is
+		 *     {@link String }
+		 *     
+		 */
+		public Boolean isProvideFullMandatorData() {
+			return this.provideMandate;
+		}
+
+		/**
+		 * Gets the value of the useCondition property.
+		 * 
+		 * @return
+		 *     possible object is
+		 *     {@link String }
+		 *     
+		 */
+		public Boolean isUseCondition() {
+			return this.useCondition;
+		}
+
+		/**
+		 * Gets the value of the conditionLength property.
+		 * 
+		 * @return
+		 *     possible object is
+		 *     {@link BigInteger }
+		 *     
+		 */
+
+		public int getConditionLength() {
+			return condition.length();
+		}
+
+		/**
+		 * Gets the value of the sourceID property.
+		 * 
+		 * @return
+		 *     possible object is
+		 *     {@link String }
+		 *     
+		 */
+		public String getSourceID() {
+			return this.sourceID;
+		}
+
+		/**
+		 * Gets the value of the provideAllErrors property.
+		 * 
+		 * @return
+		 *     possible object is
+		 *     {@link String }
+		 *     
+		 */
+		public Boolean isProvideAllErrors() {
+			return this.provideAllErrors;
+		}
+
+}
+
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/SignatureCreationParameter.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/SignatureCreationParameter.java
new file mode 100644
index 000000000..9bfd93977
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/SignatureCreationParameter.java
@@ -0,0 +1,103 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.gv.egovernment.moa.id.commons.api.data;
+
+import java.util.Properties;
+
+/**
+ * Encapsulates signature creation parameters according MOA configuration
+ * 
+ * @author bzwattendorfer
+ *
+ */
+public class SignatureCreationParameter {
+	
+	private static final String PROPS_PREFIX = "stork.samlsigningparameter.signaturecreation.";
+	private static final String PROPS_KEYSTORE_FILE = "keystore.file";
+	private static final String PROPS_KEYSTORE_PASS = "keystore.password";
+	private static final String PROPS_KEYNAME_NAME = "keyname.name";
+	private static final String PROPS_KEYNAME_PASS = "keyname.password";
+	
+	private Properties props;
+	private String basedirectory;
+	
+	public SignatureCreationParameter(Properties props, String basedirectory) {
+		this.props = props;
+		this.basedirectory = basedirectory;
+	}
+	
+	/**
+	 * Gets the KeyStore Path
+	 * @return File Path to KeyStore
+	 */
+	public String getKeyStorePath() {
+		return basedirectory + props.getProperty(PROPS_PREFIX+PROPS_KEYSTORE_FILE);
+	}
+
+	/**
+	 * Gets the KeyStore Password
+	 * @return Password to KeyStore
+	 */
+	public String getKeyStorePassword() {
+		return props.getProperty(PROPS_PREFIX+PROPS_KEYSTORE_PASS);
+	}
+
+	/**
+	 * Gets the Signing Key Name
+	 * @return Siging Key Name
+	 */
+	public String getKeyName() {
+		return props.getProperty(PROPS_PREFIX+PROPS_KEYNAME_NAME);
+	}
+
+	/**
+	 * Gets the Signing Key Password
+	 * @return Signing Key Password
+	 */
+	public String getKeyPassword() {
+		return props.getProperty(PROPS_PREFIX+PROPS_KEYNAME_PASS);
+	}
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/SignatureVerificationParameter.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/SignatureVerificationParameter.java
new file mode 100644
index 000000000..f408ea7fe
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/SignatureVerificationParameter.java
@@ -0,0 +1,53 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+/**
+ * 
+ */
+package at.gv.egovernment.moa.id.commons.api.data;
+
+/**
+ * Encapsulates Signature Verification data for STORK according MOA configuration
+ * 
+ * @author bzwattendorfer
+ *
+ */
+public class SignatureVerificationParameter {
+	
+	/** ID of the MOA-SP TrustProfile to be used for STORK SAML signature verification */
+	private String trustProfileID;
+
+	public SignatureVerificationParameter(String trustProfileID2) {
+		this.trustProfileID = trustProfileID2;
+	}
+
+	/**
+	 * Gets the MOA-SP TrustProfileID
+	 * @return TrustProfileID of MOA-SP for STORK signature verification
+	 */
+	public String getTrustProfileID() {
+		return trustProfileID;
+	}
+
+	
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/StorkAttribute.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/StorkAttribute.java
new file mode 100644
index 000000000..1bbb7d3fe
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/StorkAttribute.java
@@ -0,0 +1,27 @@
+package at.gv.egovernment.moa.id.commons.api.data;
+
+public class StorkAttribute {
+
+	protected Boolean mandatory;
+	protected String name;
+	
+	public StorkAttribute(String name, boolean mandatory) {
+		this.name = name;
+		this.mandatory = mandatory;
+	}
+	
+	public Boolean getMandatory() {
+		return mandatory;
+	}
+	public void setMandatory(Boolean mandatory) {
+		this.mandatory = mandatory;
+	}
+	public String getName() {
+		return name;
+	}
+	public void setName(String name) {
+		this.name = name;
+	}
+	
+	
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/StorkAttributeProviderPlugin.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/StorkAttributeProviderPlugin.java
new file mode 100644
index 000000000..070d304a6
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/StorkAttributeProviderPlugin.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.api.data;
+
+/**
+ * @author tlenz
+ *
+ */
+public class StorkAttributeProviderPlugin {
+	private String name = null;
+	private String url = null;
+	private String attributes = null;
+	
+	/**
+	 * 
+	 */
+	public StorkAttributeProviderPlugin(String name, String url, String attributes) {
+		this.name = name;
+		this.url = url;
+		this.attributes = attributes;
+	}
+	
+	/**
+	 * @return the name
+	 */
+	public String getName() {
+		return name;
+	}
+	/**
+	 * @param name the name to set
+	 */
+	public void setName(String name) {
+		this.name = name;
+	}
+	/**
+	 * @return the url
+	 */
+	public String getUrl() {
+		return url;
+	}
+	/**
+	 * @param url the url to set
+	 */
+	public void setUrl(String url) {
+		this.url = url;
+	}
+	/**
+	 * @return the attributes
+	 */
+	public String getAttributes() {
+		return attributes;
+	}
+	/**
+	 * @param attributes the attributes to set
+	 */
+	public void setAttributes(String attributes) {
+		this.attributes = attributes;
+	}
+	
+	
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/ConfigurationException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/ConfigurationException.java
new file mode 100644
index 000000000..e8f6da323
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/ConfigurationException.java
@@ -0,0 +1,78 @@
+package at.gv.egovernment.moa.id.commons.api.exceptions;
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+/**
+ * Exception signalling an error in the configuration.
+ * 
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ConfigurationException extends MOAIDException {
+
+  /**
+	 * 
+	 */
+	private static final long serialVersionUID = -7199539463319751278L;
+
+/**
+   * Create a <code>MOAConfigurationException</code>.
+   */
+  public ConfigurationException(String messageId, Object[] parameters) {
+    super(messageId, parameters);
+  }
+
+  /**
+   * Create a <code>MOAConfigurationException</code>.
+   */
+  public ConfigurationException(
+    String messageId,
+    Object[] parameters,
+    Throwable wrapped) {
+
+    super(messageId, parameters, wrapped);
+  }
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java
new file mode 100644
index 000000000..955b0f5ea
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java
@@ -0,0 +1,222 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.commons.api.exceptions;
+
+import java.io.PrintStream;
+import java.io.PrintWriter;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.w3c.dom.DOMImplementation;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * Base class of technical MOA exceptions.
+ * 
+ * Technical exceptions are exceptions that originate from system failure (e.g.,
+ * a database connection fails, a component is not available, etc.)
+ * 
+ * @author Patrick Peck, Ivancsics Paul
+ * @version $Id$
+ */
+public class MOAIDException extends Exception {
+  /**
+	 * 
+	 */
+	private static final long serialVersionUID = -1507246171708083912L;
+/** message ID */
+  private String messageId;
+  /** wrapped exception */
+  private Throwable wrapped;
+
+  private Object[] parameters;
+  
+  /**
+   * Create a new <code>MOAIDException</code>.
+   * 
+   * @param messageId The identifier of the message associated with this 
+   * exception.
+   * @param parameters Additional message parameters.
+   */
+  public MOAIDException(String messageId, Object[] parameters) {
+    super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
+    this.messageId = messageId;
+    this.parameters = parameters;
+  }
+
+  /**
+   * Create a new <code>MOAIDException</code>.
+   * 
+   * @param messageId The identifier of the message associated with this 
+   * <code>MOAIDException</code>.
+   * @param parameters Additional message parameters.
+   * @param wrapped The exception wrapped by this
+   * <code>MOAIDException</code>.
+   */
+  public MOAIDException(
+    String messageId,
+    Object[] parameters,
+    Throwable wrapped) {
+      
+    super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
+    this.messageId = messageId;
+    this.wrapped = wrapped;
+    this.parameters = parameters;
+  }
+
+  /**
+   * Print a stack trace of this exception to <code>System.err</code>.
+   * 
+   * @see java.lang.Throwable#printStackTrace()
+   */
+  public void printStackTrace() {
+    printStackTrace(System.err);
+  }
+
+  /**
+   * Print a stack trace of this exception, including the wrapped exception.
+   * 
+   * @param s The stream to write the stack trace to.
+   * @see java.lang.Throwable#printStackTrace(java.io.PrintStream)
+   */
+  public void printStackTrace(PrintStream s) {
+    if (getWrapped() == null)
+      super.printStackTrace(s);
+    else {
+      s.print("Root exception: ");
+      getWrapped().printStackTrace(s);
+    }
+  }
+
+  /**
+   * Print a stack trace of this exception, including the wrapped exception.
+   * 
+   * @param s The stream to write the stacktrace to.
+   * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter)
+   */
+  public void printStackTrace(PrintWriter s) {
+    if (getWrapped() == null)
+      super.printStackTrace(s);
+    else {
+      s.print("Root exception: ");
+      getWrapped().printStackTrace(s);
+    }
+  }
+
+  /**
+   * @return message ID
+   */
+  public String getMessageId() {
+    return messageId;
+  }
+
+  /**
+   * @return wrapped exception
+   */
+  public Throwable getWrapped() {
+    return wrapped;
+  }
+
+  
+  
+  /**
+ * @return the parameters
+ */
+public Object[] getParameters() {
+	return parameters;
+}
+
+/**
+   * Convert this <code>MOAIDException</code> to an <code>ErrorResponse</code>
+   * element from the MOA namespace.
+   * 
+   * @return An <code>ErrorResponse</code> element, containing the subelements
+   * <code>ErrorCode</code> and <code>Info</code> required by the MOA schema.
+   */
+  public Element toErrorResponse() {
+    DocumentBuilder builder;
+    DOMImplementation impl;
+    Document doc;
+    Element errorResponse;
+    Element errorCode;
+    Element info;
+
+    // create a new document
+    try {
+      builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+      impl = builder.getDOMImplementation();
+    } catch (ParserConfigurationException e) {
+      return null;
+    }
+
+    // build the ErrorResponse element
+    doc = impl.createDocument(Constants.MOA_NS_URI, "ErrorResponse", null);
+    errorResponse = doc.getDocumentElement();
+
+    // add MOA namespace declaration
+    errorResponse.setAttributeNS(
+      Constants.XMLNS_NS_URI,
+      "xmlns",
+      Constants.MOA_NS_URI);
+
+    // build the child elements    
+    errorCode = doc.createElementNS(Constants.MOA_NS_URI, "ErrorCode");
+    errorCode.appendChild(doc.createTextNode(messageId));
+    info = doc.createElementNS(Constants.MOA_NS_URI, "Info");
+    info.appendChild(doc.createTextNode(toString()));
+    errorResponse.appendChild(errorCode);
+    errorResponse.appendChild(info);
+    return errorResponse;
+  }
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/SessionDataStorageException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/SessionDataStorageException.java
new file mode 100644
index 000000000..9414556a2
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/SessionDataStorageException.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.api.exceptions;
+
+/**
+ * @author tlenz 
+ *
+ */
+public class SessionDataStorageException extends MOAIDException {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 5743057708136365929L;
+
+	/**
+	 * @param messageId
+	 * @param parameters
+	 */
+	public SessionDataStorageException(String messageId, Object[] parameters) {
+		super(messageId, parameters);
+		
+	}
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java
new file mode 100644
index 000000000..4d8a07a55
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java
@@ -0,0 +1,104 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.commons.utils;
+
+import java.util.Locale;
+
+import at.gv.egovernment.moa.util.Messages;
+
+/**
+ * A singleton wrapper around a <code>Message</code> object, providing the messages used in MOA-ID.
+ * 
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class MOAIDMessageProvider {
+  
+  /** DEFAULT_MESSAGE_RESOURCES are resources/properties/id_messages */
+  private static final String[] DEFAULT_MESSAGE_RESOURCES =
+    { "resources/properties/id_messages" };
+  /** DEFAULT_MESSAGE_LOCALES are "de", "AT" */  
+  private static final Locale[] DEFAULT_MESSAGE_LOCALES =
+    new Locale[] { new Locale("de", "AT") };
+   /** The instance for our singleton */  
+  private static MOAIDMessageProvider instance;
+  /** The Messages */
+  private Messages messages;
+  
+  /**
+   * Returns the single instance of <code>MOAIDMessageProvider</code>.
+   * 
+   * @return the single instance of <code>MOAIDMessageProvider</code>
+   */
+  public static MOAIDMessageProvider getInstance() {
+    if (instance == null)
+      instance = new MOAIDMessageProvider(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES);
+    return instance;
+  }
+  
+  /**
+   * Create a <code>MOAIDMessageProvider</code>.
+   * 
+   * @param resourceNames The names of the resources containing the messages.
+   * @param locales The corresponding locales.
+   */
+  protected MOAIDMessageProvider(String[] resourceNames, Locale[] locales) {
+    this.messages = new Messages(resourceNames, locales);
+  }
+  
+  /**
+   * Get the message corresponding to a given message ID.
+   *
+   * @param messageId The ID of the message.
+   * @param parameters The parameters to fill in into the message arguments.
+   * @return The formatted message. 
+   */
+  public String getMessage(String messageId, Object[] parameters) {
+    return messages.getMessage(messageId, parameters);
+  }
+
+}
diff --git a/id/server/moa-id-frontend-resources/pom.xml b/id/server/moa-id-frontend-resources/pom.xml
index 4107e98e3..64ebc14b6 100644
--- a/id/server/moa-id-frontend-resources/pom.xml
+++ b/id/server/moa-id-frontend-resources/pom.xml
@@ -12,7 +12,7 @@
   <packaging>jar</packaging>
   
   <name>MOA-ID-Auth FrontEnd-Resources</name>
-  <description>Static FrontEnd resources for MOA-ID-Auth </description>
+  <description>FrontEnd resources for MOA-ID-Auth </description>
   <organization>
   	<name>EGIZ</name>
   	<url>https://www.egiz.gv.at</url>
@@ -29,7 +29,12 @@
 		<repositoryPath>${basedir}/../../../../repository</repositoryPath>
 	</properties>
   
-  <dependencies>
+  <dependencies>  	
+   	 <dependency>
+  		<groupId>MOA.id.server</groupId>
+  		<artifactId>moa-id-commons</artifactId>
+  	</dependency>
+  	
   	<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-webmvc</artifactId>
@@ -40,6 +45,20 @@
 				</exclusion>
 			</exclusions>
   	</dependency>
+  	
+  	<dependency>
+			<groupId>org.apache.velocity</groupId>
+			<artifactId>velocity</artifactId>
+			<version>1.7</version>
+		</dependency>
+  	
+  	<dependency>
+			<groupId>javax.servlet</groupId>
+			<artifactId>javax.servlet-api</artifactId>
+			<scope>provided</scope>
+		</dependency>
+		
+		
   </dependencies>
   
 </project>
\ No newline at end of file
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java
new file mode 100644
index 000000000..71a4837d4
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java
@@ -0,0 +1,106 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.frontend.builder;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public abstract class AbstractGUIFormBuilderConfiguration implements IGUIBuilderConfiguration {
+
+	public static final String PARAM_AUTHCONTEXT = "contextPath";
+	public static final String PARAM_FORMSUBMITENDPOINT = "submitEndpoint";
+	
+	public static final String PARAM_PENDINGREQUESTID = "pendingReqID";
+	
+	private String authURL = null;
+	private String viewName = null;
+	private String formSubmitEndpoint = null;
+	
+	/**
+	 * @param authURL IDP PublicURL-Prefix which should be used, but never null
+	 * @param viewName Name of the template (with suffix) but never null
+	 * @param formSubmitEndpoint EndPoint on which the form should be submitted, 
+	 * or null if the form must not submitted
+	 * 
+	 */
+	public AbstractGUIFormBuilderConfiguration(String authURL, String viewName, String formSubmitEndpoint) {
+		this.viewName = viewName;
+		
+		if (authURL.endsWith("/"))
+			this.authURL = authURL.substring(0, authURL.length() - 1);
+		else
+			this.authURL = authURL;
+		
+		if (MiscUtil.isNotEmpty(formSubmitEndpoint)) {
+			if (formSubmitEndpoint.startsWith("/"))
+				this.formSubmitEndpoint = formSubmitEndpoint;
+			else		
+				this.formSubmitEndpoint = "/" + formSubmitEndpoint;
+		}
+	}
+	
+	
+	/**
+	 * Define the parameters, which should be evaluated in the template
+	 * 
+	 * @return Map of parameters, which should be added to template
+	 */
+	abstract protected Map<String, Object> getSpecificViewParameters();
+	
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewName()
+	 */
+	@Override
+	public final String getViewName() {
+		return this.viewName;
+		
+	}
+	
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewParameters()
+	 */
+	@Override
+	public final Map<String, Object> getViewParameters() {
+		//get parameters from detail implementation
+		Map<String, Object> specParams = getSpecificViewParameters();
+		if (specParams == null)
+			specParams = new HashMap<String, Object>();
+		
+		//add generic parameters
+		specParams.put(PARAM_AUTHCONTEXT, this.authURL);		
+		if (this.formSubmitEndpoint != null)
+			specParams.put(PARAM_FORMSUBMITENDPOINT, this.formSubmitEndpoint);
+		
+		return specParams;
+		
+	}
+
+}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
new file mode 100644
index 000000000..2c2792b84
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
@@ -0,0 +1,120 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.frontend.builder;
+
+import java.io.InputStream;
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+	
+/**
+ * This class builds MOA-ID GUI forms from default resource paths
+ * 
+ * @author tlenz 
+ *
+ */
+public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderConfiguration {
+	
+	public static final String VIEW_REDIRECT = "redirectForm.html";
+	public static final String VIEW_ERRORMESSAGE = "error_message.html";
+	public static final String VIEW_SINGLELOGOUT = "slo_template.html";
+	public static final String VIEW_SSO_SESSION_TRANSFER = "sso_transfer_template.html";
+	
+	private IRequest pendingReq;
+	private  Map<String, Object> customParameters = null;
+	
+	
+	/**
+	 * @param authURL PublicURLPrefix of the IDP but never null
+	 * @param viewName Name of the template (with suffix) but never null
+	 * @param formSubmitEndpoint EndPoint on which the form should be submitted,
+	 * or null if the form must not submitted
+	 */
+	public DefaultGUIFormBuilderConfiguration(String authURL, String viewName, String formSubmitEndpoint) {
+		super(authURL, viewName, formSubmitEndpoint);
+	}
+
+	/**
+	 * @param Current processed pending-request DAO but never null
+	 * @param viewName Name of the template (with suffix) but never null
+	 * @param formSubmitEndpoint EndPoint on which the form should be submitted,
+	 * or null if the form must not submitted
+	 */
+	public DefaultGUIFormBuilderConfiguration(IRequest pendingReq, String viewName, String formSubmitEndpoint) {
+		super(pendingReq.getAuthURL(), viewName, formSubmitEndpoint);
+		this.pendingReq = pendingReq;
+		
+		
+	}
+	
+	public void putCustomParameter(String key, Object value) {
+		if (customParameters == null)
+			customParameters = new HashMap<String, Object>();
+		
+		customParameters.put(key, value);
+	}
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewParameters()
+	 */
+	@Override
+	public Map<String, Object> getSpecificViewParameters() {
+		Map<String, Object> params =  new HashMap<String, Object>();
+		if (pendingReq != null) {							
+			params.put(PARAM_PENDINGREQUESTID, pendingReq.getRequestID());
+			
+		}		
+		if (customParameters != null)
+			params.putAll(customParameters);
+		
+		return params;
+	}
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getTemplate(java.lang.String)
+	 */
+	@Override
+	public  InputStream getTemplate(String viewName) {
+		return null;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getContentType()
+	 */
+	@Override
+	public String getDefaultContentType() {
+		return null;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getClasspathTemplateDir()
+	 */
+	@Override
+	public String getClasspathTemplateDir() {
+		return null;
+		 
+	}
+}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
new file mode 100644
index 000000000..862c7edcf
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
@@ -0,0 +1,221 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.frontend.builder;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.StringWriter;
+import java.net.URI;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
+import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz 
+ *
+ */
+@Service("guiFormBuilder")
+public class GUIFormBuilderImpl implements IGUIFormBuilder {
+	
+	private static final String DEFAULT_CONTENT_TYPE = "text/html;charset=UTF-8";
+	private static final String CONFIG_HTMLTEMPLATES_DIR = "htmlTemplates";
+	private static final String CLASSPATH_HTMLTEMPLATES_DIR = "templates";
+			
+	@Autowired private AuthConfiguration authConfig;
+	private VelocityEngine engine;
+		
+	public GUIFormBuilderImpl() throws GUIBuildException {
+		try {
+			engine = VelocityProvider.getClassPathVelocityEngine();
+			
+		} catch (Exception e) {
+			Logger.fatal("Initialization of Velocity-Engine to render GUI components FAILED.", e);
+			throw new GUIBuildException("Initialization of Velocity-Engine to render GUI components FAILED.", e);
+			
+		}
+		
+	}
+		
+	public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String loggerName) throws GUIBuildException {
+		build(httpResp, config, getInternalContentType(config), loggerName);
+		
+	}
+	
+	
+	@Override
+	public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, 
+			String contentType, String loggerName) throws GUIBuildException {
+		
+		InputStream is = null;
+		try {
+			String viewName = config.getViewName();
+			
+			//load Tempate
+			 is = getInternalTemplate(config);
+			if (is == null) {
+				Logger.warn("No GUI with viewName:" + viewName + " FOUND.");
+				throw new GUIBuildException("No GUI with viewName:" + viewName + " FOUND.");
+			
+			}
+
+			//build Velocity Context from input paramters
+			VelocityContext context = buildContextFromViewParams(config.getViewParameters());
+
+			//evaluate template
+			StringWriter writer = new StringWriter();
+			engine.evaluate(context, writer, loggerName, new BufferedReader(new InputStreamReader(is)));
+				
+			//write template to response
+			httpResp.setStatus(HttpServletResponse.SC_OK);
+			httpResp.setContentType(contentType);            		
+			httpResp.getOutputStream().write(writer.toString().getBytes("UTF-8"));
+			
+		} catch (IOException e) {
+			Logger.error("GUI form-builder has an internal error.", e);
+			throw new GUIBuildException("GUI form-builder has an internal error.", e);
+						
+		} finally {
+			if (is != null)
+				try {
+					is.close();
+					
+				} catch (IOException e) {
+					Logger.error("Can NOT close GUI-Template InputStream.", e);
+					
+				}
+		}
+		
+	}
+
+	private String getInternalContentType(IGUIBuilderConfiguration config) {
+		if (MiscUtil.isEmpty(config.getDefaultContentType()))
+			return DEFAULT_CONTENT_TYPE;
+		
+		else
+			return config.getDefaultContentType();
+		
+	}
+	
+	private InputStream getInternalTemplate(IGUIBuilderConfiguration config) throws GUIBuildException {
+		String viewName = config.getViewName();
+		
+		//load specific template
+		InputStream is = config.getTemplate(viewName);
+		
+		if (is == null) {
+			//load template from default resources
+			try {							
+				Logger.trace("Loading GUI template:" + viewName + " from default resources ... ");			
+				String pathLocation = null;
+				try {
+					//load template from config directory
+					String rootconfigdir = authConfig.getRootConfigFileDir();
+					pathLocation = rootconfigdir + CONFIG_HTMLTEMPLATES_DIR + 
+							viewName;
+					File file = new File(new URI(pathLocation));
+					is = new  FileInputStream(file);
+										
+				} catch (Exception e) {
+					//load template from classpath as backup
+					Logger.info("GUI template:" + viewName + " is not found in configuration directory. "
+							+ " Load template from project library ... ");					
+					try  {
+						pathLocation = getInternalClasspathTemplateDir(config) + viewName;
+						is = Thread.currentThread()
+								.getContextClassLoader()
+								.getResourceAsStream(pathLocation);				
+												
+					} catch (Exception e1) {
+						Logger.error("GUI template:" + pathLocation + " is NOT loadable!", e);
+						throw new GUIBuildException("GUI template:" + pathLocation + " is NOT loadable!", e);
+						
+					}					
+				} 
+				
+			} catch (GUIBuildException e) {
+				throw e;
+				
+			} catch (Exception e) {
+				Logger.error("GUI builder has an internal error during template load operation", e);
+				throw new GUIBuildException("GUI builder has an internal error during template load operation", e);
+				
+			}
+		}
+		
+		return is;
+		
+	}
+	
+	
+	/**
+	 * @return
+	 */
+	private String getInternalClasspathTemplateDir(IGUIBuilderConfiguration config) {
+		String dir = config.getClasspathTemplateDir();
+		if (dir != null) {
+			if (!dir.endsWith("/"))
+				dir += "/";
+			
+			return dir;			
+			
+		} else
+			return CLASSPATH_HTMLTEMPLATES_DIR;
+	}
+	
+	/**
+	 * @param viewParams
+	 * @return
+	 */
+	private VelocityContext buildContextFromViewParams(Map<String, Object> viewParams) {
+		VelocityContext context = new VelocityContext();
+				
+		if (viewParams != null) {
+			Iterator<Entry<String, Object>> interator = viewParams.entrySet().iterator();
+			while (interator.hasNext()) {
+				Entry<String, Object> el = interator.next();
+				context.put(el.getKey(), el.getValue());
+			}
+			
+		} 
+		
+		return context;
+	}
+	
+}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIBuilderConfiguration.java
new file mode 100644
index 000000000..51f6295c7
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIBuilderConfiguration.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.frontend.builder;
+
+import java.io.InputStream;
+import java.util.Map;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IGUIBuilderConfiguration {
+	
+	
+	/**
+	 * Define the name of the template (with suffix) which should be used
+	 * 
+	 * @return templatename, but never null
+	 */
+	public String getViewName();
+	
+	/**
+	 * Define the parameters, which should be evaluated in the template
+	 * 
+	 * @return Map of parameters, which should be added to template
+	 */
+	public Map<String, Object> getViewParameters();
+	
+	
+	/**
+	 * Get a specific classpath template-directory prefix, which is used 
+	 *  to load a template from classpath by using <code>ClassLoader.getResourceAsStream(...)</code>  
+	 * 
+	 * @return Classpath directory, or null if the default directory should be used
+	 */
+	public String getClasspathTemplateDir();
+		
+	/** 
+	 * Get the GUI template with a specific name
+	 * 
+	 * @param viewName Name of the template
+	 * @return Tempate as <code>InputStream</code>, or null if default getTemplate method should be used  
+	 */
+	public InputStream getTemplate(String viewName);
+	
+	/**
+	 * Get the contentType, which should be set in HTTP response
+	 * <br><br>
+	 * <b>DefaultValue:</b> text/html;charset=UTF-8
+	 * 
+	 * @return ContentType, or null if default ContentType should be used.
+	 */
+	public String getDefaultContentType();
+}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java
new file mode 100644
index 000000000..198220e97
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.frontend.builder;
+
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
+
+/**
+ * @author tlenz
+ *
+ */
+public interface IGUIFormBuilder {
+
+	/**
+	 * Parse a GUI template, with parameters into a http servlet-response 
+	 * and use the default http-response content-type.
+	 * <br><br>
+	 *  The parser use the <code>VelocityEngine</code> as internal template evaluator. 
+	 * 
+	 * @param httpResp http-response object
+	 * @param viewName Name of the template (with suffix), which should be used. 
+	 *    The template is selected by using the <code>getTemplate(String viewName)</code> method
+	 * @param viewParams Map of parameters, which should be added to template
+	 * @param loggerName String, which should be used from logger
+	 * 
+	 * @throws GUIBuildException
+	 */
+	public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String loggerName) throws GUIBuildException;
+
+	/**
+	 * Parse a GUI template, with parameters into a http servlet-response.
+	 * <br><br>
+	 *  The parser use the <code>VelocityEngine</code> as internal template evaluator. 
+	 * 
+	 * @param httpResp http-response object
+	 * @param viewName Name of the template (with suffix), which should be used. 
+	 *    The template is selected by using the <code>getTemplate(String viewName)</code> method
+	 * @param viewParams Map of parameters, which should be added to template
+	 * @param contentType http-response content-type, which should be set
+	 * @param loggerName String, which should be used from logger
+	 * 
+	 * @throws GUIBuildException
+	 */
+	void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String contentType,
+			String loggerName) throws GUIBuildException;
+}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java
new file mode 100644
index 000000000..73a0e7691
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java
@@ -0,0 +1,186 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.frontend.builder;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ServiceProviderSpecificGUIFormBuilderConfiguration extends AbstractGUIFormBuilderConfiguration {
+
+	public static final String VIEW_BKUSELECTION = "/loginFormFull.html";
+	public static final String VIEW_SENDASSERTION = "/sendAssertionFormFull.html";	
+	public static final String VIEW_TEMPLATE_CSS = "/css_template.css";
+	public static final String VIEW_TEMPLATE_JS = "/javascript_tempalte.js";
+	
+	public static final String PARAM_BKU_ONLINE = "bkuOnline";
+	public static final String PARAM_BKU_HANDY = "bkuLocal";
+	public static final String PARAM_BKU_LOCAL = "bkuHandy";
+	
+	public static final String PARAM_OANAME = "OAName";
+	public static final String PARAM_COUNTRYLIST = "countryList";
+	
+	private IRequest pendingReq = null;
+	
+	/**
+	 * @param authURL PublicURLPrefix of the IDP but never null
+	 * @param viewName Name of the template (with suffix) but never null
+	 * @param formSubmitEndpoint EndPoint on which the form should be submitted, 
+	 * 			or null if the form must not submitted
+	 */
+	public ServiceProviderSpecificGUIFormBuilderConfiguration(String authURL, String viewName, 
+			String formSubmitEndpoint) {
+		super(authURL, viewName, formSubmitEndpoint);
+		
+	}
+	
+	/**
+	 * @param Current processed pending-request DAO but never null
+	 * @param viewName Name of the template (with suffix) but never null
+	 * @param formSubmitEndpoint EndPoint on which the form should be submitted, 
+	 * 			or null if the form must not submitted
+	 */
+	public ServiceProviderSpecificGUIFormBuilderConfiguration(IRequest pendingReq, String viewName, 
+			String formSubmitEndpoint) {
+		super(pendingReq.getAuthURL(), viewName, formSubmitEndpoint);
+		this.pendingReq = pendingReq;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewParameters()
+	 */
+	@Override
+	public Map<String, Object> getSpecificViewParameters() {
+		Map<String, Object> params =  new HashMap<String, Object>();
+		params.put(PARAM_BKU_ONLINE, IOAAuthParameters.ONLINEBKU);
+		params.put(PARAM_BKU_HANDY, IOAAuthParameters.HANDYBKU);
+		params.put(PARAM_BKU_LOCAL, IOAAuthParameters.LOCALBKU);
+		
+		if (pendingReq != null) {							
+			params.put(PARAM_PENDINGREQUESTID, pendingReq.getRequestID());
+
+			//add service-provider specific GUI parameters
+			IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+			if (oaParam != null) {
+				params.put(PARAM_OANAME, oaParam.getFriendlyName());
+				
+				
+				if (oaParam.isShowStorkLogin())
+					addCountrySelection(params, oaParam);
+				
+				FormBuildUtils.customiceLayoutBKUSelection(params, oaParam);
+								
+			} else
+				FormBuildUtils.defaultLayoutBKUSelection(params);
+			
+			
+		} else {
+			//add default GUI parameters
+			FormBuildUtils.defaultLayoutBKUSelection(params);
+			
+		}
+
+		return params;
+	}
+	
+	/**
+	 * @param params
+	 * @param oaParam
+	 */
+	private void addCountrySelection(Map<String, Object> params, IOAAuthParameters oaParam) {
+		String pepslist = "";
+		try {				
+			for (CPEPS current : oaParam.getPepsList()) {
+				String countryName = null;							
+				if (MiscUtil.isNotEmpty(MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getCountryCode().toUpperCase())))
+					countryName = MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getCountryCode().toUpperCase());
+				else
+					countryName = current.getCountryCode().toUpperCase();
+				
+				pepslist += "<option value=" + current.getCountryCode() + ">" 
+						+  countryName
+						+ "</option>\n";
+											
+			}
+			params.put(PARAM_COUNTRYLIST, pepslist);
+					
+		} catch (NullPointerException e) {
+			Logger.warn("Can not at Countries to GUI. Msg:" + e.getMessage());
+			
+		}
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getClasspathTemplateDir()
+	 */
+	@Override
+	public String getClasspathTemplateDir() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getTemplate(java.lang.String)
+	 */
+	@Override
+	public InputStream getTemplate(String viewName) {		
+		if (pendingReq != null && pendingReq.getOnlineApplicationConfiguration() != null) {
+			
+			byte[] oatemplate = null;			
+			if (VIEW_BKUSELECTION.equals(viewName))				
+				oatemplate = pendingReq.getOnlineApplicationConfiguration().getBKUSelectionTemplate();
+			
+			else if (VIEW_SENDASSERTION.equals(viewName))
+				oatemplate = pendingReq.getOnlineApplicationConfiguration().getSendAssertionTemplate();
+			
+			// OA specific template requires a size of 8 bits minimum
+			if (oatemplate != null && oatemplate.length > 7)
+				return new ByteArrayInputStream(oatemplate);							
+		}
+		
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.frontend.AbstractGUIFormBuilder#getDefaultContentType()
+	 */
+	@Override
+	public String getDefaultContentType() {
+		return null;		
+	}
+
+}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/exception/GUIBuildException.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/exception/GUIBuildException.java
new file mode 100644
index 000000000..fff458546
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/exception/GUIBuildException.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.frontend.exception;
+
+/**
+ * @author tlenz
+ *
+ */
+public class GUIBuildException extends Exception {
+
+	private static final long serialVersionUID = -278663750102498205L;
+	
+	/**
+	 * @param string
+	 */
+	public GUIBuildException(String msg) {
+		super(msg);
+		
+	}
+	
+	public GUIBuildException(String msg, Throwable e) {
+		super(msg, e);
+		
+	}
+
+}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
new file mode 100644
index 000000000..71093a4d3
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
@@ -0,0 +1,178 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.auth.frontend.utils;
+
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class FormBuildUtils {
+
+	private static Map<String, String> defaultmap = null;
+	
+	public static String PARAM_MAIN_BACKGROUNDCOLOR = "MAIN_BACKGOUNDCOLOR";
+	public static String PARAM_MAIN_COLOR = "MAIN_COLOR";
+	public static String PARAM_HEADER_BACKGROUNDCOLOR = "HEADER_BACKGROUNDCOLOR";
+	public static String PARAM_HEADER_COLOR = "HEADER_COLOR";
+	public static String PARAM_BUTTON_BACKGROUNDCOLOR = "BUTTON_BACKGROUNDCOLOR";
+	public static String PARAM_BUTTON_BACKGROUNDCOLOR_FOCUS = "BUTTON_BACKGROUNDCOLOR_FOCUS";
+	public static String PARAM_BUTTON_COLOR = "BUTTON_COLOR";
+	public static String PARAM_FONTFAMILY = "FONTTYPE";
+	public static String PARAM_HEADER_TEXT = "HEADER_TEXT";
+	public static String PARAM_REDIRECTTARGET = "REDIRECTTARGET";
+	public static String PARAM_APPLET_HEIGHT = "APPLETHEIGHT";
+	public static String PARAM_APPLET_WIDTH = "APPLETWIDTH";
+	
+	private static String PARAM_MANDATEVISIBLE = "MANDATEVISIBLE";
+	private static String PARAM_MANDATECHECKED = "MANDATECHECKED";
+
+	private static String PARAM_STORKVISIBLE = "STORKVISIBLE";
+
+	private static final String TEMPLATEVISIBLE = " display: none";
+	private static final String TEMPLATEDISABLED =  "disabled=\"true\"";
+	private static final String TEMPLATECHECKED = "checked=\"true\"";
+	private static final String TEMPLATE_ARIACHECKED = "aria-checked=";
+	
+	
+	static {
+			if (defaultmap == null) {
+				defaultmap = new HashMap<String, String>();
+				defaultmap.put(PARAM_MAIN_BACKGROUNDCOLOR, "#F7F8F7");
+				defaultmap.put(PARAM_MAIN_COLOR, "#000000");
+			
+				defaultmap.put(PARAM_HEADER_BACKGROUNDCOLOR, "#C3D2E2");
+				defaultmap.put(PARAM_HEADER_COLOR, "#000000");
+				defaultmap.put(PARAM_HEADER_TEXT, "Login");
+			
+				defaultmap.put(PARAM_BUTTON_BACKGROUNDCOLOR, "#EBEBEB");
+				defaultmap.put(PARAM_BUTTON_BACKGROUNDCOLOR_FOCUS, "#EBEBEB");
+				defaultmap.put(PARAM_BUTTON_COLOR, "#000000");
+			
+				defaultmap.put(PARAM_FONTFAMILY, "Verdana,Geneva,Arial,sans-serif");
+				
+				defaultmap.put(PARAM_REDIRECTTARGET, "_top");
+			}
+	}
+	
+	public static void customiceLayoutBKUSelection(Map<String, Object> params, IOAAuthParameters oaParam) {
+		
+		if (oaParam.isShowMandateCheckBox())
+			params.put(PARAM_MANDATEVISIBLE, "");
+		else
+			params.put(PARAM_MANDATEVISIBLE, TEMPLATEVISIBLE);
+		
+		if (oaParam.isOnlyMandateAllowed()) {
+			params.put(PARAM_MANDATECHECKED, 	TEMPLATECHECKED + " " + 
+					TEMPLATEDISABLED + " " +TEMPLATE_ARIACHECKED + "\"true\"");
+			
+		} else
+			params.put(PARAM_MANDATECHECKED, TEMPLATE_ARIACHECKED + "\"false\"");
+		
+		if (oaParam.isShowStorkLogin())
+			params.put(PARAM_STORKVISIBLE, "");
+		else
+			params.put(PARAM_STORKVISIBLE, TEMPLATEVISIBLE);
+		
+		//add more SP specific infos
+		setFormCustomizatenFromSP(params, oaParam);
+		
+		//format parameter-value for fontss
+		String fonttype = (String) params.get(PARAM_FONTFAMILY);
+		if (MiscUtil.isNotEmpty(fonttype)) {
+			String[] fonttypeList = fonttype.split(",");
+			String fonttypeformated = "\"" + fonttypeList[0].trim().replace("\"", "") + "\"";
+			
+			for (int i=1; i<fonttypeList.length; i++) {
+				fonttypeformated += ",\"" + fonttypeList[i].trim().replace("\"", "") + "\"";
+			}
+			
+			params.put(PARAM_FONTFAMILY, fonttypeformated);
+		}
+				
+	}
+	
+	public static Map<String, String> getDefaultMap() {
+		return defaultmap;
+	}
+
+	/**
+	 * @param value
+	 * @return
+	 */
+	public static void defaultLayoutBKUSelection(Map<String, Object> params) {
+		params.put(PARAM_MANDATEVISIBLE, TEMPLATEVISIBLE);
+		params.put(PARAM_MANDATECHECKED, TEMPLATE_ARIACHECKED + "\"false\"");
+		params.put(PARAM_STORKVISIBLE, TEMPLATEVISIBLE);
+		
+		params.putAll(getDefaultMap());		
+	}
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten()
+	 */
+	private static void setFormCustomizatenFromSP(Map<String, Object> params, IOAAuthParameters spConfig) {	
+		params.putAll(FormBuildUtils.getDefaultMap());
+		
+		if (MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR)))
+			params.put(FormBuildUtils.PARAM_MAIN_BACKGROUNDCOLOR, spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR));
+		
+		if (MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACKGROUNDCOLOR)))
+			params.put(FormBuildUtils.PARAM_BUTTON_BACKGROUNDCOLOR, spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACKGROUNDCOLOR));
+		
+		if (MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACLGROUNDCOLORFOCUS)))
+			params.put(FormBuildUtils.PARAM_BUTTON_BACKGROUNDCOLOR_FOCUS, spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONBACLGROUNDCOLORFOCUS));
+		
+		if (MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONFRONTCOLOR)))
+			params.put(FormBuildUtils.PARAM_BUTTON_COLOR, spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BUTTONFRONTCOLOR));
+		
+		if (MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE)))
+			params.put(FormBuildUtils.PARAM_FONTFAMILY, spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FONTTYPE));
+		
+		if (MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FRONTCOLOR)))
+			params.put(FormBuildUtils.PARAM_MAIN_COLOR, spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_FRONTCOLOR));
+		
+		if (MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERBACKGROUNDCOLOR)))
+			params.put(FormBuildUtils.PARAM_HEADER_BACKGROUNDCOLOR, spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERBACKGROUNDCOLOR));
+		
+		if (MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERFRONTCOLOR)))
+			params.put(FormBuildUtils.PARAM_HEADER_COLOR, spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERFRONTCOLOR));
+		
+		if (MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT)))
+			params.put(FormBuildUtils.PARAM_HEADER_TEXT, spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_HEADERTEXT));
+		
+		if (MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET)))
+			params.put(FormBuildUtils.PARAM_REDIRECTTARGET, spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET));
+		
+		if (MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT)))
+			params.put(FormBuildUtils.PARAM_APPLET_HEIGHT, spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT));
+		
+		if (MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH)))
+			params.put(FormBuildUtils.PARAM_APPLET_WIDTH, spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH));
+					
+	}
+	
+}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java
new file mode 100644
index 000000000..3d5c5ed2f
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java
@@ -0,0 +1,99 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.auth.frontend.velocity;
+
+import org.apache.velocity.app.Velocity;
+import org.apache.velocity.runtime.RuntimeServices;
+import org.apache.velocity.runtime.log.LogChute;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+public class VelocityLogAdapter implements LogChute {
+
+	public VelocityLogAdapter() {
+		try
+	    {
+	      /*
+	       *  register this class as a logger with the Velocity singleton
+	       *  (NOTE: this would not work for the non-singleton method.)
+	       */
+	      Velocity.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, this );
+	      Velocity.init();
+	    }
+	    catch (Exception e)
+	    {
+	      Logger.error("Failed to register Velocity logger");
+	    }
+	}
+	
+	public void init(RuntimeServices arg0) throws Exception {
+	}
+
+	public boolean isLevelEnabled(int arg0) {
+		switch(arg0) {
+		case LogChute.DEBUG_ID:
+			return Logger.isDebugEnabled();
+		case LogChute.TRACE_ID:
+			return Logger.isTraceEnabled();
+		default:
+			return true;
+		}
+	}
+
+	public void log(int arg0, String arg1) {
+		switch(arg0) {
+		case LogChute.DEBUG_ID:
+			Logger.debug(arg1);
+			break;
+		case LogChute.TRACE_ID:
+			Logger.trace(arg1);
+			break;
+		case LogChute.INFO_ID:
+			Logger.info(arg1);
+			break;
+		case LogChute.WARN_ID:
+			Logger.warn(arg1);
+			break;
+		case LogChute.ERROR_ID:
+		default:
+			Logger.error(arg1);
+			break;
+		}
+	}
+
+	public void log(int arg0, String arg1, Throwable arg2) {
+		switch(arg0) {
+		case LogChute.DEBUG_ID:
+		case LogChute.TRACE_ID:
+		case LogChute.INFO_ID:
+		case LogChute.WARN_ID:
+			Logger.warn(arg1, arg2);
+			break;
+		case LogChute.ERROR_ID:
+		default:
+			Logger.error(arg1, arg2);
+			break;
+		}
+	}
+	
+}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java
new file mode 100644
index 000000000..022c144f0
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java
@@ -0,0 +1,113 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ * 
+ */
+package at.gv.egovernment.moa.id.auth.frontend.velocity;
+
+import org.apache.velocity.app.VelocityEngine;
+import org.apache.velocity.runtime.RuntimeConstants;
+
+/**
+ * Gets a Velocity Engine
+ * 
+ * @author bzwattendorfer
+ *
+ */
+public class VelocityProvider {
+
+	/**
+	 * Gets velocityEngine from Classpath
+	 * @return VelocityEngine
+	 * @throws Exception
+	 */
+	public static VelocityEngine getClassPathVelocityEngine() throws Exception {
+		VelocityEngine velocityEngine = getBaseVelocityEngine();
+        velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
+        velocityEngine.setProperty("classpath.resource.loader.class",
+                "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
+        
+        
+		velocityEngine.init();
+		
+		return velocityEngine;
+	}
+	
+	/**
+	 * Gets VelocityEngine from File
+	 * @param rootPath File Path to template file
+	 * @return VelocityEngine
+	 * @throws Exception
+	 */
+	public static VelocityEngine getFileVelocityEngine(String rootPath) throws Exception {
+		VelocityEngine velocityEngine = getBaseVelocityEngine();
+        velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "file");
+        velocityEngine.setProperty("file.resource.loader.class",
+                "org.apache.velocity.runtime.resource.loader.FileResourceLoader");
+        velocityEngine.setProperty("file.resource.loader.path", rootPath);
+        
+		velocityEngine.init();
+		
+		return velocityEngine;
+	}
+	
+	/**
+	 * Gets a basic VelocityEngine
+	 * @return VelocityEngine
+	 */
+	private static VelocityEngine getBaseVelocityEngine() {
+		VelocityEngine velocityEngine = new VelocityEngine();
+        velocityEngine.setProperty(RuntimeConstants.INPUT_ENCODING, "UTF-8");
+        velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
+        velocityEngine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
+				"org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
+        
+        return velocityEngine;
+	}
+	
+}
diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css b/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css
new file mode 100644
index 000000000..a8735be60
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css
@@ -0,0 +1,625 @@
+@charset "utf-8";
+	@media screen and (min-width: 650px) {
+			
+				body {
+					margin:0;
+					padding:0;
+					color : #000;
+					background-color : #fff;
+			  	text-align: center;
+			  	background-color: #6B7B8B;
+				}
+                
+                .browserInfoButton{
+         color: rgb(128, 128, 128); 
+        }
+				
+        #localBKU p {
+          font-size: 0.7em;
+        } 
+        
+        #localBKU input{
+          font-size: 0.85em;
+          /*border-radius: 5px;*/
+        }
+        
+         #bkuselectionarea input[type=button] {
+          font-size: 0.85em;
+          /*border-radius: 7px;*/
+          margin-bottom: 25px;
+          min-width: 80px;
+         }
+        
+        #mandateLogin {
+          font-size: 0.85em;
+        }
+        
+        #bku_header h2 {
+          font-size: 0.8em;
+        } 
+        
+        
+			  #page {
+			    display: block;
+			    border: 2px solid rgb(0,0,0);
+			    width: 650px;
+			    height: 460px;
+			    margin: 0 auto;
+			    margin-top: 5%;
+			    position: relative;
+			    border-radius: 25px;
+			    background: rgb(255,255,255);
+			  }
+			  
+			  #page1 {
+			    text-align: center;
+			  }
+			  
+			  #main {
+			    /*	clear:both; */
+				  position:relative;
+			    margin: 0 auto;
+			    width: 250px;
+			    text-align: center;
+			  }
+			  
+			  .OA_header {
+			/*	  background-color: white;*/
+			    font-size: 20pt;
+			    margin-bottom: 25px;
+			    margin-top: 25px;
+			  }
+			
+			  #leftcontent {
+			    /*float:left; */
+				  width:250px;
+				  margin-bottom: 25px;
+			    text-align: left;
+			    border: 1px solid rgb(0,0,0);
+			  }
+			  			  
+			  #selectArea {
+				 font-size: 15px;
+				 padding-bottom: 65px;
+			  }
+			
+			  #leftcontent {
+				 width: 300px;
+				 margin-top: 30px;
+			  }
+			
+        #bku_header {
+          height: 5%;
+          padding-bottom: 3px;
+          padding-top: 3px;
+        }
+      
+        #bkulogin {
+				  overflow:hidden;	
+          min-width: 190px;
+          min-height: 180px;
+          /*height: 260px;*/	
+			  }
+      
+        h2#tabheader{
+				  font-size: 1.1em; 
+          padding-left: 2%;
+          padding-right: 2%;
+          position: relative;
+			  }
+      	
+        #stork h2 {
+          font-size: 1.0em;
+          margin-bottom: 2%;
+        }
+        		  
+			  .setAssertionButton_full {
+			  	background: #efefef;
+				  cursor: pointer;
+				  margin-top: 15px;
+			    width: 100px;
+			    height: 30px
+			  }
+			
+			  #leftbutton  {
+				 width: 30%; 
+				 float:left; 
+				 margin-left: 40px;
+			  }
+			
+			  #rightbutton {
+				 width: 30%; 
+				 float:right; 
+				 margin-right: 45px; 
+				 text-align: right;
+			  }
+        
+        button {
+          height: 25px;
+          width: 75px;
+          margin-bottom: 10px;
+        }
+        
+        
+        
+       #validation {
+        position: absolute;
+        bottom: 0px;
+        margin-left: 270px;
+        padding-bottom: 10px;
+      }
+			
+			}
+
+      @media screen and (max-width: 205px) {
+        #localBKU p {
+          font-size: 0.6em;
+        }
+       .browserInfoButton{
+         color: rgb(128, 128, 128); 
+        }
+        
+        #localBKU input {
+          font-size: 0.6em;
+          min-width: 60px;
+         /* max-width: 65px; */
+          min-height: 1.0em;
+         /* border-radius: 5px; */
+        }
+        
+        #bkuselectionarea input[type=button] {
+          font-size: 0.7em;
+          min-width: 55px;
+          /*min-height: 1.1em;
+          border-radius: 5px;*/
+          margin-bottom: 2%
+        }
+        
+        #mandateLogin {
+          font-size: 0.65em;
+        }
+        
+        #bku_header h2 {
+          font-size: 0.8em;
+          margin-top: -0.4em;
+          padding-top: 0.4em;
+        }
+        
+        #bkulogin {
+        min-height: 150px;
+        } 
+      }
+
+      @media screen and (max-width: 249px) and (min-width: 206px) {
+        #localBKU p {
+          font-size: 0.7em;
+        } 
+        .browserInfoButton{
+         color: rgb(128, 128, 128); 
+        }
+        
+        #localBKU input {
+          font-size: 0.7em;
+          min-width: 70px;
+       /*    max-width: 75px;    */
+          min-height: 0.95em;
+        /*  border-radius: 6px;    */
+        }
+        
+        #bkuselectionarea input[type=button] {
+          font-size: 0.75em;
+          min-width: 60px;
+      /*    min-height: 0.95em;
+          border-radius: 6px;    */
+          margin-bottom: 5%
+        }
+        
+        #mandateLogin {
+          font-size: 0.75em;
+        }
+        
+        #bku_header h2 {
+          font-size: 0.9em;
+          margin-top: -0.45em;
+          padding-top: 0.45em;
+        }
+        
+        #bkulogin {
+          min-height: 180px;
+        }  
+      }
+
+      @media screen and (max-width: 299px) and (min-width: 250px) {
+        #localBKU p {
+          font-size: 0.9em;
+        } 
+        .browserInfoButton{
+         color: rgb(128, 128, 128); 
+        }
+        
+        #localBKU input {
+          font-size: 0.8em;
+          min-width: 70px;
+       /*    max-width: 75px;      */
+      /*    border-radius: 6px;  */
+        }
+        
+        #bkuselectionarea input[type=button] {
+          font-size: 0.85em;
+     /*     min-height: 1.05em;
+          border-radius: 7px;        */
+          margin-bottom: 10%;
+        }
+        
+        #mandateLogin {
+          font-size: 1em;
+        }
+        
+        #bku_header h2 {
+          font-size: 1.0em;
+          margin-top: -0.50em;
+          padding-top: 0.50em;
+        } 
+      }
+
+      @media screen and (max-width: 399px) and (min-width: 300px) {
+        #localBKU p {
+          font-size: 0.9em;
+        } 
+        .browserInfoButton{
+         color: rgb(128, 128, 128); 
+        }
+        #localBKU input {
+          font-size: 0.8em;
+          min-width: 70px;
+      /*     max-width: 75px;     */
+      /*    border-radius: 6px;       */
+        }
+        
+        #bkuselectionarea input[type=button] {
+          font-size: 0.9em;
+   /*       min-height: 1.2em;
+          border-radius: 8px;          */
+          margin-bottom: 10%;
+          max-width: 80px;
+        }
+        
+        #mandateLogin {
+          font-size: 1em;
+        }
+        
+        #bku_header h2 {
+          font-size: 1.1em;
+          margin-top: -0.55em;
+          padding-top: 0.55em;
+        } 
+      }
+      
+      @media screen and (max-width: 649px) and (min-width: 400px) {
+        #localBKU p {
+          font-size: 0.9em;
+        } 
+       .browserInfoButton{
+         color: rgb(128, 128, 128); 
+        } 
+        #localBKU input {
+          font-size: 0.8em;
+          min-width: 70px;
+      /*     max-width: 80px;       */
+     /*     border-radius: 6px;          */
+        }
+        
+        #bkuselectionarea input[type=button] {
+          font-size: 1.0em;
+     /*      min-height: 1.3em;
+         border-radius: 10px;         */
+          margin-bottom: 10%;
+          max-width: 85px;
+        }
+        
+        #mandateLogin {
+          font-size: 1.2em;
+        }
+        
+        #bku_header h2 {
+          font-size: 1.3em;
+          margin-top: -0.65em;
+          padding-top: 0.65em;
+        } 
+      }
+
+
+			
+			@media screen and (max-width: 649px) {
+				
+        body {
+					margin:0;
+					padding:0;
+					color : #000;
+			  	text-align: center;
+          font-size: 100%;
+			  	background-color: $MAIN_BACKGOUNDCOLOR;
+				}
+        		.browserInfoButton{
+                    color: rgb(128, 128, 128); 
+                }		
+			  #page {
+			     visibility: hidden;
+			     margin-top: 0%;
+			  }
+			  
+			  #page1 {
+			    visibility: hidden;
+			  }
+			  
+			  #main {
+			    visibility: hidden;
+			  }
+        
+        #validation {
+          visibility: hidden;
+          display: none;
+        }
+			  
+			  .OA_header {
+			    margin-bottom: 0px;
+			    margin-top: 0px;
+			    font-size: 0pt;
+			    visibility: hidden;
+			  }
+			
+			  #leftcontent {
+			    visibility: visible;
+			    margin-bottom: 0px;
+			    text-align: left;
+			    border:none;
+          vertical-align: middle;
+          min-height: 173px;
+          min-width: 204px;
+          
+			  }
+			  
+        #bku_header {
+          height: 10%;
+          min-height: 1.2em;
+          margin-top: 1%;
+        }
+        
+        h2#tabheader{
+          padding-left: 2%;
+          padding-right: 2%;
+          position: relative;
+          top: 50%;
+			  }
+        
+        #stork h2 {
+          font-size: 0.9em;
+          margin-bottom: 2%;
+        }
+        
+       	#bkulogin {	
+          min-width: 190px;
+          min-height: 155px;	
+			 }
+        
+			 .setAssertionButton_full {
+			     	background: #efefef;
+				    cursor: pointer;
+				    margin-top: 15px;
+			      width: 70px;
+			      height: 25px;
+			 }
+       
+        input[type=button] {
+/*          height: 11%;  */
+          width: 70%;
+        }
+			}
+			      
+			* {
+				margin: 0;
+				padding: 0;
+				#if($FONTTYPE)
+        	font-family: $FONTTYPE;
+        #end
+			}
+							      			
+			#selectArea {
+				padding-top: 10px;
+				padding-bottom: 55px;
+				padding-left: 10px;
+			}
+			
+			.setAssertionButton {
+				background: #efefef;
+				cursor: pointer;
+				margin-top: 15px;
+			  width: 70px;
+			  height: 25px;
+			}
+			
+			#leftbutton  {
+				width: 35%; 
+				float:left; 
+				margin-left: 15px;
+			}
+			
+			#rightbutton {
+				width: 35%; 
+				float:right; 
+				margin-right: 25px; 
+				text-align: right;
+			}
+			
+			#stork {
+			    /*margin-bottom: 10px;*/
+			   /* margin-top: 5px; */
+			}
+      			
+      #mandateLogin {
+        padding-bottom: 4%;
+        padding-top: 4%;
+        height: 10%;
+        position: relative;
+        text-align: center;
+			}
+      
+      .verticalcenter {
+        vertical-align: middle;
+      }
+      
+      #mandateLogin div {
+        clear: both;
+        margin-top: -1%;
+        position: relative;
+        top: 50%;
+      }
+      
+      #bkuselectionarea {
+          position: relative;
+          display: block;
+      }
+      
+      #localBKU {
+        padding-bottom: 4%;
+        /*padding-top: 4%;*/
+        position: relative;
+        clear: both;     
+        text-align: center;
+			}
+          			
+			#bkukarte {
+				float:left;
+				text-align:center;
+				width:40%;
+        min-height: 70px;
+        padding-left: 5%;
+        padding-top: 2%;
+			}
+			
+			#bkuhandy {
+				float:right;
+				text-align:center;
+				width:40%;
+        min-height: 90px;
+        padding-right: 5%;
+        padding-top: 2%;
+			}
+			
+      .bkuimage {
+        width: 90%;
+        height: auto;
+      }
+      
+			#mandate{
+				text-align:center;
+				padding : 5px 5px 5px 5px;
+			}
+      
+/*		input[type=button], .sendButton {
+				background: $BUTTON_BACKGROUNDCOLOR;
+        color: $BUTTON_COLOR;
+/*				border:1px solid #000;  */
+/*				cursor: pointer;
+/*        box-shadow: 3px 3px 3px #222222;  */
+/*			}
+			
+/*      button:hover, button:focus, button:active, 
+      .sendButton:hover , .sendButton:focus, .sendButton:active,
+      #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
+				background: $BUTTON_BACKGROUNDCOLOR_FOCUS;
+        color: $BUTTON_COLOR;
+/*				border:1px solid #000;                */
+/*				cursor: pointer;
+/*        box-shadow: -1px -1px 3px #222222;  */
+/*			}
+      
+*/      
+			input {
+				/*border:1px solid #000;*/
+				cursor: pointer;
+			}
+      
+      #localBKU input {
+/*        color: $BUTTON_COLOR;  */
+        /*border: 0px;*/
+        display: inline-block;
+        
+      }
+			
+      #localBKU input:hover, #localBKU input:focus, #localBKU input:active {
+        /*text-decoration: underline;*/
+      }
+      
+			#installJava, #BrowserNOK {
+				clear:both;
+				font-size:0.8em;
+				padding:4px;
+			}
+						
+			.selectText{
+			
+			}
+			
+			.selectTextHeader{
+			
+			}
+			
+			.sendButton {
+        width: 30%;
+        margin-bottom: 1%;	
+			}
+			
+			#leftcontent a {
+				text-decoration:none; 
+				color: #000;
+			/*	display:block;*/
+				padding:4px;	
+			}
+			
+			#leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
+				text-decoration:underline;
+				color: #000;	
+			}
+						
+			.infobutton {
+				background-color: #005a00;
+				color: white;
+				font-family: serif;
+				text-decoration: none;
+				padding-top: 2px;
+				padding-right: 4px;
+				padding-bottom: 2px;
+				padding-left: 4px;
+				font-weight: bold;
+			}
+			
+			.hell {
+				background-color : $MAIN_BACKGOUNDCOLOR;
+        color: $MAIN_COLOR;	
+			}
+			
+			.dunkel {
+				background-color: $HEADER_BACKGROUNDCOLOR;
+        color: $HEADER_COLOR;
+			}
+			      
+			.main_header {
+			   color: black;
+			    font-size: 32pt;
+			    position: absolute;
+			    right: 10%;
+			    top: 40px;
+				
+			}
+      
+      #ssoSessionTransferBlock {
+        font-size: 0.8em;
+        margin-left: 5px;
+        margin-bottom: 5px;
+      }
+      
+      #alert_area {
+        width: 500px;
+        padding-left: 80px;
+      }
\ No newline at end of file
diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/error_message.html b/id/server/moa-id-frontend-resources/src/main/resources/templates/error_message.html
new file mode 100644
index 000000000..4fd4d63cd
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/error_message.html
@@ -0,0 +1,37 @@
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+<head>
+  <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+  <link rel="stylesheet" href="$contextPath/css/buildCSS" />
+  
+  <title>An error arise ...  </title>
+</head>
+
+	<body>
+  <div id="page">
+		<div id="page1" class="case selected-case" role="main">
+			<h2 class="OA_header" role="heading">Authentication error arise</h2>
+			<!--div id="main"-->
+				<!--div id="leftcontent" class="hell" role="application"-->
+          
+          
+          
+	        <div id="alert_area" class="hell" role="application" >
+            <p>The authentication stops on account of a process error:</p>
+            <br/>
+		        <p><b>Error    Code:</b> $errorCode</p> 
+		        <p><b>Error Message:</b >$errorMsg</p>
+	        </div>	
+
+
+	        #if($stacktrace)
+	         <div>
+		        <p><b>Stacktrace:</b> $stacktrace</p> 
+	         </div>	
+	        #end
+          
+				<!--/div--->
+			<!--/div-->
+		</div>
+	</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/javascript_tempalte.js b/id/server/moa-id-frontend-resources/src/main/resources/templates/javascript_tempalte.js
new file mode 100644
index 000000000..e4e05bace
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/javascript_tempalte.js
@@ -0,0 +1,200 @@
+function isIE() {
+			return (/MSIE (\d+\.\d+);/.test(navigator.userAgent));
+		}
+		function isFullscreen() {
+			try {
+				return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height));
+			} catch (e) {
+				return false;
+			}
+		}
+		function isActivexEnabled() {
+			var supported = null;
+			try {
+				supported = !!new ActiveXObject("htmlfile");
+			} catch (e) {
+				supported = false;
+			}
+			return supported;
+		}
+		function isMetro() {
+			if (!isIE())
+				return false;
+			return !isActivexEnabled() && isFullscreen();
+		}
+		window.onload=function() {
+			document.getElementById("localBKU").style.display="block";
+			return;
+		}
+    function bkuLocalClicked() {
+       setMandateSelection();
+    }
+    
+		function bkuOnlineClicked() {
+			if (isMetro())
+				document.getElementById("metroDetected").style.display="block";
+			document.getElementById("localBKU").style.display="block";
+/* 			if (checkMandateSSO())
+				return; */
+			
+			setMandateSelection();
+/* 			setSSOSelection(); */
+						
+			var iFrameURL = "$contextPath$submitEndpoint" + "?";
+			iFrameURL += "&pendingid=" + "$pendingReqID";
+			
+			iFrameURL += "bkuURI=" + "$bkuOnline";
+			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
+
+			generateIFrame(iFrameURL);
+		}
+		function bkuHandyClicked() {
+			document.getElementById("localBKU").style.display="none";
+/* 			if (checkMandateSSO())
+				return; */
+			
+			setMandateSelection();
+/* 			setSSOSelection(); */
+			
+			var iFrameURL = "$contextPath$submitEndpoint" + "?";
+			iFrameURL += "&pendingid=" + "$pendingReqID";
+			
+			iFrameURL += "bkuURI=" + "$bkuHandy";
+			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
+			
+			generateIFrame(iFrameURL);
+		}
+		function storkClicked() {
+			document.getElementById("localBKU").style.display="none"; 
+/* 			if (checkMandateSSO())
+				return; */
+			
+			setMandateSelection();
+/* 			setSSOSelection(); */
+			
+			var ccc = "AT";
+			var countrySelection = document.getElementById("cccSelection");
+			if (countrySelection !=  null) {
+				ccc = document.getElementById("cccSelection").value;
+			}
+			var iFrameURL = "$contextPath$submitEndpoint" + "?";			
+			iFrameURL += "&pendingid=" + "$pendingReqID";
+			
+			#if($bkuOnline)
+				iFrameURL += "bkuURI=" + "$bkuOnline";
+			#end
+			
+			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
+			iFrameURL += "&CCC=" + ccc;
+						
+			generateIFrame(iFrameURL);
+		}
+		function generateIFrame(iFrameURL) {
+			var el = document.getElementById("bkulogin");
+      var width = el.clientWidth;
+      var heigth = el.clientHeight - 20;
+			var parent = el.parentNode;
+            
+      iFrameURL += "&heigth=" + heigth;
+      iFrameURL += "&width=" + width;
+      
+			var iframe = document.createElement("iframe");
+			iframe.setAttribute("src", iFrameURL);
+			iframe.setAttribute("width", el.clientWidth - 1);
+			iframe.setAttribute("height", el.clientHeight - 1);
+			iframe.setAttribute("frameborder", "0");
+			iframe.setAttribute("scrolling", "no");
+			iframe.setAttribute("title", "Login");
+			parent.replaceChild(iframe, el);
+		}
+		function setMandateSelection() {
+			document.getElementById("useMandate").value = "false";
+			var checkbox = document.getElementById("mandateCheckBox");
+			if (checkbox !=  null) {
+				if (document.getElementById("mandateCheckBox").checked) {
+					document.getElementById("useMandate").value = "true";
+				}
+			}
+		}
+		function onChangeChecks() {
+      if (self.innerWidth < 650) {
+         document.getElementById("moaidform").setAttribute("target","_parent");
+      } else {
+         document.getElementById("moaidform").removeAttribute("target");
+      }
+      
+    }
+    
+     function checkIfBrowserSupportsJava(){
+        console.log("Browser is Chrome: "+checkIfBrowserIsChrome());
+        console.log("Browser is Safari: "+checkIfBrowserIsSafari());
+        console.log("Browser is Edge: "+checkIfBrowserIsEdge());
+        
+        var cnt = 0;
+        
+        if(checkIfBrowserIsChrome())cnt++;
+        if(checkIfBrowserIsEdge())cnt++;
+        if(checkIfBrowserIsSafari())cnt++;
+           
+        if(cnt==0 || cnt>1)//cnt>1 means perhaps wrong detection
+            return true;
+        
+        var image = document.getElementById("bkuimage");
+        var srcatt = image.getAttribute("src");
+        var last = srcatt.substring(srcatt.lastIndexOf('/')+1);
+        srcatt = srcatt.replace(last,'online-bku-deactivated.png');    
+        image.setAttribute("src",srcatt);
+         
+         
+        var button = document.getElementsByName("bkuButtonOnline")[0];               
+        button.setAttribute("class","browserInfoButton");
+        button.setAttribute("title","Java wird nicht unterstützt, klicken für mehr Informationen.");
+        button.setAttribute("onClick","alert('Java wird von Ihrem Browser nicht unterstützt, ist jedoch für den Betrieb der Online Bürgerkartenumgebung notwendig.\\nWollen Sie dennoch die Online Bürgerkartenumgebung verwenden, wird zur Zeit Java noch von Firefox und MS Internet Explorer unterstützt. \\nAlternativ koennen Sie auch eine lokale Bürgerkartenumgebung verwenden, verfügbar unter www.buergerkarte.at.');");
+         
+        return false;
+   
+    }
+    function checkIfBrowserIsChrome(){
+        var chrome_defined = !!window.chrome;//chrome object defined
+        var webstore_defined = false;
+        if(window.chrome){
+            webstore_defined = !!window.chrome.webstore;
+           }
+        return chrome_defined && webstore_defined;
+    }
+    function checkIfBrowserIsEdge(){//edge also defines the chrome object, but not the webapp
+        var chrome_defined = !!window.chrome;//chrome object defined
+        var webstore_defined = true;
+        if(window.chrome){
+            webstore_defined = !!window.chrome.webstore;
+           }
+        return chrome_defined && !webstore_defined;
+    }
+    function checkIfBrowserIsSafari(){
+        var cond1 = Object.prototype.toString.call(window.HTMLElement).indexOf('Constructor') > 0;
+        return cond1;
+    }
+/* 		function setSSOSelection() {
+			document.getElementById("useSSO").value = "false";
+			var checkbox = document.getElementById("SSOCheckBox");
+			if (checkbox !=  null) {
+				if (document.getElementById("SSOCheckBox").checked) {
+					document.getElementById("useSSO").value = "true";
+				}
+			}
+		} */
+		
+/* 		function checkMandateSSO() {
+			var sso = document.getElementById("SSOCheckBox");
+			var mandate = document.getElementById("mandateCheckBox");
+			
+			
+			if (sso.checked && mandate.checked) {
+				alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!")
+				mandate.checked = false;
+				sso.checked = false;
+				return true;
+			} else {
+				return false;
+			}
+		} */
\ No newline at end of file
diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/loginFormFull.html b/id/server/moa-id-frontend-resources/src/main/resources/templates/loginFormFull.html
new file mode 100644
index 000000000..02b86472b
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/loginFormFull.html
@@ -0,0 +1,92 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+
+   <!-- MOA-ID 2.x BKUSelection Layout CSS -->               
+   <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=$pendingReqID" />
+   
+   <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
+   <script src="$contextPath/js/buildJS?pendingid=$pendingReqID"></script>
+   
+
+<title>Anmeldung mittels Bürgerkarte oder Handy-Signatur</title>
+</head>
+<body onload="onChangeChecks();checkIfBrowserSupportsJava();" onresize="onChangeChecks();">
+	<div id="page">
+		<div id="page1" class="case selected-case" role="main">
+			<h2 class="OA_header" role="heading">Anmeldung an: $OAName</h2>
+			<div id="main">
+				<div id="leftcontent" class="hell" role="application">
+					<div id="bku_header" class="dunkel">
+						<h2 id="tabheader" class="dunkel" role="heading">$HEADER_TEXT</h2>
+					</div>
+					<div id="bkulogin" class="hell" role="form">
+						<div id="mandateLogin" style="">
+							<div>
+								<input tabindex="1" type="checkbox" name="Mandate"
+									id="mandateCheckBox" class="verticalcenter" role="checkbox"
+									onClick='document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);'$MANDATECHECKED>
+								<label for="mandateCheckBox" class="verticalcenter">in
+									Vertretung anmelden</label>
+								<!--a      href="info_mandates.html" 
+                        target="_blank"
+                        class="infobutton verticalcenter" 
+                        tabindex="5">i</a-->
+							</div>
+						</div>
+						<div id="bkuselectionarea">
+							<div id="bkukarte">
+								<img id="bkuimage" class="bkuimage" src="$contextPath/img/online-bku.png"
+									alt="OnlineBKU" /> <input name="bkuButtonOnline" type="button"
+									onClick="bkuOnlineClicked();" tabindex="2" role="button"
+									value="Karte" />
+							</div>
+							<div id="bkuhandy">
+								<img class="bkuimage" src="$contextPath/img/mobile-bku.png"
+									alt="HandyBKU" /> <input name="bkuButtonHandy" type="button"
+									onClick="bkuHandyClicked();" tabindex="3" role="button"
+									value="HANDY" />
+							</div>
+						</div>
+						<div id="localBKU">
+							<form method="get" id="moaidform" action="$contextPath$submitEndpoint"
+								class="verticalcenter" target="_parent">
+								<input type="hidden" name="bkuURI" value="$bkuLocal" />
+								<input type="hidden" name="useMandate" id="useMandate" /> 
+								<input type="hidden" name="SSO" id="useSSO" /> 
+								<input type="hidden" name="ccc" id="ccc" /> 
+								<input type="hidden" name="pendingid" value="$pendingReqID" /> 
+                <input type="submit" value=" Lokale Bürgerkartenumgebung " tabindex="4"
+									     role="button" onclick="setMandateSelection();">
+                </form>
+              </div>
+              
+              <!-- Single Sign-On Session transfer functionality -->
+              <!--div id="ssoSessionTransferBlock">
+                <a href="$contextPath$submitEndpoint?pendingid=$pendingReqID&restoreSSOSession=true">>Restore SSO Session from Smartphone</a>
+              </div-->
+              
+              <div id="stork" align="center" style="$STORKVISIBLE">
+                <h2 id="tabheader" class="dunkel">Home Country Selection</h2>
+                <p>
+                  <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" >
+                    $countryList
+                  </select>
+                  <button name="bkuButton" type="button" onClick="storkClicked();">Proceed</button>
+                  <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a>
+                </p>
+              </div>
+
+						<div id="metroDetected" style="display: none">
+							<p>Anscheinend verwenden Sie Internet Explorer im
+								Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den
+								Optionen um die Karten-Anmeldung starten zu können.</p>
+						</div>
+					</div>
+				</div>
+			</div>
+		</div>
+	</div>
+</body>
+</html>
diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/redirectForm.html b/id/server/moa-id-frontend-resources/src/main/resources/templates/redirectForm.html
new file mode 100644
index 000000000..ac3242c89
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/redirectForm.html
@@ -0,0 +1,13 @@
+<html>
+<head>
+<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+<script type="text/javascript">
+  </script>
+</head>
+
+
+<body onload="document.getElementById('link').click();">
+	<a href="$URL" target="$TARGET" id="link">CLICK to perform a
+		redirect back to Online Application</a>
+</body>
+</html>
diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/sendAssertionFormFull.html b/id/server/moa-id-frontend-resources/src/main/resources/templates/sendAssertionFormFull.html
new file mode 100644
index 000000000..a9f0c4238
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/sendAssertionFormFull.html
@@ -0,0 +1,52 @@
+<!DOCTYPE html> 
+<html>
+<head>
+	<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+    <!-- MOA-ID 2.x BKUSelection Layout CSS -->               
+    <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=#ID#" />
+    
+    <title>Anmeldung an Online-Applikation</title>   
+</head>
+
+
+<body>
+		<div id="page">
+
+			<div id="page1" class="case selected-case" role="main">
+
+<!-- 					<h2 class="OA_header">Anmeldung an: #OAName#</h2> -->
+
+					<div id="main">
+					<div id="leftcontent" class="hell">
+            <div id="bku_header" class="dunkel">
+						  <h2 id="tabheader" class="dunkel" role="heading">
+							 Anmeldeinformationen:							  
+						  </h2>
+            </div>
+					
+						<div id="selectArea" class="hell" role="application">
+							<h3>Anmeldung an: $OAName</h3>
+					
+<!-- 						<div class="hell"> -->
+							<div id="leftbutton">
+									<form method="post" id="moaidform_yes" action="$contextPath$submitEndpoint">
+										<input type="hidden" name="value" value="true">
+                    <input type="hidden" name="pendingid" value="$pendingReqID">
+										<input type="submit" value="Ja" class="setAssertionButton_full" role="button">
+									</form>
+							</div>
+							<div id="rightbutton">
+										<form method="post" id="moaidform_no" action="$contextPath$submitEndpoint">
+										<input type="hidden" name="value" value="false">
+                    <input type="hidden" name="pendingid" value="$pendingReqID">
+										<input type="submit" value="Nein" class="setAssertionButton_full" role="button">
+									</form>
+							</div>
+						
+						</div>												
+					</div>
+				</div>
+		</div>
+	</div>
+</body>
+</html>
diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/slo_template.html b/id/server/moa-id-frontend-resources/src/main/resources/templates/slo_template.html
new file mode 100644
index 000000000..b3eb18082
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/slo_template.html
@@ -0,0 +1,94 @@
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+<head>
+  <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+  
+   <!-- MOA-ID 2.x BKUSelection Layout CSS -->               
+  <link rel="stylesheet" href="$contextPath/css/buildCSS" />
+
+	#if($timeoutURL)
+		<script type="text/javascript">
+			function sloTimeOut() {
+				window.location.href="$timeoutURL";
+			
+			}
+      function RestartAfterDelay() {
+        var eDate = null;
+        var MilliSekZeit = 0;
+        var SysDatumJetzt = new Date();
+        var SysDatumJetztMilli = SysDatumJetzt.getTime();
+
+        do {
+          eDate = new Date();
+          MilliSekZeit = eDate.getTime();
+
+        } while ((MilliSekZeit-SysDatumJetztMilli) < $timeout);
+
+        sloTimeOut();
+      }	
+	
+		</script>
+	#end
+
+  <title>Single LogOut Vorgang ... </title>
+</head>
+
+#if($timeoutURL)
+	<body onload='setTimeout(sloTimeOut, $timeout);'>
+#else
+	<body>
+#end
+  <noscript>
+		<p>
+			<strong>Note:</strong> Since your browser does not support
+			JavaScript, you must press the Continue button once to proceed.
+		</p>
+	</noscript>
+
+  <div id="page">
+		<div id="page1" class="case selected-case" role="main">
+			<h2 class="OA_header" role="heading">MOA-ID Single LogOut Information</h2>
+			<div id="main">
+				<div id="leftcontent" class="hell" role="application">
+          
+          #if($errorMsg)
+	         <div class="alert">
+		        <p>$errorMsg</p> 
+	         </div>	
+	        #end
+
+	        #if($successMsg)
+	         <div>
+		        <p>$successMsg</p> 
+	         </div>	
+	        #end
+
+	        #if($redirectURLs)
+		        <div>
+			       <p>
+				        Sie werden von allen Online-Applikationen abgemeldet. <br>
+				        Dieser Vorgang kann einige Zeit in Anspruch nehmen.
+			       </p>
+		       </div>
+	       #end
+          
+				</div>
+			</div>
+		</div>
+		<!--div id="validation">
+			<a href="http://validator.w3.org/check?uri="> <img
+				style="border: 0; width: 88px; height: 31px"
+				src="$contextpath/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
+			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
+				style="border: 0; width: 88px; height: 31px"
+				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+				alt="CSS ist valide!" />
+			</a>
+		</div-->
+	</div>
+
+
+  #foreach( $el in $redirectURLs )
+	   <iframe src=$el class="reqframe"></iframe>
+  #end
+</body>
+</html>
\ No newline at end of file
diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/sso_transfer_template.html b/id/server/moa-id-frontend-resources/src/main/resources/templates/sso_transfer_template.html
new file mode 100644
index 000000000..e9c2fae76
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/sso_transfer_template.html
@@ -0,0 +1,59 @@
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+<head>
+  <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+  
+   <!-- MOA-ID 2.x BKUSelection Layout CSS -->               
+  <link rel="stylesheet" href="#CONTEXTPATH#/css/buildCSS" />
+
+  <title>Single Sign-On Session Transfer</title>
+</head>
+
+	<body>
+  <noscript>
+		<p>
+			<strong>Note:</strong> Since your browser does not support
+			JavaScript, you must press the Continue button once to proceed.
+		</p>
+	</noscript>
+
+  <div id="page">
+		<div id="page1" class="case selected-case" role="main">
+			<h2 class="OA_header" role="heading">MOA-ID Single Sign-On Session Transfer Service</h2>
+			<div id="main">
+				<div id="leftcontent" class="hell" role="application">
+          
+          #if($errorMsg)
+	         <div class="alert">
+		        <p>$errorMsg</p> 
+	         </div>	
+	        #end
+
+	        #if($successMsg)
+	         <div>
+		        <p>$successMsg</p> 
+	         </div>	
+	        #end
+          
+          #if($QRImage)
+	         <div>
+	         	<img id="qrCode" src="data:image/gif;base64,$QRImage">
+	         </div>	
+	        #end
+          
+				</div>
+			</div>
+		</div>
+		<!--div id="validation">
+			<a href="http://validator.w3.org/check?uri="> <img
+				style="border: 0; width: 88px; height: 31px"
+				src="$contextpath/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
+			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
+				style="border: 0; width: 88px; height: 31px"
+				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+				alt="CSS ist valide!" />
+			</a>
+		</div-->
+	</div>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
index cc5552e81..636a3ed03 100644
--- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
+++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
@@ -17,7 +17,7 @@ import org.springframework.web.context.support.ServletContextResource;
 import org.springframework.web.servlet.DispatcherServlet;
 
 import at.gv.egiz.components.spring.api.SpringLoader;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index ea4dd868b..7122c6577 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -43,7 +43,6 @@ import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.BKUException;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.exception.ServiceException;
 import at.gv.egovernment.moa.id.auth.exception.ValidateException;
@@ -57,11 +56,13 @@ import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
 import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
 import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.MISMandate;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.util.XMLUtil;
 import at.gv.egovernment.moa.logging.LogMsg;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index f00f4386f..e51700111 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -48,10 +48,10 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
index dc981ba33..18495381e 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
@@ -49,11 +49,11 @@ package at.gv.egovernment.moa.id.auth.builder;
 import java.io.IOException;
 import java.io.StringReader;
 import java.io.StringWriter;
-import java.util.Map;
 
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.util.FormBuildUtils;
+import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
@@ -165,31 +165,32 @@ public class GetIdentityLinkFormBuilder extends Builder {
     htmlForm = replaceTag(htmlForm, PUSHINFOBOX_TAG, pushInfobox, false, ALL);
 //new:wird oben mitreplaced    htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL);
     
-    //removed in MOA-ID 2.0
-//    htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest), true, ALL);
-//    htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, true, ALL);
+     
+    //set applet-background coller
+   	if (oaParam != null && MiscUtil.isNotEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR)))
+   		htmlForm = replaceTag(htmlForm, COLOR_TAG, 
+   				oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_BACKGROUNDCOLOR), false, ALL);    	
+   	else
+		htmlForm = replaceTag(htmlForm, COLOR_TAG, FormBuildUtils.getDefaultMap().get(FormBuildUtils.PARAM_MAIN_BACKGROUNDCOLOR), false, ALL);
+    	
+   	//set redirect target
+   	if (oaParam != null && MiscUtil.isNotEmpty(oaParam.getConfigurationValue(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET))))
+   		htmlForm = replaceTag(htmlForm, REDIRECTTARGETTAG, 
+   				oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETREDIRECTTARGET), false, ALL);
+   	else
+   		htmlForm = replaceTag(htmlForm, REDIRECTTARGETTAG, FormBuildUtils.getDefaultMap().get(FormBuildUtils.PARAM_REDIRECTTARGET), false, ALL);
     
-    Map<String, String> map = null;
-    
-    if (oaParam != null) {
-    	map = oaParam.getFormCustomizaten();
-    	htmlForm = replaceTag(htmlForm, COLOR_TAG, map.get(FormBuildUtils.MAIN_BACKGROUNDCOLOR), false, ALL);
-    	htmlForm = replaceTag(htmlForm, REDIRECTTARGETTAG, map.get(FormBuildUtils.REDIRECTTARGET), false, ALL);
-    	    	
-    } else {
-    	htmlForm = replaceTag(htmlForm, COLOR_TAG, FormBuildUtils.getDefaultMap().get(FormBuildUtils.MAIN_BACKGROUNDCOLOR), false, ALL);
-		htmlForm = replaceTag(htmlForm, REDIRECTTARGETTAG, FormBuildUtils.getDefaultMap().get(FormBuildUtils.REDIRECTTARGET), false, ALL);
-    }
-    
-    if (map != null && MiscUtil.isNotEmpty(map.get(FormBuildUtils.APPLET_HEIGHT)))
-    	htmlForm = replaceTag(htmlForm, APPLETHEIGHT_TAG, map.get(FormBuildUtils.APPLET_HEIGHT), false, ALL);
+   	//set applet heigh
+    if (oaParam != null && MiscUtil.isNotEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT)))
+    	htmlForm = replaceTag(htmlForm, APPLETHEIGHT_TAG, oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETHEIGHT), false, ALL);
     else if (MiscUtil.isNotEmpty(appletheigth))
     	htmlForm = replaceTag(htmlForm, APPLETHEIGHT_TAG, appletheigth, false, ALL);
     else
     	htmlForm = replaceTag(htmlForm, APPLETHEIGHT_TAG, "160", false, ALL);
     
-    if (map != null && MiscUtil.isNotEmpty(map.get(FormBuildUtils.APPLET_WIDTH)))
-    	htmlForm = replaceTag(htmlForm, APPLETWIDTH_TAG, map.get(FormBuildUtils.APPLET_WIDTH), false, ALL);
+    //set applet width
+    if (oaParam != null && MiscUtil.isNotEmpty(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH)))
+    	htmlForm = replaceTag(htmlForm, APPLETWIDTH_TAG, oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_CUSTOMIZATION_APPLETWIDTH), false, ALL);
     else if (MiscUtil.isNotEmpty(appletwidth))
     	htmlForm = replaceTag(htmlForm, APPLETWIDTH_TAG, appletwidth, false, ALL); 
     else
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
index cbdef7093..4f9936c94 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
@@ -3,8 +3,8 @@ package at.gv.egovernment.moa.id.auth.modules.internal;
 
 import org.apache.commons.lang3.StringUtils;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.AuthModule;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 
 /**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
index aff6b1ca6..000a47438 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
@@ -1,6 +1,6 @@
 package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
 
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_VERIFY_CERTIFICATE;
+import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.REQ_VERIFY_CERTIFICATE;
 
 import java.io.IOException;
 
@@ -14,9 +14,9 @@ import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.CitizenCardServletUtils;
@@ -32,7 +32,7 @@ import at.gv.egovernment.moa.logging.Logger;
  * </ul>
  * Expects:
  * <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
  * </ul>
  * Result:
  * <ul>
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
index cbaaa5ec7..e82aa8fbb 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
@@ -13,10 +13,10 @@ import org.springframework.stereotype.Component;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.StringUtils;
@@ -26,14 +26,14 @@ import at.gv.egovernment.moa.util.StringUtils;
  * In detail:
  * <ul>
  * <li>Renames the moa session id.</li>
- * <li>Removes ExecutionContext property {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}.</li>
+ * <li>Removes ExecutionContext property {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}.</li>
  * <li>Creates the http form mentioned above.</li>
  * <li>Returns the http form via HttpServletResponse.</li>
  * </ul>
  * Expects:
  * <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID} <strong>or</strong></li>
- * <li>ExecutionContext property {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID} (in case of legacy authentication without CCE selection, where the moa session is not provided by request parameter).</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID} <strong>or</strong></li>
+ * <li>ExecutionContext property {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID} (in case of legacy authentication without CCE selection, where the moa session is not provided by request parameter).</li>
  * </ul>
  * Result:
  * <ul>
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
index 204e39b8c..7cc9df30c 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
@@ -1,7 +1,7 @@
 package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
 
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_XMLRESPONSE;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK;
+import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.PARAM_XMLRESPONSE;
+import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK;
 
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
@@ -22,7 +22,6 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
@@ -31,6 +30,7 @@ import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.client.SZRGWClientException;
 import at.gv.egovernment.moa.id.client.utils.SZRGWClientUtils;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
@@ -44,7 +44,7 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
  * In detail:
  * <ul>
  * <li>Renames the moa session id.</li>
- * <li>Parses the CreateXMLSignatureResponse retrieved from POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.</li>
+ * <li>Parses the CreateXMLSignatureResponse retrieved from POST parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.</li>
  * <li>Extracts signature and signer certificate.</li>
  * <li>Send request to SZR Gateway in order to get an identity link.</li>
  * <li>Updates moa session (sets identity link, QAA level 4, authentication data and foreigner flag).</li>
@@ -52,8 +52,8 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
  * </ul>
  * Expects:
  * <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE} containing a {@code CreateXMLSignatureResponse}.</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE} containing a {@code CreateXMLSignatureResponse}.</li>
  * </ul>
  * Result:
  * <ul>
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
index 0a1e3c8f5..c172c3b9c 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
@@ -1,6 +1,6 @@
 package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
 
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.GET_MIS_SESSIONID;
+import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.GET_MIS_SESSIONID;
 
 import java.security.GeneralSecurityException;
 import java.util.List;
@@ -18,10 +18,10 @@ import org.xml.sax.SAXException;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.SSLUtils;
@@ -42,7 +42,7 @@ import iaik.pki.PKIException;
  * </ul>
  * Expects:
  * <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
  * </ul>
  * Result:
  * <ul>
@@ -72,7 +72,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
 			String misSessionID = moasession.getMISSessionID();
 
 			//get mandates from MIS
-			ConnectionParameter connectionParameters = authConfig
+			ConnectionParameterInterface connectionParameters = authConfig
 					.getOnlineMandatesConnectionParameter();
 			SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(
 					authConfig,
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
index b1b87f68d..d3d736a9c 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
@@ -31,15 +31,15 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.FileUtils;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
index b9a8fecf6..ed49201b8 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
@@ -8,9 +8,9 @@ import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
 
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.CitizenCardServletUtils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -25,7 +25,7 @@ import at.gv.egovernment.moa.logging.Logger;
  * </ul>
  * Expects:
  * <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
  * </ul>
  * Result:
  * <ul>
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
index f976c0b49..afbb87f10 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
@@ -22,7 +22,7 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
 
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.GET_MIS_SESSIONID;
+import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.GET_MIS_SESSIONID;
 
 import java.util.List;
 
@@ -39,12 +39,12 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
@@ -72,7 +72,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
 			//perform default task initialization
 			defaultTaskInitialization(request, executionContext);
 						
-			ConnectionParameter connectionParameters = authConfig.getOnlineMandatesConnectionParameter();	
+			ConnectionParameterInterface connectionParameters = authConfig.getOnlineMandatesConnectionParameter();	
 			SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(authConfig, connectionParameters);
 			
 			// get identitity link as byte[]
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
index b52778577..516e9501b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
@@ -1,6 +1,6 @@
 package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
 
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_XMLRESPONSE;
+import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.PARAM_XMLRESPONSE;
 
 import java.io.IOException;
 import java.util.Map;
@@ -15,10 +15,10 @@ import org.springframework.stereotype.Component;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -28,15 +28,15 @@ import at.gv.egovernment.moa.logging.Logger;
  * In detail:
  * <ul>
  * <li>Renames the moa session id.</li>
- * <li>Takes the {@code CreateXMLSignatureResponse} from POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.</li>
+ * <li>Takes the {@code CreateXMLSignatureResponse} from POST parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.</li>
  * <li>Verifies the {@code CreateXMLSignatureResponse}.</li>
  * <li>Updates moa session.</li>
  * <li>Redirects back to {@code /dispatcher} in order to finalize the authentication.</li>
  * </ul>
  * Expects:
  * <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE} containing a {@code CreateXMLSignatureResponse}.</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE} containing a {@code CreateXMLSignatureResponse}.</li>
  * </ul>
  * Result:
  * <ul>
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
index cd444f7c8..df158a7ec 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
@@ -1,6 +1,6 @@
 package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
 
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.REQ_GET_FOREIGN_ID;
+import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.REQ_GET_FOREIGN_ID;
 
 import java.io.IOException;
 import java.util.Map;
@@ -17,9 +17,9 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.CitizenCardServletUtils;
@@ -28,11 +28,11 @@ import at.gv.egovernment.moa.spss.util.CertificateUtils;
 import iaik.x509.X509Certificate;
 
 /**
- * Parses the certificate from {@code InfoBoxReadResponse} (via POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}), creates the auth block to be signed and returns a {@code CreateXMLSignatureRequest} for auth block signature.<p/>
+ * Parses the certificate from {@code InfoBoxReadResponse} (via POST parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}), creates the auth block to be signed and returns a {@code CreateXMLSignatureRequest} for auth block signature.<p/>
  * In detail:
  * <ul>
  * <li>Renames the moa session id.</li>
- * <li>Retrieves the certificate via {@code InfoBoxReadResponse} from POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.</li>
+ * <li>Retrieves the certificate via {@code InfoBoxReadResponse} from POST parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.</li>
  * <li>Verifies the certificate.</li>
  * <li>Creates the auth block to be signed using information from the certificate (Organwalter, foreign citizen.</li>
  * <li>Puts it in a {@code CreateXMLSignatureRequest}.</li>
@@ -41,8 +41,8 @@ import iaik.x509.X509Certificate;
  * </ul>
  * Expects:
  * <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_SESSIONID} containing a {@code InfoBoxReadResponse}.</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_SESSIONID} containing a {@code InfoBoxReadResponse}.</li>
  * </ul>
  * Result:
  * <ul>
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
index 23e92c0c0..0deda4d43 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
@@ -12,10 +12,10 @@ import org.springframework.stereotype.Component;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -24,15 +24,15 @@ import at.gv.egovernment.moa.logging.Logger;
  * In detail:
  * <ul>
  * <li>Renames the moa session id.</li>
- * <li>Parses the identity link retrieved as {@code InfoBoxReadResponse} from POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.</li>
+ * <li>Parses the identity link retrieved as {@code InfoBoxReadResponse} from POST parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.</li>
  * <li>Verifies the identity link.</li>
  * <li>Updates moa session.</li>
  * <li>Puts boolean flag {@code identityLinkAvailable} into {@code ExecutionContext}.</li>
  * </ul>
  * Expects:
  * <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE} containing a {@code InfoBoxReadResponse}.</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.commons.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE} containing a {@code InfoBoxReadResponse}.</li>
  * </ul>
  * Result:
  * <ul>
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 5e0a69fd4..4b0e7b869 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -56,7 +56,6 @@ import javax.xml.bind.DatatypeConverter;
 import org.jaxen.SimpleNamespaceContext;
 import org.w3c.dom.Element;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
@@ -64,11 +63,12 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
 import at.gv.egovernment.moa.id.auth.exception.ValidateException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index ac528c89d..df101f5b7 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -61,14 +61,14 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Set;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.ValidateException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
index 1850ff671..55562176d 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
@@ -69,7 +69,7 @@ import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.exception.ValidateException;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.BoolUtils;
 import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
index 36bab9355..2a8d26566 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
@@ -55,11 +55,11 @@ import java.net.URLEncoder;
 
 import javax.servlet.http.HttpServletResponse;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java
index 9b634ff4d..1759a7281 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAIDCertificateManagerConfigurationImpl.java
@@ -54,7 +54,7 @@ public class MOAIDCertificateManagerConfigurationImpl extends
 		try {
 			initalizeConfiguration();
 			
-		} catch (at.gv.egovernment.moa.id.config.ConfigurationException e) {
+		} catch (at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException e) {
 			Logger.error("eIDAS SAML-engine initialization FAILED", e);
 			
 		}
@@ -89,7 +89,7 @@ public class MOAIDCertificateManagerConfigurationImpl extends
 			try {
 				initalizeConfiguration();
 				
-			} catch (at.gv.egovernment.moa.id.config.ConfigurationException e) {
+			} catch (at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException e) {
 				Logger.error("eIDAS SAML-engine initialization FAILED", e);
 				
 			}
@@ -103,10 +103,10 @@ public class MOAIDCertificateManagerConfigurationImpl extends
 	
 	/**
 	 * Initialize eIDAS SAML-engine from MOA-ID configuration
-	 * @throws at.gv.egovernment.moa.id.config.ConfigurationException 
+	 * @throws at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException 
 	 * 
 	 */
-	private void initalizeConfiguration() throws at.gv.egovernment.moa.id.config.ConfigurationException {
+	private void initalizeConfiguration() throws at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException {
 		//initialize configuration
 		MOAeIDASSAMLEngineConfigurationImpl tmp = new MOAeIDASSAMLEngineConfigurationImpl();
 		tmp.initialize();
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
index 584910ea5..5d1874157 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
@@ -37,7 +37,7 @@ import java.util.Properties;
 
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.FileUtils;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
index bdd8c8e72..1ba344fd1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/ModifiedEncryptionSW.java
@@ -1,7 +1,7 @@
 package at.gv.egovernment.moa.id.auth.modules.eidas.config;
 
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.engine.core.impl.EncryptionSW;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index 55504dcb0..d0454688a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -26,9 +26,9 @@ import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
 import org.opensaml.xml.XMLObject;
 
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
 import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing;
 import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java
index 98bc559d2..20f18b772 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineConfigurationException.java
@@ -22,7 +22,7 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
 
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 
 /**
  * @author tlenz
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
index 515ce2913..7a696cd2f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -39,12 +39,12 @@ import org.xml.sax.SAXException;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 2156720e8..6de446e01 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -36,19 +36,19 @@ import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.stork.CPEPS;
-import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.commons.EIDASAuthnRequest;
 import eu.eidas.auth.commons.EIDASUtil;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 9858d6004..082fdbbbf 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -6,13 +6,13 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.stereotype.Component;
 
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 1e3b0f507..83fadb04e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -32,13 +32,12 @@ import org.springframework.web.bind.annotation.RequestMethod;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
 import at.gv.egovernment.moa.logging.Logger;
@@ -167,7 +166,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
 			pendingReq.setOAURL(samlReq.getIssuer());
 	
 			// - memorize OA config
-			OAAuthParameter oaConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(pendingReq.getOAURL());
+			IOAAuthParameters oaConfig = authConfig.getOnlineApplicationParameter(pendingReq.getOAURL());
 			if (oaConfig == null)
 				throw new AuthenticationException("stork.12", new Object[]{pendingReq.getOAURL()});
 			pendingReq.setOnlineApplicationConfiguration(oaConfig);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index 4e34902e2..55f4f44d4 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -23,14 +23,14 @@ import org.slf4j.Logger;
 import org.springframework.http.MediaType;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
 import eu.eidas.auth.engine.metadata.MetadataConfigParams;
 import eu.eidas.auth.engine.metadata.MetadataGenerator;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index 5f3f89aee..4ab587159 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -37,17 +37,17 @@ import org.springframework.http.MediaType;
 import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.commons.EIDASAuthnResponse;
 import eu.eidas.auth.commons.EIDASStatusCode;
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
index a64fc8bf7..22cb22c6d 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
@@ -35,7 +35,7 @@ import org.opensaml.xml.security.credential.Credential;
 
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
index 3fa43d0a3..29bc5ee12 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
@@ -36,7 +36,7 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConsta
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesMetadataConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
 import at.gv.egovernment.moa.id.auth.servlet.AbstractController;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
 import at.gv.egovernment.moa.id.util.HTTPUtils;
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/exceptions/ELGAMetadataException.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/exceptions/ELGAMetadataException.java
index 6b7c13804..d27353809 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/exceptions/ELGAMetadataException.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/exceptions/ELGAMetadataException.java
@@ -22,7 +22,7 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.elgamandates.exceptions;
 
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 
 /**
  * @author tlenz
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java
index 03711aa40..fb9628909 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java
@@ -29,11 +29,11 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.internal.tasks.InitializeBKUAuthenticationTask;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
index d25921167..26fd5fe5b 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
@@ -36,7 +36,6 @@ import org.springframework.stereotype.Component;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
@@ -44,7 +43,8 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesReq
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.exceptions.ELGAMetadataException;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder;
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
index 49f131983..1c564b20d 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
@@ -37,7 +37,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
index c6434b901..f5bcdb70b 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
@@ -26,7 +26,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
 import at.gv.egovernment.moa.util.FileUtils;
 
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
index e2ac97535..9060f35c5 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
@@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.protocols.oauth20;
 
 import java.util.Properties;
 
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.util.FileUtils;
 
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 21fe4e5fa..9b19e0a4d 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -31,7 +31,7 @@ import com.google.gson.JsonObject;
 import com.google.gson.JsonPrimitive;
 
 import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java
index e81132ca7..a43c8fce9 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
index c4260db82..c6775b692 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
index 6008eede1..5f32e32a2 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
@@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
 import java.util.Date;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
index ad7fe68b9..04f38faf6 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
@@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
 import java.util.Date;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
index 5c4fe02df..ff19a618a 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
index d08a3b4f0..eda276df2 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
index 10af9cc32..7de90e98e 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
index 4262d6bb3..3ebadba52 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
index da4f76e2d..89209b062 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
index 04a6ec60b..895037b2e 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java
index 307615fbd..d7fecd1b5 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java
@@ -22,7 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
 
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 
 public class OAuth20Exception extends RuntimeException {
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index 518a694b0..803ae388f 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -35,14 +35,14 @@ import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
 import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index 055d14ef3..98fcdc8dc 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -32,10 +32,10 @@ import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
@@ -187,7 +187,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 		// check if client id and redirect uri are ok
 		try {
 			// OAOAUTH20 cannot be null at this point. check was done in base request
-			OAAuthParameter oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL());
+			IOAAuthParameters oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL());
 			
 			
 			if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
index 4eae5ac3b..88669bd90 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -31,10 +31,10 @@ import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
 
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
@@ -71,7 +71,7 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 				throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
 			}
 			this.setOAURL(oaURL);
-			OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL);
+			IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL);
 			
 			if (oaParam == null) {
 				throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index b29d33a8d..2f8c43e23 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -19,9 +19,9 @@ import com.google.gson.JsonObject;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
index bb0126a7b..9d78418cd 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
@@ -33,12 +33,12 @@ import com.google.gson.JsonObject;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index 75fbb4120..f35de9c58 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -30,10 +30,10 @@ import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
@@ -140,7 +140,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
 		// check if client id and secret are ok
 		try {
 			// OAOAUTH20 cannot be null at this point. check was done in base request
-			OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL());
+			IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL());
 			
 			if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) {
 				throw new OAuth20AccessDeniedException();
diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml
index 8207fc502..b15d7dc85 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/pom.xml
+++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml
@@ -46,6 +46,11 @@
 			<version>1.52</version>
 		</dependency>
 		
+		<dependency>
+    	<groupId>MOA.id.server</groupId>
+  		<artifactId>moa-id-frontend-resources</artifactId>
+    </dependency>
+		
   </dependencies>
   
 </project>
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
index 103a03063..f9cb4c636 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
@@ -28,11 +28,11 @@ import java.util.List;
 
 import org.w3c.dom.Element;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.data.AuthenticationRole;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.MISMandate;
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
index 4ba2e1a01..af180ff10 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
@@ -27,11 +27,11 @@ import java.util.Collection;
 import java.util.List;
 import java.util.Map;
 
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
-import at.gv.egovernment.moa.id.config.stork.CPEPS;
-import at.gv.egovernment.moa.id.config.stork.StorkAttribute;
-import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
+import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin;
 
 /**
  * @author tlenz
@@ -261,15 +261,6 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters {
 		return false;
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten()
-	 */
-	@Override
-	public Map<String, String> getFormCustomizaten() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel()
 	 */
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
index 48ef5b526..2bb31f700 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
@@ -56,7 +56,6 @@ import javax.security.cert.X509Certificate;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.velocity.VelocityContext;
 import org.bouncycastle.asn1.x500.X500Name;
 import org.bouncycastle.asn1.x509.BasicConstraints;
 import org.bouncycastle.asn1.x509.Extension;
@@ -80,17 +79,18 @@ import com.google.gson.JsonParser;
 
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
+import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer;
-import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
@@ -124,6 +124,7 @@ public class SSOTransferServlet{
 	@Autowired ITransactionStorage transactionStorage;
 	@Autowired IDPCredentialProvider idpCredentials;
 	@Autowired AuthConfiguration authConfig;
+	@Autowired IGUIFormBuilder guiBuilder;
 	
 	public SSOTransferServlet() {
 		super();
@@ -145,8 +146,6 @@ public class SSOTransferServlet{
 							method = {RequestMethod.GET})
 	public void testTransferSSOSessionGUIWithoutAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {				
 		try {
-			VelocityContext context = new VelocityContext();
-			
 			//create first step of SSO Transfer GUI
 			String authURL = HTTPUtils.extractAuthURLFromRequest(req);
 			if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().contains(authURL)) {						
@@ -155,8 +154,13 @@ public class SSOTransferServlet{
 
 			}
 
+			DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+					authURL, 
+					DefaultGUIFormBuilderConfiguration.VIEW_SSO_SESSION_TRANSFER, 
+					null);
+			
 			internalCreateQRCodeForTransfer(resp, authURL, 
-					"123456", "/TestTransmitSSOSession", context);
+					"123456", "/TestTransmitSSOSession", config);
 
 		} catch (MOAIDException | MOADatabaseException e) {
 			e.printStackTrace();
@@ -388,28 +392,32 @@ public class SSOTransferServlet{
 		//search SSO session	
 		String ssoid = ssomanager.getSSOSessionID(req);
 		
-		VelocityContext context = new VelocityContext();
-		
 		try {
+			String authURL = HTTPUtils.extractAuthURLFromRequest(req);
+			if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().
+					contains(authURL)) {						
+				Logger.warn("Requested URL is not allowed.");;
+				resp.sendError(500, "Requested URL is not allowed.");
+				
+			}
+			
+			DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+					authURL, 
+					DefaultGUIFormBuilderConfiguration.VIEW_SSO_SESSION_TRANSFER, 
+					null);
+			
 			if (ssomanager.isValidSSOSession(ssoid, null)) {
 				//Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR);		
 				
 				//create first step of SSO Transfer GUI
-				String authURL = HTTPUtils.extractAuthURLFromRequest(req);
-				if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().
-						contains(authURL)) {						
-					Logger.warn("Requested URL is not allowed.");;
-					resp.sendError(500, "Requested URL is not allowed.");
-					
-				}
-				
+								
 				String moaSessionID = authenticationSessionStorage.getMOASessionSSOID(ssoid);
 				if (MiscUtil.isNotEmpty(moaSessionID)) {					
 					AuthenticationSession authSession = authenticationSessionStorage.getSession(moaSessionID);
 					if(authSession != null) {
 						internalCreateQRCodeForTransfer(resp, authURL, 
 								authSession.getSessionID(), 
-								SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE, context);
+								SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE, config);
 						
 						return;
 					}
@@ -417,9 +425,10 @@ public class SSOTransferServlet{
 								
 			}
 			
-			context.put("errorMsg", 
+			config.putCustomParameter("errorMsg", 
 					"No active Single Sign-On session found! SSO Session transfer is not possible.");
-			GUIUtils.printSSOTransferGUI(context, resp);
+			
+			guiBuilder.build(resp, config, "SSO-Transfer-Module");
 			
 		} catch (MOAIDException | MOADatabaseException e) {
 			e.printStackTrace();
@@ -505,7 +514,7 @@ public class SSOTransferServlet{
 	}
 	
 	private void internalCreateQRCodeForTransfer(HttpServletResponse resp, String authURL,
-			String moaSessionID, String servletEndPoint, VelocityContext context) throws Exception {
+			String moaSessionID, String servletEndPoint, DefaultGUIFormBuilderConfiguration config) throws Exception {
 		SSOTransferContainer container = new SSOTransferContainer();							
 		String token = Random.nextRandom();
 		
@@ -558,12 +567,12 @@ public class SSOTransferServlet{
 		ByteArrayOutputStream qrStream = 
 				QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(350, 350).stream();							
 		String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray());							
-		context.put("QRImage", base64EncodedImage);
+		config.putCustomParameter("QRImage", base64EncodedImage);
 		
-		context.put("successMsg", "Scan the QR-Code with your <i>SSO-Transfer App</i> to start the transfer operation.");
+		config.putCustomParameter("successMsg", "Scan the QR-Code with your <i>SSO-Transfer App</i> to start the transfer operation.");
 		
-		GUIUtils.printSSOTransferGUI(context, resp);
-
+		
+		guiBuilder.build(resp, config, "SSO-Session Transfer-Module");
 		
 	}
 	
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
index 0b3bd892a..cd18afb71 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
@@ -33,9 +33,9 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
 import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController;
-import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
index e84c60ec5..e3c8efb50 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
@@ -25,14 +25,14 @@ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.task;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.velocity.VelocityContext;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.util.HTTPUtils;
@@ -45,6 +45,8 @@ import at.gv.egovernment.moa.logging.Logger;
 @Component("InitializeRestoreSSOSessionTask")
 public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask {
 	
+	@Autowired IGUIFormBuilder guiBuilder;
+	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
@@ -63,11 +65,10 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask {
 				
 			}
 									
-			VelocityContext context = GUIUtils.buildSSOTransferGUI(authURL, pendingReq.getRequestID());
-			GUIUtils.printSSOTransferGUI(context, response);
+			GUIUtils.buildSSOTransferGUI(guiBuilder, response, authURL, pendingReq.getRequestID());
 			
 			
-		} catch (WrongParametersException | AuthenticationException e) {
+		} catch (MOAIDException e) {
 			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
 
 		} catch (Exception e) {
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
index d52e03c09..526f45be3 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
@@ -38,12 +38,13 @@ import org.springframework.stereotype.Component;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -60,6 +61,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
 public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 
 	@Autowired SSOContainerUtils ssoTransferUtils;
+	@Autowired IGUIFormBuilder guiBuilder;
 	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
@@ -180,8 +182,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 							
 						}	
 						
-						context = GUIUtils.buildSSOTransferGUI(authURL, pendingReq.getRequestID());
-						GUIUtils.printSSOTransferGUI(context, response);
+						GUIUtils.buildSSOTransferGUI(guiBuilder, response, 
+								authURL, pendingReq.getRequestID());
 						
 					} catch (IOException | MOAIDException e) {
 						throw new TaskExecutionException(pendingReq, e.getMessage(), e);
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
index ee7a397aa..b1446c4d2 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java
@@ -22,29 +22,19 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils;
 
-import java.io.BufferedReader;
 import java.io.ByteArrayOutputStream;
-import java.io.File;
-import java.io.FileInputStream;
 import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.StringWriter;
-import java.net.URI;
 
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
-
 import com.google.gson.JsonObject;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
+import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import net.glxn.qrgen.QRCode;
@@ -54,95 +44,43 @@ import net.glxn.qrgen.image.ImageType;
  * @author tlenz
  *
  */
-public class GUIUtils {	
-	private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
-	private static final String GUI_HTML_TEMPLATE = "sso_transfer_template.html"; 
-	
+public class GUIUtils {		
 	public static final int REFESH_TIMEOUT = 5 * 1000; //5 sec
 	
-	public static VelocityContext buildSSOTransferGUI(String authURL, String pendingReqID) throws ConfigurationException, IOException {
-		String containerURL = authURL
-				+ SSOTransferConstants.SERVLET_SSOTRANSFER_FROM_SMARTPHONE
-				+ "?" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingReqID;
+	public static void buildSSOTransferGUI(
+			IGUIFormBuilder guiBuilder, HttpServletResponse httpResp,
+			String authURL, String pendingReqID) throws ConfigurationException, IOException {
+		try {
+			String containerURL = authURL
+					+ SSOTransferConstants.SERVLET_SSOTRANSFER_FROM_SMARTPHONE
+					+ "?" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingReqID;
 		
-		JsonObject qrResult = new JsonObject();
-		qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, 
-				SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_TRANSER);
-		qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL);
+			JsonObject qrResult = new JsonObject();
+			qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, 
+					SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_TRANSER);
+			qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL);
 
-		ByteArrayOutputStream qrStream = 
-				QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream();							
-		String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray());
-		VelocityContext context = new VelocityContext();
-		context.put("QRImage", base64EncodedImage);
-		
-		context.put("successMsg", "Select the SSO Session in your <i>SSO-Transfer App</i> and scan the QR-Code to start the process.");
-		
-		context.put("timeoutURL", containerURL);
-		context.put("timeout", REFESH_TIMEOUT);
-		
-		return context;
-		
-	}
-	
-	public static void printSSOTransferGUI(VelocityContext context, HttpServletResponse httpResp) throws MOAIDException {		
-		try {			
-			Logger.trace("Initialize VelocityEngine...");
-			
-			InputStream is = null;
-			String pathLocation = null;
-			try {
-				String rootconfigdir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir();
-				pathLocation = rootconfigdir + HTMLTEMPLATESDIR + GUI_HTML_TEMPLATE;
-				File file = new File(new URI(pathLocation));
-				is = new  FileInputStream(file);
-				evaluateTemplate(context, httpResp, is);
-				
-			} catch (Exception e) {
-				Logger.warn("SLO Template is not found in configuration directory (" +
-						pathLocation + "). Load template from project library ... ");
-				
-				try  {
-					pathLocation = GUI_HTML_TEMPLATE;
-					is = Thread.currentThread()
-							.getContextClassLoader()
-							.getResourceAsStream(pathLocation);				
-					evaluateTemplate(context, httpResp, is);
+			ByteArrayOutputStream qrStream = 
+					QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream();							
+			String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray());
 					
-				} catch (Exception e1) {
-					Logger.error("Single LogOut form can not created.", e);
-					throw new MOAIDException("Create Single LogOut information FAILED.", null, e);
-				}
-				
-			} finally {
-				if (is != null)
-					is.close();
+			DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+					authURL, 
+					DefaultGUIFormBuilderConfiguration.VIEW_SSO_SESSION_TRANSFER, 
+					null);
+			
+			config.putCustomParameter("QRImage", base64EncodedImage);		
+			config.putCustomParameter("successMsg", "Select the SSO Session in your <i>SSO-Transfer App</i> and scan the QR-Code to start the process.");			
+			config.putCustomParameter("timeoutURL", containerURL);
+			config.putCustomParameter("timeout", REFESH_TIMEOUT);
 				
-			}
+			guiBuilder.build(httpResp, config, "SSO-Transfer-Module");
 			
-		} catch (Exception e) {
-			Logger.error("Single LogOut form can not created.", e);
-			throw new MOAIDException("Create Single LogOut information FAILED.", null, e);
-		}			
-	}
-	
-	private static void evaluateTemplate(VelocityContext context, HttpServletResponse httpResp, InputStream is) throws Exception {
-		
-		VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
-		
-		BufferedReader reader = new BufferedReader(new InputStreamReader(is ));
-		
-		//set default elements to velocity context
-		context.put("contextpath", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix());
-		
-		StringWriter writer = new StringWriter();			
-		//velocityEngine.evaluate(context, writer, "SLO_Template", reader);			
-		engine.evaluate(context, writer, "SSO Transfer Template", reader);
-
-		
-		httpResp.setContentType("text/html;charset=UTF-8");            
-		httpResp.getOutputStream().write(writer.toString().getBytes("UTF-8"));
-		
-	}
-	
+		} catch (GUIBuildException e) {
+			Logger.warn("Can not build GUI:'BKU-Selection'. Msg:" + e.getMessage(), e);
+			throw new ConfigurationException("builder.09", new Object[]{e.getMessage()}, e);
+			
+		}
+				
+	}		
 }
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
index b2ab8b119..5f2642cf8 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
@@ -81,19 +81,19 @@ import org.w3c.dom.NodeList;
 import com.google.gson.JsonObject;
 
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferAuthenticationData;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferOnlineApplication;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.MISMandate;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java
index 6abc60c46..49275c6eb 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java
@@ -22,8 +22,8 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.federatedauth;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.AuthModule;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 
 /**
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
index 0f2c85350..0cee2dde3 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
@@ -34,7 +34,7 @@ import org.opensaml.xml.security.credential.Credential;
 
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
index c06800079..98240a636 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
@@ -36,7 +36,7 @@ import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstant
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthMetadataConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
 import at.gv.egovernment.moa.id.auth.servlet.AbstractController;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
 import at.gv.egovernment.moa.id.util.HTTPUtils;
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
index 06664af45..d581e7e75 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
@@ -35,15 +35,14 @@ import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthnRequestBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
@@ -82,7 +81,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			}
 			
 			//load IDP configuration from MOA-ID Configuration
-			OAAuthParameter idpConfig = authConfig.getOnlineApplicationParameter(idpEntityID);
+			IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(idpEntityID);
 			//validate IDP
 			if (!idpConfig.isInderfederationIDP() || !idpConfig.isInboundSSOInterfederationAllowed()) {
 				Logger.info("Requested interfederation IDP " + idpEntityID + " is not valid for interfederation.");
@@ -139,7 +138,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 	 * @param objects 
 	 * @throws AuthnRequestBuildException 
 	 */
-	private void handleAuthnRequestBuildProblem(ExecutionContext executionContext, OAAuthParameter idpConfig, String msgCode, Object[] objects) throws AuthnRequestBuildException {
+	private void handleAuthnRequestBuildProblem(ExecutionContext executionContext, IOAAuthParameters idpConfig, String msgCode, Object[] objects) throws AuthnRequestBuildException {
 
 		if (idpConfig.isPerformLocalAuthenticationOnInterfederationError()) {
 			Logger.info("Switch to local authentication on this IDP ... ");
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
index 01163efd6..1c3134b77 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
@@ -41,20 +41,19 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
 import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -225,7 +224,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 		} catch (AssertionValidationExeption | AuthnResponseValidationException e) {
 			Logger.info("PVP response validation FAILED. Msg:" + e.getMessage());			
 			if (msg != null) {
-				OAAuthParameter idpConfig = authConfig.getOnlineApplicationParameter(msg.getEntityID());
+				IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(msg.getEntityID());
 				
 				//remove federated IDP from SSO session if exists
 				ssoManager.removeInterfederatedSSOIDP(msg.getEntityID(), request);
@@ -313,7 +312,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 	 * @throws TaskExecutionException 
 	 * @throws Throwable 
 	 */
-	private void handleAuthnResponseValidationProblem(ExecutionContext executionContext, OAAuthParameter idpConfig, Throwable e) throws TaskExecutionException {
+	private void handleAuthnResponseValidationProblem(ExecutionContext executionContext, IOAAuthParameters idpConfig, Throwable e) throws TaskExecutionException {
 
 		if (idpConfig != null && idpConfig.isPerformLocalAuthenticationOnInterfederationError()) {
 			Logger.info("Switch to local authentication on this IDP ... ");
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
index 1168250ad..aac253083 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
@@ -26,7 +26,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
 import at.gv.egovernment.moa.util.FileUtils;
 
diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml
index f19802a01..323edee8d 100644
--- a/id/server/modules/moa-id-modules-saml1/pom.xml
+++ b/id/server/modules/moa-id-modules-saml1/pom.xml
@@ -44,6 +44,13 @@
 			<scope>test</scope>
 		</dependency> -->
   
+    <dependency>
+  		<groupId>MOA.id.server</groupId>
+  		<artifactId>moa-id-commons</artifactId>
+  		<scope>test</scope>
+  		<type>test-jar</type>
+  	</dependency>
+  
   	<dependency>
   		 <groupId>MOA.id.server.modules</groupId>
   		 <artifactId>moa-id-modul-citizencard_authentication</artifactId>
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index b184aa4fe..c421bf8cc 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -30,17 +30,17 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.URLEncoder;
 import eu.eidas.auth.commons.IPersonalAttributeList;
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index fc5837e51..b01ea666d 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -71,13 +71,13 @@ import org.xml.sax.SAXException;
 
 import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.servlet.AbstractController;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
 import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 9d0dac0f8..0ec0d95a2 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -46,7 +46,6 @@ import org.xml.sax.SAXException;
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
@@ -61,13 +60,14 @@ import at.gv.egovernment.moa.id.auth.exception.ServiceException;
 import at.gv.egovernment.moa.id.auth.exception.ValidateException;
 import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
 import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.data.AuthenticationData;
 import at.gv.egovernment.moa.id.data.IAuthData;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.storage.ITransactionStorage;
 import at.gv.egovernment.moa.id.util.Random;
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 8cc894040..37d66d29b 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -37,14 +37,14 @@ import org.springframework.web.bind.annotation.RequestMethod;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
-import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
@@ -163,8 +163,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController {
 			
 			
 			//load Target only from OA config
-			OAAuthParameter oaParam = AuthConfigurationProviderFactory.getInstance()
-					.getOnlineApplicationParameter(oaURL);
+			IOAAuthParameters oaParam = authConfig.getOnlineApplicationParameter(oaURL);
 			
 			if (oaParam == null)
 				throw new InvalidProtocolRequestException("auth.00",
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
index d93aebcec..42fafc01e 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java
@@ -30,7 +30,7 @@ import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
-import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters;
+import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java
index 4e5bed97c..70448ef09 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java
@@ -36,8 +36,8 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.monitoring.TestManager;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
index 13fb59038..5e4183146 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
@@ -29,11 +29,11 @@ import java.util.List;
 import org.hibernate.Query;
 import org.hibernate.Session;
 
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
 import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
index 824791797..7994e7a06 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
@@ -37,9 +37,8 @@ import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
 import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
 import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
 import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -71,7 +70,7 @@ public class IdentityLinkTestModule implements TestModuleInterface {
 						.getMoaSpIdentityLinkTrustProfileID(false));
 
 		// invokes the call
-		Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
+		Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance()
 				.verifyXMLSignature(domVerifyXMLSignatureRequest);
 		// parses the <VerifyXMLSignatureResponse>
 		try {
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
index 3c2b143b3..b25eed520 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
@@ -27,8 +27,8 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.FileUtils;
diff --git a/id/server/pom.xml b/id/server/pom.xml
index 2fbd3dd06..56d317cf5 100644
--- a/id/server/pom.xml
+++ b/id/server/pom.xml
@@ -18,11 +18,11 @@
 	</properties>
 
     <modules>
+    		<module>moa-id-spring-initializer</module>
+        <module>moa-id-frontend-resources</module>
         <module>idserverlib</module>
         <module>moa-id-commons</module>
-        <module>modules</module>
-        <module>moa-id-spring-initializer</module>
-        <module>moa-id-frontend-resources</module>        
+        <module>modules</module>                
         <module>auth-final</module>
         <module>auth-edu</module>
     </modules>
-- 
cgit v1.2.3


From b01fc5becad147315bbd8d168f5435ee126e638d Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 14 Mar 2016 11:40:13 +0100
Subject: add independent mandate-service selection step to choose between MIS
 and ELGA mandate-service

---
 .../StartAuthentificationParameterParser.java      |  22 +--
 .../id/auth/servlet/GUILayoutBuilderServlet.java   | 150 +++++++++++++++++++++
 .../templates/mandate-service-selection.html       |  52 +++++++
 .../internal/DefaultCitizenCardAuthModuleImpl.java |   8 +-
 .../tasks/InitializeBKUAuthenticationTask.java     |   4 +-
 .../internal/DefaultAuthentication.process.xml     |   2 +-
 .../elgamandates/ELGAMandatesAuthConstants.java    |   2 +
 .../elgamandates/ELGAMandatesAuthModuleImpl.java   |  25 +++-
 .../tasks/ELGAInitializeBKUAuthenticationTask.java | 144 --------------------
 .../tasks/EvaluateMandateServiceTask.java          | 126 +++++++++++++++++
 .../tasks/SelectMandateServiceTask.java            |  95 +++++++++++++
 .../elgamandates/utils/ELGAMandateUtils.java       |  59 ++++++++
 .../DefaultAuth_with_ELGA_mandates.process.xml     |  19 ++-
 .../moaid_elga_mandate_client_auth.beans.xml       |  10 +-
 14 files changed, 541 insertions(+), 177 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
 create mode 100644 id/server/moa-id-frontend-resources/src/main/resources/templates/mandate-service-selection.html
 delete mode 100644 id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java
 create mode 100644 id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java
 create mode 100644 id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java
 create mode 100644 id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index f91dc6d3e..69c155c1e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -78,20 +78,20 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 
 	    
 		//check UseMandate flag
-		String useMISMandateString = null;
-		boolean useMISMandateBoolean = false;
+		String useMandateString = null;
+		boolean useMandateBoolean = false;
 		if ((useMandate != null) && (useMandate.compareTo("") != 0)) {
-			useMISMandateString = useMandate;
+			useMandateString = useMandate;
 		} else {
-			useMISMandateString = "false";
+			useMandateString = "false";
 		}
 
-		if (useMISMandateString.compareToIgnoreCase("true") == 0)
-			useMISMandateBoolean = true;
+		if (useMandateString.compareToIgnoreCase("true") == 0)
+			useMandateBoolean = true;
 		else
-			useMISMandateBoolean = false;
+			useMandateBoolean = false;
 	    
-		moasession.setUseMandate(useMISMandateString);
+		moasession.setUseMandate(useMandateString);
 		
 				
 	    //load OnlineApplication configuration
@@ -155,7 +155,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 		} else {
 			Logger.debug("Service-Provider is of type 'PrivateService' with DomainIdentifier:" + oaParam.getIdentityLinkDomainIdentifier());
 			
-			if (useMISMandateBoolean) {
+			if (useMandateBoolean) {
 				Logger.error("Online-Mandate Mode for business application not supported.");
 				throw new AuthenticationException("auth.17", null);
 			}
@@ -213,8 +213,8 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 			protocolReq.setNeedSingleSignOnFunctionality(false);
 
 		}
-		if (protocolReq.needSingleSignOnFunctionality() && useMISMandateBoolean) {
-			Logger.info("Usage of MIS-MandateService does not allow Single Sign-On. --> SSO is disabled for this request.");
+		if (protocolReq.needSingleSignOnFunctionality() && useMandateBoolean) {
+			Logger.info("Usage of Mandate-Service does not allow Single Sign-On. --> SSO is disabled for this request.");
 			protocolReq.setNeedSingleSignOnFunctionality(false);
 			
 		}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
new file mode 100644
index 000000000..09b344f9d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
@@ -0,0 +1,150 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
+import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.servlet.AbstractController;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.moduls.IRequestStorage;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@Controller
+public class GUILayoutBuilderServlet extends AbstractController {
+
+	public static final String ENDPOINT_CSS = "/css/buildCSS";
+	public static final String ENDPOINT_JS = "/js/buildJS";
+	
+	@Autowired AuthConfiguration authConfig;
+	@Autowired IRequestStorage requestStoreage;
+	@Autowired IGUIFormBuilder formBuilder;
+	
+	public GUILayoutBuilderServlet() {
+		super();
+		Logger.debug("Registering servlet " + getClass().getName() 
+				+ " with mappings '" + ENDPOINT_CSS 
+				+ "' and '" + ENDPOINT_JS + "'.");
+		
+	}
+	
+	@RequestMapping(value = "/css/buildCSS", method = {RequestMethod.GET})
+	public void buildCSS(HttpServletRequest req, HttpServletResponse resp) throws IOException {		
+		try {
+			IRequest pendingReq = extractPendingRequest(req);
+		
+			//initialize GUI builder configuration
+			ServiceProviderSpecificGUIFormBuilderConfiguration config = null;
+			if (pendingReq != null) 
+				config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+						pendingReq, 
+						ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_CSS, 
+						null);
+			
+			else
+				config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+						HTTPUtils.extractAuthURLFromRequest(req), 
+						ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_CSS, 
+						null);
+		
+			//build GUI component
+			formBuilder.build(resp, config, "text/css;charset=UTF-8", "CSS-Form");
+			
+		} catch (Exception e) {
+			Logger.warn("GUI ressource:'CSS' generation FAILED.");
+			resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Created resource failed");
+		}
+							
+	}
+	
+	@RequestMapping(value = "/js/buildJS", method = {RequestMethod.GET})
+	public void buildJavaScript(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+		try {
+			IRequest pendingReq = extractPendingRequest(req);
+		
+			//initialize GUI builder configuration
+			ServiceProviderSpecificGUIFormBuilderConfiguration config = null;
+			if (pendingReq != null) 
+				config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+						pendingReq, 
+						ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_JS, 
+						null);
+			
+			else
+				config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+						HTTPUtils.extractAuthURLFromRequest(req), 
+						ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_JS, 
+						null);
+		
+			//build GUI component
+			formBuilder.build(resp, config, "text/javascript;charset=UTF-8", "JavaScript");
+			
+		} catch (Exception e) {
+			Logger.warn("GUI ressource:'JavaScript' generation FAILED.");
+			resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Created resource failed");
+		}
+						
+	}
+	
+	private IRequest extractPendingRequest(HttpServletRequest req) {
+		try {		
+			String pendingReqID = StringEscapeUtils.escapeHtml(
+					req.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));
+		
+			if (MiscUtil.isNotEmpty(pendingReqID)) {		
+				IRequest pendingReq = requestStorage.getPendingRequest(pendingReqID);
+				if (pendingReq != null) {
+					Logger.trace("GUI-Layout builder: Pending-request:"
+							+ pendingReqID + " found -> Build specific template");
+					return pendingReq;
+					
+				}			
+			}
+			
+			Logger.trace("GUI-Layout builder: No pending-request found -> Use default templates");
+			
+		} catch (Exception e) {
+			Logger.warn("GUI-Layout builder-servlet has an error during request-preprocessing.", e);
+		}	
+		
+		return null;
+	}
+}
diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/mandate-service-selection.html b/id/server/moa-id-frontend-resources/src/main/resources/templates/mandate-service-selection.html
new file mode 100644
index 000000000..a9f0c4238
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/mandate-service-selection.html
@@ -0,0 +1,52 @@
+<!DOCTYPE html> 
+<html>
+<head>
+	<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
+    <!-- MOA-ID 2.x BKUSelection Layout CSS -->               
+    <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=#ID#" />
+    
+    <title>Anmeldung an Online-Applikation</title>   
+</head>
+
+
+<body>
+		<div id="page">
+
+			<div id="page1" class="case selected-case" role="main">
+
+<!-- 					<h2 class="OA_header">Anmeldung an: #OAName#</h2> -->
+
+					<div id="main">
+					<div id="leftcontent" class="hell">
+            <div id="bku_header" class="dunkel">
+						  <h2 id="tabheader" class="dunkel" role="heading">
+							 Anmeldeinformationen:							  
+						  </h2>
+            </div>
+					
+						<div id="selectArea" class="hell" role="application">
+							<h3>Anmeldung an: $OAName</h3>
+					
+<!-- 						<div class="hell"> -->
+							<div id="leftbutton">
+									<form method="post" id="moaidform_yes" action="$contextPath$submitEndpoint">
+										<input type="hidden" name="value" value="true">
+                    <input type="hidden" name="pendingid" value="$pendingReqID">
+										<input type="submit" value="Ja" class="setAssertionButton_full" role="button">
+									</form>
+							</div>
+							<div id="rightbutton">
+										<form method="post" id="moaidform_no" action="$contextPath$submitEndpoint">
+										<input type="hidden" name="value" value="false">
+                    <input type="hidden" name="pendingid" value="$pendingReqID">
+										<input type="submit" value="Nein" class="setAssertionButton_full" role="button">
+									</form>
+							</div>
+						
+						</div>												
+					</div>
+				</div>
+		</div>
+	</div>
+</body>
+</html>
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
index 4f9936c94..b0efb100a 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
@@ -17,12 +17,6 @@ public class DefaultCitizenCardAuthModuleImpl implements AuthModule {
 		return 0;
 	}
 
-	public String getProcessName() {		
-		return "DefaultAuthentication";
-				
-				
-	}
-	
 	@Override
 	public String selectProcess(ExecutionContext context) {		
 		//select process if BKU is selected and it is no STORK authentication
@@ -35,7 +29,7 @@ public class DefaultCitizenCardAuthModuleImpl implements AuthModule {
 		if (StringUtils.isBlank((String) context.get("ccc")) && 
 				StringUtils.isNotBlank((String) context.get(MOAIDAuthConstants.PARAM_BKU)) &&
 				 	!performBKUSelection)
-			return getProcessName();
+			return "DefaultAuthentication";
 		
 		else
 			return null;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
index d3d736a9c..c1fae1f1e 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
@@ -177,9 +177,9 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
 			}
 		}
 		
+		//set useMandate flag to executionContext
 		executionContext.put(MOAIDAuthConstants.PARAM_USEMANDATE, moasession.isMandateUsed());
-		executionContext.put(MOAIDAuthConstants.PARAM_USEMISMANDATE, moasession.isMandateUsed());
-		
+				
 	}
 
 }
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
index afa3fe2ad..74792ed72 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
@@ -38,7 +38,7 @@
 	<pd:Transition from="verifyCertificate"         to="verifyAuthBlock" conditionExpression="ctx['useMandate']" />
 	<pd:Transition from="verifyCertificate"         to="getForeignID" />
 	
-	<pd:Transition from="verifyAuthBlock"           to="prepareGetMISMandate" conditionExpression="ctx['useMISMandate']" />
+	<pd:Transition from="verifyAuthBlock"           to="prepareGetMISMandate" conditionExpression="ctx['useMandate']" />
 	<pd:Transition from="verifyAuthBlock"           to="finalizeAuthentication" />
 	
 	<pd:Transition from="prepareGetMISMandate"      to="getMISMandate" />
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
index b50d1cf4e..60dd95338 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
@@ -44,6 +44,8 @@ public class ELGAMandatesAuthConstants {
 	public static final String ENDPOINT_REDIRECT = "/sp/elga_mandate/redirect";
 	public static final String ENDPOINT_METADATA = "/sp/elga_mandate/metadata";
 
+	public static final String TEMPLATE_MANDATE_SERVICE_SELECTION = "/mandate-service-selection.html";
+	
 	//configuration properties
 	public static final String CONFIG_PROPS_PREFIX = "modules.elga_mandate.";
 	
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
index 7f7af704c..753d3336c 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
@@ -23,7 +23,12 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates;
  */
 
 
+import org.springframework.beans.factory.annotation.Autowired;
+
 import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
  * This authentication module extens the default citizen  
@@ -33,6 +38,8 @@ import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModu
  */
 public class ELGAMandatesAuthModuleImpl extends DefaultCitizenCardAuthModuleImpl {
 
+	@Autowired private AuthConfiguration authConfig; 
+	
 	private int priority = 0;
 	
 	/* (non-Javadoc)
@@ -42,13 +49,23 @@ public class ELGAMandatesAuthModuleImpl extends DefaultCitizenCardAuthModuleImpl
 	public int getPriority() {
 		return priority;
 	}
-
+	
 	@Override
-	public String getProcessName() {
-		return "DefaultAuthenticationWithELGAMandates";
+	public String selectProcess(ExecutionContext context) {
+		String selectedProcessID = super.selectProcess(context);
+	
+		//check if BKU authentication is selected and ELGA-MandateService is configurated
+		if (MiscUtil.isNotEmpty(selectedProcessID)) {
+			if (MiscUtil.isNotEmpty(authConfig.getBasicMOAIDConfiguration(
+					ELGAMandatesAuthConstants.CONFIG_PROPS_METADATAURL)))
+				return "DefaultAuthenticationWithELGAMandates";
+			
+		}
+		
+		return selectedProcessID;
 		
 	}
-	
+		
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
 	 */
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java
deleted file mode 100644
index fb9628909..000000000
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ELGAInitializeBKUAuthenticationTask.java
+++ /dev/null
@@ -1,144 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks;
-
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.stereotype.Component;
-
-import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
-import at.gv.egovernment.moa.id.auth.modules.internal.tasks.InitializeBKUAuthenticationTask;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-@Component("ELGAInitializeBKUAuthenticationTask")
-public class ELGAInitializeBKUAuthenticationTask extends InitializeBKUAuthenticationTask {
-
-	@Override
-	public void execute(ExecutionContext executionContext,
-			HttpServletRequest request, HttpServletResponse response)
-			throws TaskExecutionException {
-				
-		try {
-			//perform Default-BKU authentication initialization
-			internalInitializeWithoutPersist(executionContext, request, response);
-			
-			//perform ELGA Mandate-Service specific parts
-			Logger.debug("Perfom ELGA-Mandate specific parts of initialisation.");
-			Boolean misMandateUsed = (Boolean) executionContext.get(MOAIDAuthConstants.PARAM_USEMISMANDATE);
-			
-			boolean elgaMandateUsed = false;
-			Object elgaMandateUsedObj = executionContext.get(MOAIDAuthConstants.PARAM_USEELGAMANDATE);
-			if (elgaMandateUsedObj == null || 
-					!(elgaMandateUsedObj instanceof String || elgaMandateUsedObj instanceof Boolean)) {
-				Logger.error("Use ELGA-MandateService flag has a wrong type.");
-				throw new MOAIDException("auth.12", new Object[]{"Start-BKU Authentication","useELGAMandate"});
-				
-			} else {
-				if (elgaMandateUsedObj instanceof String)
-					elgaMandateUsed = Boolean.parseBoolean((String) elgaMandateUsedObj);
-				else
-					elgaMandateUsed = (boolean) elgaMandateUsedObj;
-								
-			}
-						
-			//check if both mandate Services are requested
-			if ( (misMandateUsed != null && misMandateUsed) &&
-					elgaMandateUsed ) {
-				Logger.error("Can not use MIS-MandateService and ELGA-MandateService twince");
-				throw new MOAIDException("validator.73", null);
-				
-			}
-			
-			
-			if (elgaMandateUsed) {
-				//check mandateProfiles against ELGA-MandateService configuration				
-				if (!checkServiceProviderAgainstELGAModulConfigration()) {
-					Logger.info("Service-Provider: " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() 
-							+ " does not fulfill requirements to use ELGA-MandateService.");
-					throw new MOAIDException("service.10", new Object[]{
-							ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
-							"No valid mandate-profile defined"});
-					
-				}
-				
-				//remove MIS-Mandate flag and set useMandate flag to MOASession
-				Logger.debug("Authentication process select ELGA-MandateService.");
-				executionContext.remove(MOAIDAuthConstants.PARAM_USEMISMANDATE);
-				moasession.setUseMandates(elgaMandateUsed);
-			}
-			
-			//disable SSO if it is requested
-			if (pendingReq.needSingleSignOnFunctionality() && moasession.isMandateUsed()) {
-				Logger.info("ELGA-MandateService does not allow Single Sign-On. SSO get disabled for this request.");
-				pendingReq.setNeedSingleSignOnFunctionality(false);
-				
-				
-			}
-			
-			//store MOASession and pendingRequest
-			requestStoreage.storePendingRequest(pendingReq);
-			authenticatedSessionStorage.storeSession(moasession);
-			
-		} catch (MOADatabaseException | MOAIDException e) {
-			Logger.info("Initialize BKUAuthentication with ELGA Mandates FAILED. Reason:" + e.getMessage());
-			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
-			
-		}
-	}
-
-	/**
-	 * Check Service-Provider mandate-profiles against allowed mandate-profiles for ELGA MandateService.
-	 * 
-	 * @return true, if ELGA mandateservice is allowed, otherwise false
-	 */
-	private boolean checkServiceProviderAgainstELGAModulConfigration() {
-		String allowedMandateTypesCSV = 
-				authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES);		
-		List<String> allowedMandateTypes = KeyValueUtils.getListOfCSVValues(allowedMandateTypesCSV);		
-		List<String> spMandateProfiles = pendingReq.getOnlineApplicationConfiguration().getMandateProfiles();
-
-		boolean isELGAMandateServiceAllowed = false;
-		if (spMandateProfiles != null) {			
-			for (String el : allowedMandateTypes) {
-				if (spMandateProfiles.contains(el))
-					isELGAMandateServiceAllowed = true;
-			
-			}
-		}
-		
-		return isELGAMandateServiceAllowed;
-	}
-}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java
new file mode 100644
index 000000000..f05446771
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java
@@ -0,0 +1,126 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.stereotype.Component;
+
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("EvaluateMandateServiceTask")
+public class EvaluateMandateServiceTask extends AbstractAuthServletTask {
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+		try {
+			boolean useMIS = getUserConfermationFromRequest(request, MOAIDAuthConstants.PARAM_USEMISMANDATE);
+			boolean useELGA = getUserConfermationFromRequest(request, MOAIDAuthConstants.PARAM_USEELGAMANDATE);
+			
+			//check if both mandate Services are requested
+			if ( useMIS && useELGA ) {
+				Logger.error("Can not use MIS-MandateService and ELGA-MandateService twince");
+				throw new MOAIDException("validator.73", null);
+				
+			}
+			
+			//select next process step
+			if (useELGA) {
+				//validate service-provider again
+				if (!ELGAMandateUtils.checkServiceProviderAgainstELGAModulConfigration(authConfig, pendingReq)) {
+					Logger.info("Service-Provider: " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() 
+							+ " does not fulfill requirements to use ELGA-MandateService.");
+					throw new MOAIDException("service.10", new Object[]{
+							ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
+							"No valid mandate-profile defined"});
+				
+				}
+				
+				executionContext.put(MOAIDAuthConstants.PARAM_USEELGAMANDATE, useELGA);
+				Logger.debug("ELGA Mandate-Service is selected. Initialize service communication ... ");
+				
+			} else if(useMIS) {
+				executionContext.put(MOAIDAuthConstants.PARAM_USEMISMANDATE, useMIS);
+				Logger.debug("MIS Mandate-Service is selected. Initialize service communication ... ");
+				
+				
+			} else {
+				//mark pending-request as aborted
+				Logger.info("No Mandate-Service is selected. Abort authentication process ... ");
+				pendingReq.setAbortedByUser(true);
+				pendingReq.setAuthenticated(false);
+				
+				//store pending-request
+				requestStoreage.storePendingRequest(pendingReq);
+				
+				//redirect to protocol finalization
+				performRedirectToProtocolFinialization(pendingReq, response);
+				
+			}
+			
+		} catch (MOAIDException e) {
+			Logger.info("Evaluation of Mandate-Service selection FAILED. Reason:" + e.getMessage());
+			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			
+		} catch (Exception e) {
+			Logger.info("Mandate-Service selection evaluation: General Exception. Msg:" + e.getMessage());
+			throw new TaskExecutionException(pendingReq, "ELGA mandate-service: General Exception.", e);
+			
+		}
+
+	}
+
+	private boolean getUserConfermationFromRequest(HttpServletRequest httpReq, String paramName) throws WrongParametersException {
+		String paramString = httpReq.getParameter(paramName);
+		paramString = StringEscapeUtils.escapeHtml(paramString);
+		if (!ParamValidatorUtils.isValidUseMandate(paramString))
+			throw new WrongParametersException("Mandate-Service selection-evaluation", paramName, null);
+		
+		if (MiscUtil.isNotEmpty(paramString))
+			return Boolean.parseBoolean(paramString);
+		
+		else
+			return false;
+		
+	}
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java
new file mode 100644
index 000000000..8d6ac1762
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
+import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils;
+import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("SelectMandateServiceTask")
+public class SelectMandateServiceTask extends AbstractAuthServletTask {
+
+	@Autowired IGUIFormBuilder guiBuilder;
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+		try {
+			//check if Service-Provider allows ELGA-mandates
+			if (ELGAMandateUtils.checkServiceProviderAgainstELGAModulConfigration(authConfig, pendingReq)) {			
+				Logger.trace("Build GUI for mandate-service selection ...");
+						
+				IGUIBuilderConfiguration config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
+						pendingReq, 
+						ELGAMandatesAuthConstants.TEMPLATE_MANDATE_SERVICE_SELECTION, 
+						GeneralProcessEngineSignalController.ENDPOINT_GENERIC);
+			
+				guiBuilder.build(response, config, "Mandate-Service selection");
+		
+				Logger.debug("GUI for mandate-service selection is generated. Wait for user interaction ... ");
+				
+			} else {
+				//service-provider does not allow ELGA-mandates  --> switch to MIS mandate-service
+				Logger.debug("Service-Provider does not allow ELGA Mandate-Service. --> Select MIS Mandate-Service as Default.");
+				executionContext.put(MOAIDAuthConstants.PARAM_USEMISMANDATE, true);
+				
+			}
+			
+		} catch (GUIBuildException e) {
+			Logger.warn("Can not build GUI:'Mandate-Service selection'. Msg:" + e.getMessage());
+			throw new TaskExecutionException(pendingReq, 
+					"Can not build GUI. Msg:" + e.getMessage(), 
+					new MOAIDException("builder.09", new Object[]{e.getMessage()}, e));
+						
+		} catch (Exception e) {
+			Logger.info("Mandate-Service selection: General Exception. Msg:" + e.getMessage());
+			throw new TaskExecutionException(pendingReq, "ELGA mandate-service: General Exception.", e);
+			
+		}
+
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java
new file mode 100644
index 000000000..03f8fa195
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils;
+
+import java.util.List;
+
+import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ELGAMandateUtils {
+	/**
+	 * Check Service-Provider mandate-profiles against allowed mandate-profiles for ELGA MandateService.
+	 * 
+	 * @return true, if ELGA mandateservice is allowed, otherwise false
+	 */
+	public static boolean checkServiceProviderAgainstELGAModulConfigration(AuthConfiguration authConfig, IRequest pendingReq) {
+		String allowedMandateTypesCSV = 
+				authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES);		
+		List<String> allowedMandateTypes = KeyValueUtils.getListOfCSVValues(allowedMandateTypesCSV);		
+		List<String> spMandateProfiles = pendingReq.getOnlineApplicationConfiguration().getMandateProfiles();
+
+		boolean isELGAMandateServiceAllowed = false;
+		if (spMandateProfiles != null) {			
+			for (String el : allowedMandateTypes) {
+				if (spMandateProfiles.contains(el))
+					isELGAMandateServiceAllowed = true;
+			
+			}
+		}
+		
+		return isELGAMandateServiceAllowed;
+	}
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
index 8cd08d226..23edac7ca 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
@@ -5,7 +5,7 @@
 	- National authentication with Austrian Citizen Card and mobile signature with our without mandate.
 	- Legacy authentication for foreign citizens using MOCCA supported signature cards.
 -->
-	<pd:Task id="elgaInitializeBKUAuthentication" class="ELGAInitializeBKUAuthenticationTask" />
+	<pd:Task id="initializeBKUAuthentication" class="InitializeBKUAuthenticationTask"
 	<pd:Task id="createIdentityLinkForm"    class="CreateIdentityLinkFormTask" />
 	<pd:Task id="verifyIdentityLink"        class="VerifyIdentityLinkTask"        async="true" />
 	<pd:Task id="verifyAuthBlock"           class="VerifyAuthenticationBlockTask" async="true" />
@@ -18,6 +18,8 @@
 	<pd:Task id="getForeignID"              class="GetForeignIDTask"              async="true" />
 	
 	<!-- ELGA Mandate-Service Tasks -->
+	<pd:Task id="selectMandateServiceTask"    			class="SelectMandateServiceTask" />
+	<pd:Task id="evaluateMandateServiceTask"    		class="EvaluateMandateServiceTask" async="true"/>
 	<pd:Task id="requestELGAMandateTask"    				class="RequestELGAMandateTask" />
 	<pd:Task id="receiveElgaMandateResponseTask"    class="ReceiveElgaMandateResponseTask"  async="true"/>
 	
@@ -25,9 +27,9 @@
 	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
 	<pd:StartEvent id="start" />
 	
-	<pd:Transition from="start"                     			to="elgaInitializeBKUAuthentication" />
+	<pd:Transition from="start"                     			to="initializeBKUAuthentication" />
 	
-	<pd:Transition from="elgaInitializeBKUAuthentication" to="createIdentityLinkForm" />
+	<pd:Transition from="initializeBKUAuthentication" to="createIdentityLinkForm" />
 	
 	<pd:Transition from="createIdentityLinkForm"    to="verifyIdentityLink" />
 	
@@ -43,10 +45,17 @@
 	<pd:Transition from="verifyCertificate"         to="verifyAuthBlock" conditionExpression="ctx['useMandate']" />
 	<pd:Transition from="verifyCertificate"         to="getForeignID" />
 	
-	<pd:Transition from="verifyAuthBlock"           to="prepareGetMISMandate" conditionExpression="ctx['useMISMandate']" />
-	<pd:Transition from="verifyAuthBlock"           to="requestELGAMandateTask" conditionExpression="ctx['useELGAMandate']" />
+	<pd:Transition from="verifyAuthBlock"           to="selectMandateServiceTask" conditionExpression="ctx['useMandate']" />
 	<pd:Transition from="verifyAuthBlock"           to="finalizeAuthentication" />
 		
+	<pd:Transition from="selectMandateServiceTask"   to="prepareGetMISMandate" conditionExpression="ctx['useMISMandate']" />
+	<pd:Transition from="selectMandateServiceTask"   to="evaluateMandateServiceTask" />
+		
+	<pd:Transition from="evaluateMandateServiceTask" to="prepareGetMISMandate" conditionExpression="ctx['useMISMandate']" />
+	<pd:Transition from="evaluateMandateServiceTask" to="requestELGAMandateTask" conditionExpression="ctx['useELGAMandate']" />
+	<pd:Transition from="evaluateMandateServiceTask" to="end" />
+
+			
 	<pd:Transition from="requestELGAMandateTask"      		to="receiveElgaMandateResponseTask" />
 	<pd:Transition from="receiveElgaMandateResponseTask"  to="finalizeAuthentication" />
 	
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml
index c1abe78df..cbc4e65c1 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml
@@ -26,11 +26,15 @@
 	<bean	id="ELGAMandateSignalController"
 				class="at.gv.egovernment.moa.id.auth.modules.elgamandates.controller.ELGAMandateSignalController"/>
 	
-<!-- Federated Authentication Process Tasks -->
-	<bean id="ELGAInitializeBKUAuthenticationTask" 
-				class="at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks.ELGAInitializeBKUAuthenticationTask"
+<!-- ELGA-MandateService communication Process Tasks -->
+	<bean id="SelectMandateServiceTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks.SelectMandateServiceTask"
 				scope="prototype"/>
 				
+	<bean id="EvaluateMandateServiceTask" 
+				class="at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks.EvaluateMandateServiceTask"
+				scope="prototype"/>				
+				
 	<bean id="RequestELGAMandateTask" 
 				class="at.gv.egovernment.moa.id.auth.modules.elgamandates.tasks.RequestELGAMandateTask"
 				scope="prototype"/>
-- 
cgit v1.2.3


From 0000acfdc7ca31b9ba2d2956c0ce36c4146c3033 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 14 Mar 2016 12:02:19 +0100
Subject: fix typo

---
 .../java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java   | 2 +-
 .../builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java   | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index f39421a21..d9386d404 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -110,7 +110,7 @@ public class RedirectServlet {
 							null);
 					config.putCustomParameter(URL, url);
 					config.putCustomParameter(TARGET, redirectTarget);
-					guiBuilder.build(resp, config, "RedirectForm");
+					guiBuilder.build(resp, config, "RedirectForm.html");
 									
 				} else if (MiscUtil.isNotEmpty(interIDP)) {
 					//store IDP identifier and redirect to generate AuthRequst service					
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java
index 73a0e7691..a77b2f7e0 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java
@@ -47,8 +47,8 @@ public class ServiceProviderSpecificGUIFormBuilderConfiguration extends Abstract
 	public static final String VIEW_TEMPLATE_JS = "/javascript_tempalte.js";
 	
 	public static final String PARAM_BKU_ONLINE = "bkuOnline";
-	public static final String PARAM_BKU_HANDY = "bkuLocal";
-	public static final String PARAM_BKU_LOCAL = "bkuHandy";
+	public static final String PARAM_BKU_HANDY = "bkuHandy";
+	public static final String PARAM_BKU_LOCAL = "bkuLocal";
 	
 	public static final String PARAM_OANAME = "OAName";
 	public static final String PARAM_COUNTRYLIST = "countryList";
-- 
cgit v1.2.3


From 6701d8aaca715133cfa9d7764eb2f1ed163dfce9 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 14 Mar 2016 14:14:24 +0100
Subject: update statuscodes and revisionslog codes

---
 .../conf/moa-id/htmlTemplates/css_template.css     | 43 +++++++++++-
 .../conf/moa-id/htmlTemplates/loginFormFull.html   |  4 +-
 id/server/doc/handbook/additional/additional.html  | 25 +++++++
 id/server/doc/handbook/protocol/protocol.html      | 45 +++++++++++--
 .../resources/properties/id_messages_de.properties |  1 -
 .../protocol_response_statuscodes_de.properties    | 45 ++++++-------
 .../src/main/resources/templates/css_template.css  | 43 +++++++++++-
 .../templates/mandate-service-selection.html       | 76 ++++++++++++++--------
 8 files changed, 222 insertions(+), 60 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css b/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css
index a8735be60..32b9dee12 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css
@@ -59,7 +59,7 @@
 			    /*	clear:both; */
 				  position:relative;
 			    margin: 0 auto;
-			    width: 250px;
+			    /*width: 250px;*/
 			    text-align: center;
 			  }
 			  
@@ -85,7 +85,8 @@
 			
 			  #leftcontent {
 				 width: 300px;
-				 margin-top: 30px;
+				 /*margin-top: 30px;*/
+         margin: auto;
 			  }
 			
         #bku_header {
@@ -622,4 +623,42 @@
       #alert_area {
         width: 500px;
         padding-left: 80px;
+      }
+      
+      #processInfoArea {
+        margin-bottom: 15px;
+        margin-top: 15px;
+      }
+      #processSelectionArea {
+        width: 550px;
+        margin-left: 25px;
+        margin-top: 35px;
+      }
+      .processSelectionButtonArea {
+        float: none;
+        margin-bottom: 20px;
+        height: 35px;
+      }
+      .processSelectionButton {
+        background: #ababab;
+				cursor: pointer;
+        height: 30px;
+        width: 200px;
+        float: right;
+        border-style: solid;
+        border-bottom-width: 2px;
+        border-right-width: 2px;
+        border-left-width: 1px;
+        border-top-width: 1px;
+        border-color: #000000;
+      }
+      .buttonDescription {
+        float: left;
+        margin-left: 10px;
+        padding-top: 4px;
+        text-align: left;
+        width: 330px;
+      }
+      #processContent {
+        margin-top: 25px;
       }
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
index 02b86472b..983e8b544 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
@@ -63,9 +63,9 @@
               </div>
               
               <!-- Single Sign-On Session transfer functionality -->
-              <!--div id="ssoSessionTransferBlock">
+              <div id="ssoSessionTransferBlock">
                 <a href="$contextPath$submitEndpoint?pendingid=$pendingReqID&restoreSSOSession=true">>Restore SSO Session from Smartphone</a>
-              </div-->
+              </div>
               
               <div id="stork" align="center" style="$STORKVISIBLE">
                 <h2 id="tabheader" class="dunkel">Home Country Selection</h2>
diff --git a/id/server/doc/handbook/additional/additional.html b/id/server/doc/handbook/additional/additional.html
index fb9735990..cbf4a50c9 100644
--- a/id/server/doc/handbook/additional/additional.html
+++ b/id/server/doc/handbook/additional/additional.html
@@ -520,6 +520,31 @@
       <td width="208" valign="top"><p align="left">baseID</p></td>
       <td width="946" valign="top"><p>Stammzahl der vertretenen juristischen Person </p></td>
     </tr>
+    <tr>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">&nbsp;</td>
+    </tr>
+    <tr>
+      <td valign="top">6000</td>
+      <td valign="top">ReferenceID des Vollmachtensystems</td>
+      <td valign="top">externes Vollmachten Service kontaktiert</td>
+    </tr>
+    <tr>
+      <td valign="top">6001</td>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">g&uuml;ltige Vollmacht vom externen Vollmachten Service verarbeitet</td>
+    </tr>
+    <tr>
+      <td valign="top">6002</td>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">Fehler vom externen Vollmachten Service verarbeitet</td>
+    </tr>
+    <tr>
+      <td valign="top">6003</td>
+      <td valign="top">IP    Adresse</td>
+      <td valign="top">IP Adresse mit der das externe Vollmachten Service die Vollmacht ausgeliefert hat</td>
+    </tr>
   </table>
 <p>&nbsp;</p>
 <p>Einzelne  Events werden um einen Transaktionsparameter erg&auml;nzt, welcher in der Spalte  Wert beschrieben ist. <br>
diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html
index a3a06bc6d..3b31dbfc0 100644
--- a/id/server/doc/handbook/protocol/protocol.html
+++ b/id/server/doc/handbook/protocol/protocol.html
@@ -559,6 +559,10 @@ Redirect Binding</td>
     <td>1007</td>
     <td>Vollmachtsmodus f&uuml;r ausl&auml;ndische Personen wird nicht unterst&uuml;tzt.</td>
   </tr>
+  <tr>
+    <td>1008</td>
+    <td>Es konnten nicht alle minimal erforderlichen Identifikations- oder Authentifikationsmerkmale ermittelt werden.</td>
+  </tr>
 </table>
 <h5><a name="statuscodes_11xxx" id="allgemeines_zugangspunkte12"></a>1.3.1.2 Validierung (11xxx)</h5>
 <table class="configtable">
@@ -691,24 +695,51 @@ Redirect Binding</td>
 <h5><a name="statuscodes_43xxx" id="allgemeines_zugangspunkte22"></a>1.3.2.4 MOA SP/SS(43xxx)</h5>
 <table class="configtable">
   <tr>
-    <th>Statuscode</th>
-    <th>Beschreibung</th>
+    <th width="23%">Statuscode</th>
+    <th width="77%">Beschreibung</th>
   </tr>
   <tr>
     <td>4300</td>
     <td>Fehler beim Aufruf von MOA SP/SS</td>
   </tr>
 </table>
-<h5><a name="statuscodes_44xxx" id="allgemeines_zugangspunkte23"></a>1.3.2.5 Interfederation (44xxx)</h5>
+<h5><a name="statuscodes_44xxx" id="allgemeines_zugangspunkte23"></a>1.3.2.5 Interfederation (44xx)</h5>
 <table class="configtable">
   <tr>
-    <th>Statuscode</th>
-    <th>Beschreibung</th>
+    <th width="23%">Statuscode</th>
+    <th width="77%">Beschreibung</th>
   </tr>
   <tr>
     <td>4400</td>
     <td>Fehler beim Generieren der Anmeldedaten</td>
   </tr>
+  <tr>
+    <td>4401</td>
+    <td>Die Verwendung des angeforderten federated IDP ist nicht erlaubt</td>
+  </tr>
+</table>
+<h5>1.3.2.6 Attributprovider (45xx)</h5>
+<table class="configtable">
+  <tr>
+    <th width="12%">Statuscode</th>
+    <th width="88%">Beschreibung</th>
+  </tr>
+  <tr>
+    <td>4500</td>
+    <td>Der Zugriff auf einen Attributprovider ist nicht erlaubt</td>
+  </tr>
+  <tr>
+    <td>4501</td>
+    <td>Die Requestgenerierung f&uuml;r den Zugriff auf den Attributprovider schlug fehl</td>
+  </tr>
+  <tr>
+    <td>4502</td>
+    <td>Die Response vom Attributeprovider ist ung&uuml;ltig oder nicht errlaubt</td>
+  </tr>
+  <tr>
+    <td>4503</td>
+    <td>Die Response vom Attributeprovider beinhaltet einen Fehlercode</td>
+  </tr>
 </table>
 <h4><a name="statuscodes_6xxxx" id="allgemeines_zugangspunkte9"></a>1.3.3 Statuscodes 6xxxx</h4>
 <p>Alles Statuscodes beginnend mit der Zahl sechs beschreiben protokollspezifische Fehler die nicht durch das jeweilige Authentifizierungsprotokoll abgebildet werden.</p>
@@ -843,6 +874,10 @@ Redirect Binding</td>
     <td>9103</td>
     <td>Fehler bei der Verarbeitung eines Templates</td>
   </tr>
+  <tr>
+    <td>9104</td>
+    <td>Fehler bei der Auswahl oder Initialisierung des gew&uuml;nschten Anmeldeprozesses</td>
+  </tr>
   <tr>
     <td>9199</td>
     <td>Allgemeiner interner Fehler</td>
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 86aa13fb8..c47ec2477 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -118,7 +118,6 @@ service.06=Allgemeiner Fehler beim Anfragen des Online-Vollmachten Service
 service.07=Der SZR-Gateway ist unter {0} nicht erreichbar.
 service.08=Die Eintragung der ausländischen Person am SZR-Gateway ist fehlgeschlagen.
 service.09=Der SZR-Gateway Client konnte nicht initialisiert werden.
-
 service.10=Die Verwendung des Service {0} ist nicht m\u00f6glich. Ursache: {1}  
 
 cleaner.00=AuthenticationSessionCleaner wurde gestartet
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index 27070cc84..581037a29 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -28,10 +28,10 @@ auth.27=4401
 auth.28=1100
 auth.29=4401
 auth.30=1110
-auth.31=TODO
-auth.32=TODO
-auth.33=TODO
-auth.34=TODO
+auth.31=4400
+auth.32=4401
+auth.33=4401
+auth.34=4401
 
 init.00=9199
 init.01=9199
@@ -85,7 +85,8 @@ builder.04=Die Personenbindung konnte nicht neu signiert werden und wird aus die
 builder.05=Beim resignieren der Personenbindung ist ein allgemeiner Fehler aufgetreten und wird aus diesem Grund nicht ausgeliefert. 
 builder.06=4400
 builder.07=9002
-builder.08=TODO
+builder.08=1008
+builder.09=9103
 
 service.00=4300
 service.03=4300
@@ -96,23 +97,23 @@ service.07=4200
 service.08=4201
 service.09=9007 
  
-service.10=TODO 
+service.10=4500 
 
-process.01=TODO
-process.02=TODO
+process.01=9104
+process.02=9104
  
-sp.pvp2.00=TODO
-sp.pvp2.01=TODO
-sp.pvp2.02=TODO
-sp.pvp2.03=TODO
-sp.pvp2.04=TODO
-sp.pvp2.05=TODO
-sp.pvp2.06=TODO
-sp.pvp2.07=TODO
-sp.pvp2.08=TODO
-sp.pvp2.09=TODO
-sp.pvp2.10=TODO
-sp.pvp2.11=TODO
+sp.pvp2.00=4501
+sp.pvp2.01=4501
+sp.pvp2.02=4501
+sp.pvp2.03=4502
+sp.pvp2.04=4502
+sp.pvp2.05=4503
+sp.pvp2.06=4502
+sp.pvp2.07=4502
+sp.pvp2.08=4502
+sp.pvp2.09=4503
+sp.pvp2.10=4502
+sp.pvp2.11=4502
  
 validator.00=1102
 validator.01=1102
@@ -182,8 +183,8 @@ validator.69=1106
 validator.70=1106
 validator.71=1105
 
-validator.72=TODO
-validator.73=TODO
+validator.72=1105
+validator.73=4500
 
 ssl.01=1107
 
diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css b/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css
index a8735be60..32b9dee12 100644
--- a/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css
+++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css
@@ -59,7 +59,7 @@
 			    /*	clear:both; */
 				  position:relative;
 			    margin: 0 auto;
-			    width: 250px;
+			    /*width: 250px;*/
 			    text-align: center;
 			  }
 			  
@@ -85,7 +85,8 @@
 			
 			  #leftcontent {
 				 width: 300px;
-				 margin-top: 30px;
+				 /*margin-top: 30px;*/
+         margin: auto;
 			  }
 			
         #bku_header {
@@ -622,4 +623,42 @@
       #alert_area {
         width: 500px;
         padding-left: 80px;
+      }
+      
+      #processInfoArea {
+        margin-bottom: 15px;
+        margin-top: 15px;
+      }
+      #processSelectionArea {
+        width: 550px;
+        margin-left: 25px;
+        margin-top: 35px;
+      }
+      .processSelectionButtonArea {
+        float: none;
+        margin-bottom: 20px;
+        height: 35px;
+      }
+      .processSelectionButton {
+        background: #ababab;
+				cursor: pointer;
+        height: 30px;
+        width: 200px;
+        float: right;
+        border-style: solid;
+        border-bottom-width: 2px;
+        border-right-width: 2px;
+        border-left-width: 1px;
+        border-top-width: 1px;
+        border-color: #000000;
+      }
+      .buttonDescription {
+        float: left;
+        margin-left: 10px;
+        padding-top: 4px;
+        text-align: left;
+        width: 330px;
+      }
+      #processContent {
+        margin-top: 25px;
       }
\ No newline at end of file
diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/mandate-service-selection.html b/id/server/moa-id-frontend-resources/src/main/resources/templates/mandate-service-selection.html
index a9f0c4238..b0be4a475 100644
--- a/id/server/moa-id-frontend-resources/src/main/resources/templates/mandate-service-selection.html
+++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/mandate-service-selection.html
@@ -17,36 +17,60 @@
 <!-- 					<h2 class="OA_header">Anmeldung an: #OAName#</h2> -->
 
 					<div id="main">
-					<div id="leftcontent" class="hell">
-            <div id="bku_header" class="dunkel">
-						  <h2 id="tabheader" class="dunkel" role="heading">
-							 Anmeldeinformationen:							  
-						  </h2>
-            </div>
+					<!--div id="leftcontent" class="hell"-->
+            <div id=processContent>
+              <div id="bku_header" class="dunkel">
+						    <h2 id="tabheader" class="dunkel" role="heading">
+						      Anmeldeinformationen:							  
+						    </h2>
+              </div>
 					
-						<div id="selectArea" class="hell" role="application">
-							<h3>Anmeldung an: $OAName</h3>
-					
-<!-- 						<div class="hell"> -->
-							<div id="leftbutton">
-									<form method="post" id="moaidform_yes" action="$contextPath$submitEndpoint">
-										<input type="hidden" name="value" value="true">
-                    <input type="hidden" name="pendingid" value="$pendingReqID">
-										<input type="submit" value="Ja" class="setAssertionButton_full" role="button">
-									</form>
-							</div>
-							<div id="rightbutton">
+						  <div id="selectArea" class="hell" role="application">
+							  <h3>Anmeldung an: $OAName</h3>
+					    
+          
+                <div id="processInfoArea">
+                  <p>Für die Anmeldung 'in Vertretung' stehen Ihnen zwei Systeme zur Vollmachtenauswahl zur Verfügung. Bitte wählen Sie das gewünschte Service.</p> 
+                </div>
+              
+                <div id="processSelectionArea">
+							   <div id="elgaMandateButton" class="processSelectionButtonArea">
+							 		  <form method="post" id="moaidform_yes" action="$contextPath$submitEndpoint">
+										  <input type="hidden" name="useELGAMandate" value="true">
+                      <input type="hidden" name="pendingid" value="$pendingReqID">
+										  <input type="submit" value="Eltern-Kind Vertretung" class="processSelectionButton" role="button">
+									 </form>
+                    <div class="buttonDescription">
+                      <p>Eltern-Kind Vertretung</p>
+                    </div>
+							     </div>
+							     <div id="misMandateButton" class="processSelectionButtonArea">
+								    <form method="post" id="moaidform_no" action="$contextPath$submitEndpoint">
+									    <input type="hidden" name="useMISMandate" value="true">
+                      <input type="hidden" name="pendingid" value="$pendingReqID">
+								      <input type="submit" value="allgemeine Vertretung" class="processSelectionButton" role="button">
+								    </form>
+                    <div class="buttonDescription">
+                      <p>Vollmachtenservice der Österreichischen Datenschutzbehörde <a href="https://mms.stammzahlenregister.gv.at/mms/moaid.do">(MMS Service)</a></p>
+                    </div>
+							     </div>
+							     <div id="abortButton" class="processSelectionButtonArea">
 										<form method="post" id="moaidform_no" action="$contextPath$submitEndpoint">
-										<input type="hidden" name="value" value="false">
-                    <input type="hidden" name="pendingid" value="$pendingReqID">
-										<input type="submit" value="Nein" class="setAssertionButton_full" role="button">
-									</form>
-							</div>
-						
-						</div>												
+                      <input type="hidden" name="pendingid" value="$pendingReqID">
+										  <input type="submit" value="Abbrechen" class="processSelectionButton" role="button">
+									  </form>
+                    <div class="buttonDescription">
+                      <p>Den Anmeldevorgang abbrechen</p>
+                    </div>
+							     </div>
+						      </div>
+                  
+                </div>
+              </div>
+            
+						<!--/div-->												
 					</div>
 				</div>
 		</div>
-	</div>
 </body>
 </html>
-- 
cgit v1.2.3


From 8f5e8a21a7087061d16aae2e592b7d196d8a08e3 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 15 Mar 2016 09:03:37 +0100
Subject: fix typos in GUIBuilder

---
 .../egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java  | 5 ++---
 .../ServiceProviderSpecificGUIFormBuilderConfiguration.java       | 8 ++++----
 2 files changed, 6 insertions(+), 7 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
index 09b344f9d..babc87866 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
@@ -35,7 +35,6 @@ import org.springframework.web.bind.annotation.RequestMethod;
 
 import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder;
 import at.gv.egovernment.moa.id.auth.frontend.builder.ServiceProviderSpecificGUIFormBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.servlet.AbstractController;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IRequest;
@@ -106,13 +105,13 @@ public class GUILayoutBuilderServlet extends AbstractController {
 				config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
 						pendingReq, 
 						ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_JS, 
-						null);
+						GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION);
 			
 			else
 				config = new ServiceProviderSpecificGUIFormBuilderConfiguration(
 						HTTPUtils.extractAuthURLFromRequest(req), 
 						ServiceProviderSpecificGUIFormBuilderConfiguration.VIEW_TEMPLATE_JS, 
-						null);
+						GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION);
 		
 			//build GUI component
 			formBuilder.build(resp, config, "text/javascript;charset=UTF-8", "JavaScript");
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java
index a77b2f7e0..0a5cdaf3e 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/ServiceProviderSpecificGUIFormBuilderConfiguration.java
@@ -41,10 +41,10 @@ import at.gv.egovernment.moa.util.MiscUtil;
  */
 public class ServiceProviderSpecificGUIFormBuilderConfiguration extends AbstractGUIFormBuilderConfiguration {
 
-	public static final String VIEW_BKUSELECTION = "/loginFormFull.html";
-	public static final String VIEW_SENDASSERTION = "/sendAssertionFormFull.html";	
-	public static final String VIEW_TEMPLATE_CSS = "/css_template.css";
-	public static final String VIEW_TEMPLATE_JS = "/javascript_tempalte.js";
+	public static final String VIEW_BKUSELECTION = "loginFormFull.html";
+	public static final String VIEW_SENDASSERTION = "sendAssertionFormFull.html";	
+	public static final String VIEW_TEMPLATE_CSS = "css_template.css";
+	public static final String VIEW_TEMPLATE_JS = "javascript_tempalte.js";
 	
 	public static final String PARAM_BKU_ONLINE = "bkuOnline";
 	public static final String PARAM_BKU_HANDY = "bkuHandy";
-- 
cgit v1.2.3


From 428cfea80ba50ce3835d70c0329add9354a70e2e Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 15 Mar 2016 09:04:05 +0100
Subject: add log message into PVP AssertionBuilder

---
 .../id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java   | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 3ca6a64e0..68301d000 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -282,7 +282,8 @@ public class PVP2AssertionBuilder implements PVPConstants {
 			String bpk = null;
 			
 			Element mandate = authData.getMandate();
-			if(mandate != null) {						
+			if(mandate != null) {
+				Logger.debug("Read mandator bPK|baseID from full-mandate ... ");
 				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
 				if(mandateObject == null) {
 					throw new NoMandateDataAvailableException();
@@ -307,7 +308,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
 				bpk = id.getValue().getValue();
 								
 			} else {
-				Logger.debug("Read mandatpr bPK|baseID from PVP attributes ... ");
+				Logger.debug("Read mandator bPK|baseID from PVP attributes ... ");
 				bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME, String.class);
 				bpktype = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, String.class);				
 				
-- 
cgit v1.2.3


From e03689468de9aaa0bd2b3234b8e6842988a29684 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 15 Mar 2016 10:43:39 +0100
Subject: change PVP EntityID to metadata-URL (SAML2 'well-known-location'
 method)

---
 .../moa/id/protocols/pvp2x/AttributQueryAction.java          |  8 ++++----
 .../moa/id/protocols/pvp2x/AuthenticationAction.java         | 12 ++++++++----
 .../protocols/pvp2x/config/IDPPVPMetadataConfiguration.java  |  9 ++++++++-
 .../id/auth/modules/ssotransfer/utils/SSOContainerUtils.java |  6 +++---
 4 files changed, 23 insertions(+), 12 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index f992737b6..2168316ab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -61,6 +61,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
@@ -128,10 +129,9 @@ public class AttributQueryAction implements IAction {
 						+ " validTo:" + responseInfo.getSecond().toString());
 				
 				//build PVP 2.1 assertion
-				
-				String issuerEntityID = pendingReq.getAuthURL();
-				if (issuerEntityID.endsWith("/"))
-					issuerEntityID = issuerEntityID.substring(0, issuerEntityID.length()-1);
+								
+				String issuerEntityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(
+						pendingReq.getAuthURL());
 				
 				Assertion assertion = PVP2AssertionBuilder.buildAssertion(issuerEntityID, 
 						attrQuery, responseInfo.getFirst(), date, new DateTime(responseInfo.getSecond().getTime()), 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index 2d13609d8..8de44a2e8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -49,6 +49,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
@@ -81,10 +82,13 @@ public class AuthenticationAction implements IAction {
 		SLOInformationImpl sloInformation = new SLOInformationImpl();
 
 		//change to entity value from entity name to IDP EntityID (URL)
-		String issuerEntityID = pvpRequest.getAuthURL();
-		if (issuerEntityID.endsWith("/"))
-			issuerEntityID = issuerEntityID.substring(0, issuerEntityID.length()-1);
-				
+//		String issuerEntityID = pvpRequest.getAuthURL();
+//		if (issuerEntityID.endsWith("/"))
+//			issuerEntityID = issuerEntityID.substring(0, issuerEntityID.length()-1);
+
+		String issuerEntityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(
+				pvpRequest.getAuthURL());
+		
 		//build Assertion
 		Assertion assertion = PVP2AssertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData, 
 				peerEntity, date, consumerService, sloInformation);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
index 91f43b10b..5bb1131a6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
@@ -97,7 +97,14 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
 	 */
 	@Override
 	public String getEntityID() {
-		return authURL;
+		try {
+			return PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL);
+		
+		} catch (ConfigurationException e) {
+			Logger.error("Can not load Metadata entry: EntityID", e);
+			return null;
+			
+		}
 	}
 
 	/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
index 5f2642cf8..9683d5cb7 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
@@ -97,6 +97,7 @@ import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
@@ -320,14 +321,13 @@ public class SSOContainerUtils {
 	public String generateSignedAndEncryptedSSOContainer(String authURL,
 			AuthenticationSession authSession, Date date) {		
 		try {
-			String entityID = authURL;
+			String entityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL);
 			AuthnContextClassRef authnContextClassRef = SAML2Utils
 					.createSAMLObject(AuthnContextClassRef.class);
 			authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());			
 					
 			NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
-			String random = Random.nextRandom();
-			String nameID = subjectNameID.getValue();			
+			String random = Random.nextLongRandom();		
 			try {
 				MessageDigest md = MessageDigest.getInstance("SHA-1");
 				byte[] hash = md.digest((random).getBytes("ISO-8859-1"));			
-- 
cgit v1.2.3


From 58c2bcfcdc9bccb417dae80b0bfefc3713e2cd7c Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 21 Mar 2016 10:03:12 +0100
Subject: fix wrong PVP redirect service-endpoint

---
 .../at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java   | 2 +-
 .../egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java | 8 +++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index eec1ccb78..3eaa332c7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -243,7 +243,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController  {
 			//get POST-Binding decoder implementation
 			InboundMessage msg = (InboundMessage) new RedirectBinding().decode(
 					req, resp, MOAMetadataProvider.getInstance(), false,
-					new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(pendingReq.getAuthURL())));
+					new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService(pendingReq.getAuthURL())));
 			pendingReq.setRequest(msg);
 			
 			//preProcess Message
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
index 6080f8a33..7bb64a106 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
@@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
 
 import org.opensaml.common.binding.decoding.URIComparator;
 
+import at.gv.egovernment.moa.logging.Logger;
+
 public class MOAURICompare implements URIComparator {
 
 	/**
@@ -40,8 +42,12 @@ public class MOAURICompare implements URIComparator {
 		if (this.serviceURL.equals(uri1))		
 			return true;
 		
-		else
+		else {
+			Logger.warn("PVP request destination-endpoint: " + uri1 
+					+ " does not match to IDP endpoint:" + serviceURL);
 			return false;
+			
+		}
 	}
 
 }
-- 
cgit v1.2.3


From 9530f4dc07e8328a2f54d921d248e797dac54b6a Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 21 Mar 2016 10:06:28 +0100
Subject: remove unused constans

---
 .../java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java | 5 -----
 1 file changed, 5 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 3eaa332c7..2cb62b993 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -114,12 +114,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController  {
 	public static final String METADATA = "Metadata";
 	public static final String ATTRIBUTEQUERY = "AttributeQuery";
 	public static final String SINGLELOGOUT = "SingleLogOut";
-
-	public static final String ENDPOINT_IDP = "idp";
-	public static final String ENDPOINT_SP = "sp";
 	
-	public static final String PARAMETER_ENDPOINT = "endpointtype";
-		
 	public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
 			new String[] {
 					PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME
-- 
cgit v1.2.3


From 5ce6653606098ae346257cb477f67b9e204ab04f Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 21 Mar 2016 10:16:45 +0100
Subject: fix typo

---
 .../gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index 7278c9c6c..279038967 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -183,7 +183,7 @@ public class RedirectBinding implements IDecoder, IEncoder {
 			}
 			
 			if (metadataProvider instanceof IMOARefreshableMetadataProvider) {
-				Logger.debug("PVP2X message validation FAILED. Relead metadata for entityID: " + messageContext.getPeerEntityId());
+				Logger.debug("PVP2X message validation FAILED. Reload metadata for entityID: " + messageContext.getInboundMessageIssuer());
 				if (!((IMOARefreshableMetadataProvider) metadataProvider).refreshMetadataProvider(messageContext.getInboundMessageIssuer()))
 					throw e;
 				
-- 
cgit v1.2.3


From f6d265549193e3db5ce574d33425d06e738a025c Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 21 Mar 2016 10:55:51 +0100
Subject: fix problem with entityID in single logout functionality

---
 .../moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java         | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index c793b5dee..e5c897aa6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -77,6 +77,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
@@ -232,7 +233,7 @@ public class SingleLogOutBuilder {
 
 		DateTime now = new DateTime();
 		Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
-		issuer.setValue(sloInfo.getAuthURL());
+		issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(sloInfo.getAuthURL()));
 		issuer.setFormat(NameID.ENTITY);
 		sloReq.setIssuer(issuer);		
 		sloReq.setIssueInstant(now);
@@ -321,7 +322,8 @@ public class SingleLogOutBuilder {
 	private LogoutResponse buildBasicResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException, MOAIDException {
 		LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class);		
 		Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);		
-		issuer.setValue(spRequest.getAuthURLWithOutSlash());
+		issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(
+				spRequest.getAuthURLWithOutSlash()));
 		issuer.setFormat(NameID.ENTITY);
 		sloResp.setIssuer(issuer);		
 		sloResp.setIssueInstant(new DateTime());		
-- 
cgit v1.2.3


From 20afefb3ffcfd9381c286653f310fbc3b989c512 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 21 Mar 2016 10:56:30 +0100
Subject: fix some problems with logging and error codes

---
 id/server/doc/handbook/protocol/protocol.html         |  8 ++++++++
 .../moa/id/protocols/pvp2x/PVP2XProtocol.java         | 17 +++++++++++++----
 .../pvp2x/signer/AbstractCredentialProvider.java      | 19 ++++++++++---------
 .../signer/CredentialsNotAvailableException.java      |  5 +++++
 .../resources/properties/id_messages_de.properties    |  3 +++
 .../protocol_response_statuscodes_de.properties       |  7 ++++++-
 .../tasks/ReceiveElgaMandateResponseTask.java         | 14 +++++++++++---
 7 files changed, 56 insertions(+), 17 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html
index 3b31dbfc0..8e0260a38 100644
--- a/id/server/doc/handbook/protocol/protocol.html
+++ b/id/server/doc/handbook/protocol/protocol.html
@@ -851,6 +851,14 @@ Redirect Binding</td>
     <td>9007</td>
     <td>Der SZR-Gateway Client konnte nicht initialisiert werden.</td>
   </tr>
+  <tr>
+    <td>9008</td>
+    <td>Fehler beim Verarbeiten eines Konfigurationsparameters.</td>
+  </tr>
+  <tr>
+    <td>9099</td>
+    <td>Allgemeiner Konfigurationsfehler</td>
+  </tr>
 </table>
 <h5><a name="statuscodes_91xxx" id="allgemeines_zugangspunkte15"></a>1.3.4.2 Interne Fehler (91xxx)</h5>
 <table class="configtable">
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 2cb62b993..bca080ba6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -203,12 +203,15 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController  {
 			String samlRequest = req.getParameter("SAMLRequest");			
 			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
 			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+		
+		} catch (MOAIDException e) {
+			throw e;
 			
 		} catch (Throwable e) {			
 			String samlRequest = req.getParameter("SAMLRequest");			
 			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
 						
-			throw new MOAIDException(e.getMessage(), new Object[] {});
+			throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()});
 		}					
 	}
 	
@@ -254,11 +257,14 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController  {
 			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
 			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
 			
+		} catch (MOAIDException e) {
+			throw e;
+						
 		} catch (Throwable e) {			
 			String samlRequest = req.getParameter("SAMLRequest");			
 			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
 						
-			throw new MOAIDException(e.getMessage(), new Object[] {});
+			throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()});
 		}					
 	}
 	
@@ -304,12 +310,15 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController  {
 			String samlRequest = req.getParameter("SAMLRequest");			
 			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
 			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
-			
+		
+		} catch (MOAIDException e) {
+			throw e;
+						
 		} catch (Throwable e) {			
 			String samlRequest = req.getParameter("SAMLRequest");			
 			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
 						
-			throw new MOAIDException(e.getMessage(), new Object[] {});
+			throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()});
 		}					
 	}
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
index 4c9a1e59f..bf4cfd480 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
@@ -121,15 +121,15 @@ public abstract class AbstractCredentialProvider {
 			credentials.setUsageType(UsageType.SIGNING);
 			if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
 				Logger.error(getFriendlyName() + " Metadata Signing credentials is not found or contains no PrivateKey.");
-				throw new CredentialsNotAvailableException(getFriendlyName() + " Assertion Signing credentials (Alias: "
-						+ getMetadataKeyAlias() + ") is not found or contains no PrivateKey.", null);
+				throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: "
+						+ getMetadataKeyAlias() + ") is not found or contains no PrivateKey."});
 				
 			}
 			return credentials;
 		} catch (Exception e) {
 			Logger.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials");
 			e.printStackTrace();
-			throw new CredentialsNotAvailableException(e.getMessage(), null);
+			throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
 		}
 	}
 
@@ -146,8 +146,8 @@ public abstract class AbstractCredentialProvider {
 			credentials.setUsageType(UsageType.SIGNING);
 			if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
 				Logger.error(getFriendlyName() + " Assertion Signing credentials is not found or contains no PrivateKey.");
-				throw new CredentialsNotAvailableException(getFriendlyName() + " Assertion Signing credentials (Alias: "
-						+ getSignatureKeyAlias() + ") is not found or contains no PrivateKey.", null);
+				throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: "
+						+ getSignatureKeyAlias() + ") is not found or contains no PrivateKey."});
 				
 			}
 			
@@ -155,7 +155,7 @@ public abstract class AbstractCredentialProvider {
 		} catch (Exception e) {
 			Logger.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials");
 			e.printStackTrace();
-			throw new CredentialsNotAvailableException(e.getMessage(), null);
+			throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
 		}
 	}
 	
@@ -177,16 +177,17 @@ public abstract class AbstractCredentialProvider {
 			
 			if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
 				Logger.error(getFriendlyName() + " Assertion Encryption credentials is not found or contains no PrivateKey.");
-				throw new CredentialsNotAvailableException(getFriendlyName() + " Assertion Encryption credentials (Alias: "
-						+ getEncryptionKeyAlias() + ") is not found or contains no PrivateKey.", null);
+				throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Encryption credentials (Alias: "
+						+ getEncryptionKeyAlias() + ") is not found or contains no PrivateKey."});
 				
 			}
 			
 			return (X509Credential) credentials;
+			
 		} catch (Exception e) {
 			Logger.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials");
 			e.printStackTrace();
-			throw new CredentialsNotAvailableException(e.getMessage(), null);
+			throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
 		}
 	}
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
index 1e1c37621..85de666c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
@@ -31,6 +31,11 @@ public class CredentialsNotAvailableException extends MOAIDException {
 		super(messageId, parameters);
 	}
 
+	public CredentialsNotAvailableException(String messageId,
+			Object[] parameters, Throwable e) {
+		super(messageId, parameters, e);
+	}
+	
 	/**
 	 * 
 	 */
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index c47ec2477..9986d5679 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -87,6 +87,7 @@ config.23=Fehler beim initialisieren von OpenSAML
 config.24=MOA-ID-Auth Configfile {1} does not start with {0} prefix.
 config.25=Der verwendete IDP PublicURLPrefix {0} ist nicht erlaubt. 
 config.26=Federated IDP {0} contains no AttributeQuery URL.
+config.27=Fehler beim Verarbeiten eines Konfigurationsparameters. Msg:{0} 
 
 parser.00=Leichter Fehler beim Parsen: {0}
 parser.01=Fehler beim Parsen: {0}
@@ -279,6 +280,7 @@ pvp2.20=F\u00FCr die im Request angegebene EntityID konnten keine g\u00FCltigen
 pvp2.21=Die Signature des Requests konnte nicht g\u00FCltig validiert werden.  
 pvp2.22=Der Request konnte nicht g\u00FCltig validiert werden (Fehler\={0}).
 pvp2.23={0} ist keine gueltige AssertionConsumerServiceURL oder entspricht nicht den Metadaten.
+pvp2.24=Der Request konnte nicht verarbeitet werden (Fehler\={0}).
 
 
 ##add status codes!!!!
@@ -294,6 +296,7 @@ sp.pvp2.08=Receive invalid PVP Response from {0}. Response issuer {1} is not val
 sp.pvp2.09=Receive invalid PVP Response from {0} {1}. StatusCodes:{2} {3} Msg:{4}
 sp.pvp2.10=Receive invalid PVP Response from {0}. No valid assertion included.
 sp.pvp2.11=Receive invalid PVP Response from {0}. Assertion decryption FAILED.
+sp.pvp2.12=Receive invalid PVP Response from {0}. Msg:{1}
 
 oauth20.01=Fehlerhafte redirect url
 oauth20.02=Fehlender oder ung\u00FCltiger Parameter "{0}"
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index 581037a29..f97ebeeca 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -66,7 +66,8 @@ config.22=9008
 config.23=9199
 config.24=9199
 config.25=9199
-config.26=TODO
+config.26=9099
+config.27=9008
 
 parser.00=1101
 parser.01=1101
@@ -114,6 +115,7 @@ sp.pvp2.08=4502
 sp.pvp2.09=4503
 sp.pvp2.10=4502
 sp.pvp2.11=4502
+sp.pvp2.12=4502
  
 validator.00=1102
 validator.01=1102
@@ -222,6 +224,9 @@ pvp2.17=6102
 pvp2.20=6103
 pvp2.21=6104
 pvp2.22=6105
+pvp2.23=6105
+pvp2.24=6105
+
 
 oauth20.01=6200
 oauth20.06=1000
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
index f976793b8..c2ca69238 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
@@ -179,12 +179,20 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 			String samlRequest = request.getParameter("SAMLRequest");			
 			Logger.warn("Receive INVALID PVP Response from ELGA mandate-service: " + samlRequest, e);
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED);
-			throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from ELGA mandate-service", e);
+			throw new TaskExecutionException(pendingReq, 
+					"Receive INVALID PVP Response from ELGA mandate-service", 
+					new AuthnResponseValidationException("sp.pvp2.12", 
+							new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, 
+							e));
 
 		} catch (IOException | MarshallingException | TransformerException e) {
 			Logger.warn("Processing PVP response from ELGA mandate-service FAILED.", e);
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED);
-			throw new TaskExecutionException(pendingReq, "Processing PVP response from ELGA mandate-service FAILED.", e);
+			throw new TaskExecutionException(pendingReq, 
+					"Processing PVP response from ELGA mandate-service FAILED.", 
+					new AuthnResponseValidationException("sp.pvp2.12", 
+							new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, e.getMessage()}, 
+							e));
 			
 		} catch (CredentialsNotAvailableException e) {
 			Logger.error("ELGA mandate-service: PVP response decrytion FAILED. No credential found.", e);
@@ -195,7 +203,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 			Logger.info("ELGA mandate-service: PVP response validation FAILED. Msg:" + e.getMessage());
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getMessageId());
 			throw new TaskExecutionException(pendingReq, "ELGA mandate-service: PVP response validation FAILED.", e);
-									
+		
 		} catch (Exception e) {
 			Logger.info("ELGA mandate-service: General Exception. Msg:" + e.getMessage());
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED);
-- 
cgit v1.2.3


From 328c1dc9f22623f6e7cdf1c23dd104c10011ee91 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 21 Mar 2016 12:00:33 +0100
Subject: add missing PVP attribute 'mandate-type-oid'

---
 .../attributes/MandateTypeOIDAttributeBuilder.java | 59 ++++++++++++++++++++++
 .../moa/id/protocols/pvp2x/PVPConstants.java       |  5 ++
 ....protocols.builder.attributes.IAttributeBuilder |  1 +
 3 files changed, 65 insertions(+)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
new file mode 100644
index 000000000..80d330172
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
@@ -0,0 +1,59 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
+
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class MandateTypeOIDAttributeBuilder implements IPVPAttributeBuilder {
+	
+	public String getName() {
+		return MANDATE_TYPE_OID_NAME;
+	}
+	
+	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeException {
+		if (authData.isUseMandate()) {						
+			//get PVP attribute directly, if exists 
+			String mandateType = authData.getGenericData(MANDATE_TYPE_OID_NAME, String.class);
+			
+			if (MiscUtil.isEmpty(mandateType)) {
+				Logger.info("MIS Mandate does not include 'Mandate-Type OID'.");
+				return null;
+				
+			}
+				
+			return g.buildStringAttribute(MANDATE_TYPE_OID_FRIENDLY_NAME, MANDATE_TYPE_OID_NAME, mandateType);
+		}
+		return null;
+		
+	}
+	
+	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+		return g.buildEmptyAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME);
+	}
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index c2b61aaa7..eaddd0789 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -190,6 +190,11 @@ public interface PVPConstants {
 	public static final String MANDATE_TYPE_FRIENDLY_NAME = "MANDATE-TYPE";
 	public static final int MANDATE_TYPE_MAX_LENGTH = 256;
 	
+	public static final String MANDATE_TYPE_OID_OID = "1.2.40.0.10.2.1.1.261.106";
+	public static final String MANDATE_TYPE_OID_NAME = URN_OID_PREFIX + MANDATE_TYPE_OID_OID;
+	public static final String MANDATE_TYPE_OID_FRIENDLY_NAME = "MANDATE-TYPE-OID";
+	public static final int MANDATE_TYPE_OID_MAX_LENGTH = 256;
+	
 	public static final String MANDATE_NAT_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.70";
 	public static final String MANDATE_NAT_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_OID;
 	public static final String MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN";
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
index 8e5d6ee3c..d40be32f5 100644
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
@@ -26,6 +26,7 @@ at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepDescAttribut
 at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepOIDAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeOIDAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.PrincipalNameAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.PVPVersionAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey
-- 
cgit v1.2.3


From 402cfcf7e5a8f3bb040ebe9fae5904c202e1e94f Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 21 Mar 2016 12:14:09 +0100
Subject: Change default PVP assertion encryption-algorithm to AES256-CBC

---
 .../java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index eaddd0789..73d6e978e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -31,7 +31,7 @@ public interface PVPConstants {
 	
 	public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
 	public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256;
-	public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128;
+	public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
 	public static final String DEFAULT_ASYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP;
 	
 	
-- 
cgit v1.2.3


From f1c588836f613209984c15a761d65b20c66ca4e9 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 21 Mar 2016 13:29:52 +0100
Subject: add missing error codes

---
 id/server/doc/handbook/protocol/protocol.html      |  4 ++
 .../auth/exception/MOAIllegalStateException.java   | 46 +++++++++++++++++++
 .../AbstractProcessEngineSignalController.java     |  7 ++-
 .../resources/properties/id_messages_de.properties |  1 +
 .../protocol_response_statuscodes_de.properties    |  1 +
 .../id/commons/api/exceptions/MOAIDException.java  | 52 ----------------------
 .../oauth20/exceptions/OAuth20Exception.java       |  6 +--
 7 files changed, 60 insertions(+), 57 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIllegalStateException.java

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html
index 8e0260a38..ff7921ad5 100644
--- a/id/server/doc/handbook/protocol/protocol.html
+++ b/id/server/doc/handbook/protocol/protocol.html
@@ -886,6 +886,10 @@ Redirect Binding</td>
     <td>9104</td>
     <td>Fehler bei der Auswahl oder Initialisierung des gew&uuml;nschten Anmeldeprozesses</td>
   </tr>
+  <tr>
+    <td>9105</td>
+    <td>Fehler bei der Fortf&uuml;hrung des Anmeldeprozesses</td>
+  </tr>
   <tr>
     <td>9199</td>
     <td>Allgemeiner interner Fehler</td>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIllegalStateException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIllegalStateException.java
new file mode 100644
index 000000000..bc19a3f39
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIllegalStateException.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.exception;
+
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAIllegalStateException extends MOAIDException {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 613582783125887683L;
+	
+	/**
+	 * 
+	 */
+	public MOAIllegalStateException(String code, Object[] params) {
+		super(code, params);
+		
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
index a23938f97..f22c82e95 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
@@ -9,6 +9,7 @@ import org.apache.commons.lang.StringEscapeUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 
 import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
+import at.gv.egovernment.moa.id.auth.exception.MOAIllegalStateException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -30,7 +31,8 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont
 		
 		try {	
 			if (pendingRequestID == null) {
-				throw new IllegalStateException("Unable to determine MOA pending-request id.");
+				throw new MOAIllegalStateException("process.03", new Object[]{"Unable to determine MOA pending-request id."});
+				
 			}
 			
 			IRequest pendingReq = requestStorage.getPendingRequest(pendingRequestID);
@@ -49,7 +51,8 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont
 			
 			// process instance is mandatory
 			if (pendingReq.getProcessInstanceId() == null) {
-				throw new IllegalStateException("MOA session does not provide process instance id.");
+				throw new MOAIllegalStateException("process.03", new Object[]{"MOA session does not provide process instance id."});
+				
 			}
 
 			// wake up next task
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 9986d5679..a579dd80b 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -315,3 +315,4 @@ slo.02=Es wurde keine aktive SSO Session gefunden oder Sie sind bei keiner Onlin
 
 process.01=Fehler beim Ausf\u00FChren des Prozesses.
 process.02=Fehler beim Erstellen eines geeigneten Prozesses f\u00FCr die SessionID {0}.
+process.03=Fehler beim Weiterführen es Prozesses. Msg:{0}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index f97ebeeca..653e073a2 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -102,6 +102,7 @@ service.10=4500
 
 process.01=9104
 process.02=9104
+process.03=9105
  
 sp.pvp2.00=4501
 sp.pvp2.01=4501
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java
index 955b0f5ea..6841be92b 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/exceptions/MOAIDException.java
@@ -49,16 +49,7 @@ package at.gv.egovernment.moa.id.commons.api.exceptions;
 import java.io.PrintStream;
 import java.io.PrintWriter;
 
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.w3c.dom.DOMImplementation;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
-import at.gv.egovernment.moa.util.Constants;
 
 /**
  * Base class of technical MOA exceptions.
@@ -176,47 +167,4 @@ public Object[] getParameters() {
 	return parameters;
 }
 
-/**
-   * Convert this <code>MOAIDException</code> to an <code>ErrorResponse</code>
-   * element from the MOA namespace.
-   * 
-   * @return An <code>ErrorResponse</code> element, containing the subelements
-   * <code>ErrorCode</code> and <code>Info</code> required by the MOA schema.
-   */
-  public Element toErrorResponse() {
-    DocumentBuilder builder;
-    DOMImplementation impl;
-    Document doc;
-    Element errorResponse;
-    Element errorCode;
-    Element info;
-
-    // create a new document
-    try {
-      builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
-      impl = builder.getDOMImplementation();
-    } catch (ParserConfigurationException e) {
-      return null;
-    }
-
-    // build the ErrorResponse element
-    doc = impl.createDocument(Constants.MOA_NS_URI, "ErrorResponse", null);
-    errorResponse = doc.getDocumentElement();
-
-    // add MOA namespace declaration
-    errorResponse.setAttributeNS(
-      Constants.XMLNS_NS_URI,
-      "xmlns",
-      Constants.MOA_NS_URI);
-
-    // build the child elements    
-    errorCode = doc.createElementNS(Constants.MOA_NS_URI, "ErrorCode");
-    errorCode.appendChild(doc.createTextNode(messageId));
-    info = doc.createElementNS(Constants.MOA_NS_URI, "Info");
-    info.appendChild(doc.createTextNode(toString()));
-    errorResponse.appendChild(errorCode);
-    errorResponse.appendChild(info);
-    return errorResponse;
-  }
-
 }
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java
index d7fecd1b5..5dc36868b 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java
@@ -22,9 +22,9 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
 
-import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 
-public class OAuth20Exception extends RuntimeException {
+public class OAuth20Exception extends MOAIDException {
 	
 	private static final long serialVersionUID = 1L;
 	
@@ -33,7 +33,7 @@ public class OAuth20Exception extends RuntimeException {
 	private String errorCode;
 	
 	public OAuth20Exception(final String errorCode, final String messageId, final Object[] parameters) {
-		super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
+		super(messageId, parameters);
 		this.errorCode = errorCode;
 		this.messageId = messageId;
 	}
-- 
cgit v1.2.3


From f7361a2d7964c73873e699cfe9b971fe57704cb6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 21 Mar 2016 13:37:59 +0100
Subject: fix compilation problem

---
 .../moa/id/auth/exception/InvalidProtocolRequestException.java        | 3 +++
 .../moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java         | 2 +-
 .../moa/id/protocols/oauth20/protocol/OAuth20Protocol.java            | 4 ++--
 3 files changed, 6 insertions(+), 3 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java
index 712d90fd8..c6b8a4b6e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java
@@ -43,4 +43,7 @@ public class InvalidProtocolRequestException extends MOAIDException {
 		super(messageId, parameters);
 	}
 
+	public InvalidProtocolRequestException(String messageId, Object[] parameters, Throwable e) {
+		super(messageId, parameters, e);
+	}
 }
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
index 88669bd90..3ab283db5 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -94,7 +94,7 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 		this.checkAllowedParameters(request);
 	}
 	
-	private void checkAllowedParameters(final HttpServletRequest request) {
+	private void checkAllowedParameters(final HttpServletRequest request) throws OAuth20WrongParameterException {
 		Logger.debug("Going to check for allowed parameters");
 		this.allowedParameters.add(OAuth20Constants.PARAM_MOA_ACTION);
 		this.allowedParameters.add(OAuth20Constants.PARAM_MOA_MOD);
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 2f8c43e23..e6ccc67b7 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -81,7 +81,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController {
 			
 		} catch (OAuth20Exception e) {
 			Logger.info("OpenID-Connect request has a validation error: " + e.getMessage());
-			throw new InvalidProtocolRequestException(e.getMessage(), null);
+			throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), e);
 			
 		}
 		
@@ -115,7 +115,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController {
 			
 		} catch (OAuth20Exception e) {
 			Logger.info("OpenID-Connect request has a validation error: " + e.getMessage());
-			throw new InvalidProtocolRequestException(e.getMessage(), null);
+			throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), e);
 			
 		}
 				
-- 
cgit v1.2.3


From 8746e1a7e3e4a3d19922acf81a952bf27618989f Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 21 Mar 2016 13:55:13 +0100
Subject: update default revisions log entries

---
 .../moa/id/advancedlogging/MOAReversionLogger.java | 40 ++++++++++++++++++----
 .../tasks/ReceiveElgaMandateResponseTask.java      | 12 +++++++
 2 files changed, 45 insertions(+), 7 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index 4620a5c6b..6fa07a098 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -49,6 +49,9 @@ public class MOAReversionLogger {
 	
 	@Autowired protected AuthConfiguration authConfig;
 	
+	public static final String NAT_PERSON = "nat";
+	public static final String JUR_PERSON = "jur";
+	
 	private static final List<Integer> defaultEventCodes = Arrays.asList(
 			MOAIDEventConstants.SESSION_CREATED, 
 			MOAIDEventConstants.SESSION_DESTROYED,
@@ -60,6 +63,11 @@ public class MOAReversionLogger {
 			MOAIDEventConstants.AUTHPROTOCOL_TYPE,
 			MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA,
 			
+			MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER,
+			MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION,
+			MOAIDEventConstants.AUTHPROCESS_STORK_REQUESTED,
+			MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED,
+			
 			MOAIDEventConstants.AUTHPROCESS_START,
 			MOAIDEventConstants.AUTHPROCESS_FINISHED,
 			MOAIDEventConstants.AUTHPROCESS_BKU_URL,
@@ -67,10 +75,28 @@ public class MOAReversionLogger {
 			MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED,
 			MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED,
 			MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED,
+									
+			MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_SERVICE_REQUESTED,
+			MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED,
+			MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED,
+			MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED_IP,
+			
+			MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND,
+			MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED,
+			MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED,
+			MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED,
+			MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED,
+			
+			MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED,
+			MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT,
+			MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED,
+			
 			MOAIDEventConstants.AUTHPROCESS_SSO,
-			MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION,
-			MOAIDEventConstants.AUTHPROCESS_STORK_REQUESTED,
-			MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER
+			MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_START,
+			MOAIDEventConstants.AUTHPROCESS_SSO_ASK_USER_FINISHED,
+			MOAIDEventConstants.AUTHPROCESS_SSO_INVALID
+			
+
 	);
 			
 	public void logEvent(IOAAuthParameters oaConfig, 
@@ -159,7 +185,7 @@ public class MOAReversionLogger {
 			
 			if (jaxBMandate.getMandator().getCorporateBody() != null) {
 				logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE, 
-						"jur");
+						JUR_PERSON);
 				try {
 					String jurBaseID = jaxBMandate.getMandator().getCorporateBody().getIdentification().get(0).getType() 
 							+ "+" + jaxBMandate.getMandator().getCorporateBody().getIdentification().get(0).getId();				
@@ -173,7 +199,7 @@ public class MOAReversionLogger {
 				
 			} else {
 				logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE, 
-						"nat");
+						NAT_PERSON);
 				logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH, 
 						buildPersonInformationHash(
 								jaxBMandate.getMandator().getPhysicalPerson().getName().getGivenName().get(0), 
@@ -182,7 +208,7 @@ public class MOAReversionLogger {
 			}
 		}
 	}
-
+	
 	/**
 	 * @param pendingReq
 	 * @param identityLink
@@ -209,7 +235,7 @@ public class MOAReversionLogger {
 		return OASpecificEventCodes;
 	}
 	
-	private String buildPersonInformationHash(String givenName, String familyName, String dateofBirth) {
+	public String buildPersonInformationHash(String givenName, String familyName, String dateofBirth) {
 		
 		// {"hash":"hashvalue","salt":"testSalt"}
 		// {"person":{"givenname":"value","familyname":"value","dateofbirth":"value"},"salt":"saltvalue"}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
index c2ca69238..8960041f5 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
@@ -38,6 +38,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
@@ -172,6 +173,17 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 						
 			//write revisions log entry
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED);
+
+			//write mandate info's to revisions log
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_TYPE, 
+									 extractor.getSingleAttributeValue(PVPConstants.MANDATE_TYPE_NAME));
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE, 
+									 MOAReversionLogger.NAT_PERSON);
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH, 
+									  revisionsLogger.buildPersonInformationHash(
+											 extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME), 
+											 extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME), 
+											 extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME)));						
 			
 			Logger.info("Receive a valid assertion from ELGA mandate-service " + msg.getEntityID()); 
 											
-- 
cgit v1.2.3


From 54a26c8e353069abacefe5232f8270bec6b3cc60 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 21 Mar 2016 15:49:24 +0100
Subject: update libs

---
 id/moa-spss-container/pom.xml                      |   8 +-
 id/server/idserverlib/pom.xml                      |   4 +-
 .../moa/id/config/ConfigurationProviderImpl.java   |   2 -
 .../moa/id/protocols/pvp2x/SingleLogOutAction.java |   3 +-
 .../storage/DBAuthenticationSessionStoreage.java   |  29 +--
 .../moa/id/util/AxisSecureSocketFactory.java       | 258 ---------------------
 .../main/resources/moaid.configuration.beans.xml   |   6 +-
 id/server/moa-id-commons/pom.xml                   |   8 +-
 .../id/commons/db/dao/session/AssertionStore.java  |   4 +-
 .../db/dao/session/AuthenticatedSessionStore.java  |   4 +-
 .../id/commons/db/dao/session/ExceptionStore.java  | 125 ----------
 .../dao/session/InterfederationSessionStore.java   |   4 +-
 .../id/commons/db/dao/session/OASessionStore.java  |   4 +-
 .../db/dao/session/OldSSOSessionIDStore.java       |   4 +-
 .../id/commons/db/dao/statistic/StatisticLog.java  |   4 +-
 .../src/main/resources/moaid.migration.beans.xml   |   6 +-
 pom.xml                                            |  46 ++--
 .../moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar      | Bin 0 -> 380513 bytes
 18 files changed, 68 insertions(+), 451 deletions(-)
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/ExceptionStore.java
 create mode 100644 repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar

(limited to 'id/server/idserverlib/src')

diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml
index 1f7cb673f..fb08989b4 100644
--- a/id/moa-spss-container/pom.xml
+++ b/id/moa-spss-container/pom.xml
@@ -68,12 +68,12 @@
 			<artifactId>iaik_X509TrustManager</artifactId>
 		</dependency>
 		
-		<dependency>
+<!-- 		<dependency>
 			<groupId>axis</groupId>
 			<artifactId>axis</artifactId>
-		</dependency>
+		</dependency> -->
 
-		<dependency>
+<!-- 		<dependency>
 			<groupId>axis</groupId>
 			<artifactId>axis</artifactId>
 		</dependency>
@@ -84,7 +84,7 @@
 		<dependency>
 			<groupId>org.apache.axis</groupId>
 			<artifactId>axis-saaj</artifactId>
-		</dependency>
+		</dependency> -->
 		<dependency>
 			<groupId>commons-discovery</groupId>
 			<artifactId>commons-discovery</artifactId>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 1c8d89fb4..b226f01b3 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -182,11 +182,11 @@
 		</dependency>
 		
 		<!-- Required for MOA-SPSS API access -->
-		<dependency>
+<!-- 		<dependency>
 			<groupId>com.sun.xml.rpc</groupId>
 			<artifactId>jaxrpc-impl</artifactId>
 			<version>1.1.3_01</version>
-		</dependency>
+		</dependency> -->
 		
 		
 		<dependency>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
index db6ff8d9b..395aeaadb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
@@ -57,7 +57,6 @@ import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
 import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
-import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
@@ -221,7 +220,6 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider
 					config.addAnnotatedClass(AuthenticatedSessionStore.class);
 					config.addAnnotatedClass(OASessionStore.class);
 					config.addAnnotatedClass(OldSSOSessionIDStore.class);
-					config.addAnnotatedClass(ExceptionStore.class);
 					config.addAnnotatedClass(InterfederationSessionStore.class);
 					config.addAnnotatedClass(ProcessInstanceStore.class);
 					config.addProperties(moaSessionProp);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index ae88f3ea4..dfe9ecb49 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -34,6 +34,7 @@ import org.hibernate.HibernateException;
 import org.hibernate.Query;
 import org.hibernate.Session;
 import org.hibernate.Transaction;
+import org.hibernate.resource.transaction.spi.TransactionStatus;
 import org.opensaml.saml2.core.LogoutRequest;
 import org.opensaml.saml2.core.LogoutResponse;
 import org.opensaml.saml2.metadata.SingleLogoutService;
@@ -274,7 +275,7 @@ public class SingleLogOutAction implements IAction {
 					throw new AuthenticationException("pvp2.13", new Object[]{});
 
 				} finally {
-					if (tx != null && !tx.wasCommitted()) {
+					if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED)) {
 						tx.commit();
 						
 					}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
index 43b4ecf17..094e25040 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
@@ -32,6 +32,7 @@ import org.hibernate.HibernateException;
 import org.hibernate.Query;
 import org.hibernate.Session;
 import org.hibernate.Transaction;
+import org.hibernate.resource.transaction.spi.TransactionStatus;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
@@ -231,7 +232,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			  }
 			  
 		  } catch (Exception e) {
-			  if (tx != null && !tx.wasCommitted())
+			  if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
 				  tx.rollback();
 			  throw e;
 			  
@@ -321,7 +322,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			 
 			  }
 		  } catch (Exception e) {
-			  if (tx != null && !tx.wasCommitted())
+			  if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
 				  tx.rollback();
 			  throw e;
 		  }
@@ -371,7 +372,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 				  return result.get(0);
 			  }
 		  } catch (Exception e) {
-			  if (tx != null && !tx.wasCommitted())
+			  if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
 				  tx.rollback();
 			  throw e;
 		  }
@@ -477,7 +478,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			
 		} catch(HibernateException e) {
 	  		Logger.warn("Error during database saveOrUpdate. Rollback.", e);
-	  		if (tx != null && !tx.wasCommitted())
+	  		if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
 	  			tx.rollback();
 	  		throw new AuthenticationException("SSO Session information can not be stored!  --> SSO is deactivated", null);	
 	  	}
@@ -504,7 +505,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			
 		} catch (Exception e) {
 			if (session != null && session.getTransaction() != null 
-					&& !session.getTransaction().wasCommitted()) {
+					&& !session.getTransaction().getStatus().equals(TransactionStatus.COMMITTED)) {
 				session.getTransaction().rollback();
 				throw e;
 				
@@ -534,7 +535,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			
 		} catch (Exception e) {
 			if (session != null && session.getTransaction() != null 
-					&& !session.getTransaction().wasCommitted()) {
+					&& !session.getTransaction().getStatus().equals(TransactionStatus.COMMITTED)) {
 				session.getTransaction().rollback();
 				throw e;
 				
@@ -583,7 +584,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			return null;
 			
 		} catch (Exception e) {
-			if (tx != null && !tx.wasCommitted())
+			if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
 				tx.rollback();
 			throw e;
 		}
@@ -626,7 +627,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			  return  result.get(0).getActiveOAsessions().get(0);
 			  
 		  } catch (Exception e) {
-				if (tx != null && !tx.wasCommitted())
+				if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
 					tx.rollback();
 				throw e;
 			}
@@ -665,7 +666,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 											
 		} catch (Throwable e) {
 			Logger.warn("MOASession deserialization-exception by using MOASessionID=" + nameID);			
-			if (tx != null && !tx.wasCommitted())
+			if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
 				tx.rollback();
 			return null;
 		}
@@ -702,7 +703,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			  
 			  return result.get(0).getInderfederation().get(0);
 		} catch (Exception e) {
-			if (tx != null && !tx.wasCommitted())
+			if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
 				tx.rollback();
 			throw e;
 		}	
@@ -740,7 +741,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			  
 			  return result.get(0).getInderfederation().get(0);
 		  } catch (Exception e) {
-				if (tx != null && !tx.wasCommitted())
+				if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
 					tx.rollback();
 				throw e;
 		  }	
@@ -856,7 +857,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			  
 			  return result.get(0).getInderfederation().get(0);
 		} catch (Exception e) {
-			if (tx != null && !tx.wasCommitted())
+			if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
 				tx.rollback();
 			throw e;
 		}	
@@ -948,7 +949,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			}
 			
 		} catch (Exception e) {
-			if (tx != null && !tx.wasCommitted())
+			if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED))
 				tx.rollback();
 			throw e;
 		}	
@@ -1018,7 +1019,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			  return (AuthenticatedSessionStore) result.get(0);
 			  
 		  } catch (Exception e) {
-				if (tx != null && !tx.wasCommitted() && commit)
+				if (tx != null && !tx.getStatus().equals(TransactionStatus.COMMITTED) && commit)
 					tx.rollback();
 				throw e;
 		}	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java
deleted file mode 100644
index fff5fac96..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java
+++ /dev/null
@@ -1,258 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.util;
-
-import java.io.BufferedWriter;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.OutputStreamWriter;
-import java.io.PrintWriter;
-import java.net.Socket;
-import java.security.GeneralSecurityException;
-import java.util.Hashtable;
-
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.SSLSocketFactory;
-
-import org.apache.axis.components.net.BooleanHolder;
-import org.apache.axis.components.net.DefaultSocketFactory;
-import org.apache.axis.components.net.SocketFactory;
-import org.apache.axis.components.net.TransportClientProperties;
-import org.apache.axis.components.net.TransportClientPropertiesFactory;
-import org.apache.axis.utils.Messages;
-import org.apache.axis.utils.XMLUtils;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Secure socket factory for Axis webs service clients of the MOA-ID component,
- * which are the MOA-SP calls from MOA-ID Auth, 
- * and the MOA-ID Auth calls from MOA-ID Proxy.
- * <br/>Use this initialization code:<br/>
- * <code>	// ConnectionParameter connParam = ... get from ConfigurationProvider
- * 	AxisSecureSocketFactory.initialize(connParam);</code>
- * <br/>See the Apache Axis documentation on how to configure this class
- * as the default secure socket factory to be used by Axis.
- * <br/>
- * This code has been copied from <code>JSSESocketFactory</code>, the
- * method <code>initialize()</code> has been added.
- * 
- * 
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class AxisSecureSocketFactory
-  extends DefaultSocketFactory implements SocketFactory {
-
-  /** Field sslFactory           */
-  private static SSLSocketFactory sslFactory;
-
-  /**
-   * Constructor for AxisSecureSocketFactory.
-   * @param attributes ???
-   */
-  public AxisSecureSocketFactory(Hashtable attributes) {
-    super(attributes);
-  }
-  /**
-   * Initializes the factory by setting the connection parameters to be used for
-   * setting the secure socket factory, and by setting the system property 
-   * <code>axis.socketSecureFactory</code>.
-   * @param ssf <code>SSLSocketFactory</code> to initialize with
-   */
-  public static void initialize(SSLSocketFactory ssf)
-    throws IOException, GeneralSecurityException {
-
-    Logger.debug("Initialize AxisSecureSocketFactory");
-    sslFactory = ssf;
-  }
-
-  /**
-   * creates a secure socket
-   *
-   * @param host
-   * @param port
-   * @param otherHeaders
-   * @param useFullURL
-   *
-   * @return Socket
-   * @throws Exception
-   */
-  public Socket create(
-    String host,
-    int port,
-    StringBuffer otherHeaders,
-    BooleanHolder useFullURL)
-    throws Exception {
-    if (port == -1) {
-      port = 443;
-    }
-
-    TransportClientProperties tcp =
-      TransportClientPropertiesFactory.create("https");
-
-    boolean hostInNonProxyList =
-      isHostInNonProxyList(host, tcp.getNonProxyHosts());
-
-    Socket sslSocket = null;
-    if (tcp.getProxyHost().length() == 0 || hostInNonProxyList) {
-      // direct SSL connection
-      sslSocket = sslFactory.createSocket(host, port);
-    }
-    else {
-
-      // Default proxy port is 80, even for https
-      int tunnelPort =
-        (tcp.getProxyPort().length() != 0)
-          ? Integer.parseInt(tcp.getProxyPort())
-          : 80;
-      if (tunnelPort < 0)
-        tunnelPort = 80;
-
-      // Create the regular socket connection to the proxy
-      Socket tunnel = new Socket(tcp.getProxyHost(), tunnelPort);
-
-      // The tunnel handshake method (condensed and made reflexive)
-      OutputStream tunnelOutputStream = tunnel.getOutputStream();
-      PrintWriter out =
-        new PrintWriter(
-          new BufferedWriter(new OutputStreamWriter(tunnelOutputStream)));
-
-      // More secure version... engage later?
-      // PasswordAuthentication pa =
-      // Authenticator.requestPasswordAuthentication(
-      // InetAddress.getByName(tunnelHost),
-      // tunnelPort, "SOCK", "Proxy","HTTP");
-      // if(pa == null){
-      // printDebug("No Authenticator set.");
-      // }else{
-      // printDebug("Using Authenticator.");
-      // tunnelUser = pa.getUserName();
-      // tunnelPassword = new String(pa.getPassword());
-      // }
-      out.print(
-        "CONNECT "
-          + host
-          + ":"
-          + port
-          + " HTTP/1.0\r\n"
-          + "User-Agent: AxisClient");
-      if (tcp.getProxyUser().length() != 0
-        && tcp.getProxyPassword().length() != 0) {
-
-        // add basic authentication header for the proxy
-        String encodedPassword =
-          XMLUtils.base64encode(
-            (tcp.getProxyUser() + ":" + tcp.getProxyPassword()).getBytes());
-
-        out.print("\nProxy-Authorization: Basic " + encodedPassword);
-      }
-      out.print("\nContent-Length: 0");
-      out.print("\nPragma: no-cache");
-      out.print("\r\n\r\n");
-      out.flush();
-      InputStream tunnelInputStream = tunnel.getInputStream();
-
-      if (log.isDebugEnabled()) {
-        log.debug(
-          Messages.getMessage(
-            "isNull00",
-            "tunnelInputStream",
-            "" + (tunnelInputStream == null)));
-      }
-      String replyStr = "";
-
-      // Make sure to read all the response from the proxy to prevent SSL negotiation failure
-      // Response message terminated by two sequential newlines
-      int newlinesSeen = 0;
-      boolean headerDone = false; /* Done on first newline */
-
-      while (newlinesSeen < 2) {
-        int i = tunnelInputStream.read();
-
-        if (i < 0) {
-          throw new IOException("Unexpected EOF from proxy");
-        }
-        if (i == '\n') {
-          headerDone = true;
-          ++newlinesSeen;
-        }
-        else if (i != '\r') {
-          newlinesSeen = 0;
-          if (!headerDone) {
-            replyStr += String.valueOf((char) i);
-          }
-        }
-      }
-      if (!replyStr.startsWith("HTTP/1.0 200")
-        && !replyStr.startsWith("HTTP/1.1 200")) {
-        throw new IOException(
-          Messages.getMessage(
-            "cantTunnel00",
-            new String[] { tcp.getProxyHost(), "" + tunnelPort, replyStr }));
-      }
-
-      // End of condensed reflective tunnel handshake method
-      sslSocket = sslFactory.createSocket(tunnel, host, port, true);
-      if (log.isDebugEnabled()) {
-        log.debug(
-          Messages.getMessage(
-            "setupTunnel00",
-            tcp.getProxyHost(),
-            "" + tunnelPort));
-      }
-    }
-
-    ((SSLSocket) sslSocket).startHandshake();
-    if (log.isDebugEnabled()) {
-      log.debug(Messages.getMessage("createdSSL00"));
-    }
-    return sslSocket;
-  }
-
-}
diff --git a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
index 5855fc766..9c27ba581 100644
--- a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
+++ b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
@@ -15,7 +15,7 @@
 		<constructor-arg value="#{systemProperties['moa.id.configuration']}"/>
 	</bean>
 	
-	<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" lazy-init="true" destroy-method="close">
+	<bean id="dataSource" class="org.apache.commons.dbcp2.BasicDataSource" lazy-init="true" destroy-method="close">
 		<aop:scoped-proxy/>
 		<property name="driverClassName" value="${configuration.hibernate.connection.driver_class}" />
 		<property name="url" value="${configuration.hibernate.connection.url}"/>
@@ -24,10 +24,10 @@
 				
 		<property name="connectionProperties" value="${configuration.dbcp.connectionProperties}" />
 		<property name="initialSize" value="${configuration.dbcp.initialSize}" />		
-		<property name="maxActive" value="${configuration.dbcp.maxActive}" />
+		<property name="maxTotal" value="${configuration.dbcp.maxActive}" />
 		<property name="maxIdle" value="${configuration.dbcp.maxIdle}" />
 		<property name="minIdle" value="${configuration.dbcp.minIdle}" />
-		<property name="maxWait" value="${configuration.dbcp.maxWaitMillis}" />
+		<!-- property name="maxWait" value="${configuration.dbcp.maxWaitMillis}" / -->
 		<property name="testOnBorrow" value="${configuration.dbcp.testOnBorrow}" />
 		<property name="testOnReturn" value="${configuration.dbcp.testOnReturn}" />
 		<property name="testWhileIdle" value="${configuration.dbcp.testWhileIdle}" />
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index d0cd08844..df38c8384 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -270,10 +270,16 @@
 			<scope>test</scope>
 		</dependency>
 		
-		<dependency>
+<!-- 		<dependency>
 			<groupId>commons-dbcp</groupId>
 			<artifactId>commons-dbcp</artifactId>
 			<version>1.4</version>
+		</dependency> -->
+
+		<dependency>
+			<groupId>org.apache.commons</groupId>
+			<artifactId>commons-dbcp2</artifactId>
+			<version>2.1.1</version>
 		</dependency>
 
 		<dependency>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
index a49142d87..c2f5ec962 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
@@ -27,8 +27,6 @@ import java.util.Date;
 
 import javax.persistence.Column;
 import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.Lob;
 import javax.persistence.NamedQueries;
@@ -52,7 +50,7 @@ public class AssertionStore implements Serializable{
 	private static final long serialVersionUID = 1L;
 
 	@Id
-	@GeneratedValue(strategy = GenerationType.AUTO)
+	//@GeneratedValue(strategy = GenerationType.AUTO)
 	@Column(name = "id", unique=true, nullable=false)
 	private long id;
 	
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
index a8cc1928e..6333451b9 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
@@ -31,8 +31,6 @@ import javax.persistence.CascadeType;
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.FetchType;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.Lob;
 import javax.persistence.NamedQueries;
@@ -67,7 +65,7 @@ public class AuthenticatedSessionStore implements Serializable{
 	private static final long serialVersionUID = 1L;
 
 	@Id
-	@GeneratedValue(strategy = GenerationType.AUTO)
+	//@GeneratedValue(strategy = GenerationType.AUTO)
 	@Column(name = "id", unique=true, nullable=false)
 	private long id;
 	
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/ExceptionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/ExceptionStore.java
deleted file mode 100644
index 0d56896ff..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/ExceptionStore.java
+++ /dev/null
@@ -1,125 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.commons.db.dao.session;
-
-import java.io.Serializable;
-import java.util.Date;
-
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Lob;
-import javax.persistence.NamedQueries;
-import javax.persistence.NamedQuery;
-import javax.persistence.Table;
-
-import org.hibernate.annotations.DynamicUpdate;
-
-
-
-@Entity
-@DynamicUpdate(value=true)
-@Table(name = "exceptionstore")
-@NamedQueries({
-    @NamedQuery(name="getExceptionWithID", query = "select exceptionstore from ExceptionStore exceptionstore where exceptionstore.exid = :id"),
-    @NamedQuery(name="getExceptionWithTimeOut", query = "select exceptionstore from ExceptionStore exceptionstore where exceptionstore.timestamp < :timeout")
-})
-
-public class ExceptionStore implements Serializable{
-
-	private static final long serialVersionUID = 1L;
-
-	@Id
-	@GeneratedValue(strategy = GenerationType.AUTO)
-	@Column(name = "id", unique=true, nullable=false)
-	private long id;
-	
-	@Column(name = "exid", unique=true, nullable=false)
-	private String exid;
-		
-	@Column(name = "exception", nullable=false)
-	@Lob private byte [] exception;
-	
-	@Column(name = "timestamp", nullable=false)
-	private Date timestamp;
-
-	/**
-	 * @return the id
-	 */
-	public long getId() {
-		return id;
-	}
-
-	/**
-	 * @param id the id to set
-	 */
-	public void setId(long id) {
-		this.id = id;
-	}
-
-	/**
-	 * @return the exid
-	 */
-	public String getExid() {
-		return exid;
-	}
-
-	/**
-	 * @param exid the exid to set
-	 */
-	public void setExid(String exid) {
-		this.exid = exid;
-	}
-
-	/**
-	 * @return the exception
-	 */
-	public byte[] getException() {
-		return exception;
-	}
-
-	/**
-	 * @param exception the exception to set
-	 */
-	public void setException(byte[] exception) {
-		this.exception = exception;
-	}
-
-	/**
-	 * @return the timestamp
-	 */
-	public Date getTimestamp() {
-		return timestamp;
-	}
-
-	/**
-	 * @param timestamp the timestamp to set
-	 */
-	public void setTimestamp(Date timestamp) {
-		this.timestamp = timestamp;
-	}
-
-		
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java
index 54216edc4..c62e8be32 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java
@@ -28,8 +28,6 @@ import java.util.Date;
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.FetchType;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.JoinColumn;
 import javax.persistence.ManyToOne;
@@ -46,7 +44,7 @@ public class InterfederationSessionStore implements Serializable{
 	private static final long serialVersionUID = 1L;
 	
 	@Id
-	@GeneratedValue(strategy = GenerationType.AUTO)
+	//@GeneratedValue(strategy = GenerationType.AUTO)
 	@Column(name = "id", unique=true, nullable=false)
 	private long id;
 		
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java
index 44ae43115..a11d94af4 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java
@@ -28,8 +28,6 @@ import java.util.Date;
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.FetchType;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.JoinColumn;
 import javax.persistence.ManyToOne;
@@ -46,7 +44,7 @@ public class OASessionStore implements Serializable{
 	private static final long serialVersionUID = 1L;
 	
 	@Id
-	@GeneratedValue(strategy = GenerationType.AUTO)
+	//@GeneratedValue(strategy = GenerationType.AUTO)
 	@Column(name = "idOASession", unique=true, nullable=false)
 	private long idOASession;
 		
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OldSSOSessionIDStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OldSSOSessionIDStore.java
index a85bdf2ca..195406a37 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OldSSOSessionIDStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OldSSOSessionIDStore.java
@@ -27,8 +27,6 @@ import java.io.Serializable;
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.FetchType;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.JoinColumn;
 import javax.persistence.ManyToOne;
@@ -51,7 +49,7 @@ public class OldSSOSessionIDStore implements Serializable{
 	private static final long serialVersionUID = 1L;
 	
 	@Id
-	@GeneratedValue(strategy = GenerationType.AUTO)
+	//@GeneratedValue(strategy = GenerationType.AUTO)
 	@Column(name = "idOldSSOSession", unique=true, nullable=false)
 	private long idOldSSOSession;
 		
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java
index 97f26812f..6040d9870 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java
@@ -27,8 +27,6 @@ import java.util.Date;
 
 import javax.persistence.Column;
 import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.NamedQueries;
 import javax.persistence.NamedQuery;
@@ -50,7 +48,7 @@ public class StatisticLog implements Serializable{
 	private static final long serialVersionUID = 1L;
 
 	@Id
-	@GeneratedValue(strategy = GenerationType.AUTO)
+	//@GeneratedValue(strategy = GenerationType.AUTO)
 	@Column(name = "id", unique=true, nullable=false)
 	private long id;
 	
diff --git a/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml b/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml
index c758e230e..fd16e8f96 100644
--- a/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml
+++ b/id/server/moa-id-commons/src/main/resources/moaid.migration.beans.xml
@@ -15,7 +15,7 @@
 
 	<context:property-placeholder location="${moa.id.webconfig}"/> 
 
-	<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource" lazy-init="true" destroy-method="close">
+	<bean id="dataSource" class="org.apache.commons.dbcp2.BasicDataSource" lazy-init="true" destroy-method="close">
 		<aop:scoped-proxy/>
 		<property name="driverClassName" value="${hibernate.connection.driver_class}" />
 		<property name="url" value="${hibernate.connection.url}"/>
@@ -24,10 +24,10 @@
 		
 		<property name="connectionProperties" value="${dbcp.connectionProperties}" />
 		<property name="initialSize" value="${dbcp.initialSize}" />		
-		<property name="maxActive" value="${dbcp.maxActive}" />
+		<property name="maxTotal" value="${dbcp.maxActive}" />
 		<property name="maxIdle" value="${dbcp.maxIdle}" />
 		<property name="minIdle" value="${dbcp.minIdle}" />
-		<property name="maxWait" value="${dbcp.maxWaitMillis}" />
+		<!-- property name="maxWait" value="${dbcp.maxWaitMillis}" /-->
 		<property name="testOnBorrow" value="${dbcp.testOnBorrow}" />
 		<property name="testOnReturn" value="${dbcp.testOnReturn}" />
 		<property name="testWhileIdle" value="${dbcp.testWhileIdle}" />
diff --git a/pom.xml b/pom.xml
index 4117c52b4..f9657240e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -23,7 +23,8 @@
 		
 			<!-- Project Version -->			
 			<moa-id-version>3.2.0-OPB-Snapshot</moa-id-version>
-			<moa-id-version-final>3.2.0-RC1</moa-id-version-final>
+			
+			<moa-id-version-final>3.1.0-RC2</moa-id-version-final>			
 			<moa-id-version-edu>3.2.0-OPB-Snapshot</moa-id-version-edu>			
 			
 			<moa-id-proxy-version>2.0.1-Snapshot</moa-id-proxy-version>
@@ -32,31 +33,35 @@
 			<demo-oa-version>2.0.5</demo-oa-version>
 			
 			<moa-id-module-elga_mandate_client>1.0.0-Snapshot</moa-id-module-elga_mandate_client>
-		
-		
-			<moa-spss-version>2.0.5-RC1</moa-spss-version>
-		
+				
+					
 			<!-- Library Versions -->
-			<org.springframework.version>4.2.4.RELEASE</org.springframework.version>
-			<surefire.version>2.18.1</surefire.version>		
-			<opensaml.version>2.6.5</opensaml.version>
-			<xmltooling.version>1.4.5</xmltooling.version>
-			<cxf.version>3.1.4</cxf.version>
+			<moa-spss-version>2.0.5</moa-spss-version>
+			
+			<org.springframework.version>4.2.5.RELEASE</org.springframework.version>
+			<surefire.version>2.19.1</surefire.version>		
+			
+			<opensaml.version>2.6.6</opensaml.version> <!-- update to v3 (v2 is end-of-life in june 2016)-->
+			<xmltooling.version>1.4.6</xmltooling.version>
+			
+			<hibernate.version>5.1.0.Final</hibernate.version>  <!-- update to v5 -->
+			<cxf.version>3.1.5</cxf.version>			
 			<struts.version>2.3.24.1</struts.version>
+			
 			<egovutils.version>2.0.0</egovutils.version>
-			<slf4j.version>1.7.19</slf4j.version>
-			<hibernate.version>4.3.11.Final</hibernate.version>
+			
+			<slf4j.version>1.7.19</slf4j.version>						
 			<mysql-connector.java>5.1.38</mysql-connector.java>			
-			<junit.version>4.11</junit.version>
+			<junit.version>4.11</junit.version>			
 			<org.apache.commons.io.version>2.4</org.apache.commons.io.version>
 			<org.apache.commons.lang3.version>3.4</org.apache.commons.lang3.version>
 			<org.apache.commons.collections4.version>4.1</org.apache.commons.collections4.version>
 			<org.apache.commons.collections3.version>3.2.2</org.apache.commons.collections3.version>
 			<jodatime.version>2.7</jodatime.version>
 			
-			<jackson-version>2.7.0</jackson-version>
+			<jackson-version>2.7.3</jackson-version>
 	    <apache-cli-version>1.3.1</apache-cli-version>
-	    <spring-orm-version>3.1.1.RELEASE</spring-orm-version>
+	    <spring-orm-version>${org.springframework.version}</spring-orm-version>
 	   
     </properties>
 
@@ -337,7 +342,7 @@
 				</dependency>
 			
 			
-            <dependency>
+<!--             <dependency>
                 <groupId>axis</groupId>
                 <artifactId>axis</artifactId>
                 <version>1.0_IAIK_1.2</version>                
@@ -360,7 +365,8 @@
                <artifactId>axis-wsdl4j</artifactId>
                <version>1.5.1</version>
                <scope>compile</scope>
-            </dependency>
+            </dependency> -->
+            
             <dependency>
                 <groupId>jaxen</groupId>
                 <artifactId>jaxen</artifactId>
@@ -411,7 +417,7 @@
             <dependency>
 							 <groupId>org.apache.httpcomponents</groupId>
 							 <artifactId>httpclient</artifactId>
-							 <version>4.5.1</version>
+							 <version>4.5.2</version>
 						</dependency>            
             <dependency>
                 <groupId>dav4j</groupId>
@@ -432,11 +438,11 @@
             </dependency> -->
 
 
-						<dependency>
+<!-- 						<dependency>
 							<groupId>org.bouncycastle</groupId>
 							<artifactId>bcprov-jdk16</artifactId>
 							<version>1.46</version>
-						</dependency>
+						</dependency> -->
 
       			<dependency>
 							<groupId>MOA.id.server</groupId>
diff --git a/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar
new file mode 100644
index 000000000..5097e2f28
Binary files /dev/null and b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar differ
-- 
cgit v1.2.3


From 836a7cf93aca1a84f2827f78e849e012a1a368a3 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 22 Mar 2016 07:31:17 +0100
Subject: add revisions log entries

---
 .../java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java  | 3 ++-
 .../moa/id/protocols/AbstractAuthProtocolModulController.java        | 4 ++++
 .../egovernment/moa/id/protocols/ProtocolFinalizationController.java | 5 ++++-
 .../protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java | 2 +-
 .../process/spring/test/SpringExpressionAwareProcessEngineTest.java  | 2 --
 .../at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java     | 2 --
 6 files changed, 11 insertions(+), 7 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 5aceb8eec..e5c517da7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -470,7 +470,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 		//terminate MOASession
 		try {
 			authenticatedSessionStore.destroySession(session.getSessionID());
-			ssoManager.deleteSSOSessionID(httpReq, httpResp);			
+			ssoManager.deleteSSOSessionID(httpReq, httpResp);
+			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, pvpReq.getUniqueSessionIdentifier());
 			Logger.debug("Active SSO Session on IDP is remove.");
 						
 		} catch (MOADatabaseException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java
index 4e44f4043..79afba412 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/AbstractAuthProtocolModulController.java
@@ -30,6 +30,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -90,6 +91,9 @@ public abstract class AbstractAuthProtocolModulController extends AbstractContro
 					//authenticated MOASession already exists --> protocol-specific postProcessing can start directly 					
 					finalizeAuthenticationProcess(req, resp, pendingReq, moaSession);
 					
+					//transaction is finished, log transaction finished event
+					revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier());
+					
 				}
 							
 			} else {			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
index 302c60c5e..991c6a881 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
@@ -166,8 +166,11 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon
 		}
 		
 		//remove pending-request
-		if (pendingReq != null)
+		if (pendingReq != null) {
 			requestStorage.removePendingRequest(pendingReq.getRequestID());
+			revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier());
+			
+		}
 		
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
index 80d330172..b967ad42c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
@@ -53,7 +53,7 @@ public class MandateTypeOIDAttributeBuilder implements IPVPAttributeBuilder {
 	}
 	
 	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
-		return g.buildEmptyAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME);
+		return g.buildEmptyAttribute(MANDATE_TYPE_OID_FRIENDLY_NAME, MANDATE_TYPE_OID_NAME);
 	}
 	
 }
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java
index 0732f1511..4574c831e 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java
@@ -19,7 +19,6 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
-import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.module.test.TestRequestImpl;
 import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException;
 import at.gv.egovernment.moa.id.process.ProcessEngine;
@@ -78,7 +77,6 @@ public class SpringExpressionAwareProcessEngineTest {
 			Configuration config = new Configuration();
 			config.addProperties(props);
 			config.addAnnotatedClass(ProcessInstanceStore.class);
-			config.addAnnotatedClass(InterfederationSessionStore.class);
 			MOASessionDBUtils.initHibernate(config, props);
 		} catch (Exception e) {
 			e.printStackTrace();
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java
index 02fcaea4e..b659686c6 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java
@@ -18,7 +18,6 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
-import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.module.test.TestRequestImpl;
 import at.gv.egovernment.moa.id.process.ProcessDefinitionParser;
 import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException;
@@ -73,7 +72,6 @@ public class ProcessEngineTest {
 			Configuration config = new Configuration();
 			config.addProperties(props);
 			config.addAnnotatedClass(ProcessInstanceStore.class);
-			config.addAnnotatedClass(InterfederationSessionStore.class);
 			MOASessionDBUtils.initHibernate(config, props);
 		} catch (Exception e) {
 			e.printStackTrace();
-- 
cgit v1.2.3


From 9b980ba714e6d59abcccb10df5036c0c318721c5 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 22 Mar 2016 08:49:17 +0100
Subject: fix nullpointer during IDP initiated Single LogOut

---
 .../gv/egovernment/moa/id/moduls/AuthenticationManager.java  | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index e5c517da7..1e064f24f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -469,9 +469,19 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 		
 		//terminate MOASession
 		try {
+			String uniqueSessionIdentifier = "notSet";
+			AuthenticationSessionExtensions sessionExt = 
+					authenticatedSessionStore.getAuthenticationSessionExtensions(session.getSessionID());
+			if (sessionExt != null)
+				uniqueSessionIdentifier = sessionExt.getUniqueSessionId();
+			
 			authenticatedSessionStore.destroySession(session.getSessionID());
 			ssoManager.deleteSSOSessionID(httpReq, httpResp);
-			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, pvpReq.getUniqueSessionIdentifier());
+			if (pvpReq != null)
+				revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, pvpReq.getUniqueSessionIdentifier());			
+			else 
+				revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier);
+
 			Logger.debug("Active SSO Session on IDP is remove.");
 						
 		} catch (MOADatabaseException e) {
-- 
cgit v1.2.3


From b29150526d95af2f1c30f4543c88d35c2965dfe6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 22 Mar 2016 14:43:22 +0100
Subject: add revisionslog info's to eIDAS and SLO methods

---
 id/server/doc/handbook/additional/additional.html  | 45 +++++++++++++++++
 .../id/advancedlogging/MOAIDEventConstants.java    | 15 ++++--
 .../moa/id/advancedlogging/MOAReversionLogger.java | 14 ++++--
 .../moa/id/data/ISLOInformationContainer.java      |  7 ++-
 .../moa/id/data/SLOInformationContainer.java       | 37 +++++++++++++-
 .../moa/id/moduls/AuthenticationManager.java       | 56 +++++++++++++++-------
 .../moa/id/protocols/pvp2x/SingleLogOutAction.java | 15 ++++--
 .../eidas/tasks/GenerateAuthnRequestTask.java      | 11 +++++
 .../eidas/tasks/ReceiveAuthnResponseTask.java      |  9 ++++
 9 files changed, 178 insertions(+), 31 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/doc/handbook/additional/additional.html b/id/server/doc/handbook/additional/additional.html
index cbf4a50c9..58990567c 100644
--- a/id/server/doc/handbook/additional/additional.html
+++ b/id/server/doc/handbook/additional/additional.html
@@ -485,6 +485,26 @@
       <td width="208" valign="top"><p align="left">&nbsp;</p></td>
       <td width="946" valign="top"><p>Vollmacht vom Online-Vollmachten Service erhalten</p></td>
     </tr>
+    <tr>
+      <td valign="top">4400</td>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">IDP initiated Single LogOut Request erhalten</td>
+    </tr>
+    <tr>
+      <td valign="top">4401</td>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">Single LogOut Process gestartet</td>
+    </tr>
+    <tr>
+      <td valign="top">4402</td>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">Single LogOut Process erfolgreich beendet</td>
+    </tr>
+    <tr>
+      <td valign="top">4403</td>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">Unvollst&auml;ndiger Single LogOut Prozess</td>
+    </tr>
     <tr>
       <td width="131" valign="top"><p align="center">5000</p></td>
       <td width="208" valign="top"><p align="left">bPK</p></td>
@@ -545,6 +565,31 @@
       <td valign="top">IP    Adresse</td>
       <td valign="top">IP Adresse mit der das externe Vollmachten Service die Vollmacht ausgeliefert hat</td>
     </tr>
+    <tr>
+      <td valign="top">6100</td>
+      <td valign="top">EntityID</td>
+      <td valign="top">eIDAS Node ausgew&auml;hlt</td>
+    </tr>
+    <tr>
+      <td valign="top">6101</td>
+      <td valign="top">RequestID</td>
+      <td valign="top">eIDAS Node kontaktiert</td>
+    </tr>
+    <tr>
+      <td valign="top">6102</td>
+      <td valign="top">ResponseID</td>
+      <td valign="top">G&uuml;ltige Response von eIDAS Node erhalten</td>
+    </tr>
+    <tr>
+      <td valign="top">6103</td>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">Ung&uuml;ltige Response oder Fehlercode von eIDAS Node erhalten</td>
+    </tr>
+    <tr>
+      <td valign="top">6104</td>
+      <td valign="top">&nbsp;</td>
+      <td valign="top">Personenbindung f&uuml;r Authentifizierung &uuml;ber eIDAS Node erstellt</td>
+    </tr>
   </table>
 <p>&nbsp;</p>
 <p>Einzelne  Events werden um einen Transaktionsparameter erg&auml;nzt, welcher in der Spalte  Wert beschrieben ist. <br>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
index 054543c3e..9d26cc05f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
@@ -47,7 +47,12 @@ public interface MOAIDEventConstants extends EventConstants {
 	public static final int AUTHPROTOCOL_OPENIDCONNECT_TOKENREQUEST = 3201;
 	
 	public static final int AUTHPROTOCOL_SAML1_AUTHNREQUEST = 3300;
-			
+	
+	public static final int AUTHPROCESS_IDP_SLO_REQUESTED = 4400;
+	public static final int AUTHPROCESS_SLO_STARTED = 4401;
+	public static final int AUTHPROCESS_SLO_ALL_VALID = 4402;
+	public static final int AUTHPROCESS_SLO_NOT_ALL_VALID = 4403;
+	
 	//authentication process information
 	public static final int AUTHPROCESS_START = 4000;
 	public static final int AUTHPROCESS_FINISHED = 4001;
@@ -78,9 +83,11 @@ public interface MOAIDEventConstants extends EventConstants {
 	public static final int AUTHPROCESS_MANDATE_REDIRECT = 4301;
 	public static final int AUTHPROCESS_MANDATE_RECEIVED = 4302;
 	
-	public static final int AUTHPROCESS_PEPS_REQUESTED = 4400;
-	public static final int AUTHPROCESS_PEPS_RECEIVED = 4401;
-	public static final int AUTHPROCESS_PEPS_IDL_RECEIVED = 4402;
+	public static final int AUTHPROCESS_PEPS_SELECTED = 6100;
+	public static final int AUTHPROCESS_PEPS_REQUESTED = 6101;
+	public static final int AUTHPROCESS_PEPS_RECEIVED = 6102;
+	public static final int AUTHPROCESS_PEPS_RECEIVED_ERROR = 6103;
+	public static final int AUTHPROCESS_PEPS_IDL_RECEIVED = 6104;
 		
 	//person information
 	public static final int PERSONAL_INFORMATION_PROF_REPRESENTATIVE_BPK = 5000;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index 6fa07a098..4a5cbd55f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -75,18 +75,26 @@ public class MOAReversionLogger {
 			MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED,
 			MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED,
 			MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED,
-									
+
+			MOAIDEventConstants.AUTHPROCESS_IDP_SLO_REQUESTED,
+			MOAIDEventConstants.AUTHPROCESS_SLO_STARTED,
+			MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID,
+			MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID,
+			
 			MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_SERVICE_REQUESTED,
 			MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED,
 			MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED,
 			MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_RECEIVED_IP,
 			
-			MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND,
-			MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED,
+			MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED,
 			MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED,
 			MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED,
+			MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR,
 			MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED,
 			
+			MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND,
+			MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED,
+						
 			MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED,
 			MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT,
 			MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java
index 18ffc5c6d..38f6948d3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java
@@ -24,8 +24,8 @@ package at.gv.egovernment.moa.id.data;
 
 import java.util.Iterator;
 import java.util.List;
-import java.util.Set;
 import java.util.Map.Entry;
+import java.util.Set;
 
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 
@@ -63,5 +63,8 @@ public interface ISLOInformationContainer {
 	List<String> getSloFailedOAs();
 
 	void putFailedOA(String oaID);
-
+	
+	public String getTransactionID();
+	
+	public String getSessionID();
 }
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
index fd1749129..20588ad0b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
@@ -44,6 +44,8 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
 	private LinkedHashMap<String, SLOInformationImpl> activeFrontChannalOAs;
 	private LinkedHashMap<String, SLOInformationImpl> activeBackChannelOAs;
 	private List<String> sloFailedOAs = null;
+	private String transactionID = null;
+	private String sessionID = null;
 	
 	/**
 	 * 
@@ -146,6 +148,7 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
 	@Override
 	public void setSloRequest(PVPTargetConfiguration sloRequest) {
 		this.sloRequest = sloRequest;
+		
 	}
 
 	/* (non-Javadoc)
@@ -164,5 +167,37 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
 		if (sloFailedOAs == null)
 			sloFailedOAs = new ArrayList<String>();
 		sloFailedOAs.add(oaID);
-	}	
+	}
+
+
+	/**
+	 * @return the transactionID
+	 */
+	public String getTransactionID() {
+		return transactionID;
+	}
+
+
+	/**
+	 * @param transactionID the transactionID to set
+	 */
+	public void setTransactionID(String transactionID) {
+		this.transactionID = transactionID;
+	}
+	
+	public String getSessionID() {
+		return this.sessionID;
+		
+	}
+
+
+	/**
+	 * @param sessionID the sessionID to set
+	 */
+	public void setSessionID(String sessionID) {
+		this.sessionID = sessionID;
+	}
+	
+	
+	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 1e064f24f..a1f2c6558 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -443,6 +443,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 	HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException {		
 		String pvpSLOIssuer = null;
 		String inboundRelayState = null;
+		String uniqueSessionIdentifier = "notSet";
+		String uniqueTransactionIdentifier = "notSet";
 		
 		Logger.debug("Start technical Single LogOut process ... ");
 		
@@ -451,14 +453,33 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 			LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
 			pvpSLOIssuer = logOutReq.getIssuer().getValue();
 			inboundRelayState = samlReq.getRelayState();
+			uniqueSessionIdentifier = pvpReq.getUniqueSessionIdentifier();
+			uniqueTransactionIdentifier = pvpReq.getUniqueTransactionIdentifier();
 			
+		} else {			
+			AuthenticationSessionExtensions sessionExt;
+			try {
+				sessionExt = authenticatedSessionStore.getAuthenticationSessionExtensions(session.getSessionID());
+				if (sessionExt != null)
+					uniqueSessionIdentifier = sessionExt.getUniqueSessionId();
+				
+			} catch (MOADatabaseException e) {
+				Logger.error("Error during database communication. Can not evaluate 'uniqueSessionIdentifier'", e);
+				
+			}
+			uniqueTransactionIdentifier = Random.nextLongRandom();
+			revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_IDP_SLO_REQUESTED);
+						
 		}
 		
 		//store active OAs to SLOContaine
 		List<OASessionStore> dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(session);
 		List<InterfederationSessionStore> dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(session);
-		SLOInformationContainer sloContainer = new SLOInformationContainer();
-		sloContainer.setSloRequest(pvpReq);		
+		SLOInformationContainer sloContainer = new SLOInformationContainer();		
+		sloContainer.setTransactionID(uniqueTransactionIdentifier);
+		sloContainer.setSessionID(uniqueSessionIdentifier);
+		sloContainer.setSloRequest(pvpReq);
+		
 		sloBuilder.parseActiveIDPs(sloContainer, dbIDPs, pvpSLOIssuer);
 		sloBuilder.parseActiveOAs(sloContainer, dbOAs, pvpSLOIssuer);
 			
@@ -468,19 +489,10 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 				 + " NO_SLO_Support:" + sloContainer.getSloFailedOAs().size());
 		
 		//terminate MOASession
-		try {
-			String uniqueSessionIdentifier = "notSet";
-			AuthenticationSessionExtensions sessionExt = 
-					authenticatedSessionStore.getAuthenticationSessionExtensions(session.getSessionID());
-			if (sessionExt != null)
-				uniqueSessionIdentifier = sessionExt.getUniqueSessionId();
-			
+		try {			
 			authenticatedSessionStore.destroySession(session.getSessionID());
 			ssoManager.deleteSSOSessionID(httpReq, httpResp);
-			if (pvpReq != null)
-				revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, pvpReq.getUniqueSessionIdentifier());			
-			else 
-				revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier);
+			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier);
 
 			Logger.debug("Active SSO Session on IDP is remove.");
 						
@@ -490,8 +502,9 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 			
 		}
 		
-		Logger.trace("Starting Service-Provider logout process ... ");
-		//start service provider back channel logout process
+		Logger.trace("Starting Service-Provider logout process ... ");		
+		revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_STARTED);		
+		//start service provider back channel logout process		
 		Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA();	
 		while (nextOAInterator.hasNext()) {
 			SLOInformationImpl sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next());
@@ -592,13 +605,17 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 							null);
 					
 			        if (sloContainer.getSloFailedOAs() == null || 
-			        		sloContainer.getSloFailedOAs().size() == 0)
+			        		sloContainer.getSloFailedOAs().size() == 0) {
+			        	revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID);
 			        	config.putCustomParameter("successMsg", 
 			        			MOAIDMessageProvider.getInstance().getMessage("slo.00", null));
-			        else
+			        	
+			        } else {
+			        	revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
 			        	config.putCustomParameter("errorMsg", 
 			        			MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
-			        
+			        	
+			        }
 			        guiBuilder.build(httpResp, config, "Single-LogOut GUI");
 										
 				}
@@ -615,6 +632,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 				SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
 				LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
 				sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState);
+
+				revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
 				
 			}else {
 				//print SLO information directly
@@ -623,6 +642,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
 						DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
 						null);
 				
+				revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
 				config.putCustomParameter("errorMsg", 
 	        			MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
 	        	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index dfe9ecb49..af6c79140 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -41,6 +41,8 @@ import org.opensaml.saml2.metadata.SingleLogoutService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
@@ -80,6 +82,7 @@ public class SingleLogOutAction implements IAction {
 	@Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
 	@Autowired private ITransactionStorage transactionStorage;
 	@Autowired private SingleLogOutBuilder sloBuilder;
+	@Autowired private MOAReversionLogger revisionsLogger;
 	
 	
 	/* (non-Javadoc)
@@ -240,11 +243,17 @@ public class SingleLogOutAction implements IAction {
 									
 							        String statusCode = null;
 									if (sloContainer.getSloFailedOAs() == null || 
-							        		sloContainer.getSloFailedOAs().size() == 0)							       							   							        	
+							        		sloContainer.getSloFailedOAs().size() == 0) {							       							   							        	
 							        	statusCode  = MOAIDAuthConstants.SLOSTATUS_SUCCESS;
-							        else
+							        	revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(),
+							        			MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID);
+							        	
+									} else {
+										revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), 
+												MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
 							        	statusCode  = MOAIDAuthConstants.SLOSTATUS_ERROR;
-
+							        	
+									}
 									transactionStorage.put(artifact, statusCode);
 							        redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_SLOSTATUS, artifact);
 							        
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index 6de446e01..7f3c4bddc 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -36,6 +36,7 @@ import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
 import org.springframework.stereotype.Component;
 
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
@@ -97,6 +98,12 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 			String destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination
 			String metadataUrl = cpeps.getPepsURL().toString().split(";")[0].trim();
 
+			
+			//TODO: switch to entityID
+			revisionsLogger.logEvent(oaConfig, pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED,
+					metadataUrl);
+			
 			// assemble requested attributes
 			Collection<StorkAttribute> attributesFromConfig = oaConfig.getRequestedSTORKAttributes();
 
@@ -169,6 +176,10 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 	            response.setContentType("text/html;charset=UTF-8");
 	            response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
 
+	            revisionsLogger.logEvent(oaConfig, pendingReq, 
+						MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED,
+						authnRequest.getSamlId());
+	            
 	        } catch (IOException e) {
 	            Logger.error("Velocity IO error: " + e.getMessage());
 	            throw new MOAIDException("stork.15", null); // TODO
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 082fdbbbf..5d1b7fb6f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -5,6 +5,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.stereotype.Component;
 
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
@@ -79,12 +80,20 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			//store MOA-session to database
 			authenticatedSessionStorage.storeSession(moasession);
 			
+			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED,
+					samlResp.getSamlId());
+			
 		}catch (EIDASSAMLEngineException e) {
 			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
+			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
 			throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", 
 					new EIDASEngineException("Could not validate eIDAS response", e));
 			
 		} catch (EIDASEngineException | MOAIDException | MOADatabaseException e) {
+			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
 			throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e);
 			
 		}	
-- 
cgit v1.2.3


From 1bef953a8baed149db2bf234687c9d0eebb85524 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 22 Mar 2016 14:44:04 +0100
Subject: move ProcessInstanzDAO into transactionstorage

---
 .../moa/id/process/dao/ProcessInstanceStore.java   |  4 +-
 .../process/dao/ProcessInstanceStoreDAOImpl.java   | 67 ++++++++++++----------
 2 files changed, 40 insertions(+), 31 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStore.java
index d690c37bf..3620f2950 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStore.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStore.java
@@ -17,7 +17,9 @@ import at.gv.egovernment.moa.id.process.ProcessInstanceState;
 
 @Entity
 @Table(name = "processinstance")
-public class ProcessInstanceStore {
+public class ProcessInstanceStore implements Serializable{
+
+	private static final long serialVersionUID = -6147519767313903808L;
 
 	/**
 	 * A process instance identifier qualifies as natural primary key by satisfying these requirements
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java
index 577e971db..a9a9322ad 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java
@@ -1,15 +1,12 @@
 package at.gv.egovernment.moa.id.process.dao;
 
-import org.hibernate.Criteria;
-import org.hibernate.Session;
-import org.hibernate.Transaction;
-import org.hibernate.criterion.Restrictions;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.ITransactionStorage;
 
 /**
  * Database backed implementation of the {@link ProcessInstanceStoreDAO}
@@ -20,10 +17,14 @@ public class ProcessInstanceStoreDAOImpl implements ProcessInstanceStoreDAO {
 
 	private Logger log = LoggerFactory.getLogger(getClass());
 
+	@Autowired ITransactionStorage transactionStorage;
+	
 	@Override
 	public void saveOrUpdate(ProcessInstanceStore pIStore) throws MOADatabaseException {
 		try {
-			MOASessionDBUtils.saveOrUpdate(pIStore);
+			transactionStorage.put(pIStore.getProcessInstanceId(), pIStore);
+			
+//			MOASessionDBUtils.saveOrUpdate(pIStore);
 			log.debug("Store process instance with='{}' in the database.", pIStore.getProcessInstanceId());
 		} catch (MOADatabaseException e) {
 			log.warn("ProcessInstanceStore could not be persisted to the database.");
@@ -35,31 +36,35 @@ public class ProcessInstanceStoreDAOImpl implements ProcessInstanceStoreDAO {
 	public ProcessInstanceStore load(String processInstanceId) throws MOADatabaseException {
 
 		log.debug("Retrieve the ProcessInstanceStore for id='{}' from the database.", processInstanceId);
-		Session session = MOASessionDBUtils.getCurrentSession();
-
+		
+		
+//		Session session = MOASessionDBUtils.getCurrentSession();
+//
 		ProcessInstanceStore result = null;
-		Transaction tx = null;
-		synchronized (session) {
+//		Transaction tx = null;
+//		synchronized (session) {
 			try {
 
-				tx = session.beginTransaction();
-				// select all where processInstanceId equals processInstanceId
-				Criteria criteria = session.createCriteria(ProcessInstanceStore.class);
-				criteria.add(Restrictions.eq("processInstanceId", processInstanceId));
-				result = (ProcessInstanceStore) criteria.uniqueResult();
-				tx.commit();
-
+				result = transactionStorage.get(processInstanceId, ProcessInstanceStore.class);
+				
+//				tx = session.beginTransaction();
+//				// select all where processInstanceId equals processInstanceId
+//				Criteria criteria = session.createCriteria(ProcessInstanceStore.class);
+//				criteria.add(Restrictions.eq("processInstanceId", processInstanceId));
+//				result = (ProcessInstanceStore) criteria.uniqueResult();
+//				tx.commit();
+//
 			} catch (Exception e) {
 				log.error("There are multiple persisted processes with the same process instance id '{}'",
-						processInstanceId);
-				if (tx != null) {
-					tx.rollback();
-				}
+					processInstanceId);
+//				if (tx != null) {
+//					tx.rollback();
+//				}
 				throw e;
 			} finally {
 				//MOASessionDBUtils.closeSession();
 			}
-		}
+//		}
 		if (result != null) {
 			log.debug("Found process instance store for instance '{}'.", processInstanceId);
 		} else {
@@ -71,14 +76,16 @@ public class ProcessInstanceStoreDAOImpl implements ProcessInstanceStoreDAO {
 	@Override
 	public void remove(String processInstanceId) throws MOADatabaseException {
 
-		log.debug("Delete the ProcessInstanceStore for id='{}' from the database.", processInstanceId);
-		ProcessInstanceStore toBeDeleted = load(processInstanceId);
-		if (toBeDeleted != null) {
-			if (!MOASessionDBUtils.delete(toBeDeleted)) {
-				log.warn("Could not delete the ProcessInstanceStore with process instance id '{}'", processInstanceId);
-				throw new MOADatabaseException("Could not delete the ProcessInstanceStore with process instance id '"
-						+ processInstanceId + "'.");
-			}
+		log.debug("Delete the ProcessInstanceStore for id='{}' from the database.", processInstanceId);		
+		//ProcessInstanceStore toBeDeleted = load(processInstanceId);
+				
+		if (transactionStorage.containsKey(processInstanceId)) {
+			transactionStorage.remove(processInstanceId);
+//			if (!MOASessionDBUtils.delete(toBeDeleted)) {
+//				log.warn("Could not delete the ProcessInstanceStore with process instance id '{}'", processInstanceId);
+//				throw new MOADatabaseException("Could not delete the ProcessInstanceStore with process instance id '"
+//						+ processInstanceId + "'.");
+//			}
 		} else 
 			log.trace("ProcessInstanceStore for id='{}' was not found and could therefore not be deleted.", processInstanceId);
 	}
-- 
cgit v1.2.3


From fcf068ba38d2bd44976b49ee0ecef44e7182b8c5 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 22 Mar 2016 14:46:42 +0100
Subject: remove ProcessInstanceStore from Hibernate DB config

---
 .../at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java     | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
index 395aeaadb..5c2f86732 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
@@ -62,7 +62,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
 import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
 import at.gv.egovernment.moa.id.data.IssuerAndSerial;
-import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStore;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.util.config.EgovUtilPropertiesConfiguration;
@@ -221,7 +220,7 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider
 					config.addAnnotatedClass(OASessionStore.class);
 					config.addAnnotatedClass(OldSSOSessionIDStore.class);
 					config.addAnnotatedClass(InterfederationSessionStore.class);
-					config.addAnnotatedClass(ProcessInstanceStore.class);
+					//config.addAnnotatedClass(ProcessInstanceStore.class);
 					config.addProperties(moaSessionProp);
 					MOASessionDBUtils.initHibernate(config, moaSessionProp);
 					
-- 
cgit v1.2.3


From db45dc6d84c43aae59764633e91dc7f48a46de5a Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 22 Mar 2016 15:09:21 +0100
Subject: fix junit tests

---
 .../process/spring/test/SpringExpressionAwareProcessEngineTest.java  | 5 +++--
 .../at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java     | 5 +++--
 .../spring/test/SpringExpressionAwareProcessEngineTest-context.xml   | 3 +++
 .../id/process/spring/test/SpringExpressionEvaluatorTest-context.xml | 2 ++
 4 files changed, 11 insertions(+), 4 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java
index 4574c831e..2cb2a3278 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java
@@ -19,6 +19,7 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
 import at.gv.egovernment.moa.id.module.test.TestRequestImpl;
 import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException;
 import at.gv.egovernment.moa.id.process.ProcessEngine;
@@ -26,7 +27,6 @@ import at.gv.egovernment.moa.id.process.ProcessEngineImpl;
 import at.gv.egovernment.moa.id.process.ProcessExecutionException;
 import at.gv.egovernment.moa.id.process.ProcessInstance;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStore;
 import at.gv.egovernment.moa.id.process.spring.SpringExpressionEvaluator;
 
 /**
@@ -76,7 +76,8 @@ public class SpringExpressionAwareProcessEngineTest {
 			//ConfigurationDBUtils.initHibernate(props);
 			Configuration config = new Configuration();
 			config.addProperties(props);
-			config.addAnnotatedClass(ProcessInstanceStore.class);
+			//config.addAnnotatedClass(ProcessInstanceStore.class);
+			config.addAnnotatedClass(AssertionStore.class);
 			MOASessionDBUtils.initHibernate(config, props);
 		} catch (Exception e) {
 			e.printStackTrace();
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java
index b659686c6..a7e351e25 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java
@@ -18,6 +18,7 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
 import at.gv.egovernment.moa.id.module.test.TestRequestImpl;
 import at.gv.egovernment.moa.id.process.ProcessDefinitionParser;
 import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException;
@@ -25,7 +26,6 @@ import at.gv.egovernment.moa.id.process.ProcessEngine;
 import at.gv.egovernment.moa.id.process.ProcessEngineImpl;
 import at.gv.egovernment.moa.id.process.ProcessExecutionException;
 import at.gv.egovernment.moa.id.process.ProcessInstance;
-import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStore;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration("/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml")
@@ -71,7 +71,8 @@ public class ProcessEngineTest {
 			//ConfigurationDBUtils.initHibernate(props);
 			Configuration config = new Configuration();
 			config.addProperties(props);
-			config.addAnnotatedClass(ProcessInstanceStore.class);
+			//config.addAnnotatedClass(ProcessInstanceStore.class);
+			config.addAnnotatedClass(AssertionStore.class);
 			MOASessionDBUtils.initHibernate(config, props);
 		} catch (Exception e) {
 			e.printStackTrace();
diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml
index decdfe6b0..bf47c0445 100644
--- a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml
+++ b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml
@@ -11,6 +11,9 @@
 		<property name="transitionConditionExpressionEvaluator" ref="springElAwareExpressionEvaluator" />
 	</bean>
 	
+	<bean id="TransactionStorage" 
+				class="at.gv.egovernment.moa.id.storage.DBTransactionStorage"/>
+	
 	<bean id="ProcessInstanceStoreage" 
 				class="at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAOImpl"/>	
 	
diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest-context.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest-context.xml
index 95b88ca1a..51554bed4 100644
--- a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest-context.xml
+++ b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest-context.xml
@@ -11,4 +11,6 @@
 	
 	<bean id="expressionEvaluator" class="at.gv.egovernment.moa.id.process.spring.SpringExpressionEvaluator" />
 
+<!-- 	<bean id="TransactionStorage" 
+				class="at.gv.egovernment.moa.id.storage.DBTransactionStorage"/> -->
 </beans>
-- 
cgit v1.2.3


From db813d7524890a60bbd13f60c9c448dc1ef6cfd6 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 23 Mar 2016 15:16:19 +0100
Subject: add additional parameters to ELGA mandate-service client
 implementation

---
 .../pvp2x/builder/PVPAuthnRequestBuilder.java      |  16 ++++
 .../pvp2x/builder/PVPMetadataBuilder.java          |   6 +-
 .../pvp2x/config/IDPPVPMetadataConfiguration.java  |  16 ++++
 .../IPVPAuthnRequestBuilderConfiguruation.java     |  18 +++-
 .../config/IPVPMetadataBuilderConfiguration.java   |  14 +++
 .../id/protocols/eidas/EidasMetaDataRequest.java   |   9 +-
 .../elgamandates/ELGAMandatesAuthConstants.java    |   7 ++
 .../config/ELGAMandatesMetadataConfiguration.java  |  26 +++++-
 .../ELGAMandatesRequestBuilderConfiguration.java   | 103 +++++++++++++++++++--
 .../elgamandates/tasks/RequestELGAMandateTask.java |  16 +++-
 .../config/FederatedAuthMetadataConfiguration.java |  19 +++-
 .../FederatedAuthnRequestBuilderConfiguration.java |  17 ++++
 12 files changed, 245 insertions(+), 22 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
index ba5c19de7..01ef4a43d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
@@ -38,6 +38,8 @@ import org.opensaml.saml2.core.NameIDPolicy;
 import org.opensaml.saml2.core.NameIDType;
 import org.opensaml.saml2.core.RequestedAuthnContext;
 import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml2.core.SubjectConfirmationData;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SingleSignOnService;
 import org.opensaml.ws.message.encoder.MessageEncodingException;
@@ -175,6 +177,20 @@ public class PVPAuthnRequestBuilder {
 				subjectNameID.setFormat(NameID.TRANSIENT);
 			
 			reqSubject.setNameID(subjectNameID);
+						
+			if (config.getSubjectConformationDate() != null) {
+				SubjectConfirmation subjectConformation = SAML2Utils.createSAMLObject(SubjectConfirmation.class);
+				SubjectConfirmationData subjectConformDate = SAML2Utils.createSAMLObject(SubjectConfirmationData.class);			
+				subjectConformation.setSubjectConfirmationData(subjectConformDate);
+				reqSubject.getSubjectConfirmations().add(subjectConformation );
+							
+				if (config.getSubjectConformationMethode() != null)
+					subjectConformation.setMethod(config.getSubjectConformationMethode());
+								
+				subjectConformDate.setDOM(config.getSubjectConformationDate());
+								
+			}
+						
 			authReq.setSubject(reqSubject );
 						
 		}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
index 62e3b9620..ab96e4df7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
@@ -214,8 +214,8 @@ public class PVPMetadataBuilder {
 	private RoleDescriptor generateSPMetadata(IPVPMetadataBuilderConfiguration config) throws CredentialsNotAvailableException, SecurityException, ConfigurationException {		
 		SPSSODescriptor spSSODescriptor = SAML2Utils.createSAMLObject(SPSSODescriptor.class);
 		spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
-		spSSODescriptor.setAuthnRequestsSigned(true);
-		spSSODescriptor.setWantAssertionsSigned(false);
+		spSSODescriptor.setAuthnRequestsSigned(config.wantAuthnRequestSigned());
+		spSSODescriptor.setWantAssertionsSigned(config.wantAssertionSigned());
 	
 		KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
 		
@@ -367,7 +367,7 @@ public class PVPMetadataBuilder {
 		idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
 
 		//set ass default value, because PVP 2.x specification defines this feature as MUST
-		idpSSODescriptor.setWantAuthnRequestsSigned(true);			
+		idpSSODescriptor.setWantAuthnRequestsSigned(config.wantAuthnRequestSigned());			
 		
 		// add WebSSO descriptor for POST-Binding
 		if (MiscUtil.isNotEmpty(config.getIDPWebSSOPostBindingURL())) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
index 5bb1131a6..c0fb5bf5b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
@@ -300,4 +300,20 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
 		return "MOA-ID-Auth";
 	}
 
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAssertionSigned()
+	 */
+	@Override
+	public boolean wantAssertionSigned() {
+		return false;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAuthnRequestSigned()
+	 */
+	@Override
+	public boolean wantAuthnRequestSigned() {
+		return true;
+	}
+
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java
index 6e1798ed1..814a2387d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.config;
 import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.xml.security.credential.Credential;
+import org.w3c.dom.Element;
 
 /**
  * @author tlenz
@@ -136,11 +137,26 @@ public interface IPVPAuthnRequestBuilderConfiguruation {
 	public String getSubjectNameIDFormat();
 
 	/**
-	 * Define a SP specific SAMK2 requestID
+	 * Define a SP specific SAML2 requestID
 	 * 
 	 * @return requestID, or null if the requestID should be generated automatically
 	 */
 	public String getRequestID();
 
+	/**
+	 * Defines the 'method' attribute in 'SubjectConformation' element 
+	 * 
+	 * @return method, or null if no method should set
+	 */
+	public String getSubjectConformationMethode();
+
+	/**
+	 * Define the information, which should be added as 'subjectConformationDate' 
+	 * in 'SubjectConformation' element 
+	 * 
+	 * @return subjectConformation information or null if no subjectConformation should be set
+	 */
+	public Element getSubjectConformationDate();
+
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java
index 56274535b..3a8404cae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java
@@ -221,4 +221,18 @@ public interface IPVPMetadataBuilderConfiguration {
 	 * @return a List of SAML2 nameID types
 	 */
 	public List<String> getSPAllowedNameITTypes();
+	
+	/**
+	 * Set the 'wantAssertionSigned' attribute in SP metadata
+	 * 
+	 * @return
+	 */
+	public boolean wantAssertionSigned();
+	
+	/**
+	 * Set the 'wantAuthnRequestSigned' attribute
+	 * 
+	 * @return
+	 */
+	public boolean wantAuthnRequestSigned();
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index 55f4f44d4..557b83487 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -104,13 +104,14 @@ public class EidasMetaDataRequest implements IAction {
         generator.setConfigParams(mcp);
         generator.initialize(engine);
         mcp.setEntityID(metadata_url);
-
-        generator.addSPRole();
+        
         String returnUrl = sp_return_url;
         mcp.setAssertionConsumerUrl(returnUrl);
-
-        generator.addIDPRole();
         mcp.setAssuranceLevel("http://eidas.europa.eu/LoA/substantial"); // TODO make configurable
+        
+        generator.addSPRole();
+        generator.addIDPRole();
+        
 
         metadata = generator.generateMetadata();
         return metadata;
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
index 60dd95338..7ca4590bb 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
@@ -98,6 +98,13 @@ public class ELGAMandatesAuthConstants {
 	public static final String CONFIG_DEFAULT_QAA_STORK_LEVEL = "http://www.stork.gov.eu/1.0/citizenQAALevel/4";
 	public static final String CONFIG_DEFAULT_QAA_SECCLASS_LEVEL = "http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3";
 
+	public static final String SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE = "rc";
+	public static final String SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE_URI = "http://egiz.gv.at/namespace/subjectconformationdate/elga";
+	public static final String SUBJECTCONFORMATIONDATE_ELEMENT_ROOT = SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE + ":Representative";
+	public static final String SUBJECTCONFORMATIONDATE_ELEMENT_FAMILYNAME = SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE + ":FamilyName";
+	public static final String SUBJECTCONFORMATIONDATE_ELEMENT_GIVENNAME = SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE + ":GivenName";
+	public static final String SUBJECTCONFORMATIONDATE_ELEMENT_DATEOFBIRTH = SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE + ":DateOfBirth";
+
 	public static List<String> getRequiredAttributeNames() {
 		List<String> list = new ArrayList<String>();
 		for (Pair<String, String> el : REQUIRED_PVP_ATTRIBUTES)
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
index 22cb22c6d..5743590f9 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
@@ -223,7 +223,8 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon
 	 */
 	@Override
 	public String getSPSLOPostBindingURL() {
-		return authURL + ELGAMandatesAuthConstants.ENDPOINT_POST;
+		//return authURL + ELGAMandatesAuthConstants.ENDPOINT_POST;
+		return null;
 	}
 
 	/* (non-Javadoc)
@@ -231,7 +232,8 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon
 	 */
 	@Override
 	public String getSPSLORedirectBindingURL() {
-		return authURL + ELGAMandatesAuthConstants.ENDPOINT_REDIRECT;
+		//return authURL + ELGAMandatesAuthConstants.ENDPOINT_REDIRECT;
+		return null;
 	}
 
 	/* (non-Javadoc)
@@ -288,4 +290,24 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon
 	public String getSPNameForLogging() {
 		return ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING;
 	}
+
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAssertionSigned()
+	 */
+	@Override
+	public boolean wantAssertionSigned() {
+		return true;
+		
+	}
+
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAuthnRequestSigned()
+	 */
+	@Override
+	public boolean wantAuthnRequestSigned() {
+		return true;
+		
+	}
 }
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
index 320c4fdc6..60025075f 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
@@ -22,13 +22,26 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.elgamandates.config;
 
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.opensaml.Configuration;
 import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
 import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml2.core.SubjectConfirmationData;
 import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
 import org.opensaml.xml.security.credential.Credential;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
 
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.logging.Logger;
 
 /**
  * @author tlenz
@@ -36,14 +49,15 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderCo
  */
 public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequestBuilderConfiguruation {
 
-	private boolean isPassive;
-	private String SPEntityID;
-	private String QAA_Level;
-	private EntityDescriptor idpEntity;
-	private Credential signCred;
-	private String subjectNameID;
-	private String subjectNameIDQualifier;
-	private String requestID;
+	private boolean isPassive = false;
+	private String SPEntityID = null;
+	private String QAA_Level = null;
+	private EntityDescriptor idpEntity = null;
+	private Credential signCred = null;
+	private String subjectNameID = null;
+	private String subjectNameIDQualifier = null;
+	private String requestID = null;
+	private Element subjectConformationDate = null;
 	
 	
 	/* (non-Javadoc)
@@ -216,8 +230,77 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest
 	public void setSubjectNameIDQualifier(String subjectNameIDQualifier) {
 		this.subjectNameIDQualifier = subjectNameIDQualifier;
 	}
-	
-	
 
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationMethode()
+	 */
+	@Override
+	public String getSubjectConformationMethode() {
+		return SubjectConfirmation.METHOD_BEARER;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationDate()
+	 */
+	@Override
+	public Element getSubjectConformationDate() {
+		return subjectConformationDate;
+	}
+
+	/**
+	 * @param subjectConformationDate the subjectConformationDate to set
+	 */
+	public void setSubjectConformationDate(String givenName, String familyName, String dateOfBirth) {
+		try {
+			SubjectConfirmationData subjectConformDate = SAML2Utils.createSAMLObject(SubjectConfirmationData.class);
+						
+			DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+			dbf.setNamespaceAware(true);
+			DocumentBuilder builder = dbf.newDocumentBuilder();			
+			Document doc = builder.newDocument();
+			
+			Marshaller out = Configuration.getMarshallerFactory()
+					.getMarshaller(subjectConformDate);
+			out.marshall(subjectConformDate, doc);
+			
+			//build root element
+			Element rootDom = doc.createElementNS(
+					ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE_URI, 					 
+					ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_ROOT);
+			rootDom.setPrefix(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE);
+			rootDom.setAttributeNS("http://www.w3.org/2000/xmlns/", 
+					"xmlns:" + ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE, 
+					ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE_URI);			
+						
+			//build personal information
+			Element familyNameDom = doc.createElement(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_FAMILYNAME);
+			//familyNameDom.setPrefix(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE);
+			familyNameDom.setTextContent(familyName);
+			
+			Element givenNameDom = doc.createElement(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_GIVENNAME);
+			//givenNameDom.setPrefix(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE);
+			givenNameDom.setTextContent(givenName);
+			
+			Element dateOfBirthDom = doc.createElement(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_DATEOFBIRTH);
+			//dateOfBirthDom.setPrefix(ELGAMandatesAuthConstants.SUBJECTCONFORMATIONDATE_ELEMENT_NAMESPACE);
+			dateOfBirthDom.setTextContent(dateOfBirth);
+						
+			//add information to root element
+			doc.getFirstChild().appendChild(rootDom);
+			rootDom.appendChild(givenNameDom);
+			rootDom.appendChild(familyNameDom);
+			rootDom.appendChild(dateOfBirthDom);
+			
+			this.subjectConformationDate = doc.getDocumentElement();
+			
+		} catch (ParserConfigurationException | MarshallingException e) {
+			Logger.error("Can not generate 'SubjectConformationDate' for " 
+					+ ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING);
+			
+		}
+		
+				
+	}
 	
+		
 }
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
index 5d98eb46e..6a7858575 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
@@ -122,7 +122,15 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
 					
 				}								
 			}
-									
+
+			//check if identityLink exists in moaSession DAO
+			if (moasession.getIdentityLink() == null) {
+				Logger.error("Connect ELGA Mandate-Service FAILED -> NO identityLink in moaSession DAO");
+				throw new MOAIDException("service.10", 
+						new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, "NO identityLink in moaSession DAO."});
+				
+			}
+			
 			String sourcePinType = moasession.getIdentityLink().getIdentificationType();
 			String sourcePinValue = moasession.getIdentityLink().getIdentificationValue();			
 			if (sourcePinType.startsWith(Constants.URN_PREFIX_BASEID)) {
@@ -152,6 +160,12 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
 					PVPTargetConfiguration.DATAID_INTERFEDERATION_REQUESTID,
 					authnReqConfig.getRequestID());
 			
+			//set SubjectConformationDate
+			authnReqConfig.setSubjectConformationDate(
+					moasession.getIdentityLink().getGivenName(), 
+					moasession.getIdentityLink().getFamilyName(), 
+					moasession.getIdentityLink().getDateOfBirth());
+			
 			//store pending-request
 			requestStoreage.storePendingRequest(pendingReq);
 			
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
index 0cee2dde3..c3d5e8032 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
@@ -263,7 +263,6 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo
 	 */
 	@Override
 	public List<RequestedAttribute> getSPRequiredAttributes() {
-		// TODO Auto-generated method stub
 		return null;
 	}
 
@@ -287,4 +286,22 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo
 		return FederatedAuthConstants.MODULE_NAME_FOR_LOGGING;
 	}
 
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAssertionSigned()
+	 */
+	@Override
+	public boolean wantAssertionSigned() {
+		return false;
+	}
+
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAuthnRequestSigned()
+	 */
+	@Override
+	public boolean wantAuthnRequestSigned() {
+		return true;
+	}
+
 }
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
index 19eae06d7..000590923 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
@@ -26,6 +26,7 @@ import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
 import org.opensaml.saml2.core.NameID;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.xml.security.credential.Credential;
+import org.w3c.dom.Element;
 
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation;
@@ -190,5 +191,21 @@ public class FederatedAuthnRequestBuilderConfiguration implements IPVPAuthnReque
 		return null;
 	}
 
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationMethode()
+	 */
+	@Override
+	public String getSubjectConformationMethode() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationDate()
+	 */
+	@Override
+	public Element getSubjectConformationDate() {
+		return null;
+	}
+
 	
 }
-- 
cgit v1.2.3


From 1bad771fdccff20e21b79f88266d194ea71a0df1 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 24 Mar 2016 14:55:02 +0100
Subject: fix empty attribute problem

---
 .../builder/attributes/EIDIssuingNationAttributeBuilder.java  | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIssuingNationAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIssuingNationAttributeBuilder.java
index ab41b1229..fc80ad7fe 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIssuingNationAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIssuingNationAttributeBuilder.java
@@ -23,9 +23,9 @@
 package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 public class EIDIssuingNationAttributeBuilder implements IPVPAttributeBuilder {
 
@@ -36,9 +36,12 @@ public class EIDIssuingNationAttributeBuilder implements IPVPAttributeBuilder {
 	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeException {
 		String countryCode = authData.getCcc();
-
-		return g.buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME,
-				EID_ISSUING_NATION_NAME, countryCode);
+		if (MiscUtil.isNotEmpty(countryCode))
+			return g.buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME,
+					EID_ISSUING_NATION_NAME, countryCode);
+		
+		else
+			return null;
 	}
 
 	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
-- 
cgit v1.2.3


From 5b1f6e34fa4c9fd6c992efd347127db863fb1031 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 24 Mar 2016 15:46:48 +0100
Subject: fix possible NullPointer in error handling

---
 .../at/gv/egovernment/moa/id/auth/servlet/AbstractController.java     | 4 ++++
 .../moa/id/auth/servlet/AbstractProcessEngineSignalController.java    | 1 +
 2 files changed, 5 insertions(+)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
index 1a029a9fa..e51f3e6c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -111,6 +111,10 @@ public abstract class AbstractController extends MOAIDAuthConstants {
 			//set original exception
 			loggedException = ((TaskExecutionException) extractedException).getOriginalException();
 			
+			//use TaskExecutionException directly, if no Original Exeception is included
+			if (loggedException == null)
+				loggedException = exceptionThrown;
+			
 			//set pending-request ID if it is set
 			String reqID = ((TaskExecutionException) extractedException).getPendingRequestID();
 			if (MiscUtil.isNotEmpty(reqID))
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
index f22c82e95..7a4ee35fa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
@@ -44,6 +44,7 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont
 			
 			//change pending-request ID
 			requestStorage.changePendingRequestID(pendingReq);
+			pendingRequestID = pendingReq.getRequestID();
 			
 			//add transactionID and unique sessionID to Logger
 			TransactionIDUtils.setSessionId(pendingReq.getUniqueSessionIdentifier());
-- 
cgit v1.2.3


From 5848cd0057ad9f607e8c117c18481f5caebfd357 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 24 Mar 2016 17:03:22 +0100
Subject: update Session-Transfer-Module to restore session

---
 .../verification/SAMLVerificationEngineSP.java     |  14 ++-
 .../modules/ssotransfer/SSOTransferConstants.java  |   7 ++
 .../ssotransfer/servlet/SSOTransferServlet.java    |   2 +-
 .../ssotransfer/task/RestoreSSOSessionTask.java    | 117 +++++++++++++++------
 .../ssotransfer/utils/SSOContainerUtils.java       |  25 ++---
 .../src/test/java/at/gv/egiz/tests/Tests.java      |  17 +++
 6 files changed, 134 insertions(+), 48 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
index d9bc7daaf..385fe90fb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
@@ -62,7 +62,7 @@ import at.gv.egovernment.moa.logging.Logger;
 public class SAMLVerificationEngineSP extends SAMLVerificationEngine {
 	
 	@Autowired AuthConfiguration authConfig;
-	
+
 	/**
 	 * Validate a PVP response and all included assertions
 	 * 
@@ -74,6 +74,13 @@ public class SAMLVerificationEngineSP extends SAMLVerificationEngine {
 	 * @throws AssertionValidationExeption
 	 */
 	public void validateAssertion(Response samlResp, boolean validateDestination, Credential assertionDecryption, String spEntityID, String loggerSPName) throws AssertionValidationExeption {
+		validateAssertion(samlResp, validateDestination, assertionDecryption, spEntityID, loggerSPName, true);
+		
+	}
+	
+	
+	public void validateAssertion(Response samlResp, boolean validateDestination, Credential assertionDecryption, String spEntityID, String loggerSPName,
+			boolean validateDateTime) throws AssertionValidationExeption {
 		try {
 			if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
 				List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>();
@@ -102,7 +109,7 @@ public class SAMLVerificationEngineSP extends SAMLVerificationEngine {
 					throw new AssertionValidationExeption("sp.pvp2.07", new Object[]{loggerSPName, "'IssueInstant' attribute is not included"});
 					
 				} 								
-				if (issueInstant.minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) {
+				if (validateDateTime && issueInstant.minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) {
 					Logger.warn("PVP response: IssueInstant DateTime is not valid anymore.");
 					throw new AssertionValidationExeption("sp.pvp2.07", new Object[]{loggerSPName, "'IssueInstant' Time is not valid any more"});
 					
@@ -150,7 +157,8 @@ public class SAMLVerificationEngineSP extends SAMLVerificationEngine {
 						if (conditions != null) {
 							DateTime notbefore = conditions.getNotBefore().minusMinutes(5);
 							DateTime notafter = conditions.getNotOnOrAfter();
-							if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) {
+							if (validateDateTime &&  
+									(notbefore.isAfterNow() || notafter.isBeforeNow()) ) {
 								isAssertionValid = false;
 								Logger.info("Assertion:" + saml2assertion.getID() 
 										+ " is out of Date. "
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java
index 1ee715afa..1a4356653 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java
@@ -59,11 +59,18 @@ public class SSOTransferConstants {
 	public static final String SSOCONTAINER_KEY_SESSION = "session";
 	public static final String SSOCONTAINER_KEY_RESULTENDPOINT = "resultEndPoint";
 	public static final String SSOCONTAINER_KEY_NONCE = "nonce";
+	public static final String SSOCONTAINER_KEY_BLOB = "blob";
+	public static final String SSOCONTAINER_KEY_SIGNATURE = "signature";
+	public static final String SSOCONTAINER_KEY_UNIQUEUSERID = "bPK";
+	
+	public static final String SSOCONTAINER_KEY_STATUS = "status";
 	
 	public static final String FLAG_SSO_SESSION_RESTORED = "ssoRestoredFlag";
 	public static final long CERT_VALIDITY = 700; //2 years
 
 	public static final String PENDINGREQ_DH = "dhparams";
 	public static final String PENDINGREQ_NONCE = "nonce";
+
+	
 	
 }
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
index 7cf7c914a..b18425839 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
@@ -278,7 +278,7 @@ public class SSOTransferServlet{
 	
 	@RequestMapping(value = {	"/TransmitSSOSession"
 							}, 
-							method = {RequestMethod.GET})	
+							method = {RequestMethod.GET, RequestMethod.POST})	
 	public void transferToPhone(HttpServletRequest req, HttpServletResponse resp) throws IOException {
 		Logger.debug("Receive " + this.getClass().getName() + " request");
 		
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
index 6d9b43e5b..dd133e4fb 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.task;
 
 import java.io.BufferedReader;
 import java.io.IOException;
+import java.io.PrintWriter;
 import java.math.BigInteger;
 import java.security.MessageDigest;
 
@@ -96,48 +97,57 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 			Logger.warn("Received POST-message produce an ERROR.", e);
 			
 		}
-		 
-    	//session is valid --> load MOASession object
-    	try {
-			defaultTaskInitialization(request, executionContext);
-						
-		} catch (MOAIDException | MOADatabaseException e1) {
-			Logger.error("Database Error! MOASession is not stored!");
-			throw new TaskExecutionException(pendingReq, "Load MOASession FAILED.", e1);
-			
-		}
-
+		
     	String nonce = pendingReq.getGenericData(SSOTransferConstants.PENDINGREQ_NONCE, String.class);
     	SSOTransferContainer container = pendingReq.getGenericData(
     			SSOTransferConstants.PENDINGREQ_DH, SSOTransferContainer.class);
     	if (container == null) {
-    		throw new TaskExecutionException(pendingReq, "NO DH-Params in pending-request", null);
+    		throw new TaskExecutionException(pendingReq, "NO DH-Params in pending-request", 
+    				new MOAIDException("NO DH-Params in pending-request", null));
     		
     	}
     	
 		
 		if (MiscUtil.isNotEmpty(receivedPostMessage)) {
 			Logger.debug("Receive POST-Message data. Start data-validation process ... ");
+			JsonObject responseMsg = new JsonObject();
 			try {
+				Logger.debug("Unformated Msg:" + receivedPostMessage);
+				
 			    JsonParser parser = new JsonParser();
-			    JsonObject reveivedData = (JsonObject) parser.parse(sb.toString());		    
-			    JsonObject reveivedSession = reveivedData.get("session").getAsJsonObject();
-			    String validTo = reveivedSession.get("validTo").getAsString();
-			    String entityID = reveivedSession.get("entityID").getAsString();
-			    //String sessionBlob = reveivedSession.get("sessionBlob").getAsString();
-			   			    
-//			    Logger.trace("Blob:" + sessionBlob + 
-//			    			 " | validTo:" + validTo + 
-//			    		     " | entityIS:" + entityID);
-			   
-
-			    //TODO!!!!
-			    String mobilePubKeyBase64 = reveivedSession.get(
+			    JsonObject receivedData = (JsonObject) parser.parse(sb.toString());		    
+			    
+			    JsonObject receivedSession = receivedData.get(
+			    		SSOTransferConstants.SSOCONTAINER_KEY_SESSION).getAsJsonObject();
+			    
+			    Logger.debug("Received Session-Object:"+ receivedSession.toString());
+			    
+			    String signature = receivedData.get(
+			    		SSOTransferConstants.SSOCONTAINER_KEY_SIGNATURE).getAsString();
+			    String mobilePubKeyBase64 = receivedData.get(
 						SSOTransferConstants.SSOCONTAINER_KEY_DH_PUBKEY).getAsString();	
-			    String encSessionBlobBase64 = new String();
+			    			    
+			    String respNonce = receivedSession.get(
+			    		SSOTransferConstants.PENDINGREQ_NONCE).getAsString();			    			   			 			    
+			    String encSessionBlobBase64 = receivedSession.get(
+			    		SSOTransferConstants.SSOCONTAINER_KEY_BLOB).getAsString();
 			    
-				Logger.debug("Receive PubKey:" +mobilePubKeyBase64 + " | SessionBlob:" + encSessionBlobBase64); 
+				Logger.debug("Receive PubKey:" +mobilePubKeyBase64 
+						+ " | SessionBlob:" + encSessionBlobBase64
+						+ " | Nonce:" + respNonce
+						+ " | Signature:" + signature
+						+ " | SignedData:" + receivedSession.toString()); 
 
+				if (MiscUtil.isEmpty(respNonce) || !respNonce.equals(nonce)) {
+					Logger.warn("Received 'nonce':" + respNonce 
+							+ " does not match to stored 'nonce':" + nonce);
+					 throw new TaskExecutionException(pendingReq, "Received 'nonce':" + respNonce 
+								+ " does not match to stored 'nonce':" + nonce, 
+								new MOAIDException("Received 'nonce':" + respNonce + " does not match to stored 'nonce':" + nonce, null));
+					
+				}
+				
+				
 				//finish DH key agreement
 				BigInteger mobilePubKey = new BigInteger(Base64Utils.decode(mobilePubKeyBase64, true));
 				DHPublicKeySpec mobilePubKeySpec = new DHPublicKeySpec(mobilePubKey, 
@@ -175,6 +185,16 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 				Logger.debug("MobileDevice is valid. --> Starting session reconstruction ...");
 		    	
 				
+		    	//session is valid --> load MOASession object
+		    	try {
+					defaultTaskInitialization(request, executionContext);
+								
+				} catch (MOAIDException | MOADatabaseException e1) {
+					Logger.error("Database Error! MOASession is not stored!");
+					throw new TaskExecutionException(pendingReq, "Load MOASession FAILED.", e1);
+					
+				}
+				
 		    	//transfer SSO Assertion into MOA-Session
 		    	ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moasession, attributeExtractor);
 		    		
@@ -190,8 +210,18 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 		    		
 		    	executionContext.put(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED, true);
 		    	executionContext.put("sessionRestoreFinished", false);	
-		    					    				    	
+		    	
+		    	
+		    	responseMsg.addProperty(
+		    			SSOTransferConstants.SSOCONTAINER_KEY_STATUS, 
+		    			"OK");
+		    	response.setStatus(HttpServletResponse.SC_OK);
+		    	response.setContentType("text/html;charset=UTF-8");
+				PrintWriter out = new PrintWriter(response.getOutputStream()); 
+				out.print(responseMsg.toString());
+				out.flush();
 
+		    	
 //		    	Logger.info("Received SSO session-data is from IDP: " + entityID 
 //		    			+ ". Start inderfederation process to restore SSO session ... ");
 //		    	//change to inderfederated session reconstruction
@@ -202,8 +232,20 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 			    						
 			 } catch (Exception e) {
 				 Logger.error("Parse reveived JSON data-object " + sb.toString() + " FAILED!", e);
-				 throw new TaskExecutionException(pendingReq, "JSON data is not parseable.", e);
-				 
+				 //throw new TaskExecutionException(pendingReq, "JSON data is not parseable.", e);
+				 try {
+					 responseMsg.addProperty(
+							 SSOTransferConstants.SSOCONTAINER_KEY_STATUS, 
+							 "FAILED");
+					 response.setStatus(HttpServletResponse.SC_OK);
+					 response.setContentType("text/html;charset=UTF-8");
+					 PrintWriter out = new PrintWriter(response.getOutputStream());				 
+					 out.print(responseMsg.toString());
+					 out.flush();
+				 } catch (IOException e1) {
+						e1.printStackTrace();
+						
+				 } 
 			 }
 			
 		} else {
@@ -218,10 +260,21 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 				executionContext.put("sessionRestoreFinished", true);
 				
 			} else {
+		    	//session is valid --> load MOASession object
+		    	try {
+					defaultTaskInitialization(request, executionContext);
+								
+				} catch (MOAIDException | MOADatabaseException e1) {
+					Logger.error("Database Error! MOASession is not stored!");
+					throw new TaskExecutionException(pendingReq, "Load MOASession FAILED.", e1);
+					
+				}
+				
 				DateTime moaSessionCreated = new DateTime(moasession.getSessionCreated().getTime());
-				if (moaSessionCreated.plusMinutes(3).isBeforeNow()) {
+				if (moaSessionCreated.plusMinutes(1).isBeforeNow()) {
 					Logger.warn("No SSO session-container received. Stop authentication process after time-out.");
-					throw new TaskExecutionException(pendingReq, "No SSO container received from smartphone app.", null);
+					throw new TaskExecutionException(pendingReq, "No SSO container received from smartphone app.", 
+							new MOAIDException("No SSO container received from smartphone app.", null));
 					
 				} else { 				
 					Logger.debug("No restored SSO session found --> Wait a few minutes and check again.");
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
index 753da96de..0785f767b 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
@@ -129,6 +129,7 @@ import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.util.BpkUtil;
 import iaik.x509.X509Certificate;
 
 /**
@@ -269,16 +270,14 @@ public class SSOContainerUtils {
 		
 	}
 	
-	public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException  {
-		byte[] base64decodedContainer = Base64Utils.decode(signedEncryptedContainer, false);
-		
+	public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException  {	
 		final BasicParserPool ppMgr = new BasicParserPool();
 		final HashMap<String, Boolean> features = new HashMap<String, Boolean>();
 		features.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
 		ppMgr.setBuilderFeatures(features);
 		ppMgr.setNamespaceAware(true);
 		
-		Document document = ppMgr.parse(new ByteArrayInputStream(base64decodedContainer));
+		Document document = ppMgr.parse(new ByteArrayInputStream(signedEncryptedContainer.getBytes()));
 		Element domElement = document.getDocumentElement();
 		
 		UnmarshallerFactory saml2UnmarshallerFactory = Configuration.getUnmarshallerFactory();
@@ -317,8 +316,8 @@ public class SSOContainerUtils {
 				samlVerificationEngine.validateAssertion(ssoContainer, false, 
 						credentials.getIDPAssertionEncryptionCredential(),
 						ssoContainer.getIssuer().getValue(),
-						"SSO-Session Transfer module"
-						);
+						"SSO-Session Transfer module",
+						false);
 				return ssoContainer;
 									
 			} else {
@@ -369,7 +368,7 @@ public class SSOContainerUtils {
 			IAuthData authData = new SSOTransferAuthenticationData(authConfig, authSession);
 			
 			Assertion assertion = PVP2AssertionBuilder.buildGenericAssertion(
-					authURL,
+					entityID,
 					entityID, 
 					new DateTime(date.getTime()), 
 					authnContextClassRef, 
@@ -380,7 +379,7 @@ public class SSOContainerUtils {
 					subjectConfirmationData.getNotOnOrAfter());
 		
 			//build blob with signed session information
-			String ssoDataBlob = buildSSOContainerObject(authURL, assertion, new DateTime(date.getTime()));			
+			String ssoDataBlob = buildSSOContainerObject(entityID, assertion, new DateTime(date.getTime()));			
 			Logger.debug("Unencrypted SessionBlob:" + ssoDataBlob);
 			
 			//encrypt session information with ephemeral key
@@ -394,8 +393,10 @@ public class SSOContainerUtils {
 			container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_VALIDTO, subjectConfirmationData.getNotOnOrAfter().toString());
 			container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_ENTITYID, entityID);
 			container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_USERID, authData.getGivenName() + " " + authData.getFamilyName());
-			
+						
 			container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_SESSION, encAndEncodedPersonalData);
+			container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_UNIQUEUSERID, 
+					BpkUtil.calcBPK(authData.getIdentificationValue(), "AB"));
 			
 			//TODO
 			container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_RESULTENDPOINT, "https://demo.egiz.gv.at");
@@ -447,13 +448,13 @@ public class SSOContainerUtils {
 
 	}
 	
-	private String buildSSOContainerObject(String authURL, Assertion assertion, DateTime date) throws ConfigurationException, EncryptionException, CredentialsNotAvailableException, SecurityException, ParserConfigurationException, MarshallingException, SignatureException, TransformerFactoryConfigurationError, TransformerException, IOException {
+	private String buildSSOContainerObject(String entityID, Assertion assertion, DateTime date) throws ConfigurationException, EncryptionException, CredentialsNotAvailableException, SecurityException, ParserConfigurationException, MarshallingException, SignatureException, TransformerFactoryConfigurationError, TransformerException, IOException {
 		Response authResponse = SAML2Utils.createSAMLObject(Response.class);
 
 		Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
 		
 		//change to entity value from entity name to IDP EntityID (URL)
-		nissuer.setValue(authURL);
+		nissuer.setValue(entityID);
 		nissuer.setFormat(NameID.ENTITY);
 		authResponse.setIssuer(nissuer);
 
@@ -541,7 +542,7 @@ public class SSOContainerUtils {
 					Logger.info("SSO-Transfer attribute " + el + " is empty!");
 				
 			} catch (Exception e) {
-				Logger.warn("Build SSO-Transfer attribute " + el + " FAILED.", e);
+				Logger.info("Build SSO-Transfer attribute " + el + " FAILED:" + e.getMessage());
 				
 			}
 		}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java
index 57f4d11ad..0eb71ec92 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java
@@ -22,6 +22,10 @@
  */
 package at.gv.egiz.tests;
 
+import com.google.gson.JsonObject;
+
+import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
+
 /**
  * @author tlenz
  *
@@ -53,6 +57,19 @@ public class Tests {
 		
 		
 		
+		JsonObject responseMsg = new JsonObject();
+		responseMsg.addProperty(
+    			SSOTransferConstants.SSOCONTAINER_KEY_STATUS, 
+    			"OK");
+		
+		
+		JsonObject levelTwo = new JsonObject();
+		levelTwo.addProperty("test", "12345");
+		
+		responseMsg.add("levelTwo", levelTwo );
+		
+		
+		System.out.println(responseMsg.toString());
 			
 //		} catch (IOException e) {
 //			// TODO Auto-generated catch block
-- 
cgit v1.2.3


From d945e481a418fcfedba616915cc77eb45ae62827 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 29 Mar 2016 14:04:59 +0200
Subject: fix missing ID in SP metadata

---
 .../egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java  | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
index ab96e4df7..567faf1d8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
@@ -186,6 +186,8 @@ public class PVPMetadataBuilder {
 			entityDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil()));
 			
 			entityDescriptor.setSignature(signature);
+			entityDescriptor.setID(SAML2Utils.getSecureIdentifier());
+			
 			
 			//marshall document
 			Marshaller out = Configuration.getMarshallerFactory()
-- 
cgit v1.2.3


From bd53025fa776091cd82d0fca57a28a5404fb4f37 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 30 Mar 2016 08:36:03 +0200
Subject: fix problem with XML parser and additional features options

---
 .../metadata/MOASPMetadataSignatureFilter.java     |  26 +++---
 .../moa/id/util/ParamValidatorUtils.java           |  30 +++++--
 .../java/at/gv/egovernment/moa/util/DOMUtils.java  |  97 +++++++++++++++++++--
 .../java/test/at/gv/egovernment/moa/AllTests.java  |   8 +-
 .../test/at/gv/egovernment/moa/MOATestCase.java    |  23 +++--
 .../at/gv/egovernment/moa/util/DOMUtilsTest.java   |   8 +-
 .../parser/CreateXMLSignatureResponseParser.java   |  14 ++-
 .../id/auth/parser/InfoboxReadResponseParser.java  |  16 +++-
 .../2.0.5/moa-spss-lib-2.0.5-javadoc.jar           | Bin 0 -> 976947 bytes
 .../moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar      | Bin 380513 -> 381412 bytes
 spss/pom.xml                                       |   6 +-
 spss/server/pom.xml                                |   2 +-
 spss/server/serverlib/pom.xml                      |  19 ++--
 .../server/config/ConfigurationPartsBuilder.java   |  23 +++--
 .../moa/spss/server/invoke/DataObjectFactory.java  |  20 ++---
 .../moa/spss/server/service/AxisHandler.java       |  19 +++-
 .../moa/spss/server/service/ServiceUtils.java      |   3 +-
 spss/server/serverws/pom.xml                       |   5 +-
 18 files changed, 234 insertions(+), 85 deletions(-)
 create mode 100644 repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5-javadoc.jar

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
index a4ab92f58..3d69b0380 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
@@ -23,14 +23,9 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
 
 import java.io.IOException;
-import java.io.StringWriter;
 
-import javax.xml.transform.Transformer;
 import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
 import javax.xml.transform.TransformerFactoryConfigurationError;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
 
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.provider.FilterException;
@@ -41,6 +36,7 @@ import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
 
 /**
  * @author tlenz
@@ -69,19 +65,21 @@ public class MOASPMetadataSignatureFilter implements MetadataFilter {
 				EntityDescriptor entityDes = (EntityDescriptor) metadata;
 				//check signature;
 				try {
-					Transformer transformer = TransformerFactory.newInstance()
-							.newTransformer();	
-					StringWriter sw = new StringWriter();
-					StreamResult sr = new StreamResult(sw);
-					DOMSource source = new DOMSource(metadata.getDOM());
-					transformer.transform(source, sr);
-					sw.close();
-					String metadataXML = sw.toString();
+					byte[] serialized = DOMUtils.serializeNode(metadata.getDOM(), "UTF-8");
+					
+//					Transformer transformer = TransformerFactory.newInstance()
+//							.newTransformer();	
+//					StringWriter sw = new StringWriter();
+//					StreamResult sr = new StreamResult(sw);
+//					DOMSource source = new DOMSource(metadata.getDOM());
+//					transformer.transform(source, sr);
+//					sw.close();
+//					String metadataXML = sw.toString();
 					
 					SignatureVerificationUtils sigVerify = 
 							new SignatureVerificationUtils();
 					VerifyXMLSignatureResponse result = sigVerify.verify(
-							metadataXML.getBytes(), trustProfileID);
+							serialized, trustProfileID);
 					
 					//check signature-verification result
 					if (result.getSignatureCheckCode() != 0) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index f97d646b6..47ea91753 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -46,20 +46,20 @@
 
 package at.gv.egovernment.moa.id.util;
 
+import java.io.ByteArrayInputStream;
 import java.io.IOException;
-import java.io.StringReader;
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
 import javax.servlet.http.HttpServletRequest;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 
-import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
 
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
@@ -68,12 +68,22 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 
 
 public class ParamValidatorUtils extends MOAIDAuthConstants{
    
+	  private static final Map<String, Object> parserFeatures =
+			  Collections.unmodifiableMap(new HashMap<String, Object>() {
+					private static final long serialVersionUID = 1L;
+					{	
+						put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+						
+					}
+			  });
+	
    /**
     * Checks if the given target is valid
     * @param target HTTP parameter from request
@@ -482,11 +492,13 @@ public class ParamValidatorUtils extends MOAIDAuthConstants{
 		   return false;
 	   
 	   Logger.debug("Ueberpruefe Parameter XMLDocument");
-	   try {   
-		   DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-		   DocumentBuilder builder = factory.newDocumentBuilder();
-		   InputSource is = new InputSource(new StringReader(document));
-		   builder.parse(is);
+	   try {
+		   DOMUtils.parseXmlValidating(new ByteArrayInputStream(document.getBytes()), parserFeatures);
+		   
+//		   DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+//		   DocumentBuilder builder = factory.newDocumentBuilder();
+//		   InputSource is = new InputSource(new StringReader(document));
+//		   builder.parse(is);
 		   
 		   Logger.debug("Parameter XMLDocument erfolgreich ueberprueft");
 		   return true;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
index 0a07fc4a7..95cd63643 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
@@ -33,6 +33,7 @@ import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Map.Entry;
 import java.util.Set;
 import java.util.Vector;
 
@@ -115,7 +116,7 @@ public class DOMUtils {
   private static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE =
 	  "http://xml.org/sax/features/external-parameter-entities";
   
-  private static final String DISALLOW_DOCTYPE_FEATURE =
+  public static final String DISALLOW_DOCTYPE_FEATURE =
 		  "http://apache.org/xml/features/disallow-doctype-decl";
   
   
@@ -205,7 +206,8 @@ public class DOMUtils {
     String externalSchemaLocations,
     String externalNoNamespaceSchemaLocation,
     EntityResolver entityResolver,
-    ErrorHandler errorHandler)
+    ErrorHandler errorHandler,
+    Map<String, Object> parserFeatures)
     throws  SAXException, IOException, ParserConfigurationException {
 
     DOMParser parser;
@@ -247,8 +249,25 @@ public class DOMUtils {
 	    parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
 	    parser.setFeature(EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
 	    
+	    //set external added parser features
+	    if (parserFeatures != null) {
+	    	for (Entry<String, Object> el : parserFeatures.entrySet()) {
+	    		String key = el.getKey();
+	    		if (MiscUtil.isNotEmpty(key)) {
+	    			Object value = el.getValue();
+	    			if (value != null && value instanceof Boolean)	    		
+	    				parser.setFeature(key, (boolean)value);
+	    			
+	    			else
+	    				Logger.warn("This XML parser only allows features with 'boolean' values");
+	    			
+	    		} else 
+	    			Logger.warn("Can not set 'null' feature to XML parser");
+	    	}
+	    }
+	    
 	    //fix XXE problem
-	    parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+	    //parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
 	    
 	
 	    if (validating) {
@@ -346,6 +365,7 @@ public class DOMUtils {
    * @param externalNoNamespaceSchemaLocation The schema location of the
    * schema for elements without a namespace, the same way it is accepted by the
    * <code>xsi:noNamespaceSchemaLocation</code> attribute.
+ * @param parserFeatures 
    * @return The parsed XML document as a DOM tree.
    * @throws SAXException An error occurred parsing the document.
    * @throws IOException An error occurred reading the document.
@@ -356,7 +376,7 @@ public class DOMUtils {
     InputStream inputStream,
     boolean validating,
     String externalSchemaLocations,
-    String externalNoNamespaceSchemaLocation)
+    String externalNoNamespaceSchemaLocation, Map<String, Object> parserFeatures)
     throws SAXException, IOException, ParserConfigurationException {
 
   
@@ -367,9 +387,50 @@ public class DOMUtils {
       externalSchemaLocations,
       externalNoNamespaceSchemaLocation,
       new MOAEntityResolver(),
-      new MOAErrorHandler());
+      new MOAErrorHandler(),
+      parserFeatures);
   }
 
+  /**
+   * Parse an XML document from a <code>String</code>.
+   * 
+   * It uses a <code>MOAEntityResolver</code> as the <code>EntityResolver</code>
+   * and a <code>MOAErrorHandler</code> as the <code>ErrorHandler</code>.
+   * 
+   * @param xmlString The <code>String</code> containing the XML document.
+   * @param encoding The encoding of the XML document.
+   * @param validating If <code>true</code>, parse validating.
+   * @param externalSchemaLocations A <code>String</code> containing namespace
+   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
+   * schemaLocation</code> attribute. 
+   * @param externalNoNamespaceSchemaLocation The schema location of the
+   * schema for elements without a namespace, the same way it is accepted by the
+   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
+   * @return The parsed XML document as a DOM tree.
+   * @throws SAXException An error occurred parsing the document.
+   * @throws IOException An error occurred reading the document.
+   * @throws ParserConfigurationException An error occurred configuring the XML
+   * parser.
+   */
+  public static Document parseDocument(
+    String xmlString,
+    String encoding,
+    boolean validating,
+    String externalSchemaLocations,
+    String externalNoNamespaceSchemaLocation,
+    Map<String, Object> parserFeatures)
+    throws SAXException, IOException, ParserConfigurationException {
+
+    InputStream in = new ByteArrayInputStream(xmlString.getBytes(encoding));
+    return parseDocument(
+      in,
+      validating,
+      externalSchemaLocations,
+      externalNoNamespaceSchemaLocation,
+      parserFeatures);
+  }
+  
+  
   /**
    * Parse an XML document from a <code>String</code>.
    * 
@@ -404,7 +465,8 @@ public class DOMUtils {
       in,
       validating,
       externalSchemaLocations,
-      externalNoNamespaceSchemaLocation);
+      externalNoNamespaceSchemaLocation,
+      null);
   }
 
   /**
@@ -453,7 +515,26 @@ public class DOMUtils {
   public static Element parseXmlValidating(InputStream inputStream)
     throws ParserConfigurationException, SAXException, IOException {
     return DOMUtils
-      .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null)
+      .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, null)
+      .getDocumentElement();
+  }
+  
+  /**
+   * A convenience method to parse an XML document validating.
+   * 
+   * @param inputStream The <code>InputStream</code> containing the XML
+   * document.
+   * @param parserFeatures Set additional features to XML parser
+   * @return The root element of the parsed XML document.
+   * @throws SAXException An error occurred parsing the document.
+   * @throws IOException An error occurred reading the document.
+   * @throws ParserConfigurationException An error occurred configuring the XML
+   * parser.
+   */
+  public static Element parseXmlValidating(InputStream inputStream, Map<String, Object> parserFeatures)
+    throws ParserConfigurationException, SAXException, IOException {
+    return DOMUtils
+      .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, parserFeatures)
       .getDocumentElement();
   }
   
@@ -471,7 +552,7 @@ public class DOMUtils {
   public static Element parseXmlNonValidating(InputStream inputStream)
     throws ParserConfigurationException, SAXException, IOException {
     return DOMUtils
-      .parseDocument(inputStream, false, Constants.ALL_SCHEMA_LOCATIONS, null)
+      .parseDocument(inputStream, false, Constants.ALL_SCHEMA_LOCATIONS, null, null)
       .getDocumentElement();
   }
 
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java
index ba7a0edc4..c0a93bf03 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java
@@ -24,16 +24,10 @@
 
 package test.at.gv.egovernment.moa;
 
-import test.at.gv.egovernment.moa.util.DOMUtilsTest;
-import test.at.gv.egovernment.moa.util.DateTimeUtilsTest;
-import test.at.gv.egovernment.moa.util.KeyStoreUtilsTest;
-import test.at.gv.egovernment.moa.util.SSLUtilsTest;
-import test.at.gv.egovernment.moa.util.XPathUtilsTest;
-
 import junit.awtui.TestRunner;
 import junit.framework.Test;
 import junit.framework.TestSuite;
-
+ 
 /**
  * @author patrick
  * @version $Id$
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
index 5d1c5371a..66bf1faff 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
@@ -26,18 +26,19 @@ package test.at.gv.egovernment.moa;
 
 import java.io.FileInputStream;
 import java.io.StringReader;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 
 import org.w3c.dom.Document;
-
 import org.xml.sax.InputSource;
 
-import junit.framework.TestCase;
-
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
+import junit.framework.TestCase;
 
 /**
  * Base class for MOA test cases.
@@ -51,6 +52,16 @@ public class MOATestCase extends TestCase {
 
   protected static final String TESTDATA_ROOT = "data/test/";
 
+  protected static final Map<String, Object> parserFeatures =
+		  Collections.unmodifiableMap(new HashMap<String, Object>() {
+				private static final long serialVersionUID = 1L;
+				{	
+					put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+					
+				}
+		  });
+  
+  
   /**
    * Constructor for MOATestCase.
    * @param arg0
@@ -67,7 +78,8 @@ public class MOATestCase extends TestCase {
       new FileInputStream(fileName),
       false,
       null,
-      null);
+      null,
+      parserFeatures);
   }
 
   /**
@@ -80,7 +92,8 @@ public class MOATestCase extends TestCase {
       new FileInputStream(fileName),
       true,
       Constants.ALL_SCHEMA_LOCATIONS,
-      null);
+      null,
+      parserFeatures);
   }
 
   /**
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
index 1a2b6904d..7b1c0cb67 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
@@ -23,6 +23,7 @@
 
 
 package test.at.gv.egovernment.moa.util;
+
 import java.io.FileInputStream;
 import java.util.Map;
 
@@ -30,10 +31,9 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 
-import test.at.gv.egovernment.moa.*;
-
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
+import test.at.gv.egovernment.moa.MOATestCase;
 
 /**
  * @author Patrick Peck
@@ -78,7 +78,8 @@ public class DOMUtilsTest extends MOATestCase {
       new FileInputStream(fileName),
       true,
       Constants.ALL_SCHEMA_LOCATIONS,
-      null);
+      null,
+      parserFeatures);
   }
 
   public void testParseCreateXMLSignature() throws Exception {
@@ -113,6 +114,7 @@ public class DOMUtilsTest extends MOATestCase {
       new FileInputStream(fileName),
       false,
       null,
+      null, 
       null);
   }
 
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
index b39cf9e9b..eca231094 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
@@ -49,7 +49,10 @@ package at.gv.egovernment.moa.id.auth.parser;
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
@@ -96,6 +99,15 @@ public class CreateXMLSignatureResponseParser {
   /** This is the root element of the CreateXMLsignatureResponse */
   private Element sigResponse_;
 
+  private static final Map<String, Object> parserFeatures =
+		  Collections.unmodifiableMap(new HashMap<String, Object>() {
+				private static final long serialVersionUID = 1L;
+				{	
+					put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+					
+				}
+		  });
+  
   /**
    * Parses and validates the document given as string and extracts the 
    * root element.
@@ -156,7 +168,7 @@ public class CreateXMLSignatureResponseParser {
   private void init(InputStream is) throws AuthenticationException, ParseException, BKUException {
     try {
       
-      Element responseElem = DOMUtils.parseXmlValidating(is);
+      Element responseElem = DOMUtils.parseXmlValidating(is, parserFeatures);
       
       if ("CreateXMLSignatureResponse".equals(responseElem.getLocalName())) {
         sigResponse_ = responseElem;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
index 31c91cd40..90fd7e1c7 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
@@ -50,6 +50,9 @@ import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.cert.CertificateException;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
@@ -82,6 +85,16 @@ public class InfoboxReadResponseParser {
   /** This is the root element of the XML-Document provided by the Security Layer Card*/
   private Element infoBoxElem_;
 
+  private static final Map<String, Object> parserFeatures =
+		  Collections.unmodifiableMap(new HashMap<String, Object>() {
+				private static final long serialVersionUID = 1L;
+				{	
+					put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+					
+				}
+		  });
+
+  
   /**
    * Parses and validates the document given as string and extracts the 
    * root element.
@@ -132,7 +145,8 @@ public class InfoboxReadResponseParser {
   private void init(InputStream is) throws AuthenticationException, ParseException, BKUException {
     try {
       
-      Element responseElem = DOMUtils.parseXmlValidating(is);
+    	
+      Element responseElem = DOMUtils.parseXmlValidating(is, parserFeatures);
       
       if ("InfoboxReadResponse".equals(responseElem.getLocalName())) {
         infoBoxElem_ = responseElem;
diff --git a/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5-javadoc.jar b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5-javadoc.jar
new file mode 100644
index 000000000..f166efece
Binary files /dev/null and b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5-javadoc.jar differ
diff --git a/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar
index 5097e2f28..f57276444 100644
Binary files a/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar and b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar differ
diff --git a/spss/pom.xml b/spss/pom.xml
index 1c2a3fbfa..9780bc5b5 100644
--- a/spss/pom.xml
+++ b/spss/pom.xml
@@ -1,10 +1,10 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-<!--     <parent>
+    <parent>
         <groupId>MOA</groupId>
         <artifactId>MOA</artifactId>
         <version>2.x</version>
-    </parent> -->
+    </parent>
 
     <modelVersion>4.0.0</modelVersion>
     <artifactId>spss</artifactId>
@@ -18,7 +18,7 @@
 
     <modules>
         <module>server</module>
-        <module>handbook</module>
+        <!-- <module>handbook</module> -->
     </modules>
 
     <build>
diff --git a/spss/server/pom.xml b/spss/server/pom.xml
index eb37775c1..362f2e1b2 100644
--- a/spss/server/pom.xml
+++ b/spss/server/pom.xml
@@ -13,7 +13,7 @@
     <name>MOA SP/SS Server</name>
 
     <modules>
-        <module>tools</module>
+        <!-- <module>tools</module> -->
         <module>serverlib</module>
         <module>serverws</module>
     </modules>
diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml
index cafd8341b..3437f84db 100644
--- a/spss/server/serverlib/pom.xml
+++ b/spss/server/serverlib/pom.xml
@@ -9,29 +9,33 @@
 	<groupId>MOA.spss.server</groupId>
 	<artifactId>moa-spss-lib</artifactId>
 	<packaging>jar</packaging>
-	<version>${moa-spss-version}</version>
+	<version>2.0.5</version>
 	<name>MOA SP/SS API</name>
 
 	<properties>
 		<repositoryPath>${basedir}/../../../repository</repositoryPath>
 	</properties>
 
-	<dependencies>
+	<dependencies> 
 		<dependency>
 			<groupId>axis</groupId>
 			<artifactId>axis</artifactId>
+			<version>1.0_IAIK_1.2</version>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.axis</groupId>
 			<artifactId>axis-jaxrpc</artifactId>
+			<version>1.4</version>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.axis</groupId>
 			<artifactId>axis-saaj</artifactId>
+			<version>1.4</version>
 		</dependency>
 		<dependency>
 			<groupId>axis</groupId>
 			<artifactId>axis-wsdl4j</artifactId>
+			<version>1.5.1</version>
 		</dependency>
 		<dependency>
 			<groupId>commons-discovery</groupId>
@@ -56,6 +60,7 @@
 		<dependency>
 			<groupId>log4j</groupId>
 			<artifactId>log4j</artifactId>
+			<version>1.2.17</version>
 		</dependency>
 		<dependency>
 			<groupId>org.postgresql</groupId>
@@ -63,7 +68,7 @@
 		</dependency>
 		<dependency>
 			<groupId>javax.servlet</groupId>
-			<artifactId>servlet-api</artifactId>
+			<artifactId>javax.servlet-api</artifactId>
 			<scope>provided</scope>
 		</dependency>
 		<dependency>
@@ -127,8 +132,8 @@
 			<optional>true</optional>
 		</dependency>
 		<dependency>
-			<groupId>MOA</groupId>
-			<artifactId>moa-common</artifactId>
+			<groupId>MOA.id.server</groupId>
+			<artifactId>moa-id-commons</artifactId>
 			<type>jar</type>
 		</dependency>
 <!--
@@ -141,8 +146,8 @@
 
 
 		<dependency>
-			<groupId>MOA</groupId>
-			<artifactId>moa-common</artifactId>
+			<groupId>MOA.id.server</groupId>
+			<artifactId>moa-id-commons</artifactId>
 			<type>test-jar</type>
 			<scope>test</scope>
 		</dependency>
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 3d2da8384..3c67ca3ca 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -23,17 +23,6 @@
 
 package at.gv.egovernment.moa.spss.server.config;
 
-import iaik.asn1.structures.Name;
-import iaik.ixsil.exceptions.URIException;
-import iaik.ixsil.util.URI;
-import iaik.pki.pathvalidation.ChainingModes;
-import iaik.pki.revocation.RevocationSourceTypes;
-import iaik.server.modules.xml.BlackListEntry;
-import iaik.server.modules.xml.ExternalReferenceChecker;
-import iaik.server.modules.xml.WhiteListEntry;
-import iaik.utils.RFC2253NameParser;
-import iaik.utils.RFC2253NameParserException;
-
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
@@ -70,6 +59,16 @@ import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.StringUtils;
 import at.gv.egovernment.moa.util.XPathUtils;
+import iaik.asn1.structures.Name;
+import iaik.ixsil.exceptions.URIException;
+import iaik.ixsil.util.URI;
+import iaik.pki.pathvalidation.ChainingModes;
+import iaik.pki.revocation.RevocationSourceTypes;
+import iaik.server.modules.xml.BlackListEntry;
+import iaik.server.modules.xml.ExternalReferenceChecker;
+import iaik.server.modules.xml.WhiteListEntry;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
 
 /**
  * A class that builds configuration data from a DOM based representation.
@@ -1429,7 +1428,7 @@ public class ConfigurationPartsBuilder {
   private static Element parseXml(InputStream inputStream)
     throws ParserConfigurationException, SAXException, IOException {
     return DOMUtils
-      .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null)
+      .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, null)
       .getDocumentElement();
   }
 
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
index 148be664b..fd7ef8cb2 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
@@ -24,11 +24,6 @@
 
 package at.gv.egovernment.moa.spss.server.invoke;
 
-import iaik.ixsil.util.URI;
-import iaik.ixsil.util.XPointerReferenceResolver;
-import iaik.server.modules.xml.DataObject;
-import iaik.server.modules.xml.XMLDataObject;
-
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
@@ -76,6 +71,10 @@ import at.gv.egovernment.moa.util.MOAErrorHandler;
 import at.gv.egovernment.moa.util.StreamEntityResolver;
 import at.gv.egovernment.moa.util.StreamUtils;
 import at.gv.egovernment.moa.util.XPathUtils;
+import iaik.ixsil.util.URI;
+import iaik.ixsil.util.XPointerReferenceResolver;
+import iaik.server.modules.xml.DataObject;
+import iaik.server.modules.xml.XMLDataObject;
 
 /**
  * A class to create <code>DataObject</code>s contained in different
@@ -259,7 +258,8 @@ public class DataObjectFactory {
           Constants.ALL_SCHEMA_LOCATIONS,
           null,
           entityResolver,
-          new MOAErrorHandler());
+          new MOAErrorHandler(),
+          null);
       Logger.trace("<<< parsed");
 
       return new XMLDataObjectImpl(doc.getDocumentElement());
@@ -272,7 +272,7 @@ public class DataObjectFactory {
     // try to parse non-validating
     try {
       ByteArrayInputStream is = new ByteArrayInputStream(contentBytes);
-      Document doc = DOMUtils.parseDocument(is, false, null, null);
+      Document doc = DOMUtils.parseDocument(is, false, null, null, null);
       // Since the parse tree will not contain any post schema validation information,
       // we need to register any attributes known to be of type xsd:Id manually.
       NodeList idAttributes = XPathUtils.selectNodeList(doc.getDocumentElement(), XPATH);
@@ -765,7 +765,7 @@ public class DataObjectFactory {
           // try parsing non-validating: this has to succeed or we
           // bail out by throwing an exception
           is = resolver.resolve(uri);
-          doc = DOMUtils.parseDocument(is, false, null, null);
+          doc = DOMUtils.parseDocument(is, false, null, null, null);
           dataObject = new XMLDataObjectImpl(doc.getDocumentElement());
         } catch (ParserConfigurationException e) {
           throw new MOASystemException("1106", null, e);
@@ -782,7 +782,7 @@ public class DataObjectFactory {
         try {
           // try parsing non-validating: need not succeed
           is = resolver.resolve(uri);
-          doc = DOMUtils.parseDocument(is, false, null, null);
+          doc = DOMUtils.parseDocument(is, false, null, null, null);
           closeInputStream(is);
           dataObject = new XMLDataObjectImpl(doc.getDocumentElement());
         } catch (Exception e) {
@@ -981,7 +981,7 @@ public class DataObjectFactory {
       Document doc;
 
       try {
-        doc = DOMUtils.parseDocument(byteStream, false, null, null);
+        doc = DOMUtils.parseDocument(byteStream, false, null, null, null);
         dataObject = new XMLDataObjectImpl(doc.getDocumentElement());
       } catch (ParserConfigurationException e) {
         throw new MOASystemException("1106", null, e);
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
index 639a75ab1..b7ce0fa7d 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
@@ -30,7 +30,10 @@ import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.HashMap;
 import java.util.Iterator;
+import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
 
@@ -100,6 +103,15 @@ public class AxisHandler extends BasicHandler {
   /** Simple string contains the post part of the enveloping SOAP wrapping */
   private static final String SOAP_PART_POST = "</soapenv:Body></soapenv:Envelope>";
   
+  private static final Map<String, Object> parserFeatures =
+		  Collections.unmodifiableMap(new HashMap<String, Object>() {
+				private static final long serialVersionUID = 1L;
+				{	
+					put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+					
+				}
+		  });
+  
   /**
    * Handle an invocation of this handler. 
    * 
@@ -146,7 +158,12 @@ public class AxisHandler extends BasicHandler {
 
       Element xmlRequest = null;
       //log.info(soapMessage.getSOAPPartAsString());
-      Element soapPart = DOMUtils.parseDocument(new ByteArrayInputStream(soapMessage.getSOAPPartAsBytes()), false, null, null).getDocumentElement();
+      Element soapPart = DOMUtils.parseDocument(
+    		  new ByteArrayInputStream(soapMessage.getSOAPPartAsBytes()), 
+    		  false, 
+    		  null, 
+    		  null,
+    		  parserFeatures).getDocumentElement();
       if (soapPart!=null) {
         //TODO: check  if DOM Version is intolerant when white spaces are between tags (preceding normalization would be necessary)
         NodeList soapBodies = soapPart.getElementsByTagNameNS(SOAP_NS_URI, "Body");
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java
index d986f7a1b..1114cb7b0 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java
@@ -85,7 +85,8 @@ public class ServiceUtils {
     	          Constants.ALL_SCHEMA_LOCATIONS,
     	          null,
     		      new MOASPSSEntityResolver(),
-    		      new MOAErrorHandler());
+    		      new MOAErrorHandler(),
+    		      null);
     	  
 //        DOMUtils.parseDocument(
 //          new ByteArrayInputStream(requestBytes),
diff --git a/spss/server/serverws/pom.xml b/spss/server/serverws/pom.xml
index b90026252..ce665cad0 100644
--- a/spss/server/serverws/pom.xml
+++ b/spss/server/serverws/pom.xml
@@ -94,8 +94,8 @@
             <!--version>${pom.version}</version-->            
         </dependency>
         <dependency>
-            <groupId>MOA</groupId>
-            <artifactId>moa-common</artifactId>
+            <groupId>MOA.id.server</groupId>
+            <artifactId>moa-id-commons</artifactId>
         </dependency>
         <dependency>
 			<groupId>iaik.prod</groupId>
@@ -118,6 +118,7 @@
 		<dependency>
 			<groupId>log4j</groupId>
 			<artifactId>log4j</artifactId>
+			<version>1.2.17</version>
 		</dependency>
 <!-- 		<dependency>
 			<groupId>iaik</groupId>
-- 
cgit v1.2.3


From c33f026d4e41a0d5faa27cd8cc924988343b95fd Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 30 Mar 2016 08:36:36 +0200
Subject: add 'ID' attribute to metadata 'entityDescriptor' element

---
 .../egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
index 567faf1d8..855925272 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
@@ -184,9 +184,10 @@ public class PVPMetadataBuilder {
 						
 		} else {
 			entityDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil()));
+			entityDescriptor.setID(SAML2Utils.getSecureIdentifier());
 			
 			entityDescriptor.setSignature(signature);
-			entityDescriptor.setID(SAML2Utils.getSecureIdentifier());
+			
 			
 			
 			//marshall document
-- 
cgit v1.2.3


From 38a8abe06596847cda4e4fd9d5b4f5585c67fc52 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 30 Mar 2016 16:44:02 +0200
Subject: implement first parts of eIDAS module error handling and
 error-response messaging

---
 .../resources/properties/id_messages_de.properties |  12 +-
 .../protocol_response_statuscodes_de.properties    |  11 ++
 .../engine/MOAeIDASChainingMetadataProvider.java   |  54 ++++++--
 .../engine/MOAeIDASMetadataProviderDecorator.java  |   2 +
 .../eidas/exceptions/EIDASEngineException.java     |  25 +++-
 .../eidas/exceptions/eIDASAttributeException.java  |  18 ++-
 .../eIDASAuthnRequestProcessingException.java      |  80 ++++++++++++
 .../eIDASAuthnRequestValidationException.java      |  59 +++++++++
 .../modules/eidas/exceptions/eIDASException.java   |  59 +++++++++
 .../exceptions/eIDASResponseBuildException.java    |  62 +++++++++
 .../eidas/tasks/CreateIdentityLinkTask.java        |  29 +++--
 .../eidas/tasks/GenerateAuthnRequestTask.java      |  24 ++--
 .../eidas/tasks/ReceiveAuthnResponseTask.java      |  12 +-
 .../auth/modules/eidas/utils/SAMLEngineUtils.java  |   2 +-
 .../moa/id/protocols/eidas/EIDASProtocol.java      | 139 +++++++++++++++++++--
 .../id/protocols/eidas/EidasMetaDataRequest.java   |   6 +-
 .../eidas/eIDASAuthenticationRequest.java          |   4 +-
 17 files changed, 538 insertions(+), 60 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index a579dd80b..6b48750d2 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -227,7 +227,7 @@ validator.73=Das MIS-Vollmachtenservice und das ELGA-Vollmachtenservice k\u00f6n
 ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen
 
 stork.00=STORK SAML AuthnRequest konnte nicht signiert werden
-stork.01=STORK SAML AuthnRequest nicht g\u00FCltig
+stork.01=STORK SAML AuthnRequest nicht g\u00FCltig. Reason:{0}
 stork.02=STORK SAML AuthnRequest kann nicht an folgende URL geschickt werden: {0}
 stork.04=STORK SAML Response konnte nicht decodiert werden
 stork.05=STORK SAML Response Validierung fehlgeschlagen
@@ -256,6 +256,16 @@ stork.27=Fehler bei der Verarbeitung von STORKRequest.
 stork.28=Fehler bei der Umwandelung von QAA Daten.
 stork.29=Fehler bei der Generierung von STORK-Attribut (eIdentifier/eLPIdentifier)
 
+eIDAS.00=eIDAS Engine initialization FAILED. Reason:{0}
+eIDAS.01=Received eIDAS AuthnRequest is not valid. Reason:{0}
+eIDAS.02=Generate eIDAS AuthnRequest FAILED. Reason:{0} 
+eIDAS.03=Can not connect to eIDAS Node. Reason:No CitizenCountry selected.
+eIDAS.04=Can not connect to eIDAS Node. Reason:{0} is not a valid CitizenCountry.
+eIDAS.05=Can not generate eIDAS metadata. Reason:{0}
+eIDAS.06=Received eIDAS AuthnRequest can not processed. Reason:{0}
+eIDAS.07=Missing eIDAS-Attribute:{0}
+eIDAS.08=No valid eIDAs-Node configuration for enityID:{0}
+
 pvp2.00={0} ist kein gueltiger consumer service index
 pvp2.01=Fehler beim kodieren der PVP2 Antwort
 pvp2.02=Ungueltiges Datumsformat
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index 653e073a2..92e231bd0 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -213,6 +213,17 @@ stork.19=1203
 stork.20=1204
 stork.21=1205
 
+eIDAS.00=TODO
+eIDAS.01=TODO
+eIDAS.02=TODO
+eIDAS.03=TODO
+eIDAS.04=TODO
+eIDAS.05=TODO
+eIDAS.06=TODO
+eIDAS.07=TODO
+eIDAS.08=TODO
+
+
 pvp2.01=6100
 pvp2.06=6100
 pvp2.10=6100
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index 491139fb5..80a2734f2 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -18,6 +18,7 @@ import org.opensaml.saml2.metadata.EntitiesDescriptor;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.RoleDescriptor;
 import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
+import org.opensaml.saml2.metadata.provider.FilterException;
 import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataFilter;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
@@ -65,7 +66,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 	private MOAeIDASChainingMetadataProvider() {
 		internalProvider = new ChainingMetadataProvider();
 		lastAccess = new HashMap<String, Date>();
-		
+				
 	}
 	
 	/* (non-Javadoc)
@@ -92,12 +93,13 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 				}								
 			}
 		
-			if (!expiredEntities.isEmpty()) {			
-				ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
-			
-				//get all actually loaded metadata providers
-				Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
+			ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+			boolean isUpdateRequired = false;
 			
+			//get all actually loaded metadata providers
+			Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
+						
+			if (!expiredEntities.isEmpty()) {										
 				for (String expired : expiredEntities) {
 					if (loadedproviders.containsKey(expired)) {
 						HTTPMetadataProvider provider = loadedproviders.get(expired);
@@ -107,7 +109,8 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 					
 						//remove from map
 						loadedproviders.remove(expired);
-					
+						isUpdateRequired = true;
+						
 						/*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
 						 *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
 						//chainProvider.removeMetadataProvider(provider);					
@@ -118,18 +121,43 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 						Logger.warn("eIDAS metadata for EntityID: " + expired 
 								+ " is marked as unsed, but no loaded metadata provider is found.");
 				
-				}
+				}			
+			}
 			
+			//check signature of all metadata which are actually loaded
+			List<String> nonValidMetadataProvider = new ArrayList<String>();
+			for (HTTPMetadataProvider provider : loadedproviders.values()) {
+				try {
+					provider.getMetadataFilter().doFilter(provider.getMetadata());
+					
+				} catch (FilterException | MetadataProviderException e) {
+					Logger.info("eIDAS MetadataProvider: " + provider.getMetadataURI() 
+						+ " is not valid any more. Reason:" + e.getMessage());
+					if (Logger.isDebugEnabled())
+						Logger.warn("Reason", e);
+
+					nonValidMetadataProvider.add(provider.getMetadataURI());
+										
+				}										
+			}			
+			for (String el : nonValidMetadataProvider) {
+				loadedproviders.remove(el);
+				isUpdateRequired = true;
+				
+			}
+
+			//update chaining metadata-provider if it is required
+			if (isUpdateRequired) {
 				try {
 					synchronized (chainProvider) {
 						chainProvider.setProviders(new ArrayList<MetadataProvider>(loadedproviders.values()));
-					
+				
 						emitChangeEvent();	
 					}
-					
+				
 				} catch (MetadataProviderException e) {
 					Logger.warn("ReInitalize eIDASA MetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy", e);
-				
+			
 				}
 			}
 		}					
@@ -184,7 +212,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 			httpProvider.setMetadataFilter(filter);
 			
 			httpProvider.initialize();
-									
+			
 			return httpProvider;
 						
 		} catch (Throwable e) {			
@@ -277,7 +305,7 @@ public class MOAeIDASChainingMetadataProvider implements ObservableMetadataProvi
 		
 	}
 	
-
+	
 	public boolean requireValidMetadata() {
 		return internalProvider.requireValidMetadata();
 	}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
index e3ae5c046..7537c4d84 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
@@ -94,6 +94,8 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataProcessorI {
 			throws SAMLEngineException {
 		//Do nothing, because metadata signature is already validated during 
 		//metadata provider initialization 
+
+		//TODO: maybe signature validation is needed on every request
 		
 	}
 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
index 95690bbeb..234c4e038 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/EIDASEngineException.java
@@ -22,19 +22,21 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
 
+import org.opensaml.saml2.core.StatusCode;
 
 /**
  * @author tlenz
  *
  */
-public class EIDASEngineException extends Exception {
+public class EIDASEngineException extends eIDASException {
 
 	/**
+	 * @param objects 
 	 * @param string
 	 * @param e
 	 */
-	public EIDASEngineException(String string, Throwable e) {
-		super(string, e);
+	public EIDASEngineException(String msg, Object[] objects, Throwable e) {
+		super(msg, objects, e);
 	}
 
 	/**
@@ -42,4 +44,21 @@ public class EIDASEngineException extends Exception {
 	 */
 	private static final long serialVersionUID = 1559812927427153879L;
 
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeFirstLevel()
+	 */
+	@Override
+	public String getStatusCodeFirstLevel() {
+		return StatusCode.RESPONDER_URI;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeSecondLevel()
+	 */
+	@Override
+	public String getStatusCodeSecondLevel() {
+		return StatusCode.AUTHN_FAILED_URI;
+	}
+
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
index 7840ae2e6..b25895eca 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAttributeException.java
@@ -22,17 +22,31 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
 
+import org.opensaml.saml2.core.StatusCode;
+
 /**
  * @author tlenz
  *
  */
-public class eIDASAttributeException extends Exception {
+public class eIDASAttributeException extends eIDASException {
 
 	private static final long serialVersionUID = 1L;
 	
 	public eIDASAttributeException(String message) {
-		super(message);
+		super("eIDAS.07", new Object[]{message});
 		
 	}
 
+	@Override
+	public String getStatusCodeFirstLevel() {
+		return StatusCode.RESPONDER_URI;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeSecondLevel()
+	 */
+	@Override
+	public String getStatusCodeSecondLevel() {
+		return StatusCode.AUTHN_FAILED_URI;
+	}
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java
new file mode 100644
index 000000000..c96af37ef
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestProcessingException.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASAuthnRequestProcessingException extends eIDASException {
+
+	private String subStatusCode = null;
+	
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1083563877689098041L;
+
+	/**
+	 * @param messageId
+	 * @param parameters
+	 */
+	public eIDASAuthnRequestProcessingException(String messageId, Object[] parameters) {
+		super(messageId, parameters);
+	}
+	
+	public eIDASAuthnRequestProcessingException(String subStatusCode, String messageId, Object[] parameters) {
+		super(messageId, parameters);
+		this.subStatusCode = subStatusCode;
+	}
+	
+	public eIDASAuthnRequestProcessingException(String messageId, Object[] parameters, Throwable e) {
+		super(messageId, parameters, e );
+	}
+	
+	public eIDASAuthnRequestProcessingException(String subStatusCode, String messageId, Object[] parameters, Throwable e) {
+		super(messageId, parameters, e );
+		this.subStatusCode = subStatusCode;
+	}
+
+	@Override
+	public String getStatusCodeFirstLevel() {
+		return StatusCode.REQUESTER_URI;
+		
+	}
+	
+	@Override
+	public String getStatusCodeSecondLevel() {
+		if (MiscUtil.isNotEmpty(subStatusCode))
+			return subStatusCode;
+		
+		else
+			return StatusCode.REQUEST_DENIED_URI;
+		
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java
new file mode 100644
index 000000000..2a15ee18a
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASAuthnRequestValidationException.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASAuthnRequestValidationException extends eIDASException {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 4353716509546972267L;
+
+	/**
+	 * @param messageId
+	 * @param parameters
+	 */
+	public eIDASAuthnRequestValidationException(String messageId, Object[] parameters) {
+		super(messageId, parameters);
+
+	}
+	
+	@Override
+	public String getStatusCodeFirstLevel() {
+		return StatusCode.REQUESTER_URI;
+		
+	}
+	
+	@Override
+	public String getStatusCodeSecondLevel() {
+		return StatusCode.RESOURCE_NOT_RECOGNIZED_URI;
+		
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java
new file mode 100644
index 000000000..f42004abc
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASException.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+
+/**
+ * @author tlenz
+ *
+ */
+public abstract class eIDASException extends MOAIDException {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1L;
+
+	
+	public abstract String getStatusCodeFirstLevel();	
+	public abstract String getStatusCodeSecondLevel();
+
+	
+	/**
+	 * @param messageId
+	 * @param parameters
+	 */
+	public eIDASException(String messageId, Object[] parameters) {
+		super(messageId, parameters);
+	}
+
+	/**
+	 * @param messageId
+	 * @param parameters
+	 */
+	public eIDASException(String messageId, Object[] parameters, Throwable e) {
+		super(messageId, parameters, e);
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java
new file mode 100644
index 000000000..0ffcf11ef
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseBuildException.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASResponseBuildException extends eIDASException {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 4446851988854996919L;
+
+	/**
+	 * @param messageId
+	 * @param parameters
+	 */
+	public eIDASResponseBuildException(String messageId, Object[] parameters) {
+		super(messageId, parameters);
+	}
+	
+	public eIDASResponseBuildException(String messageId, Object[] parameters, Throwable e) {
+		super(messageId, parameters, e);
+	}
+	
+	@Override
+	public String getStatusCodeFirstLevel() {
+		return StatusCode.RESPONDER_URI;
+		
+	}
+	
+	@Override
+	public String getStatusCodeSecondLevel() {
+			return StatusCode.AUTHN_FAILED_URI;
+		
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
index 7a696cd2f..5d7430dd7 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -22,19 +22,15 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
-import java.io.IOException;
 import java.io.InputStream;
-import java.text.ParseException;
 import java.text.SimpleDateFormat;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import javax.xml.parsers.ParserConfigurationException;
 
 import org.springframework.stereotype.Component;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
-import org.xml.sax.SAXException;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
@@ -94,28 +90,28 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 	            // - set bpk/wpbk;
 		        Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);		        		        
 		        if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_PERSONALIDENTIFIER))
-		        	throw new eIDASAttributeException("PersonalIdentifier is missing");
+		        	throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER);
 		        String eIdentifier = eIDASAttributes.get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).getValue().get(0);
 		        prIdentification.getFirstChild().setNodeValue(eIdentifier);
 
 		        // - set last name
 		        Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH);
 		        if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_CURRENTFAMILYNAME))
-		        	throw new eIDASAttributeException("currentFamilyName is missing");
+		        	throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME);
 				String familyName = eIDASAttributes.get(Constants.eIDAS_ATTR_CURRENTFAMILYNAME).getValue().get(0);
 				prFamilyName.getFirstChild().setNodeValue(familyName);
 
 		        // - set first name
 		        Node prGivenName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH);
 		        if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_CURRENTGIVENNAME))
-		        	throw new eIDASAttributeException("currentGivenName is missing");
+		        	throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME);
 				String givenName = eIDASAttributes.get(Constants.eIDAS_ATTR_CURRENTGIVENNAME).getValue().get(0);
 				prGivenName.getFirstChild().setNodeValue(givenName);
 
 		        // - set date of birth
 		        Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH);
 		        if(!eIDASAttributes.containsKey(Constants.eIDAS_ATTR_DATEOFBIRTH))
-		        	throw new eIDASAttributeException("dateOfBirth is missing");
+		        	throw new eIDASAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH);
 				String dateOfBirth = eIDASAttributes.get(Constants.eIDAS_ATTR_DATEOFBIRTH).getValue().get(0);
 				dateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(new SimpleDateFormat("yyyyMMdd").parse(dateOfBirth));
 				prDateOfBirth.getFirstChild().setNodeValue(dateOfBirth);
@@ -149,15 +145,18 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 			
 			//store MOA-session to database
 			authenticatedSessionStorage.storeSession(moasession);
-			
-		} catch (ParseException | MOAIDException | MOADatabaseException | ParserConfigurationException | SAXException | IOException e) {
-			throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
-			
+		
 		} catch (eIDASAttributeException e) {
 			throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e);
-				
-		}	
-
+						
+		} catch (MOAIDException | MOADatabaseException e) {
+			throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
+						
+		} catch (Exception e) {
+			Logger.error("IdentityLink generation for foreign person FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e);
+			
+		}
 	}
 
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index c953e40ef..c82636a8f 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -22,7 +22,6 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
-import java.io.IOException;
 import java.io.StringWriter;
 import java.util.Collection;
 
@@ -86,13 +85,13 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 
 			if (StringUtils.isEmpty(citizenCountryCode)) {
 				// illegal state; task should not have been executed without a selected country
-				throw new AuthenticationException("stork.22", new Object[] { pendingReq.getRequestID() });
+				throw new AuthenticationException("eIDAS.03", new Object[] { "" });
 			}
 
 			CPEPS cpeps = authConfig.getStorkConfig().getCPEPS(citizenCountryCode);
 			if(null == cpeps) {
 				Logger.error("PEPS unknown for country", new Object[] {citizenCountryCode});
-				throw new AuthenticationException("Unknown PEPS for citizen country '{}'", new Object[] {citizenCountryCode});
+				throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode});
 			}
 			Logger.debug("Found eIDaS Node/C-PEPS configuration for citizen of country: " + citizenCountryCode);
 			String destination = cpeps.getPepsURL().toString().split(";")[1].trim(); // FIXME convenience for metadata url and assertion destination
@@ -184,24 +183,25 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 	            revisionsLogger.logEvent(oaConfig, pendingReq, 
 						MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED,
 						authnRequest.getSamlId());
-	            
-	        } catch (IOException e) {
-	            Logger.error("Velocity IO error: " + e.getMessage());
-	            throw new MOAIDException("stork.15", null); // TODO
+	            	        
 	        } catch (Exception e) {
 	            Logger.error("Velocity general error: " + e.getMessage());
-	            throw new MOAIDException("stork.15", null); // TODO
+	            throw new MOAIDException("eIDAS.02", new Object[]{e.getMessage()}, e);
+	            
 	        }
 
 		}catch (EIDASSAMLEngineException e){
-			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
 			throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", 
-					new EIDASEngineException("Could not generate token for Saml Request", e));
+					new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e));
 			
-		} catch (EIDASEngineException | MOAIDException e) {
+		} catch (MOAIDException  e) {
 			throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", e);
 			
-		} 
+		} catch (Exception e) {
+			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
+			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			
+		}
 	}
 
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 5d1b7fb6f..b73c2a873 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -88,14 +88,20 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			Logger.error("eIDAS AuthnRequest generation FAILED.", e);
 			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
 					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
-			throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", 
-					new EIDASEngineException("Could not validate eIDAS response", e));
+			throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", 
+					new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e));
 			
-		} catch (EIDASEngineException | MOAIDException | MOADatabaseException e) {
+		} catch (MOAIDException | MOADatabaseException e) {
 			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
 					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
 			throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e);
 			
+		} catch (Exception e) {
+			Logger.error("eIDAS Response processing FAILED.", e);
+			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
+			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			
 		}	
 		
 	}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 8fe44f4d6..eeb8305cf 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -66,7 +66,7 @@ public class SAMLEngineUtils {
 				
 			} catch (EIDASSAMLEngineException e) {
 				Logger.error("eIDAS SAMLengine initialization FAILED!", e);
-				throw new EIDASEngineException("eIDAS SAMLengine initialization FAILED!", e);
+				throw new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e);
 				
 			}
 		}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 1996c3d7c..24134f1d9 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -23,17 +23,30 @@
 package at.gv.egovernment.moa.id.protocols.eidas;
 
 import java.io.IOException;
+import java.io.StringWriter;
+import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.springframework.http.MediaType;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAuthnRequestProcessingException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAuthnRequestValidationException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
@@ -44,8 +57,11 @@ import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.EIDASAuthnRequest;
+import eu.eidas.auth.commons.EIDASAuthnResponse;
 import eu.eidas.auth.commons.EIDASUtil;
 import eu.eidas.auth.engine.EIDASSAMLEngine;
+import eu.eidas.auth.engine.metadata.MetadataUtil;
+import eu.eidas.engine.exceptions.EIDASSAMLEngineException;
 
 /**
  * eIDAS Protocol Support for outbound authentication and metadata generation
@@ -140,7 +156,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
         First request step - send it to BKU selection for user authentication. After the user credentials
         and other info are obtained, in the second step the request will be processed and the user redirected
          */
-    public void preProcess(HttpServletRequest request, HttpServletResponse response, EIDASData pendingReq) throws MOAIDException {
+    private void preProcess(HttpServletRequest request, HttpServletResponse response, EIDASData pendingReq) throws MOAIDException {
 
         Logger.info("received an eIDaS request");
 
@@ -177,13 +193,36 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
 			samlReq.setPersonalAttributeList(pendingReq.getEidasRequestedAttributes()); // circumvent non-serializable eidas personal attribute list
 			pendingReq.setEidasRequest(samlReq);
 			
+			//validate destination against metadata 
+			String reqDestination = samlReq.getDestination();
+			if (MiscUtil.isNotEmpty(reqDestination)) {
+				boolean isValid = false;
+				List<AssertionConsumerService> allowedAssertionConsumerUrl = new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance())
+						.getSPSSODescriptor(samlReq.getIssuer()).getAssertionConsumerServices();
+				
+				for (AssertionConsumerService el : allowedAssertionConsumerUrl) {
+					if (reqDestination.equals(el.getLocation()))
+						isValid = true;
+					
+				}
+				
+				if (!isValid) {
+					Logger.info("eIDAS AuthnRequest contains a not valid 'Destination' attribute");
+					throw new eIDASAuthnRequestValidationException("stork.01", 
+							new Object[]{"eIDAS AuthnRequest contains a not valid 'Destination' attribute"});
+				}
+				
+			}
+			
+			
 			// - memorize OA url
 			pendingReq.setOAURL(samlReq.getIssuer());
 	
 			// - memorize OA config
 			IOAAuthParameters oaConfig = authConfig.getOnlineApplicationParameter(pendingReq.getOAURL());
 			if (oaConfig == null)
-				throw new AuthenticationException("stork.12", new Object[]{pendingReq.getOAURL()});
+				throw new eIDASAuthnRequestProcessingException("eIDAS.08", new Object[]{pendingReq.getOAURL()});
+			
 			pendingReq.setOnlineApplicationConfiguration(oaConfig);
 
 			String spType = samlReq.getSPType();
@@ -194,16 +233,102 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController {
 			}
 
 			Logger.debug("eIDAS request has SPType:" + spType);
+					
+		} catch (MOAIDException e) {
+			Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());
+			throw e;
+					
+		} catch (EIDASSAMLEngineException e) {
+			Logger.info("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage());
+			throw new eIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
 			
 		} catch(Exception e) {
-			Logger.error("error in preprocessing step", e);
-			throw new MOAIDException("error in preprocessing step", null);
+			Logger.warn("eIDAS AuthnRequest preProcessing FAILED. Msg:" + e.getMessage(), e);
+			throw new eIDASAuthnRequestProcessingException("eIDAS.06", new Object[]{e.getMessage()}, e);
 			
 		}
     }
 
-    public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable {
-        return false;
+    public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest pendingReq) throws Throwable {
+        if (pendingReq != null && pendingReq instanceof EIDASData) {
+        	EIDASData eidasReq = (EIDASData) pendingReq;
+        	if (eidasReq.getEidasRequest() == null) {
+        		Logger.info("Can not build eIDAS ErrorResponse. No eIDAS AuthnRequest found.");
+        		return false;
+        	}
+        	
+        	try {
+        		EIDASAuthnResponse eIDASResp = new EIDASAuthnResponse();
+        		eIDASResp.setIssuer(pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA);
+        	     		
+        		if (e instanceof eIDASException) {
+        			eIDASResp.setStatusCode(((eIDASException) e).getStatusCodeFirstLevel());
+        			eIDASResp.setSubStatusCode(((eIDASException) e).getStatusCodeSecondLevel());
+        			eIDASResp.setMessage(e.getMessage());
+     			
+        		} else if (e instanceof MOAIDException ) {
+        			eIDASResp.setStatusCode(StatusCode.RESPONDER_URI);
+        			eIDASResp.setSubStatusCode(StatusCode.AUTHN_FAILED_URI);
+        			eIDASResp.setMessage(e.getMessage());
+     			
+        		} else {
+        			eIDASResp.setStatusCode(StatusCode.RESPONDER_URI);
+        			eIDASResp.setSubStatusCode(StatusCode.AUTHN_FAILED_URI);
+        			eIDASResp.setMessage(e.getMessage());
+     			
+        		}
+     		
+        		
+        		EIDASSAMLEngine engine = SAMLEngineUtils.createSAMLEngine();
+        		
+        		if(null == eidasReq.getEidasRequest().getAssertionConsumerServiceURL()) {
+    				String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
+    						new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()), 
+    						engine, 
+    						eidasReq.getEidasRequest());
+    				eidasReq.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
+    				
+    			}        		
+        		//get eIDAS SAML-engine
+        		
+        		eIDASResp = engine.generateEIDASAuthnResponseFail(eidasReq.getEidasRequest(), eIDASResp, 
+        				eidasReq.getRemoteAddress(), true);
+        		
+        		String token = EIDASUtil.encodeSAMLToken(eIDASResp.getTokenSaml());
+     		
+                VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+                Template template = velocityEngine.getTemplate("/resources/templates/stork2_postbinding_template.html");
+                VelocityContext context = new VelocityContext();
+
+                context.put("RelayState", eidasReq.getRemoteRelayState());
+
+                context.put("SAMLResponse", token);
+                Logger.debug("SAMLResponse original: " + token);
+
+                Logger.debug("Putting assertion consumer url as action: " + eidasReq.getEidasRequest().getAssertionConsumerServiceURL());
+                context.put("action", eidasReq.getEidasRequest().getAssertionConsumerServiceURL());
+                Logger.trace("Starting template merge");
+                StringWriter writer = new StringWriter();
+
+                Logger.trace("Doing template merge");
+                template.merge(context, writer);
+                Logger.trace("Template merge done");
+
+                Logger.trace("Sending html content  : " + new String(writer.getBuffer()));
+
+                response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
+                response.setContentType(MediaType.TEXT_HTML.getType());
+        		
+                return true;
+                
+        	} catch (Exception e1 ) { 
+        		Logger.error("Generate eIDAS Error-Response failed.", e);
+        		
+        	}
+     		     		
+        }
+    	
+    	return false;
     }
 
     public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) {
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index 60ffb3673..b4db5c83d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -71,8 +71,10 @@ public class EidasMetaDataRequest implements IAction {
             httpResp.setContentType(MediaType.APPLICATION_XML.getType());
             httpResp.getWriter().print(metaData);
             httpResp.flushBuffer();
-        } catch (Exception e) {
-            e.printStackTrace();
+        } catch (Exception e) {        	
+        	Logger.error("eIDAS Metadata generation FAILED.", e);
+        	throw new MOAIDException("eIDAS.05", new Object[]{e.getMessage()}, e);
+            
         } 
 		
 		
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index d9663092f..9943cc5fb 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -122,19 +122,21 @@ public class eIDASAuthenticationRequest implements IAction {
 			// but we need to set the appropriate request issuer
 			engine.setRequestIssuer(eidasRequest.getEidasRequest().getIssuer());
 
-			// check if we have the destination available, supply it if not
+
 			if(null == eidasRequest.getEidasRequest().getAssertionConsumerServiceURL()) {
 				String assertionConsumerUrl = MetadataUtil.getAssertionUrlFromMetadata(
 						new MOAeIDASMetadataProviderDecorator(MOAeIDASChainingMetadataProvider.getInstance()), 
 						engine, 
 						eidasRequest.getEidasRequest());
 				eidasRequest.getEidasRequest().setAssertionConsumerServiceURL(assertionConsumerUrl);
+				
 			}
 			
 			response = engine.generateEIDASAuthnResponse(eidasRequest.getEidasRequest(), response, eidasRequest.getRemoteAddress(), true);
 
 			
 			token = EIDASUtil.encodeSAMLToken(response.getTokenSaml());
+			
 		} catch(Exception e) {
 			e.printStackTrace();
 		}
-- 
cgit v1.2.3


From ab67fbdf5d661a33b67436c70db0dcb8b840cf57 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 31 Mar 2016 08:03:28 +0200
Subject: if database cleanUP process found some unhandled exception, write
 error messages to technical log

---
 id/server/auth-final/pom.xml                       |  2 +-
 .../moa/id/auth/AuthenticationSessionCleaner.java  | 76 +++++++++++++++++++++-
 .../moa/id/auth/servlet/AbstractController.java    | 24 ++++++-
 .../AbstractProcessEngineSignalController.java     |  6 +-
 .../moa/id/data/ExceptionContainer.java            | 65 ++++++++++++++++++
 .../protocols/ProtocolFinalizationController.java  | 12 ++--
 .../moa/id/storage/DBTransactionStorage.java       | 37 ++++++-----
 .../moa/id/storage/ITransactionStorage.java        | 15 ++++-
 .../servlet/SSOTransferSignalServlet.java          |  6 +-
 9 files changed, 207 insertions(+), 36 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml
index 776ec00d3..61eba7f22 100644
--- a/id/server/auth-final/pom.xml
+++ b/id/server/auth-final/pom.xml
@@ -165,7 +165,7 @@
 
 <!-- 		<dependency>
 			<groupId>MOA.id.server.modules</groupId>
-			<artifactId>moa-id-module-pvp2</artifactId>
+			<artifactId>moa-id-module-eIDAS</artifactId>
 		</dependency> -->
 
  		<dependency>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
index 94138e0fc..e0552c337 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
@@ -4,15 +4,22 @@
 package at.gv.egovernment.moa.id.auth;
 
 import java.util.Date;
+import java.util.List;
 
+import org.hibernate.HibernateException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.data.ExceptionContainer;
+import at.gv.egovernment.moa.id.process.ProcessExecutionException;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.storage.ITransactionStorage;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
  * Thread cleaning the <code>AuthenticationServer</code> session store
@@ -53,11 +60,55 @@ public class AuthenticationSessionCleaner implements Runnable {
     			authenticationSessionStorage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated);
     						
     			//clean TransactionStorage
-    			transactionStorage.clean(now, authDataTimeOut);
+    			List<String> entryKeysToClean = transactionStorage.clean(now, authDataTimeOut);
+    			if (entryKeysToClean != null && entryKeysToClean.size() != 0) {
+    				for(String entryKey : entryKeysToClean) {
+    					try {
+    						try {
+    							Object entry = transactionStorage.get(entryKey);
+    							//if entry is an exception --> log it because is could be unhandled
+    							if (entry != null && entry instanceof ExceptionContainer) {    								
+    								ExceptionContainer exContainer = (ExceptionContainer) entry;    								
+    								
+    								if (exContainer.getExceptionThrown() != null) {
+    									//add session and transaction ID to log if exists
+    									if (MiscUtil.isNotEmpty(exContainer.getUniqueTransactionID()))
+    										TransactionIDUtils.setTransactionId(exContainer.getUniqueTransactionID());
+									
+    									if (MiscUtil.isNotEmpty(exContainer.getUniqueSessionID()))
+    										TransactionIDUtils.setSessionId(exContainer.getUniqueSessionID());
+ 
+    									//log exception to technical log
+    									logExceptionToTechnicalLog(exContainer.getExceptionThrown());
+    									
+    									//remove session and transaction ID from thread
+    									TransactionIDUtils.removeSessionId();
+    									TransactionIDUtils.removeTransactionId();
+    								}    								
+    							}
+    							
+    						} catch (Exception e) {
+    							Logger.info("Transaction info is not loadable. "
+    									+ "Key:" + entryKey
+    									+ " ErrorMsg:" + e.getMessage());
+    							
+    						}
+    						
+    						transactionStorage.remove(entryKey);
+    						Logger.info("Remove stored information with ID: " + entryKey 
+    								+ " after timeout.");
+    					
+    					} catch (HibernateException e){
+    						Logger.warn("Transaction information with ID=" + entryKey 
+    								+ " not removed after timeout! (Error during Database communication)", e);
+    					}
+    	
+    				}	
+    			}
 
     			
     		} catch (Exception e) {
-    			Logger.error("Session cleanUp FAILED!" , e);
+    			Logger.error("Session/Transaction cleanUp FAILED!" , e);
     			
     		}
     		
@@ -72,6 +123,27 @@ public class AuthenticationSessionCleaner implements Runnable {
     }
   }
 
+	/**
+	 * Write a Exception to the MOA-ID-Auth internal technical log
+	 * 
+	 * @param loggedException Exception to log
+	 */	
+	protected void logExceptionToTechnicalLog(Throwable loggedException) {
+		if (!( loggedException instanceof MOAIDException 
+				 || loggedException instanceof ProcessExecutionException )) {
+			Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException);
+	
+		} else {
+			if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) {
+				Logger.warn(loggedException.getMessage(), loggedException);
+	
+			} else {
+				Logger.info(loggedException.getMessage());
+	
+			}			
+		}		
+	}
+  
   /**
    * start the sessionCleaner
    */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
index e51f3e6c9..fd2e03afa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -32,6 +32,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
 import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
@@ -42,10 +43,12 @@ import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.data.ExceptionContainer;
 import at.gv.egovernment.moa.id.moduls.IRequestStorage;
 import at.gv.egovernment.moa.id.process.ProcessExecutionException;
 import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController;
@@ -101,8 +104,12 @@ public abstract class AbstractController extends MOAIDAuthConstants {
 	}
 	
 	protected void handleError(String errorMessage, Throwable exceptionThrown,
-			HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) throws IOException {
+			HttpServletRequest req, HttpServletResponse resp, IRequest pendingReq) throws IOException {
 
+		String pendingRequestID = null;
+		if (pendingReq != null)
+			pendingRequestID = pendingReq.getRequestID();
+		
 		Throwable loggedException = null;
 		Throwable extractedException = extractOriginalExceptionFromProcessException(exceptionThrown);
 		
@@ -127,8 +134,19 @@ public abstract class AbstractController extends MOAIDAuthConstants {
 			//switch to protocol-finalize method to generate a protocol-specific error message
 							
 			//put exception into transaction store for redirect
-			String key = Random.nextRandom();			
-			transactionStorage.put(key, loggedException);
+			String key = Random.nextLongRandom();
+			if (pendingReq != null) {
+				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR);
+				transactionStorage.put(key, 
+						new ExceptionContainer(pendingReq.getUniqueSessionIdentifier(), 
+								pendingReq.getUniqueTransactionIdentifier(), loggedException));
+			
+			} else {
+				transactionStorage.put(key, 
+						new ExceptionContainer(null, 
+								null, loggedException));
+				
+			}
 				
 			//build up redirect URL
 			String redirectURL = null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
index 7a4ee35fa..0ce7b0050 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractProcessEngineSignalController.java
@@ -28,14 +28,14 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont
 	
 	protected void signalProcessManagement(HttpServletRequest req, HttpServletResponse resp) throws IOException {
 		String pendingRequestID = StringEscapeUtils.escapeHtml(getPendingRequestId(req));
-		
+		IRequest pendingReq = null;
 		try {	
 			if (pendingRequestID == null) {
 				throw new MOAIllegalStateException("process.03", new Object[]{"Unable to determine MOA pending-request id."});
 				
 			}
 			
-			IRequest pendingReq = requestStorage.getPendingRequest(pendingRequestID);
+			pendingReq = requestStorage.getPendingRequest(pendingRequestID);
 			if (pendingReq == null) {
 				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
 				throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
@@ -60,7 +60,7 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont
 			processEngine.signal(pendingReq);
 			
 		} catch (Exception ex) {
-			handleError(null, ex, req, resp, pendingRequestID);
+			handleError(null, ex, req, resp, pendingReq);
 			
 		} finally {
 			//MOASessionDBUtils.closeSession();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java
new file mode 100644
index 000000000..5e3fb5df6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.data;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ExceptionContainer {
+
+	private Throwable exceptionThrown = null;
+	private String uniqueSessionID = null;
+	private String uniqueTransactionID = null;
+	
+	/**
+	 * 
+	 */
+	public ExceptionContainer(String uniqueSessionID, String uniqueTransactionID, Throwable exception) {
+		this.uniqueSessionID = uniqueSessionID;
+		this.uniqueTransactionID = uniqueTransactionID;
+		this.exceptionThrown = exception;		
+	}
+	
+	/**
+	 * @return the exceptionThrown
+	 */
+	public Throwable getExceptionThrown() {
+		return exceptionThrown;
+	}
+	/**
+	 * @return the uniqueSessionID
+	 */
+	public String getUniqueSessionID() {
+		return uniqueSessionID;
+	}
+	/**
+	 * @return the uniqueTransactionID
+	 */
+	public String getUniqueTransactionID() {
+		return uniqueTransactionID;
+	}
+	
+	
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
index 991c6a881..0da43d818 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
@@ -38,6 +38,7 @@ import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.data.ExceptionContainer;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
 
@@ -66,15 +67,14 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon
 		if (errorid != null) {
 			try {				
 				//load stored exception from database
-				Throwable throwable = transactionStorage.get(errorid, Throwable.class);
-				
-				if (throwable != null) {					
+				ExceptionContainer container = transactionStorage.get(errorid, ExceptionContainer.class);								
+				if (container != null) {					
 					//remove exception if it was found
 					transactionStorage.remove(errorid);
 					
-					if (pendingReq != null) {						
-						revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR);
-	
+					Throwable throwable = container.getExceptionThrown();
+					
+					if (pendingReq != null) {													
 						//build protocol-specific error message if possible
 						buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq);
 																
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
index ff631a720..6778dc32e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
@@ -23,6 +23,7 @@
 package at.gv.egovernment.moa.id.storage;
 
 import java.io.Serializable;
+import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
 
@@ -99,6 +100,17 @@ public class DBTransactionStorage implements ITransactionStorage {
 		}
 	}
 	
+	public Object get(String key) throws MOADatabaseException {
+		  AssertionStore element = searchInDatabase(key);
+		  
+		  if (element == null)
+			  return null;
+		  
+		  return SerializationUtils.deserialize(element.getAssertion());
+		
+		
+	}
+	
 	public <T> T get(String key, final Class<T> clazz, long dataTimeOut) throws MOADatabaseException, AuthenticationException {
 	 
 	  AssertionStore element = searchInDatabase(key);
@@ -134,10 +146,11 @@ public class DBTransactionStorage implements ITransactionStorage {
 	  }
 	}
 	
-	public void clean(Date now, long dataTimeOut) {
+	public List<String> clean(Date now, long dataTimeOut) {
 		Date expioredate = new Date(now.getTime() - dataTimeOut);		
 		
 		List<AssertionStore> results;
+		List<String> returnValues = new ArrayList<String>();;
 		Session session = MOASessionDBUtils.getCurrentSession();
 		
 		synchronized (session) {			
@@ -146,22 +159,14 @@ public class DBTransactionStorage implements ITransactionStorage {
 			query.setTimestamp("timeout", expioredate);		
 			results = query.list();
 			session.getTransaction().commit();
-				
-			if (results.size() != 0) {
-				for(AssertionStore result : results) {
-					try { 
-						cleanDelete(result);
-						Logger.info("Remove stored information with ID: " + result.getArtifact() 
-								+ " after timeout.");
-					
-					} catch (HibernateException e){
-						Logger.warn("Sessioninformation with ID=" + result.getArtifact() 
-								+ " not removed after timeout! (Error during Database communication)", e);
-					}
-	
-				}	
-			}
 		}
+		
+		if (results != null) {
+			for (AssertionStore el : results)
+				returnValues.add(el.getArtifact());
+							
+		}
+		return returnValues;
 	}
 	 
 	public void remove(String key) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
index 48283d2b6..fe959c39d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
@@ -23,6 +23,7 @@
 package at.gv.egovernment.moa.id.storage;
 
 import java.util.Date;
+import java.util.List;
 
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -50,6 +51,15 @@ public interface ITransactionStorage {
 	 */
 	public void put(String key, Object value) throws MOADatabaseException;
 	
+	/**
+	 * Get a data object from transaction storage
+	 * 
+	 * @param key key Id which identifiers the data object
+	 * @return The transaction-data object, or null
+	 * @throws MOADatabaseException In case of load operation failed
+	 */
+	public Object get(String key) throws MOADatabaseException;
+	
 	/**
 	 * Get a data object from transaction storage
 	 * 
@@ -91,11 +101,12 @@ public interface ITransactionStorage {
 	public void remove(String key);
 	
 	/**
-	 * Clean-up the transaction storage
+	 * Get all entries for Clean-up the transaction storage
 	 * 
 	 * @param now Current time
 	 * @param dataTimeOut Data-object timeout in [ms]
+	 * @return List of entry-keys which as a timeout
 	 */
-	public void clean(Date now, long dataTimeOut);
+	public List<String> clean(Date now, long dataTimeOut);
 	
 }
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
index cd18afb71..e92925dfb 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java
@@ -61,13 +61,13 @@ public class SSOTransferSignalServlet extends AbstractProcessEngineSignalControl
 	@Override
 	protected void signalProcessManagement(HttpServletRequest req, HttpServletResponse resp) throws IOException {
 		String pendingRequestID = StringEscapeUtils.escapeHtml(getPendingRequestId(req));
-		
+		IRequest pendingReq = null;
 		try {	
 			if (pendingRequestID == null) {
 				throw new IllegalStateException("Unable to determine MOA pending-request id.");
 			}
 			
-			IRequest pendingReq = requestStorage.getPendingRequest(pendingRequestID);
+			pendingReq = requestStorage.getPendingRequest(pendingRequestID);
 			if (pendingReq == null) {
 				Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure.");
 				throw new MOAIDException("auth.28", new Object[]{pendingRequestID});
@@ -87,7 +87,7 @@ public class SSOTransferSignalServlet extends AbstractProcessEngineSignalControl
 			processEngine.signal(pendingReq);
 			
 		} catch (Exception ex) {
-			handleError(null, ex, req, resp, pendingRequestID);
+			handleError(null, ex, req, resp, pendingReq);
 			
 		} finally {
 			//MOASessionDBUtils.closeSession();
-- 
cgit v1.2.3


From 4a347b1c7784e2c756c2bcae973d3b6da0ba8e62 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 31 Mar 2016 14:36:38 +0200
Subject: fix missing implementation in ExceptionContainer

---
 .../main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java | 5 ++++-
 .../java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java | 6 ++++++
 .../java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java  | 3 ++-
 3 files changed, 12 insertions(+), 2 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java
index 5e3fb5df6..1c6fdcb65 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ExceptionContainer.java
@@ -22,12 +22,15 @@
  */
 package at.gv.egovernment.moa.id.data;
 
+import java.io.Serializable;
+
 /**
  * @author tlenz
  *
  */
-public class ExceptionContainer {
+public class ExceptionContainer implements Serializable {
 
+	private static final long serialVersionUID = 5355860753609684995L;
 	private Throwable exceptionThrown = null;
 	private String uniqueSessionID = null;
 	private String uniqueTransactionID = null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
index 6778dc32e..c2b3b0fc5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
@@ -242,6 +242,12 @@ public class DBTransactionStorage implements ITransactionStorage {
 		element.setType(value.getClass().getName());
 		element.setDatatime(new Date());
 
+		if (!Serializable.class.isInstance(value)) {
+			Logger.warn("Transaction-Storage can only store objects which implements the 'Seralizable' interface");
+			throw new MOADatabaseException("Transaction-Storage can only store objects which implements the 'Seralizable' interface", null);
+			
+		}	
+		
 		//serialize the Assertion for Database storage
 		byte[] data = SerializationUtils.serialize((Serializable) value);
 		element.setAssertion(data);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
index fe959c39d..493f24ee8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ITransactionStorage.java
@@ -46,7 +46,8 @@ public interface ITransactionStorage {
 	 * Store a data object with a key to transaction storage
 	 * 
 	 * @param key Id which identifiers the data object
-	 * @param value Data object which should be stored
+	 * @param value Data object which should be stored. 
+	 *              This data must implement the <code>java.io.Serializable</code> interface
 	 * @throws MOADatabaseException In case of store operation failed
 	 */
 	public void put(String key, Object value) throws MOADatabaseException;
-- 
cgit v1.2.3


From a2c787edb81084a0f7a1f01d79607121ff5ec2a4 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 31 Mar 2016 14:37:09 +0200
Subject: add errorcodes to eIDAS module functionality

---
 id/server/doc/handbook/protocol/protocol.html      | 46 +++++++++++++++
 .../resources/properties/id_messages_de.properties |  8 ++-
 .../protocol_response_statuscodes_de.properties    | 22 +++----
 .../eIDASResponseNotSuccessException.java          | 67 ++++++++++++++++++++++
 .../eidas/tasks/ReceiveAuthnResponseTask.java      | 24 ++++++--
 5 files changed, 148 insertions(+), 19 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html
index ff7921ad5..6713bd7a3 100644
--- a/id/server/doc/handbook/protocol/protocol.html
+++ b/id/server/doc/handbook/protocol/protocol.html
@@ -270,6 +270,13 @@ Redirect Binding</td>
       <td><p>Gesamte Personenbindung in BASE64 kodiert.</p>
       <p><strong>Hinweis:</strong> Im Falle einer privatwirtschaftlichen Applikation ist die Stammzahl durch die wbPK ersetzt.</p></td>
     </tr>
+    <tr>
+      <td height="23">urn:oid:1.2.40.0.10.2.1.1.261.106</td>
+      <td>MANDATE-TYPE-OID</td>
+      <td align="center">mandate</td>
+      <td>&nbsp;</td>
+      <td>Bezeichnung als OID des verwendeten Vollmachten-Profils</td>
+    </tr>
     <tr>
       <td height="23">urn:oid:1.2.40.0.10.2.1.1.261.68</td>
       <td>MANDATE-TYPE</td>
@@ -646,6 +653,45 @@ Redirect Binding</td>
     <td>Der geforderte QAA Level ist h&ouml;her als der QAA Level der gew&auml;hlten Authentifizierungsmethode</td>
   </tr>
 </table>
+<h5><a name="statuscodes_13xx" id="allgemeines_zugangspunkte26"></a>1.3.1.4 eIDAS (13xxx)</h5>
+<table class="configtable">
+  <tr>
+    <th width="13%">Statuscode</th>
+    <th width="87%">Beschreibung</th>
+  </tr>
+  <tr>
+    <td>1300</td>
+    <td>Fehler beim Erstellen des eIDAS Authentifizierungsrequests</td>
+  </tr>
+  <tr>
+    <td>1301</td>
+    <td>Fehler beim Validieren der eIDAS Authentifizierungsresponse</td>
+  </tr>
+  <tr>
+    <td>1302</td>
+    <td>Response vom eIDAS Node enth&auml;lt einen Fehler</td>
+  </tr>
+  <tr>
+    <td>1303</td>
+    <td>eIDAS Response beinhaltet nicht alle minimal erforderlichen Attribute</td>
+  </tr>
+  <tr>
+    <td>1304</td>
+    <td>Der ausgew&auml;hlte eIDAS Node existiert nicht oder ist nicht konfiguriert</td>
+  </tr>
+  <tr>
+    <td>1305</td>
+    <td>eIDAS Request konnte nicht g&uuml;ltig verarbeitet werden</td>
+  </tr>
+  <tr>
+    <td>1306</td>
+    <td>Generierung dereIDAS Metadaten fehlgeschlagen</td>
+  </tr>
+  <tr>
+    <td>1399</td>
+    <td>Interner Fehler in der eIDAS SAML-Engine</td>
+  </tr>
+</table>
 <h4><a name="statuscodes_4xxxx" id="allgemeines_zugangspunkte8"></a>1.3.2 Statuscodes 4xxxx</h4>
 <p>Alles Statuscodes beginnend mit der Zahl vier beschreiben Fehler die w&auml;hrend der Kommunikation mit externen Services aufgetreten sind.</p>
 <h5><a name="statuscodes_40xxx" id="allgemeines_zugangspunkte19"></a>1.3.2.1 BKU (40xxxx)</h5>
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 6b48750d2..400b0bc25 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -128,7 +128,7 @@ cleaner.03=Abgelaufene Anmeldedaten zur SAML-Assertion ID {0} wurden aus dem Spe
 
 proxy.00=MOA ID Proxy wurde erfolgreich gestartet
 proxy.01=Unbekannter URL {0}, erwarteter URL auf {1}
-proxy.02=Unbekannter URL {0}. <br>Es wurde keine Übereinstimmung zum Attribut publicURLPrefix im Element 'OnlineApplication' der verwendeten MOA-ID Konfigurationsdatei gefunden.
+proxy.02=Unbekannter URL {0}. <br>Es wurde keine \u00dcbereinstimmung zum Attribut publicURLPrefix im Element 'OnlineApplication' der verwendeten MOA-ID Konfigurationsdatei gefunden.
 proxy.04=URL {0} : {1}
 proxy.05=Fehler beim Aufbauen der SSLSocketFactory f\u00FCr {0} \: {1}
 proxy.06=Fehler beim Starten des Service MOA ID Proxy
@@ -265,8 +265,10 @@ eIDAS.05=Can not generate eIDAS metadata. Reason:{0}
 eIDAS.06=Received eIDAS AuthnRequest can not processed. Reason:{0}
 eIDAS.07=Missing eIDAS-Attribute:{0}
 eIDAS.08=No valid eIDAs-Node configuration for enityID:{0}
+eIDAS.09=Received eIDAS Response is not valid. Reason:{0}
+eIDAS.10=Internal server error. Reason:{0}
+eIDAS.11=Received eIDAS Error-Response. Reason:{0} 
 
-pvp2.00={0} ist kein gueltiger consumer service index
 pvp2.01=Fehler beim kodieren der PVP2 Antwort
 pvp2.02=Ungueltiges Datumsformat
 pvp2.03=Vollmachtattribute nicht in Metadaten verfuegbar
@@ -325,4 +327,4 @@ slo.02=Es wurde keine aktive SSO Session gefunden oder Sie sind bei keiner Onlin
 
 process.01=Fehler beim Ausf\u00FChren des Prozesses.
 process.02=Fehler beim Erstellen eines geeigneten Prozesses f\u00FCr die SessionID {0}.
-process.03=Fehler beim Weiterführen es Prozesses. Msg:{0}
+process.03=Fehler beim Weiterf\u00FChren es Prozesses. Msg:{0}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index 92e231bd0..bfaf5ffb1 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -213,16 +213,18 @@ stork.19=1203
 stork.20=1204
 stork.21=1205
 
-eIDAS.00=TODO
-eIDAS.01=TODO
-eIDAS.02=TODO
-eIDAS.03=TODO
-eIDAS.04=TODO
-eIDAS.05=TODO
-eIDAS.06=TODO
-eIDAS.07=TODO
-eIDAS.08=TODO
-
+eIDAS.00=1399
+eIDAS.01=1305
+eIDAS.02=1300
+eIDAS.03=1304
+eIDAS.04=1304
+eIDAS.05=1306
+eIDAS.06=1305
+eIDAS.07=1303
+eIDAS.08=1304
+eIDAS.09=1301
+eIDAS.10=9199
+eIDAS.11=1302
 
 pvp2.01=6100
 pvp2.06=6100
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java
new file mode 100644
index 000000000..d10ca1c88
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/exceptions/eIDASResponseNotSuccessException.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eidas.exceptions;
+
+import org.opensaml.saml2.core.StatusCode;
+
+/**
+ * @author tlenz
+ *
+ */
+public class eIDASResponseNotSuccessException extends eIDASException {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 6145402939313568907L;
+
+	public eIDASResponseNotSuccessException(String messageId, Object[] parameters) {
+		super(messageId, parameters);
+	}
+	
+	/**
+	 * @param messageId
+	 * @param parameters
+	 * @param e
+	 */
+	public eIDASResponseNotSuccessException(String messageId, Object[] parameters, Throwable e) {
+		super(messageId, parameters, e);
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeFirstLevel()
+	 */
+	@Override
+	public String getStatusCodeFirstLevel() {
+		return StatusCode.RESPONDER_URI;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASException#getStatusCodeSecondLevel()
+	 */
+	@Override
+	public String getStatusCodeSecondLevel() {
+		return StatusCode.AUTHN_FAILED_URI;
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index b73c2a873..fae06031a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.opensaml.saml2.core.StatusCode;
 import org.springframework.stereotype.Component;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
@@ -11,6 +12,7 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
+import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASResponseNotSuccessException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.MOAPersonalAttributeList;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -58,7 +60,15 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 				//TODO: check if additional decryption operation is required
 				
 			}
-						
+
+			//check response StatusCode
+			if (!samlResp.getStatusCode().equals(StatusCode.SUCCESS_URI)) {
+				Logger.info("Receice eIDAS Response with StatusCode:" + samlResp.getStatusCode()
+				+ " Subcode:" + samlResp.getSubStatusCode() + " Msg:" + samlResp.getMessage());
+				throw new eIDASResponseNotSuccessException("eIDAS.11", new Object[]{samlResp.getMessage()});
+				
+			}
+			
 			//MOA-ID specific response validation
 			//TODO: implement MOA-ID specific response validation
 			
@@ -89,18 +99,20 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
 					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
 			throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", 
-					new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e));
-			
-		} catch (MOAIDException | MOADatabaseException e) {
+					new EIDASEngineException("eIDAS.09", new Object[]{e.getMessage()}, e));
+					
+		} catch (MOADatabaseException e) {
 			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
 					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
-			throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", 
+					new MOAIDException("init.04", new Object[]{""}, e));
 			
 		} catch (Exception e) {
 			Logger.error("eIDAS Response processing FAILED.", e);
 			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, 
 					MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR);
-			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			throw new TaskExecutionException(pendingReq, e.getMessage(), 
+					new MOAIDException("eIDAS.10", new Object[]{e.getMessage()}, e));
 			
 		}	
 		
-- 
cgit v1.2.3


From 5481121cf1c33392b5ae599c42f670b563c16b1c Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 4 Apr 2016 11:49:19 +0200
Subject: add log-message to log MOA-SPSS initialization errors

---
 .../main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java    | 1 +
 1 file changed, 1 insertion(+)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index a8b9509bc..d1cf3338a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -136,6 +136,7 @@ public class MOAIDAuthInitializer {
             new IaikConfigurator().configure(config);
             
          } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) {
+        	Logger.error("MOA-SP initialization FAILED!", ex.getWrapped()); 
             throw new ConfigurationException("config.10", new Object[] { ex
                      .toString() }, ex);
             
-- 
cgit v1.2.3


From 4b932484d66ef161bb547a419fdc32f04677fe57 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 7 Apr 2016 10:44:11 +0200
Subject: fix some possible problems with STORK configuration in config-GUI

---
 .../id/configuration/data/GeneralStorkConfig.java  | 38 +++++----
 .../id/configuration/data/oa/OASTORKConfig.java    | 19 +++--
 .../struts/action/EditGeneralConfigAction.java     | 99 +++++++++++++++-------
 .../validation/moaconfig/MOAConfigValidator.java   |  2 +-
 .../validation/moaconfig/StorkConfigValidator.java | 55 ++++++------
 .../src/main/webapp/jsp/editMOAConfig.jsp          |  7 +-
 .../task/impl/GeneralMOAIDConfigurationTask.java   |  8 +-
 .../task/impl/GeneralSTORKConfigurationTask.java   | 54 ++++++------
 .../StartAuthentificationParameterParser.java      |  2 +-
 .../PropertyBasedAuthConfigurationProvider.java    | 10 ++-
 .../moa/id/auth/AuthenticationServer.java          | 14 +--
 .../data/SSOTransferAuthenticationData.java        |  5 +-
 12 files changed, 191 insertions(+), 122 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
index d8bb0179c..e71bad299 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
@@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.configuration.data;
 import java.util.ArrayList;
 import java.util.List;
 
+import org.apache.log4j.Logger;
+
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.ForeignIdentities;
@@ -34,8 +36,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.StorkAttribute;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
 import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
 
-import org.apache.log4j.Logger;
-
 public class GeneralStorkConfig {
 
 	private List<CPEPS> cpepslist;
@@ -61,7 +61,9 @@ public class GeneralStorkConfig {
     	
     public void parse(MOAIDConfiguration config) {
         log.info("Initializing general Stork config");
-
+  
+        cpepslist = new ArrayList<CPEPS>();
+		attributes = new ArrayList<StorkAttribute>();
 
 		if (config != null) {
 			AuthComponentGeneral auth = config.getAuthComponentGeneral();
@@ -71,15 +73,14 @@ public class GeneralStorkConfig {
 
 				if (foreign != null) {
 					STORK stork = foreign.getSTORK();
-					cpepslist = new ArrayList<CPEPS>();
-					attributes = new ArrayList<StorkAttribute>();
-					
+										
 					if (stork != null) {
 						// deep clone all the things
-						// to foreclose lazyloading session timeouts
-						
-						for(CPEPS current : stork.getCPEPS()) {
-							cpepslist.add(current);
+						// to foreclose lazyloading session timeouts						
+						if (stork.getCPEPS() != null) {
+							for(CPEPS current : stork.getCPEPS()) {
+								cpepslist.add(current);
+							}
 						}
 						
 						List<StorkAttribute> tmp = stork.getAttributes();
@@ -91,19 +92,26 @@ public class GeneralStorkConfig {
 
 						try {
 							qaa = stork.getQualityAuthenticationAssuranceLevel();
+							
 						} catch(NullPointerException e) {
 							qaa = 4;
 						}
 					}
 					
-					if (cpepslist.isEmpty())
-						cpepslist = null;
-					
-					if(attributes.isEmpty())
-						attributes.add(new StorkAttribute());
 				}
 			}
 		}
+		
+		if (cpepslist.isEmpty()) {
+			CPEPS defaultCPEPS = new CPEPS();
+			defaultCPEPS.setCountryCode("CC");
+			defaultCPEPS.setURL("http://");
+			defaultCPEPS.setSupportsXMLSignature(true);
+			cpepslist.add(defaultCPEPS );
+		
+		}
+		if(attributes.isEmpty())
+			attributes.add(new StorkAttribute());
 	}
 
     public List<CPEPS> getRawCPEPSList() {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
index 33277af07..c0e1eaaf7 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
@@ -41,6 +41,7 @@ import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
 import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
 import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
 import at.gv.egovernment.moa.id.configuration.validation.oa.OASTORKConfigValidation;
+import at.gv.egovernment.moa.util.MiscUtil;
 //import at.gv.egovernment.moa.id.protocols.stork2.AttributeProviderFactory;
 
 public class OASTORKConfig implements IOnlineApplicationData{
@@ -120,8 +121,10 @@ public class OASTORKConfig implements IOnlineApplicationData{
 				
 
 				enabledCitizenCountries = new ArrayList<String>();
-				for(CPEPS current : config.getCPEPS())
-					enabledCitizenCountries.add(current.getCountryCode());
+				if (config.getCPEPS() != null) {
+					for(CPEPS current : config.getCPEPS())
+						enabledCitizenCountries.add(current.getCountryCode());
+				}
 
 				// prepare attribute helper list
 				attributes = new ArrayList<AttributeHelper>();
@@ -130,9 +133,11 @@ public class OASTORKConfig implements IOnlineApplicationData{
                 		for(StorkAttribute current : dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getAttributes()) {
                 			AttributeHelper tmp = null;
 
-                			for(OAStorkAttribute sepp : config.getOAAttributes())
-                				if(sepp.getName().equals(current.getName()))
-                					tmp = new AttributeHelper(sepp);
+                			if (config.getOAAttributes() != null) {
+                				for(OAStorkAttribute sepp : config.getOAAttributes())
+                					if(sepp.getName() != null && sepp.getName().equals(current.getName()))
+                						tmp = new AttributeHelper(sepp);
+                			}
 
                 			if(null == tmp)
                 				tmp = new AttributeHelper(current);
@@ -248,12 +253,14 @@ public class OASTORKConfig implements IOnlineApplicationData{
 			
 			if (generalConfStorkAttr != null) {
 				for(StorkAttribute currentAttribute : generalConfStorkAttr)
-					if(currentAttribute.getName().equals(current.getName())) {
+					if(MiscUtil.isNotEmpty(currentAttribute.getName()) && 
+							currentAttribute.getName().equals(current.getName())) {
 						if(current.isUsed() || currentAttribute.isMandatory()) {
 							OAStorkAttribute tmp = new OAStorkAttribute();
 							tmp.setName(current.getName());
 							tmp.setMandatory(current.isMandatory());
 							result.add(tmp);
+							
 						}
 						break;
 					}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
index 504b598c0..d12c1342c 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
@@ -542,42 +542,77 @@ public class EditGeneralConfigAction extends BasicAction {
 			forcon.setURL(moaconfig.getSzrgwURL());
 		}
 		
-            ForeignIdentities foreign = dbauth.getForeignIdentities();
-			if (foreign != null) {
-				STORK stork = foreign.getSTORK();
-				if (stork == null) {
-					stork = new STORK();
-					foreign.setSTORK(stork);
-					
-				}
-
-                try {
-                log.error("QAAAA " + storkconfig.getDefaultQaa());
-				stork.setQualityAuthenticationAssuranceLevel(storkconfig.getDefaultQaa());
+        ForeignIdentities foreign = dbauth.getForeignIdentities();
+		if (foreign != null) {
+			STORK stork = foreign.getSTORK();
+			if (stork == null) {
+				stork = new STORK();
+				foreign.setSTORK(stork);
 				
-				if (storkconfig.getAttributes() != null)
-					stork.setAttributes(storkconfig.getAttributes());
-				
-				else
+			}
+
+            try {
+            	log.error("QAAAA " + storkconfig.getDefaultQaa());
+            	stork.setQualityAuthenticationAssuranceLevel(storkconfig.getDefaultQaa());
+			
+				if (storkconfig.getAttributes() != null) {
+					List<StorkAttribute> dbStorkAttr = stork.getAttributes();
+					if (dbStorkAttr == null) {
+						dbStorkAttr = new ArrayList<StorkAttribute>();
+						stork.setAttributes(dbStorkAttr);
+						
+					}
+					
+					for (StorkAttribute attr : storkconfig.getAttributes()) {
+						if (attr != null && MiscUtil.isNotEmpty(attr.getName()))
+							dbStorkAttr.add(attr);
+						
+						else
+							log.info("Remove null or empty STORK attribute");
+					}
+											
+				} else
 					stork.setAttributes((List<StorkAttribute>) (new ArrayList<StorkAttribute>()));
 				
-				if (storkconfig.getCpepslist() != null)
-
-					stork.setCPEPS(storkconfig.getCpepslist());
-				else
-					stork.setCPEPS((List<CPEPS>) (new ArrayList<CPEPS>()));
+				if (storkconfig.getCpepslist() != null) {
+					List<CPEPS> dbStorkCPEPS = stork.getCPEPS();
+					if (dbStorkCPEPS == null) {
+						dbStorkCPEPS = new ArrayList<CPEPS>();
+						stork.setCPEPS(dbStorkCPEPS);
+					}
+					
+					for (CPEPS cpeps : storkconfig.getCpepslist()) {
+						if (cpeps != null && MiscUtil.isNotEmpty(cpeps.getURL()) &&
+								MiscUtil.isNotEmpty(cpeps.getCountryCode())) {
+							
+							if (cpeps.getCountryCode().equals("CC") && 
+									cpeps.getURL().equals("http://"))
+								log.info("Remove dummy STORK CPEPS entry.");
+								
+							else							
+								dbStorkCPEPS.add(cpeps);
+							
+						} else
+							log.info("Remove null or emtpy STORK CPEPS configuration");
+					}
 				
-                } catch (Exception e) {
-                    e.printStackTrace();
-                }
-
-                try{
-                   log.info("CPEPS LIST: " + storkconfig.getCpepslist().size() );
-                    log.trace("CPEPS 1:" + storkconfig.getCpepslist().get(0).getCountryCode() +storkconfig.getCpepslist().get(0).getURL());
-                }   catch (Exception ex) {
-                    log.info("CPEPS LIST is null");
-                }
-			}
+				} else
+					stork.setCPEPS((List<CPEPS>) (new ArrayList<CPEPS>()));
+			
+            } catch (Exception e) {
+                e.printStackTrace();
+                
+            }
+
+            try{
+               log.info("CPEPS LIST: " + storkconfig.getCpepslist().size() );
+               log.trace("CPEPS 1:" + storkconfig.getCpepslist().get(0).getCountryCode() +storkconfig.getCpepslist().get(0).getURL());
+               
+            }   catch (Exception ex) {
+                log.info("CPEPS LIST is null");
+                
+            }
+		}
 
 		if (MiscUtil.isNotEmpty(moaconfig.getMandateURL())) {
 			OnlineMandates dbmandate = dbauth.getOnlineMandates();
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
index d4e8e957d..617e9cf51 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
@@ -367,7 +367,7 @@ public class MOAConfigValidator {
 		check = form.getSsoTarget();
 		if (MiscUtil.isEmpty(check)) {
 			log.info("Empty SSO Target");
-			errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty", request));
+			//errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty", request));
 			
 		} else {
 			if (!ValidationHelper.isValidAdminTarget(check)) {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
index b73859d81..6b5c51e3f 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
@@ -47,31 +47,33 @@ public class StorkConfigValidator {
 							errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc",
 									new Object[] {check}, request ));
 					}
+					
+					// check url
+					check = current.getURL();
+					if (MiscUtil.isNotEmpty(check)) {
+						if (!ValidationHelper.validateURL(check)) {
+							log.info("CPEPS config URL is invalid : " + check);
+							errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.url", request));
+						}
+					} else {
+						log.warn("CPEPS config url is empty : " + check);
+						errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty",
+								new Object[] {check}, request ));
+					}
+					
 				} else {
 					log.warn("CPEPS config countrycode is empty : " + check);
-					errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty",
-							new Object[] {check}, request ));
+//					errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty",
+//							new Object[] {check}, request ));
 				}
 
-				// check url
-				check = current.getURL();
-				if (MiscUtil.isNotEmpty(check)) {
-					if (!ValidationHelper.validateURL(check)) {
-						log.info("CPEPS config URL is invalid : " + check);
-						errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.url", request));
-					}
-				} else {
-					log.warn("CPEPS config url is empty : " + check);
-					errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty",
-							new Object[] {check}, request ));
-				}
 			}
 
 			if (form.getCpepslist() != null) {
 				// ensure uniqueness of country code
 				for (CPEPS one : form.getCpepslist())
 					for (CPEPS another : form.getCpepslist())
-						if (null != one && null != another)
+						if (null != one && null != another && one.getCountryCode() != null)
 							if (!one.equals(another) && one.getCountryCode().equals(another.getCountryCode())) {
 								errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.duplicate", request));
 								break;
@@ -90,17 +92,20 @@ public class StorkConfigValidator {
 		// check attributes
 		if (MiscUtil.isNotEmpty(form.getAttributes())) {
 			for(StorkAttribute check : form.getAttributes()) {
-				String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI?
-				if (ValidationHelper.containsPotentialCSSCharacter(tmp, true)) { 
-					log.warn("default attributes contains potentail XSS characters: " + check);
-					errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
-							new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
-				}
-				if(!tmp.toLowerCase().matches("^[A-Za-z]*$")) {
-						log.warn("default attributes do not match the requested format : " + check);
+				if (check != null && MiscUtil.isNotEmpty(check.getName())) {
+					String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI?
+					if (ValidationHelper.containsPotentialCSSCharacter(tmp, true)) { 
+						log.warn("default attributes contains potentail XSS characters: " + check);
 						errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
-								new Object[] {check}, request ));
-				}
+								new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request ));
+					}
+					if(!tmp.toLowerCase().matches("^[A-Za-z]*$")) {
+							log.warn("default attributes do not match the requested format : " + check);
+							errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
+									new Object[] {check}, request ));
+					}
+					
+				} 
 			}
 			
 		//TODO: STORK attributes check if no attribute is set	
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
index ac2c8de5a..45ea159e4 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
@@ -288,7 +288,12 @@
 								<s:iterator value="storkconfig.cpepslist" status="stat">
 								  <tr>
 								  	<td style="display:none;"><s:textfield name="storkconfig.cpepslist[%{#stat.index}].hjid" value="%{hjid}" cssStyle="display:none;"/></td>
-								  	<td><s:property value="%{countryCode}" /></td>
+								  	<s:if test="%{countryCode == 'CC'}">
+									  	<td><s:textfield name="storkconfig.cpepslist[%{#stat.index}].countryCode" value="%{countryCode}" cssClass="textfield_short"/></td>
+								  	</s:if>
+								  	<s:else>
+								  		<td><s:property value="%{countryCode}" /></td>
+								  	</s:else>
 								    <td><s:textfield name="storkconfig.cpepslist[%{#stat.index}].URL" value="%{URL}" cssClass="textfield_long"/></td>
 								    <td><s:checkbox name="storkconfig.cpepslist[%{#stat.index}].supportsXMLSignature" value="%{supportsXMLSignature}" /></td>								    
 								    <td><input class="button_narrow" type="button" value="<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.removepeps", request) %>" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/></td>
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
index 1c3e0fe13..270d0866c 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralMOAIDConfigurationTask.java
@@ -435,10 +435,10 @@ public class GeneralMOAIDConfigurationTask extends AbstractTaskValidator impleme
 		check = input.get(KeyValueUtils.removePrefixFromKey(MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, getKeyPrefix()));
 		if (MiscUtil.isEmpty(check)) {
 			log.info("Empty SSO Target");
-			errors.add(new ValidationObjectIdentifier(
-					MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, 
-					"SSO - Target",
-					LanguageHelper.getErrorString("validation.general.sso.target.empty")));
+//			errors.add(new ValidationObjectIdentifier(
+//					MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET, 
+//					"SSO - Target",
+//					LanguageHelper.getErrorString("validation.general.sso.target.empty")));
 			
 		} else {
 			
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
index 1747e2207..8a1a2925b 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/GeneralSTORKConfigurationTask.java
@@ -133,38 +133,40 @@ public static final List<String> KEYWHITELIST;
 										LanguageHelper.getErrorString("validation.stork.cpeps.cc",
 										new Object[] {cc})));
 							}
-						} else {
-							log.warn("CPEPS config countrycode is empty : " + cc);
-							errors.add(new ValidationObjectIdentifier(
-								MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST
-									+ "." + cpepsKey, 
-								"STORK - CPEPS Country",
-								LanguageHelper.getErrorString("validation.stork.cpeps.empty",
-								new Object[] {cc})));
-						}
-
-						// check url
-						if (MiscUtil.isNotEmpty(url)) {
-							if (!ValidationHelper.validateURL(url)) {
-								log.info("CPEPS config URL is invalid : " + url);
+							
+							// check url
+							if (MiscUtil.isNotEmpty(url)) {
+								if (!ValidationHelper.validateURL(url)) {
+									log.info("CPEPS config URL is invalid : " + url);
+									errors.add(new ValidationObjectIdentifier(
+										MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST
+											+ "." + index + "." 
+											+ MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_URL, 
+										"STORK - CPEPS URL",
+										LanguageHelper.getErrorString("validation.stork.cpeps.url")));
+								}
+							} else {
+								log.warn("CPEPS config url is empty : " + url);
 								errors.add(new ValidationObjectIdentifier(
 									MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST
 										+ "." + index + "." 
 										+ MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_URL, 
 									"STORK - CPEPS URL",
-									LanguageHelper.getErrorString("validation.stork.cpeps.url")));
-							}
+									LanguageHelper.getErrorString("validation.stork.cpeps.empty",
+									new Object[] {url})));
+								
+							}	
+														
 						} else {
-							log.warn("CPEPS config url is empty : " + url);
-							errors.add(new ValidationObjectIdentifier(
-								MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST
-									+ "." + index + "." 
-									+ MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST_URL, 
-								"STORK - CPEPS URL",
-								LanguageHelper.getErrorString("validation.stork.cpeps.empty",
-								new Object[] {url})));
-							
-						}					
+							log.warn("CPEPS config countrycode is empty : " + cc);
+//							errors.add(new ValidationObjectIdentifier(
+//								MOAIDConfigurationConstants.GENERAL_AUTH_STORK_CPEPS_LIST
+//									+ "." + cpepsKey, 
+//								"STORK - CPEPS Country",
+//								LanguageHelper.getErrorString("validation.stork.cpeps.empty",
+//								new Object[] {cc})));
+						}
+				
 						validatedCPeps.put(cc, url);
 						
 					} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 69c155c1e..140c7aebc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -206,7 +206,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 	    
 	    
 	    //validate SSO functionality
-	    String domainIdentifier = authConfig.getSSOTagetIdentifier().trim();
+	    String domainIdentifier = authConfig.getSSOTagetIdentifier();
 		if (MiscUtil.isEmpty(domainIdentifier) && protocolReq.needSingleSignOnFunctionality()) {			
 			//do not use SSO if no Target is set
 			Logger.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index 210bda3e6..348b1c45a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -738,13 +738,17 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 	 */
 	public String getSSOTagetIdentifier() throws ConfigurationException {
 		try {
-			return configuration.getStringValue(
+			String value = configuration.getStringValue(
 					MOAIDConfigurationConstants.GENERAL_AUTH_SSO_TARGET);
-			
+			if (MiscUtil.isNotEmpty(value))
+				return value.trim();
+						
 		} catch (at.gv.egiz.components.configuration.api.ConfigurationException e) {
 			Logger.warn("Single Sign-On Target can not be read from configuration.", e);
-			return null;
+			
 		}
+		
+		return null;
 	}
 
 	/**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 7122c6577..f5000581c 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -167,12 +167,14 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 		}
 
 		String infoboxReadRequest = "";
-		if (pendingReq.needSingleSignOnFunctionality()) {
-			Logger.info("SSO Login requested");
+		String ssoDomainIdentifier = authConfig.getSSOTagetIdentifier();
+		if (MiscUtil.isNotEmpty(ssoDomainIdentifier) && 
+				pendingReq.needSingleSignOnFunctionality()) {
+			Logger.debug("SSO Login requested");
 			//load identityLink with SSO Target
 			boolean isbuisness = false;
-			String domainIdentifier = authConfig.getSSOTagetIdentifier().trim();
-			if (domainIdentifier.startsWith(PREFIX_WPBK)) {
+			
+			if (ssoDomainIdentifier.startsWith(PREFIX_WPBK)) {
 				isbuisness = true;
 
 			} else {
@@ -182,10 +184,10 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 
 			//build ReadInfobox request
 			infoboxReadRequest = new InfoboxReadRequestBuilder().build(
-					isbuisness, domainIdentifier);
+					isbuisness, ssoDomainIdentifier);
 
 		} else {
-			Logger.info("Non-SSO Login requested");
+			Logger.debug("Non-SSO Login requested or SSO not allowed/possible");
 			//build ReadInfobox request
 			infoboxReadRequest = new InfoboxReadRequestBuilder().build(
 					oaParam.getBusinessService(), oaParam
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
index f9cb4c636..78cbd788d 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
@@ -49,8 +49,9 @@ public class SSOTransferAuthenticationData implements IAuthData {
 	
 	public SSOTransferAuthenticationData(AuthConfiguration authConfig, AuthenticationSession authSession) throws ConfigurationException {
 		this.authSession = authSession;
-		String domainIdentifier = authConfig.getSSOTagetIdentifier().trim();
-		isIDPPrivateService = domainIdentifier.startsWith(MOAIDAuthConstants.PREFIX_WPBK);
+		String domainIdentifier = authConfig.getSSOTagetIdentifier();
+		if (domainIdentifier != null)
+			isIDPPrivateService = domainIdentifier.startsWith(MOAIDAuthConstants.PREFIX_WPBK);
 		
 	}
 	
-- 
cgit v1.2.3


From 581d87d939820b9e74130279692f2825baff6594 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 7 Apr 2016 16:23:18 +0200
Subject: add initial version of a virtual IDP REST URL rewrite filter

---
 .../interceptor/VHostUrlRewriteServletFilter.java  | 185 +++++++++++++++++++++
 .../at/gv/egovernment/moa/id/util/HTTPUtils.java   |  11 ++
 .../moa/id/auth/MOAIDAuthSpringInitializer.java    |  13 +-
 3 files changed, 203 insertions(+), 6 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java
new file mode 100644
index 000000000..93d74d7ef
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/VHostUrlRewriteServletFilter.java
@@ -0,0 +1,185 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.servlet.interceptor;
+
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.List;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.context.ApplicationContext;
+
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class VHostUrlRewriteServletFilter implements Filter {
+
+	private static final String VHOST_PATH = "/vhost/";
+	private static final String AUTHURL = "authURL";
+	
+	
+	private ApplicationContext context = null;
+	
+	public VHostUrlRewriteServletFilter(ApplicationContext context) {
+		Logger.info("Register vHost Servelt Filter");
+		this.context = context;
+		
+	}
+	
+	/* (non-Javadoc)
+	 * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
+	 */
+	@Override
+	public void init(FilterConfig filterConfig) throws ServletException {
+
+	}
+
+	/* (non-Javadoc)
+	 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
+	 */
+	@Override
+	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+			throws IOException, ServletException {
+		 HttpServletRequest httpReq = (HttpServletRequest) request;		 
+		 try {
+			 AuthConfiguration authConfig = context.getBean(AuthConfiguration.class); 
+			 List<String> configuredPublicURLPrefix = authConfig.getPublicURLPrefix();
+		
+			 //check if End-Point is valid		
+			 String publicURLString = HTTPUtils.extractAuthURLFromRequest(httpReq);
+			 URL publicURL;
+			 try {
+				 publicURL = new URL(publicURLString);
+					
+			 } catch (MalformedURLException e) {
+				 Logger.error("IDP AuthenticationServiceURL Prefix is not a valid URL." + publicURLString, e);
+				 throw new ConfigurationException("1299", null, e);
+					
+			 }
+			 
+			 //check if virtual IDPs are enabled
+			 if (!authConfig.isVirtualIDPsEnabled()) {
+				 Logger.trace("Virtual IDPs are disabled. Use default IDP PublicURLPrefix from configuration: " + configuredPublicURLPrefix.get(0));
+				 httpReq.setAttribute(AUTHURL, configuredPublicURLPrefix.get(0));
+				 chain.doFilter(request, response);
+				
+			 } else {				 
+				String authURLString = HTTPUtils.extractAuthServletPathFromRequest(httpReq);
+				 URL authURL;
+				 try {
+					 authURL = new URL(authURLString);
+						
+				 } catch (MalformedURLException e) {
+					 Logger.error("IDP AuthenticationServiceURL Prefix is not a valid URL." + authURLString, e);
+					 throw new ConfigurationException("1299", null, e);
+						
+				 } 
+								
+				Logger.debug("Extract AuthenticationServiceURL: " + authURLString);
+				URL resultURL = null;
+					
+				for (String el : configuredPublicURLPrefix) {
+					try {
+						URL configuredURL = new URL(el);
+
+						//get Ports from URL
+						int configPort = configuredURL.getPort();					
+						if (configPort == -1)
+							configPort = configuredURL.getDefaultPort();
+							
+						int authURLPort = authURL.getPort();
+						if (authURLPort == -1)
+							authURLPort = authURL.getDefaultPort();
+							
+						//check AuthURL against ConfigurationURL
+						if (configuredURL.getHost().equals(authURL.getHost()) &&
+								configPort == authURLPort &&
+								authURL.getPath().startsWith(configuredURL.getPath())) {
+							Logger.debug("Select configurated PublicURLPrefix: " + configuredURL 
+									+ " for authURL: " + authURLString);
+							resultURL = configuredURL;
+						}
+							
+					} catch (MalformedURLException e) {
+							Logger.error("Configurated IDP PublicURLPrefix is not a valid URL." + el);
+							
+					}				
+				}
+								
+				if (resultURL == null) {
+					Logger.warn("Extract AuthenticationServiceURL: " + authURL + " is NOT found in configuration.");
+					throw new ConfigurationException("config.25", new Object[]{authURLString});
+						
+				} else {
+					httpReq.setAttribute(AUTHURL, resultURL.toExternalForm());
+						
+				}
+				 				 				 
+				String servletPath = httpReq.getServletPath();				 								 
+				if (servletPath.startsWith(VHOST_PATH)) {
+					Logger.trace("Found V-IDP selection via REST URL ... ");
+					String vHostDescriptor = resultURL.toExternalForm().substring(0, publicURLString.length());
+					String requestedServlet = authURLString.substring(0, vHostDescriptor.length());
+					String newURL = publicURL.toExternalForm().concat(requestedServlet);
+					httpReq.setAttribute(AUTHURL, newURL);
+					httpReq.getRequestDispatcher(newURL).forward(httpReq, response);
+										 
+				} else {
+					Logger.trace("Found V-IDP selection via Domain ...");
+					chain.doFilter(request, response);
+					
+				}
+				 				
+			 }
+		 
+		 } catch (ConfigurationException e) {
+			 
+			 
+		 }
+		 		 			     
+	}
+
+	/* (non-Javadoc)
+	 * @see javax.servlet.Filter#destroy()
+	 */
+	@Override
+	public void destroy() {
+		// TODO Auto-generated method stub
+
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
index d2499af9d..4cb6af127 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
@@ -173,6 +173,17 @@ public class HTTPUtils {
 		
 	}
 	
+	/**
+	 * Extract the IDP requested URL from authrequest
+	 * 
+	 * @param req HttpServletRequest
+	 * @return RequestURL <String> which ends always without /
+	 */ 
+	public static String extractAuthServletPathFromRequest(HttpServletRequest req) {
+	    return extractAuthURLFromRequest(req).concat(req.getServletPath());
+	 	
+	}
+	
 	public static String addURLParameter(String url, String paramname,
 			String paramvalue) {
 		String param = paramname + "=" + paramvalue;
diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
index 636a3ed03..327d659ec 100644
--- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
+++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
@@ -98,9 +98,7 @@ public class MOAIDAuthSpringInitializer implements WebApplicationInitializer {
 							MOAIDAuthSpringInitializer.class));
 				}
 			}
-			
-			
-			
+						
 			Logger.debug("Refreshing context "+ rootContext);
 			rootContext.refresh();
 
@@ -108,8 +106,7 @@ public class MOAIDAuthSpringInitializer implements WebApplicationInitializer {
 
 			Logger.trace("Final Beans in "+ rootContext);
 			dumpBeanDefinitions(rootContext);
-			
-			
+											
 			Logger.info("Registering dispatcher configuration");
 			ServletRegistration.Dynamic dispatcher = servletContext.addServlet(
 					"dispatcher", new DispatcherServlet(rootContext));
@@ -123,7 +120,11 @@ public class MOAIDAuthSpringInitializer implements WebApplicationInitializer {
 			
 			Logger.info("=============== Register RequestContextListener! ===============");
 			servletContext.addListener(new RequestContextListener());
-
+			
+//			Logger.info("=============== Register RequestFilter! ===============");
+//			servletContext.addFilter("vHost RequestFilter", new VHostUrlRewriteServletFilter(rootContext))
+//				.addMappingForUrlPatterns(null, false, "/*");
+						
 			Logger.info("Basic Context initalisation finished --> Start MOA-ID-Auth initialisation process ...");
 			MOAIDAuthInitializer.initialize(rootContext);
 			Logger.info(MOAIDMessageProvider.getInstance().getMessage(
-- 
cgit v1.2.3


From 1e66fa62ef2114aa412e4c207c8180c18aa07a0b Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 8 Apr 2016 06:22:13 +0200
Subject: fix bug in PVP2 assertion builder.  -
 https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf does
 not allow 'NotBefore' attribute in <SubjectConfirmationData> when 'Method'
 contains 'urn:oasis:names:tc:SAML:2.0:cm:bearer' (see 554 - 560 chapter
 4.1.4.2)

---
 .../moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 68301d000..483bcb1ec 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -436,7 +436,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
 				.createSAMLObject(SubjectConfirmationData.class);
 		subjectConfirmationData.setInResponseTo(authnRequest.getID());
 		subjectConfirmationData.setNotOnOrAfter(new DateTime(authData.getSsoSessionValidTo().getTime()));
-		subjectConfirmationData.setNotBefore(date);
+//		subjectConfirmationData.setNotBefore(date);
 		
 		subjectConfirmationData.setRecipient(assertionConsumerService.getLocation());
 		
-- 
cgit v1.2.3


From 41882a0c5601dda478c2749ac99c2087b864c912 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 8 Apr 2016 07:48:40 +0200
Subject: change logLevel to warn

---
 .../java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
index fd2e03afa..d87480cc1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -221,7 +221,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
 				Logger.warn(loggedException.getMessage(), loggedException);
 	
 			} else {
-				Logger.info(loggedException.getMessage());
+				Logger.warn(loggedException.getMessage());
 	
 			}			
 		}		
-- 
cgit v1.2.3


From 4790e826491e753882a6da8b414db1ab34924620 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 8 Apr 2016 13:41:52 +0200
Subject: some Update of ELGA MandateService client implementation

---
 .../java/at/gv/egovernment/moa/id/util/Random.java |  8 ++++++--
 .../tasks/ReceiveElgaMandateResponseTask.java      | 23 +++++++++++++---------
 .../elgamandates/tasks/RequestELGAMandateTask.java | 20 +++++++++++++++++--
 3 files changed, 38 insertions(+), 13 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
index 47f784c33..ba45a3679 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
@@ -99,8 +99,12 @@ public class Random {
 		char preFix = allowedPreFix[Math.abs(random.nextInt() % allowedPreFix.length)];
 	 
 		//generate ID
-		return preFix + new String(Hex.encodeHex(Bytes.concat(now.getBytes(), randValue))); // 20 bytes = 160 bits
-		
+		String returnValue = preFix + new String(Hex.encodeHex(Bytes.concat(now.getBytes(), randValue))); // 20 bytes = 160 bits
+		if (returnValue.length() > 40)
+			return returnValue.substring(0, 40);
+		else
+			return returnValue;
+				
 	}
 	
 	
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
index 5604b7640..07bde7762 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
@@ -149,16 +149,21 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 			//load MOASession object
 			defaultTaskInitialization(request, executionContext);
 			
+
+			/**
+			 * Mandate Reference-Value is generated from ELGA MandateServie  -->
+			 * MOA-ID generated reference value is not equal to reference-value from ELGA MandateService
+			 * But MOA-ID refernece-value is also validated in 'inResponseTo' attribute from ELGA MandateService response
+			 */
 			//validate receive mandate reference-value
-			//TODO: update if ReferenceValue Discussion is finished
-			String responseRefValue = extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME); 
-			if (!moasession.getMandateReferenceValue().equals(responseRefValue)) {
-				Logger.warn("PVP Response from ELGA mandate-service contains a not valid MandateReferenceValue.");
-				throw new AssertionValidationExeption("sp.pvp2.07", 
-						new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
-								PVPConstants.MANDATE_REFERENCE_VALUE_FRIENDLY_NAME});
-				
-			}
+//			String responseRefValue = extractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME); 
+//			if (!moasession.getMandateReferenceValue().equals(responseRefValue)) {
+//				Logger.warn("PVP Response from ELGA mandate-service contains a not valid MandateReferenceValue.");
+//				throw new AssertionValidationExeption("sp.pvp2.07", 
+//						new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,
+//								PVPConstants.MANDATE_REFERENCE_VALUE_FRIENDLY_NAME});
+//				
+//			}
 			
 			Logger.debug("Validation of PVP Response from ELGA mandate-service is complete.");
 			
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
index 6a7858575..fd918c7f4 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
@@ -150,9 +150,25 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
 				}								
 			}
 			
+			//build subjectNameID with bPK-Type Prefix
+			String bPKPrefix = null;
+			if (configTarget.startsWith(Constants.URN_PREFIX_WBPK))
+				bPKPrefix = configTarget.substring((Constants.URN_PREFIX_WBPK + "+").length());
+			
+			else if (configTarget.startsWith(Constants.URN_PREFIX_CDID)) 
+				bPKPrefix = configTarget.substring((Constants.URN_PREFIX_CDID + "+").length());
+			
+			if (bPKPrefix == null) {
+				throw new MOAIDException("service.10", 
+						new Object[]{ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, "Configurated bPK-Type is wrong."});
+				
+			}
+			
 			//set bPK of representative as SAML2 subjectNameID
-			authnReqConfig.setSubjectNameID(representativeBPK );
-			authnReqConfig.setSubjectNameIDQualifier(configTarget);
+			authnReqConfig.setSubjectNameID(bPKPrefix + ":" + representativeBPK );
+
+			//is not recommended from ELGA
+			//authnReqConfig.setSubjectNameIDQualifier(configTarget);
 			
 			//set MandateReferenceValue as RequestID
 			authnReqConfig.setRequestID(moasession.getMandateReferenceValue());
-- 
cgit v1.2.3


From 361fe44d40c2fdec3d2be10334a16c537166a0e2 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 8 Apr 2016 14:10:58 +0200
Subject: update PVP SubjectNameID generation in case of ELGA MandateService is
 used

---
 .../protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java  | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 483bcb1ec..8ddd2cb39 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -316,6 +316,15 @@ public class PVP2AssertionBuilder implements PVPConstants {
 					//no sourcePin is included --> search for bPK
 					bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_BPK_NAME, String.class);
 					
+					try {
+						if (bpk.contains(":"))
+							bpk = bpk.split(":")[1];
+						
+					} catch (Exception e) {
+						Logger.warn("Can not split bPK from mandator attribute!", e);
+						
+					}
+					
 					//set bPK-Type from configuration, because it MUST be equal to service-provider type
 					if (oaParam.getBusinessService()) {
 						if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
-- 
cgit v1.2.3


From 2f1fb9860c455fa706a5bc9f07e0ec5dd41d376f Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 9 May 2016 09:39:44 +0200
Subject: fix type in Redirect servlet implementation

---
 .../java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index d9386d404..3eaede028 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -131,7 +131,7 @@ public class RedirectServlet {
 							DefaultGUIFormBuilderConfiguration.VIEW_REDIRECT, 
 							null);
 					config.putCustomParameter(URL, url);
-					guiBuilder.build(resp, config, "RedirectForm");
+					guiBuilder.build(resp, config, "RedirectForm.html");
 						
 				}
 				
-- 
cgit v1.2.3


From a4d18ffb736c29d6f7cb026df50fb8a8e4898f9f Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 9 May 2016 09:43:56 +0200
Subject: fix problem with PVP protocol and legacy mode (SP side BKU selection)

---
 .../main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java  | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index 47ea91753..885d03fd8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -539,9 +539,7 @@ public class ParamValidatorUtils extends MOAIDAuthConstants{
 			return false;
 		}
 
-	    if (StringUtils.isEmpty(oaURL) 
-	    		//|| StringUtils.isEmpty(templateURL) 
-	    		|| StringUtils.isEmpty(bkuURL) )
+	    if (StringUtils.isEmpty(bkuURL))
 	    	return false;
 	    else
 	    	return true;
-- 
cgit v1.2.3


From c3e07d7fb87b2d132ffc838e4878b9479da361a7 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 9 May 2016 16:06:56 +0200
Subject: fix ContentType typo, which make problems with IE11 in some cases

---
 .../moa/id/auth/servlet/AbstractController.java            | 10 ++++++----
 .../moa/id/auth/servlet/GUILayoutBuilderServlet.java       |  4 ++--
 .../egovernment/moa/id/protocols/pvp2x/MetadataAction.java |  4 +++-
 .../moa/id/auth/frontend/builder/GUIFormBuilderImpl.java   |  2 +-
 .../modules/internal/tasks/CreateIdentityLinkFormTask.java |  6 ++++--
 .../egovernment/moa/id/util/CitizenCardServletUtils.java   |  6 ++++--
 .../auth/modules/eidas/tasks/GenerateAuthnRequestTask.java |  6 ++++--
 .../controller/ELGAMandateMetadataController.java          |  4 +++-
 .../modules/ssotransfer/task/RestoreSSOSessionTask.java    |  3 ++-
 .../controller/FederatedAuthMetadataController.java        |  4 +++-
 .../id/protocols/saml1/GetAuthenticationDataService.java   | 14 ++++++++------
 11 files changed, 40 insertions(+), 23 deletions(-)

(limited to 'id/server/idserverlib/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
index d87480cc1..e3efdeac0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -32,6 +32,8 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 
+import com.google.common.net.MediaType;
+
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
@@ -86,7 +88,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
 	@ExceptionHandler({Exception.class})
 	public void GenericExceptionHandler(HttpServletResponse resp, Exception exception) throws IOException {
 		Logger.error("Internel Server Error." , exception);
-		resp.setContentType("text/html;charset=UTF-8");
+		resp.setContentType(MediaType.HTML_UTF_8.toString());
 		resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error!" +
 				"(Errorcode=9199"
 				+" | Description="+ exception.getMessage() + ")");
@@ -97,7 +99,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
 	@ExceptionHandler({IOException.class})
 	public void IOExceptionHandler(HttpServletResponse resp, Throwable exception) {
 		Logger.error("Internel Server Error." , exception);
-		resp.setContentType("text/html;charset=UTF-8");
+		resp.setContentType(MediaType.HTML_UTF_8.toString());
 		resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
 		return;
 		
@@ -232,7 +234,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
 		String code = utils.mapInternalErrorToExternalError(
 				((InvalidProtocolRequestException)e).getMessageId());
 		String descr = e.getMessage();
-		resp.setContentType("text/html;charset=UTF-8");
+		resp.setContentType(MediaType.HTML_UTF_8.toString());
 		resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" +
 				"(Errorcode=" + code +
 				" | Description=" + descr + ")");
@@ -315,7 +317,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
 	private void internalMOAIDExceptionHandler(HttpServletRequest req, HttpServletResponse resp, Exception e, boolean writeExceptionToStatisicLog) throws IOException {				
 		if (e instanceof ProtocolNotActiveException) {
 			resp.getWriter().write(e.getMessage());
-			resp.setContentType("text/html;charset=UTF-8");
+			resp.setContentType(MediaType.HTML_UTF_8.toString());
 			resp.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
 		
 		} else if (e instanceof AuthnRequestValidatorException) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
index babc87866..9b658d81b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
@@ -85,7 +85,7 @@ public class GUILayoutBuilderServlet extends AbstractController {
 						null);
 		
 			//build GUI component
-			formBuilder.build(resp, config, "text/css;charset=UTF-8", "CSS-Form");
+			formBuilder.build(resp, config, "text/css; charset=UTF-8", "CSS-Form");
 			
 		} catch (Exception e) {
 			Logger.warn("GUI ressource:'CSS' generation FAILED.");
@@ -114,7 +114,7 @@ public class GUILayoutBuilderServlet extends AbstractController {
 						GeneralProcessEngineSignalController.ENDPOINT_BKUSELECTION_EVALUATION);
 		
 			//build GUI component
-			formBuilder.build(resp, config, "text/javascript;charset=UTF-8", "JavaScript");
+			formBuilder.build(resp, config, "text/javascript; charset=UTF-8", "JavaScript");
 			
 		} catch (Exception e) {
 			Logger.warn("GUI ressource:'JavaScript' generation FAILED.");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 2a688da68..b282e3a4b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -28,6 +28,8 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import com.google.common.net.MediaType;
+
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.commons.api.IRequest;
@@ -62,7 +64,7 @@ public class MetadataAction implements IAction {
 			String metadataXML = metadatabuilder.buildPVPMetadata(metadataConfig);			
 			Logger.debug("METADATA: " + metadataXML);
 						
-			httpResp.setContentType("text/xml");
+			httpResp.setContentType(MediaType.XML_UTF_8.toString());
 			httpResp.getOutputStream().write(metadataXML.getBytes("UTF-8"));
 
 			httpResp.getOutputStream().close();
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
index 94fa4d977..26b37226d 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
@@ -54,7 +54,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
 @Service("guiFormBuilder")
 public class GUIFormBuilderImpl implements IGUIFormBuilder {
 	
-	private static final String DEFAULT_CONTENT_TYPE = "text/html;charset=UTF-8";
+	private static final String DEFAULT_CONTENT_TYPE = "text/html; charset=UTF-8";
 	private static final String CONFIG_HTMLTEMPLATES_DIR = "htmlTemplates/";
 	private static final String CLASSPATH_HTMLTEMPLATES_DIR = "templates/";
 			
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
index e82aa8fbb..e47aff83b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
@@ -10,6 +10,8 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
 
+import com.google.common.net.MediaType;
+
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
@@ -75,9 +77,9 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
 						pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED);			
 				revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
 					pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, moasession.getBkuURL());
-			
+				     				
 			if (!StringUtils.isEmpty(getIdentityLinkForm)) {
-				resp.setContentType("text/html;charset=UTF-8");
+				resp.setContentType(MediaType.HTML_UTF_8.toString());
 				PrintWriter out = new PrintWriter(resp.getOutputStream());
 				out.print(getIdentityLinkForm);
 				out.flush();
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
index 2a8d26566..9fbdf5cd7 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java
@@ -55,6 +55,8 @@ import java.net.URLEncoder;
 
 import javax.servlet.http.HttpServletResponse;
 
+import com.google.common.net.MediaType;
+
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -91,7 +93,7 @@ public class CitizenCardServletUtils extends ServletUtils{
       resp.addHeader("Location", dataURL);
       
       //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
-      resp.setContentType("text/xml;charset=UTF-8");
+      resp.setContentType(MediaType.XML_UTF_8.toString());
       
       OutputStream out = resp.getOutputStream();
       out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8"));
@@ -127,7 +129,7 @@ public class CitizenCardServletUtils extends ServletUtils{
       resp.addHeader("Location", dataURL);
       
       //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
-      resp.setContentType("text/xml;charset=UTF-8");
+      resp.setContentType(MediaType.XML_UTF_8.toString());
             
       OutputStream out = resp.getOutputStream();
       out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8"));
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index c82636a8f..30c206025 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -35,6 +35,8 @@ import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
 import org.springframework.stereotype.Component;
 
+import com.google.common.net.MediaType;
+
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
@@ -176,8 +178,8 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask {
 	            Logger.debug("Template merge done");
 
 	            Logger.debug("Sending html content: " + writer.getBuffer().toString());
-
-	            response.setContentType("text/html;charset=UTF-8");
+	            
+	            response.setContentType(MediaType.HTML_UTF_8.toString());
 	            response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
 
 	            revisionsLogger.logEvent(oaConfig, pendingReq, 
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
index 29bc5ee12..5720e4827 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
@@ -32,6 +32,8 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import com.google.common.net.MediaType;
+
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesMetadataConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
@@ -80,7 +82,7 @@ public class ELGAMandateMetadataController extends AbstractController {
 				String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
 				
 				//write response
-				resp.setContentType("text/xml");
+				resp.setContentType(MediaType.XML_UTF_8.toString());
 				resp.getOutputStream().write(xmlMetadata.getBytes("UTF-8"));
 				resp.getOutputStream().close();
 
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
index dd133e4fb..003ce8c21 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
@@ -39,6 +39,7 @@ import org.opensaml.saml2.core.Response;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import com.google.common.net.MediaType;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 
@@ -216,7 +217,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 		    			SSOTransferConstants.SSOCONTAINER_KEY_STATUS, 
 		    			"OK");
 		    	response.setStatus(HttpServletResponse.SC_OK);
-		    	response.setContentType("text/html;charset=UTF-8");
+		    	response.setContentType(MediaType.HTML_UTF_8.toString());
 				PrintWriter out = new PrintWriter(response.getOutputStream()); 
 				out.print(responseMsg.toString());
 				out.flush();
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
index 98240a636..02356d74a 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
@@ -32,6 +32,8 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import com.google.common.net.MediaType;
+
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthMetadataConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
@@ -80,7 +82,7 @@ public class FederatedAuthMetadataController extends AbstractController {
 				String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
 				
 				//write response
-				resp.setContentType("text/xml");
+				resp.setContentType(MediaType.XML_UTF_8.toString());
 				resp.getOutputStream().write(xmlMetadata.getBytes("UTF-8"));
 				resp.getOutputStream().close();
 
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index b01ea666d..f00358d02 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -69,6 +69,8 @@ import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 import org.xml.sax.SAXException;
 
+import com.google.common.net.MediaType;
+
 import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
@@ -136,13 +138,13 @@ public class GetAuthenticationDataService extends AbstractController implements
 		    
 			String respString = DOMUtils.serializeNode(soapResp, true);
 			
-			resp.setContentType("text/xml;charset=UTF-8");
+			resp.setContentType(MediaType.XML_UTF_8.toString());
 			context.put(CONTEXT_SOAP_ASSERTION, respString);
 			evaluateTemplate(context, resp, TEMPLATE_SOAP_SUCCESS);
 						
 		} catch (ParserConfigurationException | SAXException | IOException | TransformerException e) {
 			Logger.error("SAML1 GetAuthenticationData receive a non-valid request.", e);
-			resp.setContentType("text/xml;charset=UTF-8");
+			resp.setContentType(MediaType.XML_UTF_8.toString());
 					
 			context.put(CONTEXT_SOAP_ISSUEINSTANT, DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()));
 			context.put(CONTEXT_SOAP_RESPONSEID, Random.nextRandom());
@@ -153,7 +155,7 @@ public class GetAuthenticationDataService extends AbstractController implements
 			
 		} catch (SAML1AssertionResponseBuildException e) {
 			Logger.error("SAML1 GetAuthenticationData response build failed..", e);
-			resp.setContentType("text/xml;charset=UTF-8");
+			resp.setContentType(MediaType.XML_UTF_8.toString());
 			
 			context.put(CONTEXT_SOAP_ISSUEINSTANT, e.getIssueInstant());
 			context.put(CONTEXT_SOAP_REQUESTEID, e.getRequestID());
@@ -187,17 +189,17 @@ public class GetAuthenticationDataService extends AbstractController implements
 		
 		if (wsdl_param != null) {
 			//print wsdl
-			resp.setContentType("text/xml;charset=UTF-8");
+			resp.setContentType(MediaType.XML_UTF_8.toString());
 			evaluateTemplate(context, resp, TEMPLATE_WSDL);
 			
 		} else if (xsd_param != null){
 			//print xsd
-			resp.setContentType("text/xml;charset=UTF-8");
+			resp.setContentType(MediaType.XML_UTF_8.toString());
 			evaluateTemplate(context, resp, TEMPLATE_XSD);
 						
 		} else {
 			//print plain info
-			resp.setContentType("text/html;charset=UTF-8");
+			resp.setContentType(MediaType.XML_UTF_8.toString());
 			evaluateTemplate(context, resp, TEMPLATE_PLAIN_INFO);
 			
 		}
-- 
cgit v1.2.3