From ebd93e9389e630450e5b052a18a6a6fc8d05f611 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 28 May 2018 16:40:30 +0200
Subject: refactore code to use EAAF core components

---
 .../AbstractGUIFormBuilderConfiguration.java       |  1 +
 ...roviderSpecificGUIFormBuilderConfiguration.java |  4 +-
 .../DefaultGUIFormBuilderConfiguration.java        | 23 +++----
 .../auth/frontend/builder/GUIFormBuilderImpl.java  |  4 +-
 .../frontend/builder/IGUIBuilderConfiguration.java | 74 ----------------------
 .../id/auth/frontend/builder/IGUIFormBuilder.java  | 68 --------------------
 ...PSpecificGUIBuilderConfigurationWithDBLoad.java |  2 +-
 ...cGUIBuilderConfigurationWithFileSystemLoad.java |  2 +-
 .../auth/frontend/exception/GUIBuildException.java | 46 --------------
 .../moa/id/auth/frontend/utils/FormBuildUtils.java |  2 +-
 10 files changed, 18 insertions(+), 208 deletions(-)
 delete mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIBuilderConfiguration.java
 delete mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java
 delete mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/exception/GUIBuildException.java

(limited to 'id/server/moa-id-frontend-resources/src')

diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java
index d57834192..999552891 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java
@@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.frontend.builder;
 import java.util.HashMap;
 import java.util.Map;
 
+import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
index ad068ac49..8f09dc1aa 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
@@ -29,10 +29,10 @@ import java.util.Map;
 
 import org.apache.commons.lang.StringEscapeUtils;
 
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.IRequest;
 import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
index 8cc7040dc..a1223b093 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
@@ -28,7 +28,8 @@ import java.util.Map;
 
 import org.apache.commons.lang.StringEscapeUtils;
 
-import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration;
 	
 /**
  * This class builds MOA-ID GUI forms from default resource paths
@@ -36,7 +37,7 @@ import at.gv.egovernment.moa.id.commons.api.IRequest;
  * @author tlenz 
  *
  */
-public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderConfiguration {
+public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderConfiguration implements ModifyableGuiBuilderConfiguration {
 	
 	public static final String VIEW_REDIRECT = "redirectForm.html";
 	public static final String VIEW_ERRORMESSAGE = "error_message.html";
@@ -70,13 +71,10 @@ public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderCo
 		
 	}
 	
-	/**
-	 * Add a key/value pair into Velocity context.<br>
-	 * <b>IMPORTANT:</b> external HTML escapetion is required, because it is NOT done internally
-	 * 
-	 * @param key velocity context key
-	 * @param value of this key
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.frontend.builder.ModifyableGuiBuilderConfiguration#putCustomParameterWithOutEscaption(java.lang.String, java.lang.Object)
 	 */
+	@Override
 	public void putCustomParameterWithOutEscaption(String key, Object value) {
 		if (customParameters == null)
 			customParameters = new HashMap<String, Object>();
@@ -84,13 +82,10 @@ public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderCo
 		customParameters.put(key, value);
 	}
 	
-	/**
-	 * Add a key/value pair into Velocity context.<br>
-	 * All parameters get escaped internally
-	 * 
-	 * @param key velocity context key
-	 * @param value of this key
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.frontend.builder.ModifyableGuiBuilderConfiguration#putCustomParameter(java.lang.String, java.lang.String)
 	 */
+	@Override
 	public void putCustomParameter(String key, String value) {
 		if (customParameters == null)
 			customParameters = new HashMap<String, Object>();
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
index 285c90163..2ce4488a8 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
@@ -41,7 +41,9 @@ import org.apache.velocity.app.VelocityEngine;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
+import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIBuilderConfiguration.java
deleted file mode 100644
index 51f6295c7..000000000
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIBuilderConfiguration.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.frontend.builder;
-
-import java.io.InputStream;
-import java.util.Map;
-
-/**
- * @author tlenz
- *
- */
-public interface IGUIBuilderConfiguration {
-	
-	
-	/**
-	 * Define the name of the template (with suffix) which should be used
-	 * 
-	 * @return templatename, but never null
-	 */
-	public String getViewName();
-	
-	/**
-	 * Define the parameters, which should be evaluated in the template
-	 * 
-	 * @return Map of parameters, which should be added to template
-	 */
-	public Map<String, Object> getViewParameters();
-	
-	
-	/**
-	 * Get a specific classpath template-directory prefix, which is used 
-	 *  to load a template from classpath by using <code>ClassLoader.getResourceAsStream(...)</code>  
-	 * 
-	 * @return Classpath directory, or null if the default directory should be used
-	 */
-	public String getClasspathTemplateDir();
-		
-	/** 
-	 * Get the GUI template with a specific name
-	 * 
-	 * @param viewName Name of the template
-	 * @return Tempate as <code>InputStream</code>, or null if default getTemplate method should be used  
-	 */
-	public InputStream getTemplate(String viewName);
-	
-	/**
-	 * Get the contentType, which should be set in HTTP response
-	 * <br><br>
-	 * <b>DefaultValue:</b> text/html;charset=UTF-8
-	 * 
-	 * @return ContentType, or null if default ContentType should be used.
-	 */
-	public String getDefaultContentType();
-}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java
deleted file mode 100644
index 8e8a63094..000000000
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/IGUIFormBuilder.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.frontend.builder;
-
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException;
-
-/**
- * @author tlenz
- *
- */
-public interface IGUIFormBuilder {
-
-	/**
-	 * Parse a GUI template, with parameters into a http servlet-response 
-	 * and use the default http-response content-type.
-	 * <br><br>
-	 *  The parser use the <code>VelocityEngine</code> as internal template evaluator. 
-	 * 
-	 * @param httpResp http-response object
-	 * @param viewName Name of the template (with suffix), which should be used. 
-	 *    The template is selected by using the <code>getTemplate(String viewName)</code> method
-	 * @param viewParams Map of parameters, which should be added to template
-	 * @param loggerName String, which should be used from logger
-	 * 
-	 * @throws GUIBuildException
-	 */
-	public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String loggerName) throws GUIBuildException;
-
-	/**
-	 * Parse a GUI template, with parameters into a http servlet-response.
-	 * <br><br>
-	 *  The parser use the <code>VelocityEngine</code> as internal template evaluator. 
-	 * 
-	 * @param httpResp http-response object
-	 * @param viewName Name of the template (with suffix), which should be used. 
-	 *    The template is selected by using the <code>getTemplate(String viewName)</code> method
-	 * @param viewParams Map of parameters, which should be added to template
-	 * @param contentType http-response content-type, which should be set
-	 * @param loggerName String, which should be used from logger
-	 * 
-	 * @throws GUIBuildException
-	 */
-	void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String contentType,
-			String loggerName) throws GUIBuildException;
-		
-}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
index 0215afc41..8d5a8bf9b 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
@@ -25,7 +25,7 @@ package at.gv.egovernment.moa.id.auth.frontend.builder;
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 
-import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequest;
 
 /**
  * @author tlenz
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
index b5c50004b..bb947a15f 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
@@ -31,7 +31,7 @@ import java.net.URI;
 import java.net.URISyntaxException;
 import java.net.URL;
 
-import at.gv.egovernment.moa.id.commons.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/exception/GUIBuildException.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/exception/GUIBuildException.java
deleted file mode 100644
index fff458546..000000000
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/exception/GUIBuildException.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.frontend.exception;
-
-/**
- * @author tlenz
- *
- */
-public class GUIBuildException extends Exception {
-
-	private static final long serialVersionUID = -278663750102498205L;
-	
-	/**
-	 * @param string
-	 */
-	public GUIBuildException(String msg) {
-		super(msg);
-		
-	}
-	
-	public GUIBuildException(String msg, Throwable e) {
-		super(msg, e);
-		
-	}
-
-}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
index 66bfd9c3e..947a42345 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
@@ -26,7 +26,7 @@ package at.gv.egovernment.moa.id.auth.frontend.utils;
 import java.util.HashMap;
 import java.util.Map;
 
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.util.MiscUtil;
 
-- 
cgit v1.2.3


From 3b26a365d832d4b0664777d2c348606247022564 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 14 Jun 2018 13:55:39 +0200
Subject: some more stuff

---
 .../configuration/struts/action/BasicOAAction.java |   2 +-
 .../moa/id/advancedlogging/MOAReversionLogger.java |  11 +-
 .../moa/id/advancedlogging/StatisticLogger.java    |   8 +-
 .../id/auth/builder/AuthenticationDataBuilder.java | 143 +++--------
 .../builder/DynamicOAAuthParameterBuilder.java     |  13 +-
 .../StartAuthentificationParameterParser.java      |   2 +-
 .../id/auth/servlet/IDPSingleLogOutServlet.java    |  33 ++-
 .../moa/id/auth/servlet/LogOutServlet.java         |   2 +-
 .../UniqueSessionIdentifierInterceptor.java        |   6 +-
 .../id/config/auth/OAAuthParameterDecorator.java   |  24 +-
 .../PropertyBasedAuthConfigurationProvider.java    |   2 +-
 .../config/auth/data/DynamicOAAuthParameters.java  |  10 +-
 .../moa/id/data/MOAAuthenticationData.java         |   4 +-
 .../moa/id/data/SLOInformationContainer.java       |  45 ++--
 .../moa/id/data/SLOInformationImpl.java            |   2 +
 .../moa/id/data/SLOInformationInterface.java       |  70 -----
 .../moa/id/moduls/AuthenticationManager.java       | 282 ++------------------
 .../gv/egovernment/moa/id/moduls/SSOManager.java   |  55 ++--
 .../builder/attributes/BPKAttributeBuilder.java    |  71 -----
 .../attributes/EIDSectorForIDAttributeBuilder.java |  55 ----
 .../builder/attributes/EIDSignerCertificate.java   |  12 +-
 .../attributes/EncryptedBPKAttributeBuilder.java   |  22 +-
 .../protocols/builder/attributes/HolderOfKey.java  |   4 +-
 .../MandateFullMandateAttributeBuilder.java        |  38 +--
 ...MandateLegalPersonFullNameAttributeBuilder.java |  56 ++--
 ...andateLegalPersonSourcePinAttributeBuilder.java |  14 +-
 ...teLegalPersonSourcePinTypeAttributeBuilder.java |  60 +++--
 .../MandateNaturalPersonBPKAttributeBuilder.java   |  78 +++---
 ...dateNaturalPersonBirthDateAttributeBuilder.java |  58 +++--
 ...ateNaturalPersonFamilyNameAttributeBuilder.java |  64 ++---
 ...dateNaturalPersonGivenNameAttributeBuilder.java |  59 +++--
 ...dateNaturalPersonSourcePinAttributeBuilder.java |  62 +++--
 ...NaturalPersonSourcePinTypeAttributeBuilder.java |  56 ++--
 .../MandateProfRepDescAttributeBuilder.java        |  63 +++--
 .../MandateProfRepOIDAttributeBuilder.java         |  37 +--
 .../MandateReferenceValueAttributeBuilder.java     |  15 +-
 .../attributes/MandateTypeAttributeBuilder.java    |  41 +--
 .../attributes/MandateTypeOIDAttributeBuilder.java |  26 +-
 .../id/protocols/pvp2x/AttributQueryAction.java    | 144 +++++++++--
 .../id/protocols/pvp2x/AuthenticationAction.java   |  10 +-
 .../moa/id/protocols/pvp2x/MetadataAction.java     |   8 +-
 .../moa/id/protocols/pvp2x/PVP2XProtocol.java      | 153 +++++------
 .../id/protocols/pvp2x/PVPAssertionStorage.java    |  10 +-
 .../id/protocols/pvp2x/PVPTargetConfiguration.java | 138 +++++-----
 .../moa/id/protocols/pvp2x/SingleLogOutAction.java |  56 ++--
 .../pvp2x/builder/AttributQueryBuilder.java        |   3 +-
 .../pvp2x/builder/PVPAttributeBuilder.java         |  18 +-
 .../pvp2x/builder/PVPAuthnRequestBuilder.java      |   4 +-
 .../pvp2x/builder/SingleLogOutBuilder.java         | 216 +++++++++++++++-
 .../builder/assertion/PVP2AssertionBuilder.java    |  65 ++---
 .../builder/attributes/SamlAttributeGenerator.java |   2 +-
 .../protocols/pvp2x/config/PVPConfiguration.java   |  10 +-
 .../NameIDFormatNotSupportedException.java         |   2 +-
 .../pvp2x/metadata/MOAMetadataProvider.java        |  35 +--
 .../pvp2x/metadata/SimpleMOAMetadataProvider.java  |  37 ++-
 .../pvp2x/signer/AbstractCredentialProvider.java   |   4 +-
 .../pvp2x/signer/IDPCredentialProvider.java        |   9 +-
 .../pvp2x/verification/EntityVerifier.java         |   9 +-
 .../pvp2x/verification/SAMLVerificationEngine.java |  18 +-
 .../storage/DBAuthenticationSessionStoreage.java   |  84 +++---
 .../moa/id/storage/DBTransactionStorage.java       |  19 +-
 .../id/storage/IAuthenticationSessionStoreage.java |  28 +-
 .../moa/id/storage/RedisTransactionStorage.java    |   6 +-
 .../gv/egovernment/moa/id/util/LoALevelMapper.java | 174 +++++++++++++
 .../egovernment/moa/id/util/PVPtoSTORKMapper.java  | 174 -------------
 .../egovernment/moa/id/util/QAALevelVerifier.java  |  22 +-
 ....protocols.builder.attributes.IAttributeBuilder |   2 -
 .../moa/id/module/test/TestRequestImpl.java        | 285 ---------------------
 .../spring/test/DummyTransactionStorage.java       | 147 -----------
 .../spring/test/ExpressionContextAdapter.java      |  52 ----
 .../moa/id/process/spring/test/SimplePojo.java     |  41 ---
 .../SpringExpressionAwareProcessEngineTest.java    | 154 -----------
 .../spring/test/SpringExpressionEvaluatorTest.java |  54 ----
 .../spring/test/task/CreateSAML1AssertionTask.java |  63 -----
 .../spring/test/task/GetIdentityLinkTask.java      |  59 -----
 .../id/process/spring/test/task/SelectBKUTask.java |  37 ---
 .../spring/test/task/SignAuthBlockTask.java        |  61 -----
 .../spring/test/task/ValidateIdentityLinkTask.java |  46 ----
 .../test/task/ValidateSignedAuthBlockTask.java     |  51 ----
 .../test/BooleanStringExpressionEvaluator.java     |  24 --
 .../moa/id/process/test/HalloWeltTask.java         |  24 --
 .../moa/id/process/test/HelloWorldTask.java        |  24 --
 .../process/test/ProcessDefinitionParserTest.java  | 137 ----------
 .../moa/id/process/test/ProcessEngineTest.java     | 146 -----------
 .../id/storage/test/DBTransactionStorageTest.java  |   6 +-
 .../moa/id/commons/api/IOAAuthParameters.java      |  19 +-
 ...roviderSpecificGUIFormBuilderConfiguration.java |  14 +-
 .../DefaultGUIFormBuilderConfiguration.java        |   2 +-
 ...PSpecificGUIBuilderConfigurationWithDBLoad.java |   7 +-
 ...cGUIBuilderConfigurationWithFileSystemLoad.java |   4 +-
 .../moa/id/auth/frontend/utils/FormBuildUtils.java |   4 +-
 .../moa/id/auth/MOAIDAuthSpringInitializer.java    |   2 +-
 .../bkamobileauthtests/BKAMobileAuthModule.java    |  14 +-
 .../tasks/FirstBKAMobileAuthTask.java              |  25 +-
 .../tasks/SecondBKAMobileAuthTask.java             |  24 +-
 .../attributes/OAuth20AttributeBuilder.java        |  29 ++-
 .../attributes/OpenIdAudiencesAttribute.java       |  17 +-
 .../OpenIdAuthenticationTimeAttribute.java         |  17 +-
 .../attributes/OpenIdExpirationTimeAttribute.java  |  15 +-
 .../attributes/OpenIdIssueInstantAttribute.java    |  15 +-
 .../oauth20/attributes/OpenIdIssuerAttribute.java  |  17 +-
 .../oauth20/attributes/OpenIdNonceAttribute.java   |  20 +-
 .../OpenIdSubjectIdentifierAttribute.java          |  15 +-
 .../attributes/ProfileDateOfBirthAttribute.java    |  15 +-
 .../attributes/ProfileFamilyNameAttribute.java     |  15 +-
 .../attributes/ProfileGivenNameAttribute.java      |  15 +-
 .../oauth20/protocol/OAuth20AuthRequest.java       |  86 +++----
 .../oauth20/protocol/OAuth20BaseRequest.java       |  15 +-
 .../oauth20/protocol/OAuth20Protocol.java          |   2 +-
 .../tasks/CreateAuthnRequestTask.java              |   4 +-
 110 files changed, 1725 insertions(+), 3163 deletions(-)
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/ExpressionContextAdapter.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SimplePojo.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/BooleanStringExpressionEvaluator.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessDefinitionParserTest.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java

(limited to 'id/server/moa-id-frontend-resources/src')

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
index 32368bab9..7d411b161 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
@@ -538,7 +538,7 @@ public class BasicOAAction extends BasicAction {
 			
 		} catch (ConfigurationStorageException | at.gv.egiz.components.configuration.api.ConfigurationException e) {
 			log.warn("MOAID Configuration can not be stored in Database", e);
-			throw new MOADatabaseException(e);
+			throw new MOADatabaseException(e.getMessage(), e);
 			
 		}
     	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index 0090bf3d3..322686c21 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -123,7 +123,6 @@ public class MOAReversionLogger implements IRevisionLogger {
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egiz.eaaf.core.api.IRequest, int)
 	 */
-	@Override
 	public void logEvent(ISPConfiguration oaConfig, IRequest pendingRequest, 
 			int eventCode) {		
 			if (selectOASpecificEventCodes(oaConfig).contains(eventCode))
@@ -136,7 +135,6 @@ public class MOAReversionLogger implements IRevisionLogger {
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.advancedlogging.IRevisionLogger#logEvent(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egiz.eaaf.core.api.IRequest, int, java.lang.String)
 	 */
-	@Override
 	public void logEvent(IOAAuthParameters oaConfig, IRequest pendingRequest, 
 			int eventCode, String message) {		
 		if (selectOASpecificEventCodes(oaConfig).contains(eventCode))
@@ -251,11 +249,14 @@ public class MOAReversionLogger implements IRevisionLogger {
 		
 	}
 	
-	private List<Integer> selectOASpecificEventCodes(IOAAuthParameters oaConfig) {
+	private List<Integer> selectOASpecificEventCodes(ISPConfiguration oaConfig) {
 		List<Integer> OASpecificEventCodes = null;
-		if (oaConfig != null && oaConfig.getReversionsLoggingEventCodes() != null)
-			OASpecificEventCodes = oaConfig.getReversionsLoggingEventCodes();
+		if (oaConfig != null && oaConfig instanceof IOAAuthParameters) {
+			if (((IOAAuthParameters)oaConfig).getReversionsLoggingEventCodes() != null)
+				OASpecificEventCodes = ((IOAAuthParameters)oaConfig).getReversionsLoggingEventCodes();
 			
+		}
+		
 		else
 			OASpecificEventCodes = getDefaulttReversionsLoggingEventCodes();
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
index e12b1372e..ea796d974 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
@@ -46,6 +46,7 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBod
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.ServiceException;
 import at.gv.egovernment.moa.id.client.SZRGWClientException;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
@@ -286,10 +287,10 @@ public class StatisticLogger implements IStatisticLogger{
 				}
 				
 				IAuthenticationSession moasession = null;
-				if (MiscUtil.isNotEmpty(errorRequest.getInternalSSOSessionIdentifier())) {
+				if (MiscUtil.isNotEmpty(errorRequest.getSSOSessionIdentifier())) {
 					Logger.debug("Use MOA session information from SSO session for ErrorLogging");
 					try {
-						moasession = authenticatedSessionStorage.getInternalSSOSession(errorRequest.getInternalSSOSessionIdentifier());
+						moasession = authenticatedSessionStorage.getInternalSSOSession(errorRequest.getSSOSessionIdentifier());
 						
 					} catch (MOADatabaseException e) {
 						Logger.error("Error during database communication", e);
@@ -298,7 +299,8 @@ public class StatisticLogger implements IStatisticLogger{
 										
 				} else {
 					Logger.debug("Use MOA session information from pending-req for ErrorLogging");
-					moasession = errorRequest.getMOASession();
+					moasession = new AuthenticationSessionWrapper(errorRequest.genericFullDataStorage()); 
+
 					
 				}
 				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index efe28c900..738f733a8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -36,11 +36,6 @@ import java.util.List;
 import javax.naming.ldap.LdapName;
 import javax.naming.ldap.Rdn;
 
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeQuery;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.ws.soap.common.SOAPException;
-import org.opensaml.xml.XMLObject;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.DOMException;
@@ -49,10 +44,12 @@ import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
 import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -71,7 +68,6 @@ import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
@@ -80,17 +76,9 @@ import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
-import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
+import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
@@ -112,9 +100,6 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
 	@Autowired protected AuthConfiguration authConfig;
-	@Autowired private AttributQueryBuilder attributQueryBuilder;
-	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
-	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
 	
 	@Override
 	public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
@@ -193,82 +178,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 		
 		return authdata;								
 	}
-	
-	/**
-	 * Get PVP authentication attributes by using a SAML2 AttributeQuery
-	 * 
-	 * @param reqQueryAttr List of PVP attributes which are requested
-	 * @param userNameID SAML2 UserNameID of the user for which attributes are requested
-	 * @param idpConfig Configuration of the IDP, which is requested 
-	 * @return 
-	 * @return PVP attribute DAO, which contains all received information
-	 * @throws MOAIDException
-	 */
-	public AssertionAttributeExtractor getAuthDataFromAttributeQuery(List<Attribute> reqQueryAttr,
-			String userNameID, IOAAuthParameters idpConfig, String spEntityID) throws MOAIDException{
-		String idpEnityID = idpConfig.getPublicURLPrefix();
-		
-		try {		
-			Logger.debug("Starting AttributeQuery process ...");
-			//collect attributes by using BackChannel communication
-			String endpoint = idpConfig.getIDPAttributQueryServiceURL();			
-			if (MiscUtil.isEmpty(endpoint)) {
-				Logger.error("No AttributeQueryURL for interfederationIDP " + idpEnityID);
-				throw new ConfigurationException("config.26", new Object[]{idpEnityID});
-				
-			}
-				
-			//build attributQuery request
-			AttributeQuery query = attributQueryBuilder.buildAttributQueryRequest(spEntityID, userNameID, endpoint, reqQueryAttr);
-			
-			//build SOAP request				
-			List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
-		
-			if (xmlObjects.size() == 0) {
-				Logger.error("Receive emptry AttributeQuery response-body.");
-				throw new AttributQueryException("auth.27", 
-						new Object[]{idpEnityID, "Receive emptry AttributeQuery response-body."});
-			
-			}
-		
-			Response intfResp;
-			if (xmlObjects.get(0) instanceof Response) {
-				intfResp = (Response) xmlObjects.get(0);
-			
-				//validate PVP 2.1 response
-				try {
-					samlVerificationEngine.verifyIDPResponse(intfResp, 
-							TrustEngineFactory.getSignatureKnownKeysTrustEngine(
-									metadataProvider));
-			
-					//create assertion attribute extractor from AttributeQuery response
-					return new AssertionAttributeExtractor(intfResp);
-		
-				} catch (Exception e) {
-					Logger.warn("PVP 2.1 assertion validation FAILED.", e);
-					throw new AssertionValidationExeption("auth.27", 
-							new Object[]{idpEnityID, e.getMessage()}, e);
-				}
-											
-			} else {
-				Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response");
-				throw new AttributQueryException("auth.27", 
-						new Object[]{idpEnityID, "Receive AttributeQuery response-body include no PVP 2.1 response"});
 			
-			}
-				 										
-		} catch (SOAPException e) {
-			throw new BuildException("builder.06", null, e);
-			
-		} catch (SecurityException e) {
-			throw new BuildException("builder.06", null, e);
-					
-		} catch (org.opensaml.xml.security.SecurityException e1) {
-			throw new BuildException("builder.06", null, e1);
-			
-		}
-	}
-		
 	private void buildAuthDataFormMOASession(MOAAuthenticationData authData, IAuthenticationSession session, 
 			IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException {
 
@@ -372,32 +282,43 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 			//####################################################
 			//set QAA level
 			includedToGenericAuthData.remove(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME);
+			String currentLoA = null;
 			if (MiscUtil.isNotEmpty(session.getQAALevel()))
-				authData.setQAALevel(session.getQAALevel());
-			
+				currentLoA = session.getQAALevel();			
 			else {
-				String qaaLevel = session.getGenericDataFromSession(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, String.class);
-				if (MiscUtil.isNotEmpty(qaaLevel)) {
-					Logger.debug("Find PVP-Attr '" + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + "':" + qaaLevel
+				currentLoA = session.getGenericDataFromSession(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, String.class);
+				if (MiscUtil.isNotEmpty(currentLoA)) {
+					Logger.debug("Find PVP-Attr '" + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA
 							+ " --> Parse QAA-Level from that attribute.");
-						
-					if (qaaLevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
-						authData.setQAALevel(qaaLevel);
-						
-					} else {
-						Logger.debug("Found PVP QAA level. QAA mapping process starts ... ");				
-						String mappedQAA = PVPtoSTORKMapper.getInstance().mapToQAALevel(qaaLevel);
-						if (MiscUtil.isNotEmpty(mappedQAA))
-							authData.setQAALevel(mappedQAA);
-											
-					}
+					
 				}
 			}
+				
+			if (MiscUtil.isNotEmpty(currentLoA)) {					
+				if (currentLoA.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
+					authData.setQAALevel(currentLoA);
+					authData.seteIDASLoA(LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(currentLoA));
+
+				} else if (currentLoA.startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) {
+					authData.setQAALevel(LoALevelMapper.getInstance().mapeIDASQAAToSTORKQAA(currentLoA));
+					authData.seteIDASLoA(currentLoA);
+										
+				} else {
+					Logger.debug("Found PVP QAA level. QAA mapping process starts ... ");				
+					String mappedStorkQAA = LoALevelMapper.getInstance().mapToQAALevel(currentLoA);
+					if (MiscUtil.isNotEmpty(mappedStorkQAA)) {
+						authData.setQAALevel(currentLoA);
+						authData.seteIDASLoA(LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(currentLoA));
+						
+					}										
+				}
+			}		
 			
 			//if no QAA level is set in MOASession then set default QAA level  
 			if (MiscUtil.isEmpty(authData.getQAALevel())) {														
-				Logger.info("No QAA level found. Set to default level " + PVPConstants.STORK_QAA_PREFIX + "1");
+				Logger.info("No QAA level found. Set to default level " + EAAFConstants.EIDAS_QAA_LOW);
 				authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + "1");
+				authData.seteIDASLoA(EAAFConstants.EIDAS_QAA_LOW);
 						
 			}
 	
@@ -810,7 +731,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 				try {
 					authData.setGenericData(elementKey, session.getGenericDataFromSession(elementKey));
 						
-				} catch (SessionDataStorageException e) {
+				} catch (EAAFStorageException e) {
 					Logger.warn("Can not add generic authData with key:" + elementKey, e);
 						
 				}				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
index e9e217137..a1d31f5ae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
@@ -29,7 +29,6 @@ import org.opensaml.saml2.core.Attribute;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.PVPAttributeConstants;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -89,16 +88,8 @@ public class DynamicOAAuthParameterBuilder {
 		
 		DynamicOAAuthParameters dynOAParams = new DynamicOAAuthParameters();
 		dynOAParams.setApplicationID(oaParam.getPublicURLPrefix());
-		try {
-			dynOAParams.setHasBaseIdProcessingRestriction(oaParam.hasBaseIdInternalProcessingRestriction());
-			dynOAParams.setHasBaseIdTransfergRestriction(oaParam.hasBaseIdTransferRestriction());
-			
-		} catch (EAAFConfigurationException e) {
-			Logger.warn("Can not resolve baseID restrications! Set to privacy friendly configuration", e);
-			dynOAParams.setHasBaseIdProcessingRestriction(true);
-			dynOAParams.setHasBaseIdTransfergRestriction(true);
-			
-		}
+		dynOAParams.setHasBaseIdProcessingRestriction(oaParam.hasBaseIdInternalProcessingRestriction());
+		dynOAParams.setHasBaseIdTransfergRestriction(oaParam.hasBaseIdTransferRestriction());
 		
 		Object storkRequst = null;
 		try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index e0d65e103..10c271b6a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -186,7 +186,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 	    			&& MiscUtil.isNotEmpty(templateURLList.get(0)) ) {	    	
 	    		templateURL = FileUtils.makeAbsoluteURL(
 	    				oaParam.getTemplateURL().get(0),
-	    				authConfig.getRootConfigFileDir());
+	    				authConfig.getRootConfigFileDir()); 
 	    		Logger.info("No SL-Template in request, load SL-Template from OA configuration (URL: " + templateURL + ")");
 
 	    	} else if ( (defaulTemplateURLList.size() > 0) && MiscUtil.isNotEmpty(defaulTemplateURLList.get(0))) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index 0e9db3964..f9aa1b83c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -36,12 +36,14 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -50,6 +52,7 @@ import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
@@ -66,7 +69,7 @@ import at.gv.egovernment.moa.util.URLEncoder;
 public class IDPSingleLogOutServlet extends AbstractController {
 	
 	@Autowired SSOManager ssoManager;
-	@Autowired AuthenticationManager authManager;
+	@Autowired IAuthenticationManager authManager;
 	@Autowired IAuthenticationSessionStoreage authenicationStorage;
 	@Autowired SingleLogOutBuilder sloBuilder;
 	
@@ -127,6 +130,9 @@ public class IDPSingleLogOutServlet extends AbstractController {
 			} catch (MOADatabaseException e) {
 				handleErrorNoRedirect(e, req, resp, false);
 				
+			} catch (EAAFException e) {
+				handleErrorNoRedirect(e, req, resp, false);
+				
 			}
 			
 			return;			
@@ -135,10 +141,13 @@ public class IDPSingleLogOutServlet extends AbstractController {
 			try {
 				if (ssoManager.isValidSSOSession(ssoid, null)) {
 				
-					AuthenticationSession authSession = authenicationStorage.getInternalMOASessionWithSSOID(ssoid);
+					String internalSSOId = authenicationStorage.getInternalSSOSessionWithSSOID(ssoid);
 					
-					if(authSession != null) {
-						authManager.performSingleLogOut(req, resp, authSession, authURL);
+					if(MiscUtil.isNotEmpty(internalSSOId)) {
+						ISLOInformationContainer sloInfoContainer = authManager.performSingleLogOut(req, resp, null, internalSSOId);
+						
+						Logger.debug("Starting technical SLO process ... ");
+						sloBuilder.toTechnicalLogout(sloInfoContainer, req, resp, authURL);						
 						return;
 							
 					}
@@ -159,11 +168,12 @@ public class IDPSingleLogOutServlet extends AbstractController {
 							sloContainer.putFailedOA("differntent OAs");
 							
 						String redirectURL = null;
-						if (sloContainer.getSloRequest() != null) {
+						IRequest sloReq = sloContainer.getSloRequest();
+						if (sloReq != null && sloReq instanceof PVPTargetConfiguration) {
 							//send SLO response to SLO request issuer
-							SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(sloContainer.getSloRequest());
-							LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
-							redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, sloContainer.getSloRequest().getRequest().getRelayState());
+							SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPTargetConfiguration)sloContainer.getSloRequest());
+							LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPTargetConfiguration)sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
+							redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, ((PVPTargetConfiguration)sloContainer.getSloRequest()).getRequest().getRelayState());
 															
 						} else {
 							//print SLO information directly
@@ -205,6 +215,9 @@ public class IDPSingleLogOutServlet extends AbstractController {
 					} catch (MOAIDException e) {
 						Logger.warn("Build SLO respone FAILED.", e);
 						
+					} catch (EAAFException e) {
+						Logger.warn("Build SLO respone FAILED.", e);
+						
 					}
 					
 					try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 21d329145..0285dd75b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -98,7 +98,7 @@ public class LogOutServlet {
 				
 			}
 			
-			if (ssomanager.destroySSOSessionOnIDPOnly(req, resp))
+			if (ssomanager.destroySSOSessionOnIDPOnly(req, resp, null))
 				Logger.info("User with SSO is logged out and get redirect to "+ redirectUrl);				
 			else
 				Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
index 752f54139..07b5242e0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/interceptor/UniqueSessionIdentifierInterceptor.java
@@ -29,9 +29,9 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;
 
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
-import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -56,10 +56,10 @@ public class UniqueSessionIdentifierInterceptor implements HandlerInterceptor {
 		//search for unique session identifier
 		String uniqueSessionIdentifier = ssomanager.getUniqueSessionIdentifier(ssoId);											
 		if (MiscUtil.isEmpty(uniqueSessionIdentifier))
-			uniqueSessionIdentifier = Random.nextRandom();
+			uniqueSessionIdentifier = Random.nextHexRandom16();
 		
 		TransactionIDUtils.setSessionId(uniqueSessionIdentifier);		
-		request.setAttribute(MOAIDConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier);
+		request.setAttribute(EAAFConstants.UNIQUESESSIONIDENTIFIER, uniqueSessionIdentifier);
 		
 		return true; 
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
index f0477c1fb..89e543209 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
@@ -60,7 +60,6 @@ import java.util.Set;
 import org.apache.commons.lang.SerializationUtils;
 
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -104,7 +103,7 @@ public class OAAuthParameterDecorator implements IOAAuthParameters, Serializable
 
       
   @Override
-  public boolean hasBaseIdInternalProcessingRestriction() throws EAAFConfigurationException {
+  public boolean hasBaseIdInternalProcessingRestriction() {
 	  String targetAreaIdentifier = getAreaSpecificTargetIdentifier();
 	  for (String el : spConfiguration.getTargetsWithNoBaseIdInternalProcessingRestriction()) {
 		  if (targetAreaIdentifier.startsWith(el))
@@ -116,7 +115,7 @@ public class OAAuthParameterDecorator implements IOAAuthParameters, Serializable
   }
 
   @Override
-  public boolean hasBaseIdTransferRestriction() throws EAAFConfigurationException {
+  public boolean hasBaseIdTransferRestriction() {
 	  String targetAreaIdentifier = getAreaSpecificTargetIdentifier();
 	  for (String el : spConfiguration.getTargetsWithNoBaseIdTransferRestriction()) {
 		  if (targetAreaIdentifier.startsWith(el))
@@ -688,13 +687,7 @@ public boolean isInterfederationSSOStorageAllowed() {
 }
 
 public boolean isIDPPublicService() throws ConfigurationException {
-	try {
-		return !hasBaseIdTransferRestriction();
-		
-	} catch (EAAFConfigurationException e) {
-		throw new ConfigurationException("internal.00", new Object[] {}, e);
-		
-	}
+	return !hasBaseIdTransferRestriction();
 	
 }
 
@@ -947,11 +940,14 @@ public List<String> getTargetsWithNoBaseIdTransferRestriction() {
 
 
 @Override
-/**
- * THIS METHODE IS NOT SUPPORTED IN THIS IMPLEMENTATION 
- */
 public String getUniqueIdentifier() {
-	return null;
+	return getPublicURLPrefix();
+}
+
+
+@Override
+public String getMinimumLevelOfAssurence() {
+	return getQaaLevel();
 }
 
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
index db2499ad5..a0a34336c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java
@@ -96,7 +96,7 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide
 		Map<String, String> oa = getActiveOnlineApplication(spIdentifier);
 		if (oa == null) {			
 			return null;
-		}
+		} 
 
 		return new OAAuthParameterDecorator(new SPConfigurationImpl(oa, this));
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index f401db8bf..11932f52a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -75,7 +75,7 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 	 * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifier()
 	 */
 	@Override
-	public String getAreaSpecificTargetIdentifier() throws ConfigurationException {
+	public String getAreaSpecificTargetIdentifier() {
 		return this.oaTargetAreaIdentifier;
 	}
 
@@ -551,8 +551,12 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 
 	@Override
 	public String getUniqueIdentifier() {
-		// TODO Auto-generated method stub
-		return null;
+		return getPublicURLPrefix();
+	}
+
+	@Override
+	public String getMinimumLevelOfAssurence() {
+		return getQaaLevel();
 	}
 
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
index 0e8a988ce..ba3eba2e6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
@@ -33,7 +33,7 @@ import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
+import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -76,7 +76,7 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 	public String getQAALevel() {
 		if (this.QAALevel != null && 
 				this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) {
-			String mappedQAA = PVPtoSTORKMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel);
+			String mappedQAA = LoALevelMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel);
 			if (MiscUtil.isNotEmpty(mappedQAA))
 				return mappedQAA;
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
index 20588ad0b..b1f123bbc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java
@@ -30,7 +30,9 @@ import java.util.List;
 import java.util.Map.Entry;
 import java.util.Set;
 
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 
 /**
  * @author tlenz
@@ -40,9 +42,9 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
  	
 	private static final long serialVersionUID = 7148730740582881862L;
 	
-	private PVPTargetConfiguration sloRequest = null;
-	private LinkedHashMap<String, SLOInformationImpl> activeFrontChannalOAs;
-	private LinkedHashMap<String, SLOInformationImpl> activeBackChannelOAs;
+	private IRequest sloRequest = null;
+	private LinkedHashMap<String, SLOInformationInterface> activeFrontChannalOAs;
+	private LinkedHashMap<String, SLOInformationInterface> activeBackChannelOAs;
 	private List<String> sloFailedOAs = null;
 	private String transactionID = null;
 	private String sessionID = null;
@@ -51,8 +53,8 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
 	 * 
 	 */
 	public SLOInformationContainer() {
-		this.activeBackChannelOAs = new LinkedHashMap<String, SLOInformationImpl>(); 
-		this.activeFrontChannalOAs = new LinkedHashMap<String, SLOInformationImpl>(); 
+		this.activeBackChannelOAs = new LinkedHashMap<String, SLOInformationInterface>(); 
+		this.activeFrontChannalOAs = new LinkedHashMap<String, SLOInformationInterface>(); 
 		this.sloFailedOAs = new ArrayList<String>();
 		
 	}
@@ -61,28 +63,28 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
 	/**
 	 * @return the activeFrontChannalOAs
 	 */
-	public LinkedHashMap<String, SLOInformationImpl> getActiveFrontChannalOAs() {
+	public LinkedHashMap<String, SLOInformationInterface> getActiveFrontChannalOAs() {
 		return activeFrontChannalOAs;
 	}
 
 	/**
 	 * @param activeFrontChannalOAs the activeFrontChannalOAs to set
 	 */
-	public void setActiveFrontChannalOAs(LinkedHashMap<String, SLOInformationImpl> activeFrontChannalOAs) {
+	public void setActiveFrontChannalOAs(LinkedHashMap<String, SLOInformationInterface> activeFrontChannalOAs) {
 		this.activeFrontChannalOAs = activeFrontChannalOAs;
 	}
 
 	/**
 	 * @return the activeBackChannelOAs
 	 */
-	public LinkedHashMap<String, SLOInformationImpl> getActiveBackChannelOAs() {
+	public LinkedHashMap<String, SLOInformationInterface> getActiveBackChannelOAs() {
 		return activeBackChannelOAs;
 	}
 
 	/**
 	 * @param activeBackChannelOAs the activeBackChannelOAs to set
 	 */
-	public void setActiveBackChannelOAs(LinkedHashMap<String, SLOInformationImpl> activeBackChannelOAs) {
+	public void setActiveBackChannelOAs(LinkedHashMap<String, SLOInformationInterface> activeBackChannelOAs) {
 		this.activeBackChannelOAs = activeBackChannelOAs;
 	}
 
@@ -98,7 +100,7 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
 	 * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#getFrontChannelOASessionDescriptions()
 	 */
 	@Override
-	public Set<Entry<String, SLOInformationImpl>> getFrontChannelOASessionDescriptions() {
+	public Set<Entry<String, SLOInformationInterface>> getFrontChannelOASessionDescriptions() {
 		return activeFrontChannalOAs.entrySet();
 	}
 	
@@ -122,7 +124,7 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
 	 * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#getBackChannelOASessionDescripten(java.lang.String)
 	 */
 	@Override
-	public SLOInformationImpl getBackChannelOASessionDescripten(String oaID) {
+	public SLOInformationInterface getBackChannelOASessionDescripten(String oaID) {
 		return activeBackChannelOAs.get(oaID);
 	}
 	
@@ -134,19 +136,12 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
 		activeBackChannelOAs.remove(oaID);
 	}
 	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#getSloRequest()
-	 */
-	@Override
-	public PVPTargetConfiguration getSloRequest() {
-		return sloRequest;
-	}
-	
+
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.data.ISLOInformationContainer#setSloRequest(at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration)
 	 */
 	@Override
-	public void setSloRequest(PVPTargetConfiguration sloRequest) {
+	public void setSloRequest(IRequest sloRequest) {
 		this.sloRequest = sloRequest;
 		
 	}
@@ -197,7 +192,11 @@ public class SLOInformationContainer implements Serializable, ISLOInformationCon
 	public void setSessionID(String sessionID) {
 		this.sessionID = sessionID;
 	}
-	
-	
+
+
+	@Override
+	public IRequest getSloRequest() {
+		return this.sloRequest;
+	}
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
index 1d1e2f36a..5ff923bce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
@@ -26,6 +26,8 @@ import java.io.Serializable;
 
 import org.opensaml.saml2.metadata.SingleLogoutService;
 
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+
 
 /**
  * @author tlenz
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
deleted file mode 100644
index 31fdaacfd..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.data;
-
-/**
- * @author tlenz
- *
- */
-public interface SLOInformationInterface{
-	
-
-	/**
-	 * get AssertionID which was used for Service Provider Single LogOut request 
-	 * 
-	 * @return
-	 * SessionID (SessionIndex in case of SAML2)
-	 */
-	public String getSessionIndex();
-	
-	/**
-	 * get user identifier which was used
-	 * 
-	 * @return
-	 * bPK / wbPK (nameID in case of SAML2)
-	 */
-	public String getUserNameIdentifier();
-	
-	
-	/**
-	 * get protocol type which was used for authentication
-	 * 
-	 * @return
-	 * return authentication protocol type
-	 */
-	public String getProtocolType();
-
-	/**
-	 * @return
-	 */
-	public String getUserNameIDFormat();
-	
-	/**
-	 * Get the unique entityID of this Service-Provider
-	 * 
-	 * @return unique identifier, but never null
-	 */
-	public String getSpEntityID();
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 2e1af43e4..c05a271f6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -22,12 +22,8 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.moduls;
 
-import java.util.ArrayList;
-import java.util.Collection;
 import java.util.Enumeration;
-import java.util.Iterator;
 import java.util.List;
-import java.util.Map.Entry;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -35,46 +31,31 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.opensaml.saml2.core.LogoutRequest;
-import org.opensaml.saml2.core.LogoutResponse;
-import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.metadata.SingleLogoutService;
-import org.opensaml.ws.soap.common.SOAPException;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
-import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
-import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
-import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -92,7 +73,7 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 	public static final String MOA_SESSION = "MoaAuthenticationSession";
 	public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
 
-	public static final int SLOTIMEOUT = 30 * 1000; //30 sec
+	
 	
 
 	@Autowired private ITransactionStorage transactionStorage;
@@ -105,87 +86,33 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 	
 	
 	@Override
-	public void performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq)
-			throws EAAFException {
-		// TODO Auto-generated method stub
-		
-	}
-
-	@Override
-	public void performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq, String arg3)
+	public ISLOInformationContainer performSingleLogOut(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq, String internalSSOId)
 			throws EAAFException {
-		// TODO Auto-generated method stub
-		
-	}
-	
-	
-	
-	public void performSingleLogOut(HttpServletRequest httpReq,
-	HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq) throws MOAIDException {
-		performSingleLogOut(httpReq, httpResp, session, pvpReq, null);
-		
-	}
-	
-	public void performSingleLogOut(HttpServletRequest httpReq,
-	HttpServletResponse httpResp, IAuthenticationSession session, String authURL) throws MOAIDException {
-		performSingleLogOut(httpReq, httpResp, session, null, authURL);
-		
-	}
-	
-	
-	public void performOnlyIDPLogOut(HttpServletRequest request,
-			HttpServletResponse response, String internalMOASsoSessionID) {
-		Logger.info("Remove active user-session");
-
-		if(internalMOASsoSessionID == null) {
-			internalMOASsoSessionID = StringEscapeUtils.escapeHtml((String) request.getParameter(PARAM_SESSIONID));
-		}
-		
-		if(internalMOASsoSessionID == null) {
-			Logger.info("NO MOA Session to logout");
-			return;
-		}
-		
-		AuthenticationSession authSession;
-		try {
-			authSession = authenticatedSessionStore.getInternalSSOSession(internalMOASsoSessionID);
-
-			if(authSession == null) {
-				Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID);
-				return;
-			}
-						
-			performOnlyIDPLogOut(authSession);
-					
-		} catch (MOADatabaseException e) {
-			Logger.info("NO MOA Authentication data for ID " + internalMOASsoSessionID);
-			return;
-		}
-
-	}
-		
-	
-	private void performSingleLogOut(HttpServletRequest httpReq,
-	HttpServletResponse httpResp, IAuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException {		
 		String pvpSLOIssuer = null;
-		String inboundRelayState = null;
 		String uniqueSessionIdentifier = "notSet";
 		String uniqueTransactionIdentifier = "notSet";
-		
+		PVPTargetConfiguration pvpReq = null;		
 		Logger.debug("Start technical Single LogOut process ... ");
 		
-		if (pvpReq != null) {
-			MOARequest samlReq = (MOARequest) pvpReq.getRequest();
-			LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
-			pvpSLOIssuer = logOutReq.getIssuer().getValue();
-			inboundRelayState = samlReq.getRelayState();
-			uniqueSessionIdentifier = pvpReq.getUniqueSessionIdentifier();
-			uniqueTransactionIdentifier = pvpReq.getUniqueTransactionIdentifier();
+		
+		if (pendingReq != null) {
+			uniqueSessionIdentifier = pendingReq.getUniqueSessionIdentifier();
+			uniqueTransactionIdentifier = pendingReq.getUniqueTransactionIdentifier();
+			
+			if (pendingReq instanceof PVPTargetConfiguration) {
+				pvpReq = ((PVPTargetConfiguration)pendingReq);
+				MOARequest samlReq = (MOARequest) pvpReq.getRequest();
+				LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
+				pvpSLOIssuer = logOutReq.getIssuer().getValue();
+			}
 			
+			if (MiscUtil.isEmpty(internalSSOId))
+				internalSSOId = pendingReq.getSSOSessionIdentifier();
+						
 		} else {			
 			AuthenticationSessionExtensions sessionExt;
 			try {
-				sessionExt = authenticatedSessionStore.getAuthenticationSessionExtensions(session.getSessionID());
+				sessionExt = authenticatedSessionStore.getAuthenticationSessionExtensions(internalSSOId);
 				if (sessionExt != null)
 					uniqueSessionIdentifier = sessionExt.getUniqueSessionId();
 				
@@ -199,8 +126,8 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 		}
 		
 		//store active OAs to SLOContaine
-		List<OASessionStore> dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(session);
-		List<InterfederationSessionStore> dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(session);
+		List<OASessionStore> dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(internalSSOId);
+		List<InterfederationSessionStore> dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(internalSSOId);
 		SLOInformationContainer sloContainer = new SLOInformationContainer();		
 		sloContainer.setTransactionID(uniqueTransactionIdentifier);
 		sloContainer.setSessionID(uniqueSessionIdentifier);
@@ -213,13 +140,13 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 				 + " BackChannel:" + sloContainer.getActiveBackChannelOAs().size()
 				 + " FrontChannel:" + sloContainer.getActiveFrontChannalOAs().size()
 				 + " NO_SLO_Support:" + sloContainer.getSloFailedOAs().size());
-		
+
+
 		//terminate MOASession
 		try {			
-			authenticatedSessionStore.destroyInternalSSOSession(session.getSessionID());
-			ssoManager.deleteSSOSessionID(httpReq, httpResp);
+			authenticatedSessionStore.destroyInternalSSOSession(internalSSOId);
+			ssoManager.destroySSOSessionOnIDPOnly(httpReq, httpResp, pendingReq);
 			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier);
-
 			Logger.debug("Active SSO Session on IDP is remove.");
 						
 		} catch (MOADatabaseException e) {
@@ -228,165 +155,8 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 			
 		}
 		
-		Logger.trace("Starting Service-Provider logout process ... ");		
-		revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_STARTED);		
-		//start service provider back channel logout process		
-		Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA();	
-		while (nextOAInterator.hasNext()) {
-			SLOInformationImpl sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next());
-			LogoutRequest sloReq = sloBuilder.buildSLORequestMessage(sloDescr);
-
-			try {
-				Logger.trace("Send backchannel SLO Request to " + sloDescr.getSpEntityID());
-				List<XMLObject> soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq);
-				
-				LogoutResponse sloResp = null;						
-				for (XMLObject el : soapResp) {
-					if (el instanceof LogoutResponse)
-						sloResp = (LogoutResponse) el;							
-				}
-				
-				if (sloResp == null) {
-					Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
-							+ " FAILED. NO LogOut response received.");
-					sloContainer.putFailedOA(sloDescr.getSpEntityID());
-					
-				} else {
-					samlVerificationEngine.verifySLOResponse(sloResp, 
-							TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
-					
-				}
-								
-				sloBuilder.checkStatusCode(sloContainer, sloResp);
-										
-			} catch (SOAPException e) {
-				Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
-						+ " FAILED.", e);
-				sloContainer.putFailedOA(sloDescr.getSpEntityID());
-				
-			} catch (SecurityException | InvalidProtocolRequestException e) {
-				Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
-						+ " FAILED.", e);
-				sloContainer.putFailedOA(sloDescr.getSpEntityID());
-				
-			}					
-		}
-						
-		//start service provider front channel logout process
-		try {
-			if (sloContainer.hasFrontChannelOA()) {
-				String relayState = Random.nextRandom();
-				
-				Collection<Entry<String, SLOInformationImpl>> sloDescr = sloContainer.getFrontChannelOASessionDescriptions();
-				List<String> sloReqList = new ArrayList<String>();
-				for (Entry<String, SLOInformationImpl> el : sloDescr) {
-					Logger.trace("Build frontChannel SLO Request for " + el.getValue().getSpEntityID());
-					
-					LogoutRequest sloReq = sloBuilder.buildSLORequestMessage(el.getValue());
-					try {
-						sloReqList.add(sloBuilder.getFrontChannelSLOMessageURL(el.getValue().getServiceURL(), el.getValue().getBinding(), 
-								sloReq, httpReq, httpResp, relayState));
-						
-					} catch (Exception e) {
-						Logger.warn("Failed to build SLO request for OA:" + el.getKey());
-						sloContainer.putFailedOA(el.getKey());
-						
-					}														
-				}
-				
-				//put SLO process-information into transaction storage
-				transactionStorage.put(relayState, sloContainer, -1);
-				
-				if (MiscUtil.isEmpty(authURL))
-					authURL = pvpReq.getAuthURL();
-				
-				String timeOutURL = authURL
-						+ "/idpSingleLogout"
-						+ "?restart=" + relayState;
-				
-				DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
-						authURL, 
-						DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
-						null);
-				
-				config.putCustomParameterWithOutEscaption("redirectURLs", sloReqList);
-				config.putCustomParameterWithOutEscaption("timeoutURL", timeOutURL);
-				config.putCustomParameter("timeout", String.valueOf(SLOTIMEOUT));
-		        
-		        guiBuilder.build(httpResp, config, "Single-LogOut GUI");
-		        
-								
-			} else {
-				if (pvpReq != null) {
-					//send SLO response to SLO request issuer
-					SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
-					LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs());
-					sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState, pvpReq);
-					
-				} else {
-					//print SLO information directly
-					DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
-							authURL, 
-							DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
-							null);
-					
-			        if (sloContainer.getSloFailedOAs() == null || 
-			        		sloContainer.getSloFailedOAs().size() == 0) {
-			        	revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID);
-			        	config.putCustomParameter("successMsg", 
-			        			MOAIDMessageProvider.getInstance().getMessage("slo.00", null));
-			        	
-			        } else {
-			        	revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
-			        	config.putCustomParameterWithOutEscaption("errorMsg", 
-			        			MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
-			        	
-			        }
-			        guiBuilder.build(httpResp, config, "Single-LogOut GUI");
-										
-				}
-									
-			}	
+		return sloContainer;
 		
-		} catch (GUIBuildException e) {
-			Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage());
-			throw  new MOAIDException("builder.09", new Object[]{e.getMessage()}, e);
-			
-		} catch (MOADatabaseException e) {
-			Logger.error("MOA AssertionDatabase ERROR", e);
-			if (pvpReq != null) {
-				SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq);
-				LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
-				sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState, pvpReq);
-
-				revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
-				
-			}else {
-				//print SLO information directly
-				DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
-						authURL, 
-						DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
-						null);
-				
-				revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
-				config.putCustomParameterWithOutEscaption("errorMsg", 
-	        			MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
-	        	
-	        	try {
-					guiBuilder.build(httpResp, config, "Single-LogOut GUI");
-					
-				} catch (GUIBuildException e1) {
-					Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage());
-					throw  new MOAIDException("builder.09", new Object[]{e.getMessage()}, e);
-					
-				}
-									
-			}
-			
-		} catch (Exception e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}				
 	}
 	
 	@Override
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index bded1943b..d3d7a9456 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -72,11 +72,15 @@ public class SSOManager implements ISSOManager {
 	
 	private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec
 
+	public static final String DATAID_INTERFEDERATIOIDP_URL = "INTERFEDERATIOIDP_URL";
+	
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
 	@Autowired private AuthConfiguration authConfig;
 	@Autowired private IRevisionLogger revisionsLogger;
 	
 	
+	
+	
 	//@Autowired private MOASessionDBUtils moaSessionDBUtils;
 	
 	
@@ -113,7 +117,7 @@ public class SSOManager implements ISSOManager {
 			return isSSOValid;
 						
 			
-		} catch (SessionDataStorageException | ConfigurationException | MOADatabaseException e) {
+		} catch (SessionDataStorageException | ConfigurationException | EAAFStorageException e) {
 			Logger.warn("Cann not process SSO session. Reason: " + e.getMessage(), e);
 			Logger.info("All SSO session will be ignored.");
 			
@@ -151,8 +155,9 @@ public class SSOManager implements ISSOManager {
 	
 	public void populatePendingRequestWithSSOInformation(IRequest pendingReq) throws EAAFSSOException {				
 		//populate pending request with eID data from SSO session if no userConsent is required
-		try {
-			AuthenticationSession ssoMOASession = getInternalMOASession(pendingReq.getSSOSessionIdentifier());
+		try {			
+			String ssoSessionId = authenticatedSessionStore.getInternalSSOSessionWithSSOID(pendingReq.getSSOSessionIdentifier());						
+			AuthenticationSession ssoMOASession = authenticatedSessionStore.getInternalSSOSession(ssoSessionId);
 			
 			if (ssoMOASession == null)
 				Logger.info("No MOASession FOUND with provided SSO-Cookie.");
@@ -192,25 +197,26 @@ public class SSOManager implements ISSOManager {
 			if (isValidSSOSession(ssoid, null)) {
 		
 				//delete SSO session and MOA session
-				AuthenticationSession ssoSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoid);
+				String ssoSessionId = authenticatedSessionStore.getInternalSSOSessionWithSSOID(ssoid);						
+				AuthenticationSession ssoMOASession = authenticatedSessionStore.getInternalSSOSession(ssoSessionId);
 		
-				if (ssoSession == null) {
+				if (ssoMOASession == null) {
 					Logger.info("No internal MOA SSO-Session found. Nothing to destroy");
 					return false;
 				
 				}
 			
 													
-				ssoSession.setAuthenticated(false);
+				ssoMOASession.setAuthenticated(false);
 
 				//log Session_Destroy to reversionslog
 				AuthenticationSessionExtensions sessionExtensions = 
-						authenticatedSessionStore.getAuthenticationSessionExtensions(ssoSession.getSSOSessionID());
+						authenticatedSessionStore.getAuthenticationSessionExtensions(ssoMOASession.getSSOSessionID());
 				revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, sessionExtensions.getUniqueSessionId());
-				authenticatedSessionStore.destroyInternalSSOSession(ssoSession.getSSOSessionID());
+				authenticatedSessionStore.destroyInternalSSOSession(ssoMOASession.getSSOSessionID());
 			}
 			
-		} catch (MOADatabaseException | ConfigurationException | SessionDataStorageException e) {
+		} catch (ConfigurationException | SessionDataStorageException | EAAFStorageException e) {
 			Logger.info("NO MOA Authentication data for ID " + ssoid);
 			return false;
 			
@@ -235,14 +241,15 @@ public class SSOManager implements ISSOManager {
 	 * @param httpResp HttpServletResponse
 	 * @param protocolRequest Authentication request which is actually in process
 	 * @throws SessionDataStorageException 
+	 * @throws EAAFStorageException 
 	 * 
 	 **/
 	public void checkInterfederationIsRequested(HttpServletRequest httpReq, HttpServletResponse httpResp,
-			IRequest protocolRequest) throws SessionDataStorageException {
+			IRequest protocolRequest) throws SessionDataStorageException, EAAFStorageException {
 		String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP);
 
 		String interfederationIDP = 
-				protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class);
+				protocolRequest.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class);
 		if (MiscUtil.isNotEmpty(interfederationIDP)) {
 			Logger.debug("Protocolspecific preprocessing already set interfederation IDP " + interfederationIDP);
 			return;
@@ -254,14 +261,14 @@ public class SSOManager implements ISSOManager {
 			RequestImpl moaReq = (RequestImpl) protocolRequest;
 			if (MiscUtil.isNotEmpty(interIDP)) {
 				Logger.info("Receive SSO request for interfederation IDP " + interIDP);
-				moaReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, interIDP);
+				moaReq.setGenericDataToSession(DATAID_INTERFEDERATIOIDP_URL, interIDP);
 				
 			} else {
 				//check if IDP cookie is set
 				String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION);
 				if (MiscUtil.isNotEmpty(cookie)) {
 					Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie);
-					moaReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, cookie);
+					moaReq.setGenericDataToSession(DATAID_INTERFEDERATIOIDP_URL, cookie);
 				
 					deleteCookie(httpReq, httpResp, SSOINTERFEDERATION);									
 				}				
@@ -283,7 +290,7 @@ public class SSOManager implements ISSOManager {
 		Logger.debug("Add SSO information to MOASession.");
 
 		//Store SSO information into database
-		String newSSOSessionId = createSSOSessionInformations(moaSession.getSessionID(), 
+		String newSSOSessionId = createSSOSessionInformations(moaSession.getSSOSessionID(), 
 				pendingReq.getSPEntityId());
 
 		//set SSO cookie to response
@@ -298,7 +305,7 @@ public class SSOManager implements ISSOManager {
 		return newSSOSessionId;
 	}
 	
-	public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException, SessionDataStorageException {
+	public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException, SessionDataStorageException, EAAFStorageException {
 		
 		// search SSO Session
 		if (ssoSessionID == null) {
@@ -328,7 +335,7 @@ public class SSOManager implements ISSOManager {
 				//in case of federated SSO session, jump to federated IDP for authentication
 				
 				String interfederationIDP = 
-						protocolRequest.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class);
+						protocolRequest.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class);
 				
 				if (MiscUtil.isEmpty(interfederationIDP)) {
 					InterfederationSessionStore selectedIDP = authenticatedSessionStore.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid());
@@ -337,7 +344,7 @@ public class SSOManager implements ISSOManager {
 						//no local SSO session exist -> request interfederated IDP
 						Logger.info("SSO Session refer to federated IDP: " + selectedIDP.getIdpurlprefix());
 						protocolRequest.setGenericDataToSession(
-								RequestImpl.DATAID_INTERFEDERATIOIDP_URL, selectedIDP.getIdpurlprefix());
+								DATAID_INTERFEDERATIOIDP_URL, selectedIDP.getIdpurlprefix());
 						
 					} else {
 						Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ...");
@@ -360,18 +367,18 @@ public class SSOManager implements ISSOManager {
 		
 	}
 	
-	public AuthenticationSession getInternalMOASession(String ssoSessionID) throws MOADatabaseException {
-		return authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID);
-		
-	}
+//	public String getInternalSSOSession(String ssoSessionID) throws MOADatabaseException {
+//		return authenticatedSessionStore.getInternalSSOSessionWithSSOID(ssoSessionID);
+//		
+//	}
 	
 	//TODO: refactor for faster DB access
 	public String getUniqueSessionIdentifier(String ssoSessionID) {
 		try {
 			if (MiscUtil.isNotEmpty(ssoSessionID)) {			
-				AuthenticationSession moaSession = authenticatedSessionStore.getInternalMOASessionWithSSOID(ssoSessionID);
-				if (moaSession != null) {
-					AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(moaSession.getSSOSessionID());
+				String ssoSessionId = authenticatedSessionStore.getInternalSSOSessionWithSSOID(ssoSessionID);
+				if (MiscUtil.isNotEmpty(ssoSessionId)) {
+					AuthenticationSessionExtensions extSessionInformation = authenticatedSessionStore.getAuthenticationSessionExtensions(ssoSessionId);
 						return extSessionInformation.getUniqueSessionId();
 			
 				}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java
deleted file mode 100644
index 9262e97c2..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/BPKAttributeBuilder.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class BPKAttributeBuilder implements IPVPAttributeBuilder {
-	
-	public String getName() {
-		return BPK_NAME;
-	}
-	
-	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		String bpk = authData.getBPK();
-		String type = authData.getBPKType();
-		
-		if (MiscUtil.isEmpty(bpk))
-			throw new UnavailableAttributeException(BPK_NAME);
-			
-		if (type.startsWith(Constants.URN_PREFIX_WBPK))
-			type = type.substring((Constants.URN_PREFIX_WBPK + "+").length());
-		
-		else if (type.startsWith(Constants.URN_PREFIX_CDID)) 
-			type = type.substring((Constants.URN_PREFIX_CDID + "+").length());
-		
-		else if (type.startsWith(Constants.URN_PREFIX_EIDAS)) 
-			type = type.substring((Constants.URN_PREFIX_EIDAS + "+").length());
-		
-		if (bpk.length() > BPK_MAX_LENGTH) {
-			bpk = bpk.substring(0, BPK_MAX_LENGTH);
-		}
-		
-		Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type);
-		
-		return g.buildStringAttribute(BPK_FRIENDLY_NAME, BPK_NAME, type + ":" + bpk);
-	}
-	
-	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
-		return g.buildEmptyAttribute(BPK_FRIENDLY_NAME, BPK_NAME);
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java
deleted file mode 100644
index 783e044f8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSectorForIDAttributeBuilder.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder {
-
-	public String getName() {
-		return EID_SECTOR_FOR_IDENTIFIER_NAME;
-	}
-
-	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeBuilderException {		
-		String bpktype = authData.getBPKType();
-		
-		if (MiscUtil.isEmpty(authData.getBPKType()))
-			throw new UnavailableAttributeException(EID_SECTOR_FOR_IDENTIFIER_NAME);
-				
-		return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME,
-				EID_SECTOR_FOR_IDENTIFIER_NAME, bpktype);
-	}
-	
-	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
-		return g.buildEmptyAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME,
-				EID_SECTOR_FOR_IDENTIFIER_NAME);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java
index 2f18c78e2..7c2207d1d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDSignerCertificate.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.logging.Logger;
 
 public class EIDSignerCertificate implements IPVPAttributeBuilder {
@@ -43,11 +44,14 @@ public class EIDSignerCertificate implements IPVPAttributeBuilder {
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		
 		try {
-			byte[] signerCertificate = authData.getSignerCertificate();
-			if (signerCertificate != null) {
-				return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, 
+			if (authData instanceof IMOAAuthData) {
+				byte[] signerCertificate = ((IMOAAuthData)authData).getSignerCertificate();
+				if (signerCertificate != null) {
+					return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, 
 						Base64Utils.encodeToString(signerCertificate));
-			}
+				}
+			} else
+				Logger.info(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME + " is only available in MOA-ID context");
 			
 		}catch (Exception e) {
 			Logger.info("Signer certificate BASE64 encoding error");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
index e91bc90d6..090cf6b21 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java
@@ -28,6 +28,8 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.logging.Logger;
 
 public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
 	
@@ -38,16 +40,20 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 
-		if (authData.getEncbPKList() != null &&
-				authData.getEncbPKList().size() > 0) {
-			String value = authData.getEncbPKList().get(0);
-			for (int i=1; i<authData.getEncbPKList().size(); i++)
-				value += ";"+authData.getEncbPKList().get(i);			
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).getEncbPKList() != null &&
+					((IMOAAuthData)authData).getEncbPKList().size() > 0) {
+				String value = ((IMOAAuthData)authData).getEncbPKList().get(0);
+				for (int i=1; i<((IMOAAuthData)authData).getEncbPKList().size(); i++)
+					value += ";"+((IMOAAuthData)authData).getEncbPKList().get(i);			
 			
-			return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, 
-					value);
+				return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME, 
+						value);
 			
-		} 
+			}
+			
+		} else
+			Logger.info(ENC_BPK_LIST_FRIENDLY_NAME + " is only available in MOA-ID context");
 		
 		throw new UnavailableAttributeException(ENC_BPK_LIST_NAME);
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java
index e1e7440e6..c65199dd6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java
@@ -24,13 +24,13 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes;
 
 import java.io.IOException;
 
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 
@@ -45,7 +45,7 @@ public class HolderOfKey implements IPVPAttributeBuilder {
 		
 		try {
 			byte[] certEncoded = authData.getGenericData(
-					MOAIDAuthConstants.MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE, 
+					EAAFConstants.PROCESS_ENGINE_SSL_CLIENT_CERTIFICATE, 
 					byte[].class);
 			
 			if (certEncoded != null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
index 007f7403a..171dfe2d9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -33,6 +33,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DOMUtils;
@@ -45,25 +46,30 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder
 
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData.isUseMandate()) {
-			//only provide full mandate if it is included. 
-			//In case of federation only a short mandate could be include 
-			if (authData.getMandate() != null) {
-				String fullMandate;
-				try {
-					fullMandate = DOMUtils.serializeNode(authData
-							.getMandate());
-					return g.buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
-							MANDATE_FULL_MANDATE_NAME, Base64Utils.encodeToString(fullMandate.getBytes()));
-				} catch (TransformerException e) {
-					Logger.error("Failed to generate Full Mandate", e);
-				} catch (IOException e) {
-					Logger.error("Failed to generate Full Mandate", e);
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).isUseMandate()) {
+				//only provide full mandate if it is included. 
+				//In case of federation only a short mandate could be include 
+				if (((IMOAAuthData)authData).getMandate() != null) {
+					String fullMandate;
+					try {
+						fullMandate = DOMUtils.serializeNode(((IMOAAuthData)authData)
+								.getMandate());
+						return g.buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
+								MANDATE_FULL_MANDATE_NAME, Base64Utils.encodeToString(fullMandate.getBytes()));
+					} catch (TransformerException e) {
+						Logger.error("Failed to generate Full Mandate", e);
+					} catch (IOException e) {
+						Logger.error("Failed to generate Full Mandate", e);
+					}
 				}
+				throw new NoMandateDataAttributeException();
+				
 			}
-			throw new NoMandateDataAttributeException();
 			
-		}
+		} else
+			Logger.info(MANDATE_FULL_MANDATE_FRIENDLY_NAME + " is only available in MOA-ID context");			
+			
 		return null;
 
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
index e41a5ccf1..26ea1823e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -44,34 +45,39 @@ public class MandateLegalPersonFullNameAttributeBuilder implements IPVPAttribute
 	
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData.isUseMandate()) {
-			
-			//get PVP attribute directly, if exists 
-			String fullName = authData.getGenericData(MANDATE_LEG_PER_FULL_NAME_NAME, String.class);
-			
-			if (MiscUtil.isEmpty(fullName)) {
-				Element mandate = authData.getMandate();
-				if (mandate == null) {
-					throw new NoMandateDataAttributeException();
-					
-				}
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if (mandateObject == null) {
-					throw new NoMandateDataAttributeException();
-					
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).isUseMandate()) {
+				
+				//get PVP attribute directly, if exists 
+				String fullName = authData.getGenericData(MANDATE_LEG_PER_FULL_NAME_NAME, String.class);
+				
+				if (MiscUtil.isEmpty(fullName)) {
+					Element mandate = ((IMOAAuthData)authData).getMandate();
+					if (mandate == null) {
+						throw new NoMandateDataAttributeException();
+						
+					}
+					Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+					if (mandateObject == null) {
+						throw new NoMandateDataAttributeException();
+						
+					}
+					CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+					if (corporation == null) {
+						Logger.info("No corporation mandate");
+						throw new NoMandateDataAttributeException();
+						
+					}
+					fullName = corporation.getFullName();
 				}
-				CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
-				if (corporation == null) {
-					Logger.info("No corporation mandate");
-					throw new NoMandateDataAttributeException();
-					
-				}
-				fullName = corporation.getFullName();
+				return g.buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, MANDATE_LEG_PER_FULL_NAME_NAME,
+						fullName);
+				
 			}
-			return g.buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, MANDATE_LEG_PER_FULL_NAME_NAME,
-					fullName);
 			
-		}
+		} else
+			Logger.info(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME + " is only available in MOA-ID context");			
+			
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
index e20cf6684..cad8416b4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -44,11 +45,14 @@ public class MandateLegalPersonSourcePinAttributeBuilder  implements IPVPAttribu
 
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if(authData.isUseMandate()) {				
-			return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, 
-					MANDATE_LEG_PER_SOURCE_PIN_NAME, getLegalPersonIdentifierFromMandate(authData));
+		if (authData instanceof IMOAAuthData) {
+			if(((IMOAAuthData)authData).isUseMandate()) {				
+				return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, 
+					MANDATE_LEG_PER_SOURCE_PIN_NAME, getLegalPersonIdentifierFromMandate(((IMOAAuthData)authData)));
 			
-		}
+			}
+		} else
+			Logger.info(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME + " is only available in MOA-ID context");
 		
 		return null;
 		
@@ -59,7 +63,7 @@ public class MandateLegalPersonSourcePinAttributeBuilder  implements IPVPAttribu
 	}
 	
 	
-	protected String getLegalPersonIdentifierFromMandate(IAuthData authData) throws NoMandateDataAttributeException {
+	protected String getLegalPersonIdentifierFromMandate(IMOAAuthData authData) throws NoMandateDataAttributeException {
 		//get PVP attribute directly, if exists 
 		String sourcePin = authData.getGenericData(MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class);
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
index 098ecf68f..5fa0a5c48 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -44,39 +45,44 @@ public class MandateLegalPersonSourcePinTypeAttributeBuilder implements IPVPAttr
 	
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData.isUseMandate()) {
-			//get PVP attribute directly, if exists 
-			String sourcePinType = authData.getGenericData(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class);
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).isUseMandate()) {
+				//get PVP attribute directly, if exists 
+				String sourcePinType = authData.getGenericData(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class);
+							
+				if (MiscUtil.isEmpty(sourcePinType)) { 
+					Element mandate = ((IMOAAuthData)authData).getMandate();
+					if (mandate == null) {
+						throw new NoMandateDataAttributeException();
 						
-			if (MiscUtil.isEmpty(sourcePinType)) { 
-				Element mandate = authData.getMandate();
-				if (mandate == null) {
-					throw new NoMandateDataAttributeException();
-					
-				}
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if (mandateObject == null) {
-					throw new NoMandateDataAttributeException();
-					
-				}
-				CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
-				if (corporation == null) {
-					Logger.info("No corporate mandate");
-					throw new NoMandateDataAttributeException();
-					
-				}
-				if (corporation.getIdentification().size() == 0) {
-					Logger.info("Failed to generate IdentificationType");
-					throw new NoMandateDataAttributeException();
+					}
+					Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+					if (mandateObject == null) {
+						throw new NoMandateDataAttributeException();
+						
+					}
+					CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+					if (corporation == null) {
+						Logger.info("No corporate mandate");
+						throw new NoMandateDataAttributeException();
+						
+					}
+					if (corporation.getIdentification().size() == 0) {
+						Logger.info("Failed to generate IdentificationType");
+						throw new NoMandateDataAttributeException();
+						
+					}
+					sourcePinType = corporation.getIdentification().get(0).getType();
 					
 				}
-				sourcePinType = corporation.getIdentification().get(0).getType();
 				
+				return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME,
+						sourcePinType);
 			}
 			
-			return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME,
-					sourcePinType);
-		}
+		} else
+			Logger.info(MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME + " is only available in MOA-ID context");
+	
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index ebec019ae..9160ef453 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -107,46 +108,49 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
 	protected Pair<String, String> internalBPKGenerator(IOAAuthParameters oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException {		
 		//get PVP attribute directly, if exists 
 		Pair<String, String> calcResult = null;
-		
-		if (authData.isUseMandate()) {	
-			String bpk = authData.getGenericData(MANDATE_NAT_PER_BPK_NAME, String.class);
-		
-			if (MiscUtil.isEmpty(bpk)) {
-				//read bPK from mandate if it is not directly included
-				Element mandate = authData.getMandate();
-				if (mandate == null) {
-					throw new NoMandateDataAttributeException();
-				}
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if (mandateObject == null) {
-					throw new NoMandateDataAttributeException();
-				}
-				PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
-				if (physicalPerson == null) {
-					Logger.debug("No physicalPerson mandate");
-					throw new NoMandateDataAttributeException();
-				}
-				IdentificationType id = null;
-				id = physicalPerson.getIdentification().get(0);
-				if (id == null) {
-					Logger.info("Failed to generate IdentificationType");
-					throw new NoMandateDataAttributeException();
-				}
-			
-								
-				if (id.getType().equals(Constants.URN_PREFIX_BASEID))									
-					calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(), 
-							oaParam.getAreaSpecificTargetIdentifier());								
-				else
-					calcResult = Pair.newInstance(id.getValue().getValue(), id.getType());
-
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).isUseMandate()) {	
+				String bpk = authData.getGenericData(MANDATE_NAT_PER_BPK_NAME, String.class);
 			
-			} else {
-				Logger.info("Find '" + MANDATE_NAT_PER_BPK_NAME + "' in AuthData. Use it what is is.");
-				calcResult = Pair.newInstance(bpk, null);
+				if (MiscUtil.isEmpty(bpk)) {
+					//read bPK from mandate if it is not directly included
+					Element mandate = ((IMOAAuthData)authData).getMandate();
+					if (mandate == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+					if (mandateObject == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+					if (physicalPerson == null) {
+						Logger.debug("No physicalPerson mandate");
+						throw new NoMandateDataAttributeException();
+					}
+					IdentificationType id = null;
+					id = physicalPerson.getIdentification().get(0);
+					if (id == null) {
+						Logger.info("Failed to generate IdentificationType");
+						throw new NoMandateDataAttributeException();
+					}
+				
+									
+					if (id.getType().equals(Constants.URN_PREFIX_BASEID))									
+						calcResult = new BPKBuilder().generateAreaSpecificPersonIdentifier(id.getValue().getValue(), 
+								oaParam.getAreaSpecificTargetIdentifier());								
+					else
+						calcResult = Pair.newInstance(id.getValue().getValue(), id.getType());
+	
 				
+				} else {
+					Logger.info("Find '" + MANDATE_NAT_PER_BPK_NAME + "' in AuthData. Use it what is is.");
+					calcResult = Pair.newInstance(bpk, null);
+					
+				}
 			}
-		}
+			
+		} else
+			Logger.info(MANDATE_NAT_PER_BPK_FRIENDLY_NAME + " is only available in MOA-ID context");
 		
 		return calcResult;
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
index 0b8263ffb..e91087484 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
@@ -37,6 +37,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -65,41 +66,44 @@ public class MandateNaturalPersonBirthDateAttributeBuilder implements IPVPAttrib
 	
 	
 	protected String internalAttributGeneration(ISPConfiguration oaParam, IAuthData authData) throws InvalidDateFormatAttributeException, NoMandateDataAttributeException {		
-		if (authData.isUseMandate()) {
+		if (((IMOAAuthData)authData).isUseMandate()) {
 			
 			//get PVP attribute directly, if exists 
 			String birthDayString = authData.getGenericData(MANDATE_NAT_PER_BIRTHDATE_NAME, String.class);
 			
 			if (MiscUtil.isEmpty(birthDayString)) {
-				//read bPK from mandate if it is not directly included
-				Element mandate = authData.getMandate();
-				if (mandate == null) {
-					throw new NoMandateDataAttributeException();
-				}
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if (mandateObject == null) {
-					throw new NoMandateDataAttributeException();
-				}
-				PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
-				if (physicalPerson == null) {
-					Logger.info("No physicalPerson mandate");
-					throw new NoMandateDataAttributeException();
-				}
+				if (authData instanceof IMOAAuthData) {
+					//read bPK from mandate if it is not directly included
+					Element mandate = ((IMOAAuthData)authData).getMandate();
+					if (mandate == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+					if (mandateObject == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+					if (physicalPerson == null) {
+						Logger.info("No physicalPerson mandate");
+						throw new NoMandateDataAttributeException();
+					}
 				
-				String dateOfBirth = physicalPerson.getDateOfBirth();
-				try {
-					DateFormat mandateFormat = new SimpleDateFormat(MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT);
-					mandateFormat.setLenient(false);
-					Date date = mandateFormat.parse(dateOfBirth);
-					DateFormat pvpDateFormat = new SimpleDateFormat(MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN);
-					birthDayString = pvpDateFormat.format(date);
+					String dateOfBirth = physicalPerson.getDateOfBirth();
+					try {
+						DateFormat mandateFormat = new SimpleDateFormat(MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT);
+						mandateFormat.setLenient(false);
+						Date date = mandateFormat.parse(dateOfBirth);
+						DateFormat pvpDateFormat = new SimpleDateFormat(MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN);
+						birthDayString = pvpDateFormat.format(date);
 							
-				}
-				catch (ParseException e) {
-					Logger.warn("MIS mandate birthday has an incorrect formt. (Value:" + dateOfBirth, e);
-					throw new InvalidDateFormatAttributeException();
+					}
+					catch (ParseException e) {
+						Logger.warn("MIS mandate birthday has an incorrect formt. (Value:" + dateOfBirth, e);
+						throw new InvalidDateFormatAttributeException();
 					
-				}
+					}					
+				} else
+					Logger.info(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME + " is only available in MOA-ID context");
 				
 			} else {
 				try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
index 38a520298..9261ba063 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
@@ -34,6 +34,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -47,40 +48,45 @@ public class MandateNaturalPersonFamilyNameAttributeBuilder  implements IPVPAttr
 
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if(authData.isUseMandate()) {
+		if (authData instanceof IMOAAuthData) {
+			if(((IMOAAuthData)authData).isUseMandate()) {
 			
-			//get PVP attribute directly, if exists 
-			String familyName = authData.getGenericData(MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class);
-			
-			if (MiscUtil.isEmpty(familyName)) {
-				//read mandator familyName from mandate if it is not directly included
-				Element mandate = authData.getMandate();
-				if(mandate == null) {
-					throw new NoMandateDataAttributeException();
-				}
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if(mandateObject == null) {
-					throw new NoMandateDataAttributeException();
-				}
-				PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
-				if(physicalPerson == null) {
-					Logger.debug("No physicalPerson mandate");
-					throw new NoMandateDataAttributeException();
-				}
-				
-				StringBuilder sb = new StringBuilder();
-				Iterator<FamilyName> fNamesit = physicalPerson.getName().getFamilyName().iterator();
+				//get PVP attribute directly, if exists 
+				String familyName = authData.getGenericData(MANDATE_NAT_PER_FAMILY_NAME_NAME, String.class);
 				
-				while(fNamesit.hasNext())
-					sb.append(" " + fNamesit.next().getValue());
-
-				familyName = sb.toString();
+				if (MiscUtil.isEmpty(familyName)) {
+					//read mandator familyName from mandate if it is not directly included
+					Element mandate = ((IMOAAuthData)authData).getMandate();
+					if(mandate == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+					if(mandateObject == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+					if(physicalPerson == null) {
+						Logger.debug("No physicalPerson mandate");
+						throw new NoMandateDataAttributeException();
+					}
+					
+					StringBuilder sb = new StringBuilder();
+					Iterator<FamilyName> fNamesit = physicalPerson.getName().getFamilyName().iterator();
+					
+					while(fNamesit.hasNext())
+						sb.append(" " + fNamesit.next().getValue());
+	
+					familyName = sb.toString();
+					
+				}
 				
+				return g.buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, 
+						MANDATE_NAT_PER_FAMILY_NAME_NAME, familyName);
 			}
 			
-			return g.buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, 
-					MANDATE_NAT_PER_FAMILY_NAME_NAME, familyName);
-		}
+		} else
+			Logger.info(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME + " is only available in MOA-ID context");
+		
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
index be8e761e0..fe952253d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
@@ -33,6 +33,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -46,37 +47,41 @@ public class MandateNaturalPersonGivenNameAttributeBuilder implements IPVPAttrib
 	
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData.isUseMandate()) {			
-			//get PVP attribute directly, if exists 
-			String givenName = authData.getGenericData(MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class);
-			
-			if (MiscUtil.isEmpty(givenName)) {
-				Element mandate = authData.getMandate();
-				if (mandate == null) {
-					throw new NoMandateDataAttributeException();
-				}
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if (mandateObject == null) {
-					throw new NoMandateDataAttributeException();
-				}
-				PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
-				if (physicalPerson == null) {
-					Logger.debug("No physicalPerson mandate");
-					throw new NoMandateDataAttributeException();
-				}
+		if (authData instanceof IMOAAuthData) {	
+			if (((IMOAAuthData)authData).isUseMandate()) {			
+				//get PVP attribute directly, if exists 
+				String givenName = authData.getGenericData(MANDATE_NAT_PER_GIVEN_NAME_NAME, String.class);
 				
-				StringBuilder sb = new StringBuilder();
-				Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator();
-				
-				while (gNamesit.hasNext())
-					sb.append(" " + gNamesit.next());
-				
-				givenName = sb.toString();
+				if (MiscUtil.isEmpty(givenName)) {
+					Element mandate = ((IMOAAuthData)authData).getMandate();
+					if (mandate == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+					if (mandateObject == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
+					if (physicalPerson == null) {
+						Logger.debug("No physicalPerson mandate");
+						throw new NoMandateDataAttributeException();
+					}
+					
+					StringBuilder sb = new StringBuilder();
+					Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator();
+					
+					while (gNamesit.hasNext())
+						sb.append(" " + gNamesit.next());
+					
+					givenName = sb.toString();
+					
+				}
 				
+				return g.buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, MANDATE_NAT_PER_GIVEN_NAME_NAME, givenName);
 			}
 			
-			return g.buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, MANDATE_NAT_PER_GIVEN_NAME_NAME, givenName);
-		}
+		} else
+			Logger.info(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME + " is only available in MOA-ID context");
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
index 2890b72d9..3c0a2cc94 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
@@ -33,6 +33,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.AttributePolicyException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -45,36 +46,41 @@ public class MandateNaturalPersonSourcePinAttributeBuilder  implements IPVPAttri
 
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if(authData.isUseMandate()) {
-			Element mandate = authData.getMandate();
-			if(mandate == null) {
-				throw new NoMandateDataAttributeException();
-			}
-			Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-			if(mandateObject == null) {
-				throw new NoMandateDataAttributeException();
-			}
-			PhysicalPersonType physicalPerson = mandateObject.getMandator()
-					.getPhysicalPerson();
-			if (physicalPerson == null) {
-				Logger.debug("No physicalPerson mandate");
-				throw new NoMandateDataAttributeException();
-			}
-			IdentificationType id = null;
-			id = physicalPerson.getIdentification().get(0);
-			
-			if(authData.isBaseIDTransferRestrication()) {
-				throw new AttributePolicyException(this.getName());
-			}
-			
-			if(id == null) {
-				Logger.info("Failed to generate IdentificationType");
-				throw new NoMandateDataAttributeException();
+		if (authData instanceof IMOAAuthData) {
+			if(((IMOAAuthData)authData).isUseMandate()) {
+				Element mandate = ((IMOAAuthData)authData).getMandate();
+				if(mandate == null) {
+					throw new NoMandateDataAttributeException();
+				}
+				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+				if(mandateObject == null) {
+					throw new NoMandateDataAttributeException();
+				}
+				PhysicalPersonType physicalPerson = mandateObject.getMandator()
+						.getPhysicalPerson();
+				if (physicalPerson == null) {
+					Logger.debug("No physicalPerson mandate");
+					throw new NoMandateDataAttributeException();
+				}
+				IdentificationType id = null;
+				id = physicalPerson.getIdentification().get(0);
+				
+				if(authData.isBaseIDTransferRestrication()) {
+					throw new AttributePolicyException(this.getName());
+				}
+				
+				if(id == null) {
+					Logger.info("Failed to generate IdentificationType");
+					throw new NoMandateDataAttributeException();
+				}
+				
+				return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME,
+						MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue());
 			}
 			
-			return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME,
-					MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue());
-		}
+		} else
+			Logger.info(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME + " is only available in MOA-ID context");
+		
 		return null;
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
index 6b3ed6768..0d9009778 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
@@ -32,6 +32,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
@@ -44,31 +45,36 @@ public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAt
 
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if(authData.isUseMandate()) {
-			Element mandate = authData.getMandate();
-			if(mandate == null) {
-				throw new NoMandateDataAttributeException();
-			}
-			Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-			if(mandateObject == null) {
-				throw new NoMandateDataAttributeException();
-			}
-			PhysicalPersonType physicalPerson = mandateObject.getMandator()
-					.getPhysicalPerson();
-			if (physicalPerson == null) {
-				Logger.debug("No physicalPerson mandate");
-				throw new NoMandateDataAttributeException();
-			}
-			IdentificationType id = null;
-			id = physicalPerson.getIdentification().get(0);
-			if(id == null) {
-				Logger.info("Failed to generate IdentificationType");
-				throw new NoMandateDataAttributeException();
-			}
-			
-			return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME,
-					MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, id.getType());
-		}
+		if (authData instanceof IMOAAuthData) {
+				if(((IMOAAuthData)authData).isUseMandate()) {
+					Element mandate = ((IMOAAuthData)authData).getMandate();
+					if(mandate == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+					if(mandateObject == null) {
+						throw new NoMandateDataAttributeException();
+					}
+					PhysicalPersonType physicalPerson = mandateObject.getMandator()
+							.getPhysicalPerson();
+					if (physicalPerson == null) {
+						Logger.debug("No physicalPerson mandate");
+						throw new NoMandateDataAttributeException();
+					}
+					IdentificationType id = null;
+					id = physicalPerson.getIdentification().get(0);
+					if(id == null) {
+						Logger.info("Failed to generate IdentificationType");
+						throw new NoMandateDataAttributeException();
+					}
+					
+					return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME,
+							MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, id.getType());
+				}
+				
+		} else
+			Logger.info(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME + " is only available in MOA-ID context");
+		
 		return null;
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
index d8804d395..3cd9ef3e2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepDescAttributeBuilder.java
@@ -31,8 +31,10 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder {
@@ -43,42 +45,47 @@ public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder
 
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if(authData.isUseMandate()) {						
-			String profRepName = authData.getGenericData(MANDATE_PROF_REP_DESC_NAME, String.class);
-			
-			if (MiscUtil.isEmpty(profRepName)) {			
-				IMISMandate misMandate = authData.getMISMandate();
-				
-				if(misMandate == null) {
-					throw new NoMandateDataAttributeException();
-				}
-			
-				profRepName = misMandate.getTextualDescriptionOfOID();
+		if (authData instanceof IMOAAuthData) {
+			if(((IMOAAuthData)authData).isUseMandate()) {						
+				String profRepName = authData.getGenericData(MANDATE_PROF_REP_DESC_NAME, String.class);
 				
-				//only read textual prof. rep. OID describtion from mandate annotation
-				// if also OID exists
-				if (MiscUtil.isEmpty(profRepName) 
-						&& MiscUtil.isNotEmpty(misMandate.getProfRep())) {			
-					Element mandate = authData.getMandate();
-					if (mandate == null) {
+				if (MiscUtil.isEmpty(profRepName)) {			
+					IMISMandate misMandate = ((IMOAAuthData)authData).getMISMandate();
+					
+					if(misMandate == null) {
 						throw new NoMandateDataAttributeException();
 					}
 				
-					Mandate mandateObject = MandateBuilder.buildMandate(authData.getMandate());
-					if (mandateObject == null) {
-						throw new NoMandateDataAttributeException();
-					}
-	
-					profRepName = mandateObject.getAnnotation();
+					profRepName = misMandate.getTextualDescriptionOfOID();
+					
+					//only read textual prof. rep. OID describtion from mandate annotation
+					// if also OID exists
+					if (MiscUtil.isEmpty(profRepName) 
+							&& MiscUtil.isNotEmpty(misMandate.getProfRep())) {			
+						Element mandate = ((IMOAAuthData)authData).getMandate();
+						if (mandate == null) {
+							throw new NoMandateDataAttributeException();
+						}
 					
+						Mandate mandateObject = MandateBuilder.buildMandate(((IMOAAuthData)authData).getMandate());
+						if (mandateObject == null) {
+							throw new NoMandateDataAttributeException();
+						}
+		
+						profRepName = mandateObject.getAnnotation();
+						
+					}
 				}
+				
+				if(MiscUtil.isNotEmpty(profRepName)) 
+					return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, 
+							MANDATE_PROF_REP_DESC_NAME, profRepName);
+											
 			}
 			
-			if(MiscUtil.isNotEmpty(profRepName)) 
-				return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, 
-						MANDATE_PROF_REP_DESC_NAME, profRepName);
-										
-		}
+		} else
+			Logger.info(MANDATE_PROF_REP_DESC_FRIENDLY_NAME + " is only available in MOA-ID context");
+		
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
index 555f92fe0..6cdf64dc3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateProfRepOIDAttributeBuilder.java
@@ -28,7 +28,9 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
+import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder {
@@ -39,25 +41,30 @@ public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder {
 	
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData.isUseMandate()) {			
-			String profRepOID = authData.getGenericData(MANDATE_PROF_REP_OID_NAME, String.class);			
-			
-			if (MiscUtil.isEmpty(profRepOID)) {			
-				IMISMandate mandate = authData.getMISMandate();
-				if (mandate == null) {
-					throw new NoMandateDataAttributeException();
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).isUseMandate()) {			
+				String profRepOID = authData.getGenericData(MANDATE_PROF_REP_OID_NAME, String.class);			
+				
+				if (MiscUtil.isEmpty(profRepOID)) {			
+					IMISMandate mandate = ((IMOAAuthData)authData).getMISMandate();
+					if (mandate == null) {
+						throw new NoMandateDataAttributeException();
+					}
+							
+					profRepOID = mandate.getProfRep();
+					
 				}
-						
-				profRepOID = mandate.getProfRep();
+							
+				if(MiscUtil.isEmpty(profRepOID)) 
+					return null;				
+				else			
+					return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, profRepOID);
 				
 			}
-						
-			if(MiscUtil.isEmpty(profRepOID)) 
-				return null;				
-			else			
-				return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, profRepOID);
 			
-		}
+		} else
+			Logger.info(MANDATE_PROF_REP_OID_FRIENDLY_NAME + " is only available in MOA-ID context");
+		
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java
index 45cce5852..f609117a4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateReferenceValueAttributeBuilder.java
@@ -27,6 +27,8 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.logging.Logger;
 
 public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuilder {
 	
@@ -36,11 +38,16 @@ public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuild
 	
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData.isUseMandate()) {
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).isUseMandate()) {
+			
+				return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME,
+						((IMOAAuthData)authData).getMandateReferenceValue());
+			}
+			
+		} else
+			Logger.info(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME + " is only available in MOA-ID context");
 		
-			return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME,
-					authData.getMandateReferenceValue());
-		}
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java
index 3bc7d5a2d..5471c5a13 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeAttributeBuilder.java
@@ -30,8 +30,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder {
@@ -42,27 +44,32 @@ public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder {
 	
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData.isUseMandate()) {						
-			//get PVP attribute directly, if exists 
-			String mandateType = authData.getGenericData(MANDATE_TYPE_NAME, String.class);
-			
-			if (MiscUtil.isEmpty(mandateType)) {
-				Element mandate = authData.getMandate();
-				if (mandate == null) {
-					throw new NoMandateDataAttributeException();
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).isUseMandate()) {						
+				//get PVP attribute directly, if exists 
+				String mandateType = authData.getGenericData(MANDATE_TYPE_NAME, String.class);
+				
+				if (MiscUtil.isEmpty(mandateType)) {
+					Element mandate = ((IMOAAuthData)authData).getMandate();
+					if (mandate == null) {
+						throw new NoMandateDataAttributeException();
+						
+					}
+					Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+					if (mandateObject == null) {
+						throw new NoMandateDataAttributeException();
+						
+					}
+					mandateType = mandateObject.getAnnotation();
 					
 				}
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if (mandateObject == null) {
-					throw new NoMandateDataAttributeException();
 					
-				}
-				mandateType = mandateObject.getAnnotation();
-				
+				return g.buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateType);
 			}
-				
-			return g.buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateType);
-		}
+			
+		} else
+			Logger.info(MANDATE_TYPE_FRIENDLY_NAME + " is only available in MOA-ID context");
+		
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
index d5c89fc97..88f5bc2f7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateTypeOIDAttributeBuilder.java
@@ -27,6 +27,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -38,18 +39,23 @@ public class MandateTypeOIDAttributeBuilder implements IPVPAttributeBuilder {
 	
 	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
 			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		if (authData.isUseMandate()) {						
-			//get PVP attribute directly, if exists 
-			String mandateType = authData.getGenericData(MANDATE_TYPE_OID_NAME, String.class);
-			
-			if (MiscUtil.isEmpty(mandateType)) {
-				Logger.info("MIS Mandate does not include 'Mandate-Type OID'.");
-				return null;
+		if (authData instanceof IMOAAuthData) {
+			if (((IMOAAuthData)authData).isUseMandate()) {						
+				//get PVP attribute directly, if exists 
+				String mandateType = authData.getGenericData(MANDATE_TYPE_OID_NAME, String.class);
 				
+				if (MiscUtil.isEmpty(mandateType)) {
+					Logger.info("MIS Mandate does not include 'Mandate-Type OID'.");
+					return null;
+					
+				}
+					
+				return g.buildStringAttribute(MANDATE_TYPE_OID_FRIENDLY_NAME, MANDATE_TYPE_OID_NAME, mandateType);
 			}
-				
-			return g.buildStringAttribute(MANDATE_TYPE_OID_FRIENDLY_NAME, MANDATE_TYPE_OID_NAME, mandateType);
-		}
+			
+		} else
+			Logger.info(MANDATE_TYPE_OID_FRIENDLY_NAME + " is only available in MOA-ID context");
+		
 		return null;
 		
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index cc48873af..c17f1a4dd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -37,36 +37,50 @@ import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.core.AttributeQuery;
 import org.opensaml.saml2.core.Response;
 import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.common.SOAPException;
+import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Service;
 
-import at.gv.egiz.eaaf.core.api.IAction;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
-import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
  * @author tlenz
@@ -76,12 +90,15 @@ import at.gv.egovernment.moa.logging.Logger;
 public class AttributQueryAction implements IAction {
 
 	@Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
-	@Autowired private AuthenticationDataBuilder authDataBuilder;
+	@Autowired private IAuthenticationDataBuilder authDataBuilder;
 	@Autowired private IDPCredentialProvider pvpCredentials;
 	@Autowired private AuthConfiguration authConfig;
 	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
 	@Autowired(required=true) ApplicationContext springContext;
 	
+	@Autowired private AttributQueryBuilder attributQueryBuilder;
+	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
+	
 	private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList(
 			new String[]{PVPConstants.EID_STORK_TOKEN_NAME});	
 	
@@ -109,14 +126,14 @@ public class AttributQueryAction implements IAction {
 			try {
 				//get Single Sign-On information for the Service-Provider
 				// which sends the Attribute-Query request
-				AuthenticationSession moaSession = authenticationSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier());
+				AuthenticationSession moaSession = authenticationSessionStorage.getInternalSSOSession(pendingReq.getSSOSessionIdentifier());
 				if (moaSession == null) {
-					Logger.warn("No MOASession with ID:" + pendingReq.getInternalSSOSessionIdentifier() + " FOUND.");
-					throw new MOAIDException("auth.02", new Object[]{pendingReq.getInternalSSOSessionIdentifier()});
+					Logger.warn("No MOASession with ID:" + pendingReq.getSSOSessionIdentifier() + " FOUND.");
+					throw new MOAIDException("auth.02", new Object[]{pendingReq.getSSOSessionIdentifier()});
 				}
 												
 				InterfederationSessionStore nextIDPInformation = 
-						authenticationSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(moaSession.getSessionID());
+						authenticationSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(moaSession.getSSOSessionID());
 			
 				AttributeQuery attrQuery = 
 						(AttributeQuery)((MOARequest)((PVPTargetConfiguration) pendingReq).getRequest()).getSamlRequest();
@@ -157,9 +174,9 @@ public class AttributQueryAction implements IAction {
 				throw new MOAIDException("pvp2.01", null, e);
 
 			} catch (MOADatabaseException e) {
-				Logger.error("MOASession with SessionID=" + pendingReq.getInternalSSOSessionIdentifier() 
+				Logger.error("MOASession with SessionID=" + pendingReq.getSSOSessionIdentifier() 
 					+ " is not found in Database", e);
-				throw new MOAIDException("init.04", new Object[] { pendingReq.getInternalSSOSessionIdentifier() });
+				throw new MOAIDException("init.04", new Object[] { pendingReq.getSSOSessionIdentifier() });
 				
 			}
 			
@@ -195,7 +212,7 @@ public class AttributQueryAction implements IAction {
 					((PVPTargetConfiguration) pendingReq).getRequest() instanceof MOARequest &&
 					((PVPTargetConfiguration) pendingReq).getRequest().getInboundMessage() instanceof AttributeQuery) {				
 				
-				authenticationSessionStorage.markOAWithAttributeQueryUsedFlag(session, pendingReq.getOAURL(), pendingReq.requestedModule());
+				authenticationSessionStorage.markOAWithAttributeQueryUsedFlag(session, pendingReq.getSPEntityId(), pendingReq.requestedModule());
 			}
 			
 			//build OnlineApplication dynamic from requested attributes (AttributeQuerry Request) and configuration
@@ -208,15 +225,18 @@ public class AttributQueryAction implements IAction {
 					+ " for authentication information.");
 	
 				//load configuration of next IDP
-				IOAAuthParameters idpLoaded = authConfig.getOnlineApplicationParameter(nextIDPInformation.getIdpurlprefix());
-				if (idpLoaded == null || !(idpLoaded instanceof OAAuthParameter)) {
+				IOAAuthParameters idpLoaded = 
+						authConfig.getServiceProviderConfiguration(
+								nextIDPInformation.getIdpurlprefix(),
+								OAAuthParameterDecorator.class);
+				if (idpLoaded == null || !(idpLoaded instanceof IOAAuthParameters)) {
 					Logger.warn("Configuration for federated IDP:" + nextIDPInformation.getIdpurlprefix() 
 						+ "is not loadable.");
 					throw new MOAIDException("auth.32", new Object[]{nextIDPInformation.getIdpurlprefix()});
 					
 				}
 
-				OAAuthParameter idp = (OAAuthParameter) idpLoaded;
+				IOAAuthParameters idp = idpLoaded;
 				
 				//check if next IDP config allows inbound messages
 				if (!idp.isInboundSSOInterfederationAllowed()) {
@@ -227,7 +247,7 @@ public class AttributQueryAction implements IAction {
 				}
 				
 				//check next IDP service area policy. BusinessService IDPs can only request wbPKs 
-				if (!spConfig.hasBaseIdTransferRestriction() && !idp.isIDPPublicService()) {
+				if (!spConfig.hasBaseIdTransferRestriction() && idp.hasBaseIdTransferRestriction()) {
 					Logger.error("Interfederated IDP " + idp.getPublicURLPrefix() 
 							+ " is a BusinessService-IDP but requests PublicService attributes.");
 					throw new MOAIDException("auth.34", new Object[]{nextIDPInformation.getIdpurlprefix()});
@@ -239,7 +259,7 @@ public class AttributQueryAction implements IAction {
 				 * 'pendingReq.getAuthURL() + "/sp/federated/metadata"' is implemented in federated_authentication module 
 				 *  but used in moa-id-lib. This should be refactored!!!  
 				 */
-				AssertionAttributeExtractor extractor = authDataBuilder.getAuthDataFromAttributeQuery(reqAttributes, 
+				AssertionAttributeExtractor extractor = getAuthDataFromAttributeQuery(reqAttributes, 
 						nextIDPInformation.getUserNameID(), idp, pendingReq.getAuthURL() + "/sp/federated/metadata");
 								
 				//mark attribute request as used
@@ -262,7 +282,7 @@ public class AttributQueryAction implements IAction {
 								
 			} else {													
 				Logger.debug("Build authData for AttributQuery from local MOASession.");							
-				IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq, session, spConfig);
+				IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq);
 				
 				//add default attributes in case of mandates or STORK is in use
 				List<String> attrList = addDefaultAttributes(reqAttributes, authData);
@@ -270,12 +290,19 @@ public class AttributQueryAction implements IAction {
 				//build Set of response attributes
 				List<Attribute> respAttr = PVPAttributeBuilder.buildSetOfResponseAttributes(authData, attrList);
 				
-				return Trible.newInstance(respAttr, authData.getSsoSessionValidTo(), authData.getQAALevel());
+				return Trible.newInstance(respAttr, authData.getSsoSessionValidTo(), authData.getEIDASQAALevel());
 				
 			}
 										
 		} catch (MOAIDException e) {
 			throw e;
+			
+		} catch (EAAFAuthenticationException e) {
+			throw new MOAIDException(e.getErrorId(), e.getParams(), e);
+			
+		} catch (EAAFConfigurationException e) {
+			throw new MOAIDException(e.getErrorId(), e.getParams(), e);
+			
 		}
 	}
 	
@@ -307,7 +334,8 @@ public class AttributQueryAction implements IAction {
 		}
 		
 		//add default mandate attributes if it is a authentication with mandates
-		if (authData.isUseMandate() && !reqAttributeNames.containsAll(DEFAULTMANDATEATTRIBUTES)) {
+		if (authData instanceof IMOAAuthData)
+		if (((IMOAAuthData)authData).isUseMandate() && !reqAttributeNames.containsAll(DEFAULTMANDATEATTRIBUTES)) {
 			for (String el : DEFAULTMANDATEATTRIBUTES) {
 				if (!reqAttributeNames.contains(el))
 					reqAttributeNames.add(el);
@@ -317,4 +345,76 @@ public class AttributQueryAction implements IAction {
 		return reqAttributeNames;
 	}
 	
+	/**
+	 * Get PVP authentication attributes by using a SAML2 AttributeQuery
+	 * 
+	 * @param reqQueryAttr List of PVP attributes which are requested
+	 * @param userNameID SAML2 UserNameID of the user for which attributes are requested
+	 * @param idpConfig Configuration of the IDP, which is requested 
+	 * @return 
+	 * @return PVP attribute DAO, which contains all received information
+	 * @throws MOAIDException
+	 */
+	public AssertionAttributeExtractor getAuthDataFromAttributeQuery(List<Attribute> reqQueryAttr,
+			String userNameID, IOAAuthParameters idpConfig, String spEntityID) throws MOAIDException{
+		String idpEnityID = idpConfig.getPublicURLPrefix();
+		
+		try {		
+			Logger.debug("Starting AttributeQuery process ...");
+			//collect attributes by using BackChannel communication
+			String endpoint = idpConfig.getIDPAttributQueryServiceURL();			
+			if (MiscUtil.isEmpty(endpoint)) {
+				Logger.error("No AttributeQueryURL for interfederationIDP " + idpEnityID);
+				throw new ConfigurationException("config.26", new Object[]{idpEnityID});
+				
+			}
+				
+			//build attributQuery request
+			AttributeQuery query = attributQueryBuilder.buildAttributQueryRequest(spEntityID, userNameID, endpoint, reqQueryAttr);
+			
+			//build SOAP request				
+			List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
+		
+			if (xmlObjects.size() == 0) {
+				Logger.error("Receive emptry AttributeQuery response-body.");
+				throw new AttributQueryException("auth.27", 
+						new Object[]{idpEnityID, "Receive emptry AttributeQuery response-body."});
+			
+			}
+		
+			Response intfResp;
+			if (xmlObjects.get(0) instanceof Response) {
+				intfResp = (Response) xmlObjects.get(0);
+			
+				//validate PVP 2.1 response
+				try {
+					samlVerificationEngine.verifyIDPResponse(intfResp, 
+							TrustEngineFactory.getSignatureKnownKeysTrustEngine(
+									metadataProvider));
+			
+					//create assertion attribute extractor from AttributeQuery response
+					return new AssertionAttributeExtractor(intfResp);
+		
+				} catch (Exception e) {
+					Logger.warn("PVP 2.1 assertion validation FAILED.", e);
+					throw new AssertionValidationExeption("auth.27", 
+							new Object[]{idpEnityID, e.getMessage()}, e);
+				}
+											
+			} else {
+				Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response");
+				throw new AttributQueryException("auth.27", 
+						new Object[]{idpEnityID, "Receive AttributeQuery response-body include no PVP 2.1 response"});
+			
+			}
+				 										
+		} catch (SOAPException e) {
+			throw new BuildException("builder.06", null, e);
+			
+		} catch (SecurityException e) {
+			throw new BuildException("builder.06", null, e);
+					
+		}
+	}
+	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index a8adc9ca0..43c860488 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -38,10 +38,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Service;
 
-import at.gv.egiz.eaaf.core.api.IAction;
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
@@ -60,7 +60,7 @@ import at.gv.egovernment.moa.logging.Logger;
 
 @Service("PVPAuthenticationRequestAction")
 public class AuthenticationAction implements IAction {
-	@Autowired IDPCredentialProvider pvpCredentials;
+	@Autowired IDPCredentialProvider pvpCredentials; 
 	@Autowired AuthConfiguration authConfig;
 	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
 	@Autowired(required=true) ApplicationContext springContext;
@@ -123,7 +123,7 @@ public class AuthenticationAction implements IAction {
 
 			//set protocol type
 			sloInformation.setProtocolType(req.requestedModule());
-			sloInformation.setSpEntityID(req.getOnlineApplicationConfiguration().getPublicURLPrefix());
+			sloInformation.setSpEntityID(req.getServiceProviderConfiguration().getUniqueIdentifier());
 			return sloInformation;
 			
 		} catch (MessageEncodingException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index baaf8b681..76956b5a8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -30,10 +30,10 @@ import org.springframework.stereotype.Service;
 
 import com.google.common.net.MediaType;
 
-import at.gv.egiz.eaaf.core.api.IAction;
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -48,7 +48,7 @@ public class MetadataAction implements IAction {
 
 	
 
-	@Autowired private IRevisionLogger revisionsLogger;
+	@Autowired private IRevisionLogger revisionsLogger; 
 	@Autowired private IDPCredentialProvider credentialProvider;
 	@Autowired private PVPMetadataBuilder metadatabuilder;
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 038e384f3..591aaa7cc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -22,6 +22,8 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x;
 
+import java.net.MalformedURLException;
+import java.net.URL;
 import java.util.Arrays;
 import java.util.List;
 
@@ -57,14 +59,15 @@ import org.springframework.web.bind.annotation.RequestMethod;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
 import at.gv.egiz.eaaf.core.exceptions.NoPassivAuthenticationException;
 import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityLogAdapter;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
@@ -80,7 +83,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
@@ -90,16 +92,14 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.id.util.ErrorResponseUtils;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
-
+ 
 @Controller
 public class PVP2XProtocol extends AbstractAuthProtocolModulController implements IModulInfo {
 
@@ -107,6 +107,8 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 	@Autowired SAMLVerificationEngineSP samlVerificationEngine;
 	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
 	
+	@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
+	
 	public static final String NAME = PVP2XProtocol.class.getName();
 	public static final String PATH = "id_pvp2x";
 
@@ -137,16 +139,17 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 	
 	public PVP2XProtocol() {
 		super();
-	}
+	} 
 		
 	//PVP2.x metadata end-point
 	@RequestMapping(value = "/pvp2/metadata", method = {RequestMethod.POST, RequestMethod.GET})
-	public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
-		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
-			Logger.info("PVP2.1 is deaktivated!");
-			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-			
-		}
+	public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
+//		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
+//			Logger.info("PVP2.1 is deaktivated!");
+//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
+//			
+//		}
+		
 		//create pendingRequest object
 		PVPTargetConfiguration pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
 		pendingReq.initialize(req);
@@ -166,12 +169,12 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 	
 	//PVP2.x IDP POST-Binding end-point
 	@RequestMapping(value = "/pvp2/post", method = {RequestMethod.POST})
-	public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
-		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
-			Logger.info("PVP2.1 is deaktivated!");
-			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-			
-		}
+	public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
+//		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
+//			Logger.info("PVP2.1 is deaktivated!");
+//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
+//			
+//		}
 		
 		PVPTargetConfiguration pendingReq = null;
 		
@@ -206,7 +209,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			if (pendingReq != null)
 				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
 			
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
 			
 		} catch (SecurityException e) {
 			String samlRequest = req.getParameter("SAMLRequest");			
@@ -216,7 +219,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			if (pendingReq != null)
 				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
 			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
 		
 		} catch (MOAIDException e) {
 			
@@ -240,10 +243,10 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 	
 	//PVP2.x IDP Redirect-Binding end-point
 	@RequestMapping(value = "/pvp2/redirect", method = {RequestMethod.GET})
-	public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
+	public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
 		if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) {
 			Logger.info("PVP2.1 is deaktivated!");
-			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
+			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
 			
 		}
 		PVPTargetConfiguration pendingReq = null;
@@ -278,7 +281,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			if (pendingReq != null)
 				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
 			
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
 			
 		} catch (SecurityException e) {
 			String samlRequest = req.getParameter("SAMLRequest");			
@@ -288,7 +291,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			if (pendingReq != null)
 				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
 			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
 			
 		} catch (MOAIDException e) {
 			String samlRequest = req.getParameter("SAMLRequest");			
@@ -315,12 +318,12 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 	
 	//PVP2.x IDP SOAP-Binding end-point
 	@RequestMapping(value = "/pvp2/soap", method = {RequestMethod.POST})
-	public void PVPIDPSOAPRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException {
-		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
-			Logger.info("PVP2.1 is deaktivated!");
-			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME });
-			
-		}
+	public void PVPIDPSOAPRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
+//		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
+//			Logger.info("PVP2.1 is deaktivated!");
+//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
+//			
+//		}
 				
 		PVPTargetConfiguration pendingReq = null;
 		try {
@@ -354,7 +357,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			if (pendingReq != null)
 				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
 			
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
 			
 		} catch (SecurityException e) {
 			String samlRequest = req.getParameter("SAMLRequest");			
@@ -364,7 +367,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			if (pendingReq != null)
 				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
 			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
 		
 		} catch (MOAIDException e) {			
 			//write revision log entries
@@ -393,7 +396,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			InboundMessage msg = pendingReq.getRequest();
 		
 			if (MiscUtil.isEmpty(msg.getEntityID())) {
-				throw new InvalidProtocolRequestException("pvp2.20", new Object[] {});
+				throw new InvalidProtocolRequestException("pvp2.20", new Object[] {}, "EntityId is null or empty");
 				
 			}
 			
@@ -425,8 +428,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 				throw new MOAIDException("Unsupported PVP21 message", new Object[] {});
 			}
 			
-			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
-					pendingReq, MOAIDEventConstants.AUTHPROTOCOL_TYPE, PATH);
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_TYPE, PATH);
 			
 			//switch to session authentication
 			performAuthentication(request, response, pendingReq);								
@@ -451,7 +453,6 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 		StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
 		StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
 		
-		ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance();
 		String moaError = null;
 		
 		if(e instanceof NoPassivAuthenticationException) {
@@ -473,12 +474,12 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			if(statusMessageValue != null) {
 				statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue));
 			}						
-			moaError = errorUtils.mapInternalErrorToExternalError(ex.getMessageId());
+			moaError = statusMessager.mapInternalErrorToExternalError(ex.getMessageId());
 			
 		} else {
 			statusCode.setValue(StatusCode.RESPONDER_URI);
 			statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
-			moaError = errorUtils.getResponseErrorCode(e);
+			moaError = statusMessager.getResponseErrorCode(e);
 		}
 		
 		
@@ -544,10 +545,11 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 	 * @param response
 	 * @param msg
 	 * @return
+	 * @throws EAAFException 
 	 * @throws MOAIDException 
 	 */
 	private void preProcessLogOut(HttpServletRequest request,
-			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws MOAIDException {
+			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws EAAFException {
 
 		InboundMessage inMsg = pendingReq.getRequest();		
 		MOARequest msg;
@@ -564,11 +566,11 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 
 			String oaURL = metadata.getEntityID();
 			oaURL = StringEscapeUtils.escapeHtml(oaURL);
-			IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(oaURL);
+			ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
 			
 			Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding());
 						
-			pendingReq.setOAURL(oaURL);
+			pendingReq.setSPEntityId(oaURL);
 			pendingReq.setOnlineApplicationConfiguration(oa);
 			pendingReq.setBinding(msg.getRequestBinding());
 			
@@ -584,17 +586,25 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			
 			Logger.debug("PreProcess SLO Response from " + resp.getIssuer());
 			
-			List<String> allowedPublicURLPrefix = 
-					AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
-			boolean isAllowedDestination = false;
+//			List<String> allowedPublicURLPrefix = authConfig.getIDPPublicURLPrefixes();
+//					AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
 			
-			for (String prefix : allowedPublicURLPrefix) {
-				if (resp.getDestination().startsWith(
-					prefix)) {
-					isAllowedDestination = true;
-					break;
-				}
+			boolean isAllowedDestination = false;			
+			try {
+				isAllowedDestination = MiscUtil.isNotEmpty(authConfig.validateIDPURL(new URL(resp.getDestination())));
+				
+			} catch (MalformedURLException e) {
+				Logger.info(resp.getDestination() + " is NOT valid. Reason: " + e.getMessage());
+				
 			}
+			
+//			for (String prefix : allowedPublicURLPrefix) {
+//				if (resp.getDestination().startsWith(
+//					prefix)) {
+//					isAllowedDestination = true;
+//					break;
+//				}
+//			}
 						
 			if (!isAllowedDestination) {
 				Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL");
@@ -607,7 +617,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 						
 						
 		} else 
-			throw new MOAIDException("Unsupported request", new Object[] {});
+			throw new EAAFException("Unsupported request");
 		
 		
 		pendingReq.setRequest(inMsg);
@@ -641,13 +651,8 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 			
 		}
 
-		//check if Issuer is an interfederation IDP
-		// check parameter
-		if (!ParamValidatorUtils.isValidOA(moaRequest.getEntityID()))
-			throw new WrongParametersException("StartAuthentication",
-					PARAM_OA, "auth.12");
-		
-		IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(moaRequest.getEntityID());
+		//check if Issuer is an interfederation IDP		
+		IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(moaRequest.getEntityID(), IOAAuthParameters.class);
 		if (!oa.isInderfederationIDP()) {
 			Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs.");
 			throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null);
@@ -671,7 +676,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 		
 		//set preProcessed information into pending-request
 		pendingReq.setRequest(moaRequest);
-		pendingReq.setOAURL(moaRequest.getEntityID());
+		pendingReq.setSPEntityId(moaRequest.getEntityID());
 		pendingReq.setOnlineApplicationConfiguration(oa);
 		pendingReq.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
 		
@@ -682,7 +687,7 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 		pendingReq.setAction(AttributQueryAction.class.getName());
 
 		//add moasession
-		pendingReq.setInternalSSOSessionIdentifier(session.getSessionID());
+		pendingReq.setSSOSessionIdentifier(session.getSSOSessionID());
 				
 		//write revisionslog entry
 		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY);
@@ -717,13 +722,15 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 		
 		if (authnRequest.getIssueInstant() == null) {
 			Logger.warn("Unsupported request: No IssueInstant Attribute found.");
-			throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant Attribute found.", new Object[] {});
+			throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant Attribute found.", new Object[] {}, 
+					"Unsupported request: No IssueInstant Attribute found", pendingReq);
 			
 		}
 		
 		if (authnRequest.getIssueInstant().minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) {
 			Logger.warn("Unsupported request: No IssueInstant DateTime is not valid anymore.");
-			throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant DateTime is not valid anymore.", new Object[] {});
+			throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant DateTime is not valid anymore.", new Object[] {},
+					"Unsupported request: No IssueInstant DateTime is not valid anymore.", pendingReq);
 			
 		}
 			
@@ -790,22 +797,22 @@ public class PVP2XProtocol extends AbstractAuthProtocolModulController implement
 		AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq;
 		AuthnRequestValidator.validate(authReq);
 		
-		String useMandate = request.getParameter(PARAM_USEMANDATE);
-		if(useMandate != null) {
-			if(useMandate.equals("true") && attributeConsumer != null) {
-				if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
-					throw new MandateAttributesNotHandleAbleException();
-				}
-			}
-		}
+//		String useMandate = request.getParameter(PARAM_USEMANDATE);
+//		if(useMandate != null) {
+//			if(useMandate.equals("true") && attributeConsumer != null) {
+//				if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
+//					throw new MandateAttributesNotHandleAbleException();
+//				}
+//			}
+//		}
 						
 		String oaURL = moaRequest.getEntityMetadata(metadataProvider).getEntityID();
 		oaURL = StringEscapeUtils.escapeHtml(oaURL);
-		IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(oaURL);
+		ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
 		
 		Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());		
 
-		pendingReq.setOAURL(oaURL);
+		pendingReq.setSPEntityId(oaURL);
 		pendingReq.setOnlineApplicationConfiguration(oa);
 		pendingReq.setBinding(consumerService.getBinding());
 		pendingReq.setRequest(moaRequest);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
index 46e5b83f6..67cbafe90 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
@@ -29,7 +29,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.StoredAssertion;
 
 @Service("PVPAssertionStorage")
@@ -47,11 +47,11 @@ public class PVPAssertionStorage implements SAMLArtifactMap {
 				relyingPartyId,
 				issuerId,
 				samlMessage);
-		
-		try {
+		 
+		try { 
 			transactionStorage.put(artifact, assertion, -1);
 			
-		} catch (MOADatabaseException e) {
+		} catch (EAAFException e) {
 			// TODO Insert Error Handling, if Assertion could not be stored
 			throw new MarshallingException("Assertion are not stored in Database.",e);
 		}
@@ -61,7 +61,7 @@ public class PVPAssertionStorage implements SAMLArtifactMap {
 		try {
 			return transactionStorage.get(artifact, SAMLArtifactMapEntry.class);
 			
-		} catch (MOADatabaseException e) {
+		} catch (EAAFException e) {
 			// TODO Insert Error Handling, if Assertion could not be read
 			e.printStackTrace();
 			return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index 060a5fcc2..95a2d8715 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -22,31 +22,24 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x;
 
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
+import javax.servlet.http.HttpServletRequest;
 
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.impl.AuthnRequestImpl;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.logging.Logger;
 
 @Component("PVPTargetConfiguration")
 @Scope(value = BeanDefinition.SCOPE_PROTOTYPE)
 public class PVPTargetConfiguration extends RequestImpl {
 
+	@Autowired(required=true) IConfiguration authConfig;
+	
 	public static final String DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP = "useMinimalFrontChannelResponse";
 	public static final String DATAID_INTERFEDERATION_NAMEID = "federatedNameID";
 	public static final String DATAID_INTERFEDERATION_QAALEVEL = "federatedQAALevel";	
@@ -55,10 +48,17 @@ public class PVPTargetConfiguration extends RequestImpl {
 	
 	private static final long serialVersionUID = 4889919265919638188L;
 	
+	
+	
 	InboundMessage request;
 	String binding;
 	String consumerURL;
 	
+	public void initialize(HttpServletRequest req) throws EAAFException {
+		super.initialize(req, authConfig);
+		
+	}
+	
 	public InboundMessage getRequest() {
 		return request;
 	}
@@ -84,61 +84,61 @@ public class PVPTargetConfiguration extends RequestImpl {
 		
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
-	 */
-	@Override
-	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
-
-		Map<String, String> reqAttr = new HashMap<String, String>();
-		for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
-			reqAttr.put(el, "");
-						
-		try {			
-			SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata(metadataProvider).getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-			if (spSSODescriptor.getAttributeConsumingServices() != null && 
-					spSSODescriptor.getAttributeConsumingServices().size() > 0) {
-							
-				Integer aIdx = null;
-				if (getRequest() instanceof MOARequest && 
-						((MOARequest)getRequest()).getSamlRequest() instanceof AuthnRequestImpl) {					
-					AuthnRequestImpl authnRequest = (AuthnRequestImpl)((MOARequest)getRequest()).getSamlRequest();					
-					aIdx = authnRequest.getAttributeConsumingServiceIndex();
-					
-				} else {
-					Logger.error("MOARequest is NOT of type AuthnRequest");
-				}
-				
-				int idx = 0;
-
-				AttributeConsumingService attributeConsumingService = null;
-				
-				if (aIdx != null) {
-					idx = aIdx.intValue();
-					attributeConsumingService = spSSODescriptor
-							.getAttributeConsumingServices().get(idx);
-					
-				} else {
-					List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
-					for (AttributeConsumingService el : attrConsumingServiceList) {
-						if (el.isDefault())
-							attributeConsumingService = el;
-					}				
-				}
-				
-				for ( RequestedAttribute attr : attributeConsumingService.getRequestAttributes())
-					reqAttr.put(attr.getName(), "");
-			}
-			
-			//return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
-			return reqAttr.keySet();
-			
-		} catch (NoMetadataInformationException e) {
-			Logger.warn("NO metadata found for Entity " + getRequest().getEntityID());
-			return null;
-					
-		}
-		
-	}
+//	/* (non-Javadoc)
+//	 * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+//	 */
+//	@Override
+//	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
+//
+//		Map<String, String> reqAttr = new HashMap<String, String>();
+//		for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
+//			reqAttr.put(el, "");
+//						
+//		try {			
+//			SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata(metadataProvider).getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+//			if (spSSODescriptor.getAttributeConsumingServices() != null && 
+//					spSSODescriptor.getAttributeConsumingServices().size() > 0) {
+//							
+//				Integer aIdx = null;
+//				if (getRequest() instanceof MOARequest && 
+//						((MOARequest)getRequest()).getSamlRequest() instanceof AuthnRequestImpl) {					
+//					AuthnRequestImpl authnRequest = (AuthnRequestImpl)((MOARequest)getRequest()).getSamlRequest();					
+//					aIdx = authnRequest.getAttributeConsumingServiceIndex();
+//					
+//				} else {
+//					Logger.error("MOARequest is NOT of type AuthnRequest");
+//				}
+//				
+//				int idx = 0;
+//
+//				AttributeConsumingService attributeConsumingService = null;
+//				
+//				if (aIdx != null) {
+//					idx = aIdx.intValue();
+//					attributeConsumingService = spSSODescriptor
+//							.getAttributeConsumingServices().get(idx);
+//					
+//				} else {
+//					List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
+//					for (AttributeConsumingService el : attrConsumingServiceList) {
+//						if (el.isDefault())
+//							attributeConsumingService = el;
+//					}				
+//				}
+//				
+//				for ( RequestedAttribute attr : attributeConsumingService.getRequestAttributes())
+//					reqAttr.put(attr.getName(), "");
+//			}
+//			
+//			//return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
+//			return reqAttr.keySet();
+//			
+//		} catch (NoMetadataInformationException e) {
+//			Logger.warn("NO metadata found for Entity " + getRequest().getEntityID());
+//			return null;
+//					
+//		}
+//		
+//	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index 2d8d0f66f..6b945d692 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -35,20 +35,20 @@ import org.opensaml.saml2.metadata.SingleLogoutService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egiz.eaaf.core.api.IAction;
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egiz.eaaf.core.api.data.ISLOInformationContainer;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.IAction;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
-import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -71,7 +71,7 @@ import at.gv.egovernment.moa.util.URLEncoder;
 public class SingleLogOutAction implements IAction {
 
 	@Autowired private SSOManager ssomanager;
-	@Autowired private AuthenticationManager authManager;
+	@Autowired private IAuthenticationManager authManager;
 	@Autowired private IAuthenticationSessionStoreage authenticationSessionStorage;
 	@Autowired private ITransactionStorage transactionStorage;
 	@Autowired private SingleLogOutBuilder sloBuilder;
@@ -84,7 +84,7 @@ public class SingleLogOutAction implements IAction {
 	@Override
 	public SLOInformationInterface processRequest(IRequest req,
 			HttpServletRequest httpReq, HttpServletResponse httpResp,
-			IAuthData authData) throws MOAIDException {
+			IAuthData authData) throws EAAFException {
 
 		PVPTargetConfiguration pvpReq = (PVPTargetConfiguration) req;  
 
@@ -94,12 +94,12 @@ public class SingleLogOutAction implements IAction {
 			MOARequest samlReq = (MOARequest) pvpReq.getRequest();
 			LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
 
-			IAuthenticationSession session = 
-					authenticationSessionStorage.searchMOASessionWithNameIDandOAID(
+			String ssoSessionId = 
+					authenticationSessionStorage.searchSSOSessionWithNameIDandOAID(
 							logOutReq.getIssuer().getValue(), 
 							logOutReq.getNameID().getValue());
 
-			if (session == null) {
+			if (MiscUtil.isEmpty(ssoSessionId)) {
 				Logger.warn("Can not find active SSO session with nameID " 
 						+ logOutReq.getNameID().getValue() + " and OA " 
 						+ logOutReq.getIssuer().getValue());
@@ -116,10 +116,10 @@ public class SingleLogOutAction implements IAction {
 
 				} else {						
 					try {
-						session = ssomanager.getInternalMOASession(ssoID);
+						ssoSessionId = authenticationSessionStorage.getInternalSSOSessionWithSSOID(ssoID);
 
-						if (session == null)
-							throw new MOADatabaseException();
+						if (MiscUtil.isEmpty(ssoSessionId))
+							throw new MOADatabaseException("");
 						
 					} catch (MOADatabaseException e) {
 						Logger.info("Can not find active Session. Single LogOut not possible!");
@@ -134,8 +134,13 @@ public class SingleLogOutAction implements IAction {
 				}					
 			}
 
-			authManager.performSingleLogOut(httpReq, httpResp, session, pvpReq);
-
+			pvpReq.setSSOSessionIdentifier(ssoSessionId);
+			ISLOInformationContainer sloInformationContainer 
+				= authManager.performSingleLogOut(httpReq, httpResp, pvpReq, ssoSessionId);
+			
+			Logger.debug("Starting technical SLO process ... ");
+			sloBuilder.toTechnicalLogout(sloInformationContainer, httpReq, httpResp, null);
+													
 		} else if (pvpReq.getRequest() instanceof MOAResponse &&
 				((MOAResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) {
 			Logger.debug("Process Single LogOut response");
@@ -178,7 +183,7 @@ public class SingleLogOutAction implements IAction {
 						//						AssertionStore element = (AssertionStore) result.get(0);					
 						//						Object data = SerializationUtils.deserialize(element.getAssertion());
 						Logger.debug("Current Thread getAssertionStore: "+Thread.currentThread().getId());
-						Object o = transactionStorage.getAssertionStore(relayState);
+						Object o = transactionStorage.getRaw(relayState);
 						if(o==null){
 							Logger.trace("No entries found.");
 							throw new MOADatabaseException("No sessioninformation found with this ID");
@@ -202,12 +207,12 @@ public class SingleLogOutAction implements IAction {
 									//									session.saveOrUpdate(element);							
 									//									tx.commit();
 									Logger.debug("Current Thread putAssertionStore: "+Thread.currentThread().getId());
-									transactionStorage.putAssertionStore(element);
+									transactionStorage.putRaw(element.getArtifact(), element);
 
 									//sloContainer could be stored to database
 									storageSuccess = true;
 
-								} catch(MOADatabaseException e) {
+								} catch(EAAFException e) {
 									//tx.rollback();
 
 									counter++;									
@@ -230,11 +235,12 @@ public class SingleLogOutAction implements IAction {
 
 								storageSuccess = true;
 								String redirectURL = null;
-								if (sloContainer.getSloRequest() != null) {
-									//send SLO response to SLO request issuer
-									SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(sloContainer.getSloRequest());
-									LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
-									redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, sloContainer.getSloRequest().getRequest().getRelayState());
+								IRequest sloReq = sloContainer.getSloRequest();
+								if (sloReq != null && sloReq instanceof PVPTargetConfiguration) {
+									//send SLO response to SLO request issuer									
+									SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPTargetConfiguration)sloReq);
+									LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPTargetConfiguration)sloReq, sloContainer.getSloFailedOAs());
+									redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, ((PVPTargetConfiguration)sloReq).getRequest().getRelayState());
 
 								} else {
 									//print SLO information directly
@@ -276,7 +282,7 @@ public class SingleLogOutAction implements IAction {
 						}						
 					}
 				}
-			} catch (MOADatabaseException e) {
+			} catch (EAAFException e) {
 				Logger.error("MOA AssertionDatabase ERROR", e);
 				throw new SLOException("pvp2.19", null);
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
index c662a0af5..f3af12a2c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
@@ -49,11 +49,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.Document;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
index 6beaee92b..07da57d2a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
@@ -32,15 +32,15 @@ import java.util.ServiceLoader;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.metadata.RequestedAttribute;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
@@ -97,13 +97,13 @@ public class PVPAttributeBuilder {
 		
 	}
 	
-	public static Attribute buildAttribute(String name, IOAAuthParameters oaParam,
-			IAuthData authData) throws PVP2Exception, AttributeException {
+	public static Attribute buildAttribute(String name, ISPConfiguration  oaParam,
+			IAuthData authData) throws PVP2Exception, AttributeBuilderException {
 		if (builders.containsKey(name)) {
 			try {
 				return builders.get(name).build(oaParam, authData, generator);
 			}
-			catch (AttributeException e) {
+			catch (AttributeBuilderException e) {
 				if (e instanceof UnavailableAttributeException) {
 					throw e;
 				} else if (e instanceof InvalidDateFormatAttributeException) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
index be8c2abdf..a55e873b5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
@@ -95,7 +95,7 @@ public class PVPAuthnRequestBuilder {
 			
 			// use POST binding as default if it exists 
 			if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { 
-				endpoint = sss;
+				endpoint = sss; 
 				
 			} else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) 
 					&& endpoint == null )
@@ -215,7 +215,7 @@ public class PVPAuthnRequestBuilder {
 		
 		//encode message
 		binding.encodeRequest(null, httpResp, authReq, 
-				endpoint.getLocation(), pendingReq.getRequestID(), config.getAuthnRequestSigningCredential(), pendingReq);
+				endpoint.getLocation(), pendingReq.getPendingRequestId(), config.getAuthnRequestSigningCredential(), pendingReq);
 	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index d11d57ab8..a1d7f5d3a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -23,8 +23,12 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
 
 import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
 import java.util.LinkedHashMap;
 import java.util.List;
+import java.util.Map.Entry;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -52,6 +56,8 @@ import org.opensaml.saml2.metadata.SingleLogoutService;
 import org.opensaml.saml2.metadata.impl.SingleLogoutServiceBuilder;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.ws.soap.common.SOAPException;
+import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.io.Marshaller;
 import org.opensaml.xml.security.SecurityException;
 import org.opensaml.xml.security.x509.X509Credential;
@@ -63,12 +69,23 @@ import org.springframework.context.ApplicationContext;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.Document;
 
-import at.gv.egiz.eaaf.core.api.data.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
@@ -85,8 +102,12 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformation
 import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
  * @author tlenz
@@ -98,6 +119,181 @@ public class SingleLogOutBuilder {
 	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
 	@Autowired(required=true) ApplicationContext springContext;
 	@Autowired private IDPCredentialProvider credentialProvider;
+	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
+	@Autowired private IGUIFormBuilder guiBuilder;
+	@Autowired(required=true) protected IRevisionLogger revisionsLogger;
+	@Autowired private ITransactionStorage transactionStorage;
+
+	public static final int SLOTIMEOUT = 30 * 1000; //30 sec
+	
+	public void toTechnicalLogout(ISLOInformationContainer sloContainer, 
+			HttpServletRequest httpReq, HttpServletResponse httpResp, String authUrl) throws MOAIDException {		
+		Logger.trace("Starting Service-Provider logout process ... ");		
+		revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_STARTED);		
+		
+		//start service provider back channel logout process		
+		Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA();	
+		while (nextOAInterator.hasNext()) {
+			SLOInformationInterface sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next());
+			LogoutRequest sloReq = buildSLORequestMessage(sloDescr);
+
+			try {
+				Logger.trace("Send backchannel SLO Request to " + sloDescr.getSpEntityID());
+				List<XMLObject> soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq);
+				
+				LogoutResponse sloResp = null;						
+				for (XMLObject el : soapResp) {
+					if (el instanceof LogoutResponse)
+						sloResp = (LogoutResponse) el;							
+				}
+				
+				if (sloResp == null) {
+					Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
+							+ " FAILED. NO LogOut response received.");
+					sloContainer.putFailedOA(sloDescr.getSpEntityID());
+					
+				} else {
+					samlVerificationEngine.verifySLOResponse(sloResp, 
+							TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
+					
+				}
+								
+				checkStatusCode(sloContainer, sloResp);
+										
+			} catch (SOAPException e) {
+				Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
+						+ " FAILED.", e);
+				sloContainer.putFailedOA(sloDescr.getSpEntityID());
+				
+			} catch (SecurityException | InvalidProtocolRequestException e) {
+				Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
+						+ " FAILED.", e);
+				sloContainer.putFailedOA(sloDescr.getSpEntityID());
+				
+			}					
+		}
+						
+		IRequest pendingReq = null;		
+		PVPTargetConfiguration pvpReq = null;
+		//start service provider front channel logout process
+		try {
+			if (sloContainer.hasFrontChannelOA()) {
+				String relayState = Random.nextRandom();
+				
+				Collection<Entry<String, SLOInformationInterface>> sloDescr = sloContainer.getFrontChannelOASessionDescriptions();
+				List<String> sloReqList = new ArrayList<String>();
+				for (Entry<String, SLOInformationInterface> el : sloDescr) {
+					Logger.trace("Build frontChannel SLO Request for " + el.getValue().getSpEntityID());
+					
+					LogoutRequest sloReq = buildSLORequestMessage(el.getValue());
+					try {
+						sloReqList.add(getFrontChannelSLOMessageURL(el.getValue().getServiceURL(), el.getValue().getBinding(), 
+								sloReq, httpReq, httpResp, relayState));
+						
+					} catch (Exception e) {
+						Logger.warn("Failed to build SLO request for OA:" + el.getKey());
+						sloContainer.putFailedOA(el.getKey());
+						
+					}														
+				}
+				
+				//put SLO process-information into transaction storage
+				transactionStorage.put(relayState, sloContainer, -1);
+				
+				if (MiscUtil.isEmpty(authUrl))
+					authUrl = sloContainer.getSloRequest().getAuthURL();
+				
+				String timeOutURL = authUrl
+						+ "/idpSingleLogout"
+						+ "?restart=" + relayState;
+				
+				DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+						authUrl, 
+						DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
+						null);
+				
+				config.putCustomParameterWithOutEscaption("redirectURLs", sloReqList);
+				config.putCustomParameterWithOutEscaption("timeoutURL", timeOutURL);
+				config.putCustomParameter("timeout", String.valueOf(SLOTIMEOUT));
+		        
+		        guiBuilder.build(httpResp, config, "Single-LogOut GUI");
+		        
+								
+			} else {
+				pendingReq = sloContainer.getSloRequest();
+				if (pendingReq != null && pendingReq instanceof PVPTargetConfiguration) {
+					//send SLO response to SLO request issuer
+					pvpReq = (PVPTargetConfiguration)pendingReq;
+					SingleLogoutService sloService = getResponseSLODescriptor(pvpReq);
+					LogoutResponse message = buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs());
+					sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, pvpReq.getRequest().getRelayState(), pvpReq);
+					
+				} else {
+					//print SLO information directly
+					DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+							authUrl, 
+							DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
+							null);
+					
+			        if (sloContainer.getSloFailedOAs() == null || 
+			        		sloContainer.getSloFailedOAs().size() == 0) {
+			        	revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID);
+			        	config.putCustomParameter("successMsg", 
+			        			MOAIDMessageProvider.getInstance().getMessage("slo.00", null));
+			        	
+			        } else {
+			        	revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
+			        	config.putCustomParameterWithOutEscaption("errorMsg", 
+			        			MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
+			        	
+			        }
+			        guiBuilder.build(httpResp, config, "Single-LogOut GUI");
+										
+				}
+									
+			}	
+		
+		} catch (GUIBuildException e) {
+			Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage());
+			throw  new MOAIDException("builder.09", new Object[]{e.getMessage()}, e);
+			
+		} catch (MOADatabaseException e) {
+			Logger.error("MOA AssertionDatabase ERROR", e);
+			if (pvpReq != null) {
+				SingleLogoutService sloService = getResponseSLODescriptor(pvpReq);
+				LogoutResponse message = buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
+				sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, pvpReq.getRequest().getRelayState(), pvpReq);
+
+				revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
+				
+			}else {
+				//print SLO information directly
+				DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration(
+						authUrl, 
+						DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, 
+						null);
+				
+				revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID);
+				config.putCustomParameterWithOutEscaption("errorMsg", 
+	        			MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
+	        	
+	        	try {
+					guiBuilder.build(httpResp, config, "Single-LogOut GUI");
+					
+				} catch (GUIBuildException e1) {
+					Logger.warn("Can not build GUI:'Single-LogOut'. Msg:" + e.getMessage());
+					throw  new MOAIDException("builder.09", new Object[]{e.getMessage()}, e);
+					
+				}
+									
+			}
+			
+		} catch (Exception e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		}	
+	}
+
 	
 		
 	public void checkStatusCode(ISLOInformationContainer sloContainer, LogoutResponse logOutResp) {
@@ -221,7 +417,7 @@ public class SingleLogOutBuilder {
 	}
 	
 	
-	public LogoutRequest buildSLORequestMessage(SLOInformationImpl sloInfo) throws ConfigurationException, MOAIDException {
+	public LogoutRequest buildSLORequestMessage(SLOInformationInterface sloDescr) throws ConfigurationException, MOAIDException {
 		LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class);
 		
 		SecureRandomIdentifierGenerator gen;
@@ -237,17 +433,17 @@ public class SingleLogOutBuilder {
 
 		DateTime now = new DateTime();
 		Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
-		issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(sloInfo.getAuthURL()));
+		issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(sloDescr.getAuthURL()));
 		issuer.setFormat(NameID.ENTITY);
 		sloReq.setIssuer(issuer);		
 		sloReq.setIssueInstant(now);
 		sloReq.setNotOnOrAfter(now.plusMinutes(5));
 		
-		sloReq.setDestination(sloInfo.getServiceURL());
+		sloReq.setDestination(sloDescr.getServiceURL());
 		
 		NameID nameID = SAML2Utils.createSAMLObject(NameID.class);
-		nameID.setFormat(sloInfo.getUserNameIDFormat());
-		nameID.setValue(sloInfo.getUserNameIdentifier());
+		nameID.setFormat(sloDescr.getUserNameIDFormat());
+		nameID.setValue(sloDescr.getUserNameIdentifier());
 		sloReq.setNameID(nameID );
 
 		//sign message
@@ -435,9 +631,9 @@ public class SingleLogOutBuilder {
 	public void parseActiveOAs(SLOInformationContainer container, 
 			List<OASessionStore> dbOAs, String removeOAID) {		
 		if (container.getActiveBackChannelOAs() == null)
-			container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationImpl>());			
+			container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationInterface>());			
 		if (container.getActiveFrontChannalOAs() == null)
-			container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationImpl>());
+			container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationInterface>());
 			
 		
 		if (dbOAs != null) {
@@ -491,9 +687,9 @@ public class SingleLogOutBuilder {
 	public void parseActiveIDPs(SLOInformationContainer container,
 			List<InterfederationSessionStore> dbIDPs, String removeIDP) {		
 		if (container.getActiveBackChannelOAs() == null)
-			container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationImpl>());			
+			container.setActiveBackChannelOAs(new LinkedHashMap<String, SLOInformationInterface>());			
 		if (container.getActiveFrontChannalOAs() == null)
-			container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationImpl>());
+			container.setActiveFrontChannalOAs(new LinkedHashMap<String, SLOInformationInterface>());
 		
 		if (dbIDPs != null) {
 			for (InterfederationSessionStore el : dbIDPs) {				
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 40c85945f..056e2bba0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -59,23 +59,26 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
 import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.id.util.QAALevelVerifier;
 import at.gv.egovernment.moa.logging.Logger;
@@ -91,7 +94,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
 	 * @param issuerEntityID EnitiyID, which should be used for this IDP response 
 	 * @param attrQuery AttributeQuery request from Service-Provider
 	 * @param attrList List of PVP response attributes
-	 * @param now Current time
+	 * @param now Current time 
 	 * @param validTo ValidTo time of the assertion
 	 * @param qaaLevel QAA level of the authentication
 	 * @param sessionIndex SAML2 SessionIndex, which should be included	 * 
@@ -141,48 +144,51 @@ public class PVP2AssertionBuilder implements PVPConstants {
 		AuthnContextClassRef authnContextClassRef = SAML2Utils
 				.createSAMLObject(AuthnContextClassRef.class);
 		
-		IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+		ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
 		
 		if (reqAuthnContext == null) {
-			 authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
+			 authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
 			
 		} else {
 
-			boolean stork_qaa_1_4_found = false;
+			boolean eIDAS_qaa_found = false;
 	
 			List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
 					.getAuthnContextClassRefs();
 		
-			if (reqAuthnContextClassRefIt.size() == 0) {
-			 
-				QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), 
-						STORK_QAA_1_4);
+			if (reqAuthnContextClassRefIt.size() == 0) {			 
+				QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), EAAFConstants.EIDAS_QAA_HIGH);
 			
-				stork_qaa_1_4_found = true;
-				authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
+				eIDAS_qaa_found = true;
+				authnContextClassRef.setAuthnContextClassRef(EAAFConstants.EIDAS_QAA_HIGH);
 			 
 			} else {
 				for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
 					String qaa_uri = authnClassRef.getAuthnContextClassRef();
-					if (qaa_uri.trim().equals(STORK_QAA_1_4)
-							|| qaa_uri.trim().equals(STORK_QAA_1_3)
-							|| qaa_uri.trim().equals(STORK_QAA_1_2)
-							|| qaa_uri.trim().equals(STORK_QAA_1_1)) {
+					
+					if (qaa_uri.trim().startsWith(STORK_QAA_PREFIX)) {
+						Logger.debug("Find STORK QAA leven in AuthnRequest. Starting mapping to eIDAS level ... ");
+						qaa_uri = LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(qaa_uri.trim());
+						
+					}
+					
+					if (qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_HIGH)
+							|| qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_SUBSTANTIAL)
+							|| qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_LOW)) {
 					
 						 if (authData.isForeigner()) {
-							 QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), 
-									 STORK_QAA_PREFIX + oaParam.getQaaLevel());
+							 QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), oaParam.getMinimumLevelOfAssurence());
 							 
-							 stork_qaa_1_4_found = true;
-							 authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
+							 eIDAS_qaa_found = true;
+							 authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
 							 
 						 } else {
 							 
-							 QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), 
+							 QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), 
 									 qaa_uri.trim());
 							 
-							 stork_qaa_1_4_found = true;
-							 authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel());
+							 eIDAS_qaa_found = true;
+							 authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
 							 							 
 						 }
 						 break;
@@ -190,9 +196,9 @@ public class PVP2AssertionBuilder implements PVPConstants {
 				 }
 			 }
 	
-			if (!stork_qaa_1_4_found) {
-				throw new QAANotSupportedException(STORK_QAA_1_4);
-			}
+			if (!eIDAS_qaa_found)
+				throw new QAANotSupportedException(EAAFConstants.EIDAS_QAA_HIGH);
+				
 		}
 		
 
@@ -289,11 +295,12 @@ public class PVP2AssertionBuilder implements PVPConstants {
 		
 		//build nameID and nameID Format from moasession
 		//TODO: nameID generation
-		if (authData.isUseMandate()) {
+		if (authData instanceof IMOAAuthData && 
+				((IMOAAuthData)authData).isUseMandate()) {
 			String bpktype = null;
 			String bpk = null;
 			
-			Element mandate = authData.getMandate();
+			Element mandate = ((IMOAAuthData)authData).getMandate();
 			if(mandate != null) {
 				Logger.debug("Read mandator bPK|baseID from full-mandate ... ");
 				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
index e462b277e..6ccacd6c8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
@@ -31,7 +31,7 @@ import org.opensaml.xml.schema.XSString;
 import org.opensaml.xml.schema.impl.XSIntegerBuilder;
 import org.opensaml.xml.schema.impl.XSStringBuilder;
 
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 
 public class SamlAttributeGenerator implements IAttributeGenerator<Attribute> {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index 64f5c7d73..81eca3765 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -44,7 +44,8 @@ import org.opensaml.saml2.metadata.OrganizationURL;
 import org.opensaml.saml2.metadata.SurName;
 import org.opensaml.saml2.metadata.TelephoneNumber;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -157,7 +158,7 @@ public class PVPConfiguration {
 				
 		try {
 			Logger.trace("Load metadata signing certificate for online application " + entityID);
-			IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID);		
+			ISPConfiguration  oaParam = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);		
 			if (oaParam == null) {
 				Logger.info("Online Application with ID " + entityID + " not found!");
 				return null;
@@ -186,6 +187,11 @@ public class PVPConfiguration {
 		} catch (IOException e) {
 			Logger.warn("Metadata signer certificate is not decodeable.", e);
 			return null;
+			
+		} catch (EAAFConfigurationException e) {
+			Logger.error("Configuration is not accessable.", e);
+			return null;
+			
 		}
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
index b1e7df014..c82e6bdf1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
@@ -29,7 +29,7 @@ import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
 public class NameIDFormatNotSupportedException extends AuthnRequestValidatorException {
 
 	public NameIDFormatNotSupportedException(String nameIDFormat) {
-		super("pvp2.12", new Object[] {nameIDFormat});
+		super("pvp2.12", new Object[] {nameIDFormat}, "NameID format not supported");
 		statusCodeValue = StatusCode.INVALID_NAMEID_POLICY_URI;
 
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 86284a2f4..7d43732a6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -49,12 +49,14 @@ import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.parse.BasicParserPool;
 import org.springframework.stereotype.Service;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.auth.IDestroyableObject;
 import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPEntityCategoryFilter;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain;
@@ -72,7 +74,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 	
 //	private static MOAMetadataProvider instance = null;
 	MetadataProvider internalProvider = null;
-	private Timer timer = null;
+	private Timer timer = null; 
 	private static Object mutex = new Object();
 	//private Map<String, Date> lastAccess = null;
 	
@@ -110,7 +112,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 				Logger.trace("Check consistence of PVP2X metadata");	
 				addAndRemoveMetadataProvider();
 					
-			} catch (ConfigurationException e) {
+			} catch (ConfigurationException | EAAFConfigurationException e) {
 				Logger.error("Access to MOA-ID configuration FAILED.", e);
 					
 			}
@@ -156,8 +158,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 			
 			
 			//reload metadata provider 
-			IOAAuthParameters oaParam = 
-					authConfig.getOnlineApplicationParameter(entityID);
+			ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityID);
 			if (oaParam != null) {
 				String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
 				if (MiscUtil.isNotEmpty(metadataURL)) {
@@ -175,7 +176,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 						String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
 						if (MiscUtil.isNotEmpty(certBase64)) {
 						byte[] cert = Base64Utils.decode(certBase64, false);
-						String oaFriendlyName = oaParam.getFriendlyName();
+						String oaFriendlyName = oaParam.getUniqueIdentifier();
 					
 						if (timer == null)
 							timer = new Timer(true);
@@ -222,6 +223,10 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 		} catch (ConfigurationException e) {
 			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
 					+ entityID + " FAILED.", e);
+			
+		} catch (EAAFConfigurationException e) {			
+			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
+					+ entityID + " FAILED.", e);
 		}
 		
 		return false;
@@ -246,7 +251,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 	}
 	
 	
-	private void addAndRemoveMetadataProvider() throws ConfigurationException {
+	private void addAndRemoveMetadataProvider() throws ConfigurationException, EAAFConfigurationException {
 		if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
 			Logger.info("Reload MOAMetaDataProvider.");
 			
@@ -282,8 +287,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 				while (oaInterator.hasNext()) {
 					Entry<String, String> oaKeyPair = oaInterator.next();
 					
-					IOAAuthParameters oaParam = 
-							authConfig.getOnlineApplicationParameter(oaKeyPair.getValue());
+					ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
 					if (oaParam != null) {
 						String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
 						
@@ -409,7 +413,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 	 * This method is deprecated because OA metadata should be loaded dynamically 
 	 * if the corresponding OA is requested.
 	 */
-	private void loadAllPVPMetadataFromKonfiguration() {
+	private void loadAllPVPMetadataFromKonfiguration() throws EAAFConfigurationException {
 		ChainingMetadataProvider chainProvider = new ChainingMetadataProvider();
 		Logger.info("Loading metadata");		
 		Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
@@ -423,11 +427,10 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 			while (oaInterator.hasNext()) {
 				Entry<String, String> oaKeyPair = oaInterator.next();
 				
-				IOAAuthParameters oaParam = 
-						authConfig.getOnlineApplicationParameter(oaKeyPair.getValue());
+				ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
 				if (oaParam != null) {
 					String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
-					String oaFriendlyName = oaParam.getFriendlyName();
+					String oaFriendlyName = oaParam.getUniqueIdentifier();
 					MetadataProvider httpProvider = null;
 			
 					try {
@@ -489,7 +492,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 				
 	}
 		
-	private PVPMetadataFilterChain buildMetadataFilterChain(IOAAuthParameters oaParam, String metadataURL, byte[] certificate) throws CertificateException, ConfigurationException {
+	private PVPMetadataFilterChain buildMetadataFilterChain(ISPConfiguration oaParam, String metadataURL, byte[] certificate) throws CertificateException, ConfigurationException {
 		PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
 		filterChain.getFilters().add(new SchemaValidationFilter());
 		filterChain.getFilters().add(
@@ -497,7 +500,9 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 						AuthConfiguration.PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER, 
 						false)));
 		
-		if (oaParam.isInderfederationIDP()) {
+		
+		
+		if ((new OAAuthParameterDecorator(oaParam)).isInderfederationIDP()) {
 			Logger.info("Online-Application is an interfederated IDP. Add addional Metadata policies");
 			filterChain.getFilters().add(new InterfederatedIDPPublicServiceFilter(metadataURL, oaParam.hasBaseIdTransferRestriction()));
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
index 6c2235654..c87b7515f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
@@ -23,6 +23,7 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
 
 import java.io.File;
+import java.net.MalformedURLException;
 import java.util.Timer;
 
 import javax.net.ssl.SSLHandshakeException;
@@ -57,6 +58,7 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
 	
 	
 	@Autowired 
+	//protected IConfiguration authConfig;
 	protected AuthConfiguration authConfig;
 	
 	/**
@@ -76,21 +78,30 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
 			return createNewHTTPMetaDataProvider(metadataLocation, filter, IdForLogging, timer, pool);
 		
 		else {
-			String absoluteMetadataLocation = FileUtils.makeAbsoluteURL(
-					metadataLocation,
-					authConfig.getRootConfigFileDir());
-			
-			if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) {
-				File metadataFile = new File(absoluteMetadataLocation);
-				if (metadataFile.exists())
-					return createNewFileSystemMetaDataProvider(metadataFile, filter, IdForLogging, timer, pool);
+			String absoluteMetadataLocation;
+			try {
+				absoluteMetadataLocation = FileUtils.makeAbsoluteURL(
+						metadataLocation,
+						authConfig.getConfigurationRootDirectory().toURL().toString());
 				
-				else {
-					Logger.warn("SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist");
-					return null;
-				}
+				if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) {
+					File metadataFile = new File(absoluteMetadataLocation);
+					if (metadataFile.exists())
+						return createNewFileSystemMetaDataProvider(metadataFile, filter, IdForLogging, timer, pool);
+					
+					else {
+						Logger.warn("SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist");
+						return null;
+					}
+					
+				}	
 				
-			}			
+				
+			} catch (MalformedURLException e) {
+				Logger.warn("SAML2 metadata URL is invalid: " + metadataLocation, e);
+				
+			}
+							
 		}
 		
 		Logger.warn("SAML2 metadata has an unsupported metadata location prefix: " + metadataLocation);		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
index af9ba0180..dd94e0093 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
@@ -33,6 +33,7 @@ import org.opensaml.xml.security.x509.X509Credential;
 import org.opensaml.xml.signature.Signature;
 import org.opensaml.xml.signature.SignatureConstants;
 
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.opemsaml.MOAKeyStoreX509CredentialAdapter;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -55,8 +56,9 @@ public abstract class AbstractCredentialProvider {
 	 * Get KeyStore
 	 * 
 	 * @return URL to the keyStore
+	 * @throws ConfigurationException 
 	 */
-	public abstract String getKeyStoreFilePath();
+	public abstract String getKeyStoreFilePath() throws ConfigurationException;
 	
 	/**
 	 * Get keyStore password
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
index 381289824..ebaef348c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
@@ -28,6 +28,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -53,14 +54,14 @@ public class IDPCredentialProvider extends AbstractCredentialProvider {
 	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath()
 	 */
 	@Override
-	public String getKeyStoreFilePath() {
+	public String getKeyStoreFilePath() throws ConfigurationException {
 		if (props == null)
 			props = authConfig.getGeneralPVP2ProperiesConfig();
 		
+
 		return FileUtils.makeAbsoluteURL(
-					props.getProperty(IDP_JAVAKEYSTORE), 
-					authConfig.getRootConfigFileDir());
-		
+						props.getProperty(IDP_JAVAKEYSTORE), 
+						authConfig.getRootConfigFileDir());		
 	}
 
 	/* (non-Javadoc)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
index 528d8cbb6..d89d04664 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
@@ -34,7 +34,8 @@ import org.opensaml.xml.security.x509.BasicX509Credential;
 import org.opensaml.xml.signature.SignatureValidator;
 import org.opensaml.xml.validation.ValidationException;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
@@ -52,8 +53,8 @@ public class EntityVerifier {
 	public static byte[] fetchSavedCredential(String entityID) {
 //		List<OnlineApplication> oaList = ConfigurationDBRead
 //				.getAllActiveOnlineApplications();
-		try {
-			IOAAuthParameters oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(entityID);
+		try { 
+			ISPConfiguration oa = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);
 		
 			if (oa == null) {
 				Logger.debug("No OnlineApplication with EntityID: " + entityID);
@@ -67,7 +68,7 @@ public class EntityVerifier {
 			
 			}
 			
-		} catch (ConfigurationException e) {
+		} catch (ConfigurationException | EAAFConfigurationException e) {
 			Logger.error("Access MOA-ID configuration FAILED.", e);
 			
 		} catch (IOException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
index 870c70efe..50bc7fb68 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
@@ -62,7 +62,7 @@ public class SAMLVerificationEngine {
 	
 	public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
 		try {		
-			if (msg instanceof MOARequest && 
+			if (msg instanceof MOARequest &&  
 					((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType)
 				verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine);
 		
@@ -112,10 +112,10 @@ public class SAMLVerificationEngine {
 		    
 		} catch (ValidationException e) {
 			 Logger.warn("Signature is not conform to SAML signature profile", e);
-			 throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+			 throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature is not conform to SAML signature profile");
 		
 		} catch (SchemaValidationException e) {			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, "SAML response does not fit XML scheme");
 		
 		}
 
@@ -126,11 +126,11 @@ public class SAMLVerificationEngine {
 
 		try {
 		    if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
-		    	throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+		    	throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML response");
 		    }
 		} catch (org.opensaml.xml.security.SecurityException e) {
 		    Logger.warn("PVP2x message signature validation FAILED.", e);
-		    throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+		    throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML response");
 		}
 	}
 	
@@ -142,10 +142,10 @@ public class SAMLVerificationEngine {
 		    
 		} catch (ValidationException e) {
 		    Logger.warn("Signature is not conform to SAML signature profile", e);
-		    throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+		    throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Scheme validation FAILED on SAML request");
 		    
 		} catch (SchemaValidationException e) {			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, "Scheme verification FAILED on SAML request");
 			
 		}
 
@@ -156,11 +156,11 @@ public class SAMLVerificationEngine {
 
 		try {
 		    if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
-		        throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+		        throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML request");
 		    }
 		} catch (org.opensaml.xml.security.SecurityException e) {
 			Logger.warn("PVP2x message signature validation FAILED.", e);
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML request");
 		}
 	}
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
index 9ae41c06c..c5f02e7de 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
@@ -40,15 +40,17 @@ import org.springframework.transaction.annotation.Transactional;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
@@ -56,6 +58,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.commons.utils.JsonMapper;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.data.EncryptedData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
@@ -68,14 +71,12 @@ import at.gv.egovernment.moa.util.MiscUtil;
 public class DBAuthenticationSessionStoreage implements IAuthenticationSessionStoreage{
 
 	@PersistenceContext(unitName="session")
-	private EntityManager entityManager;
+	private EntityManager entityManager; 
 	
 	@Autowired AuthConfiguration authConfig;
 	
 	private static JsonMapper mapper = new JsonMapper();
-	
-	//@Autowired MOASessionDBUtils moaSessionDBUtils;
-	
+		
 	@Override
 	public boolean isAuthenticated(String internalSsoSessionID) {
 		
@@ -108,7 +109,8 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			sessionExt.setUniqueSessionId(target.getUniqueSessionIdentifier());
 			dbsession.setAdditionalInformation(mapper.serialize(sessionExt).getBytes("UTF-8"));
 		
-			AuthenticationSession session = new AuthenticationSession(id, now, target.getMOASession());
+			AuthenticationSession session = new AuthenticationSession(id, now, 
+					new AuthenticationSessionWrapper(target.genericFullDataStorage()));
 			encryptSession(session, dbsession);
 		
 			//store AssertionStore element to Database
@@ -123,7 +125,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			
 		} catch (JsonProcessingException | UnsupportedEncodingException e) {
 			Logger.warn("Extended session information can not be stored.", e);
-			throw new MOADatabaseException(e);
+			throw new MOADatabaseException("Extended session information can not be stored.", e);
 			
 		}
 				
@@ -180,7 +182,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			
 		} catch (MOADatabaseException e) {
 			Logger.warn("MOASession could not be stored.");
-			throw new MOADatabaseException(e);
+			throw new MOADatabaseException("MOASession could not be stored.", e);
 			
 		} catch (JsonProcessingException | UnsupportedEncodingException e) {
 			Logger.warn("Extended session information can not be stored.", e);
@@ -228,12 +230,12 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 	}
 	
 	@Override
-	public AuthenticationSession getInternalMOASessionWithSSOID(String SSOSessionID) throws MOADatabaseException {
-		MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID");	  
-		Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database.");
+	public String getInternalSSOSessionWithSSOID(String externelSSOId) throws MOADatabaseException {
+		MiscUtil.assertNotNull(externelSSOId, "SSOsessionID");	  
+		Logger.trace("Get authenticated session with SSOID " + externelSSOId + " from database.");
 		  		  
 		Query query =  entityManager.createNamedQuery("getSessionWithSSOID");
-		query.setParameter("sessionid", SSOSessionID);		  
+		query.setParameter("sessionid", externelSSOId);		  
 		List<AuthenticatedSessionStore> results = query.getResultList();
 	 		  
 	    Logger.trace("Found entries: " + results.size());
@@ -245,7 +247,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 					 
 		} else
 			try {
-				return decryptSession(results.get(0));
+				return decryptSession(results.get(0)).getSSOSessionID();
 				
 			} catch (Throwable e) {
 				Logger.warn("MOASession deserialization-exception by using internal MOASessionID=" + results.get(0).getSessionid(), e);
@@ -312,7 +314,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 		//check if OA already has an active OA session
 		if (dbsession.getActiveOAsessions() != null) {
 			for (OASessionStore el : dbsession.getActiveOAsessions()) {
-				if (el.getOaurlprefix().equals(protocolRequest.getOAURL()))
+				if (el.getOaurlprefix().equals(protocolRequest.getSPEntityId()))
 					activeOA = el;						
 			}										 
 		}
@@ -321,7 +323,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			activeOA = new OASessionStore();
 				  
 	    //set active OA applications
-	    activeOA.setOaurlprefix(protocolRequest.getOAURL());
+	    activeOA.setOaurlprefix(protocolRequest.getSPEntityId());
 	    activeOA.setMoasession(dbsession);
 	    activeOA.setCreated(new Date());
 	  
@@ -360,21 +362,21 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 		entityManager.merge(dbsession);
 					
 		if (SLOInfo != null)
-			Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL() 
+			Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getSPEntityId() 
 					+ " and AssertionID: " + SLOInfo.getSessionIndex());
 		else
-			Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getOAURL());
+			Logger.info("Add SSO-Session login information for OA: " + protocolRequest.getSPEntityId());
 					
 	}
 
 	@Override
-	public List<OASessionStore> getAllActiveOAFromMOASession(IAuthenticationSession moaSession) {
-		MiscUtil.assertNotNull(moaSession, "MOASession");
+	public List<OASessionStore> getAllActiveOAFromMOASession(String ssoSessionId) {
+		MiscUtil.assertNotNull( ssoSessionId, "MOASession");
 
-		  Logger.trace("Get OAs for moaSession " + moaSession.getSessionID() + " from database.");
+		  Logger.trace("Get OAs for moaSession " +  ssoSessionId + " from database.");
 		  
 		  Query query =  entityManager.createNamedQuery("getAllActiveOAsForSessionID");
-		  query.setParameter("sessionID", moaSession.getSessionID());		  
+		  query.setParameter("sessionID",  ssoSessionId);		  
 		  List<OASessionStore> results = query.getResultList();
 			  
 		  Logger.trace("Found entries: " + results.size());
@@ -384,13 +386,13 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 	}
 	
 	@Override
-	public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(IAuthenticationSession moaSession) {
-		MiscUtil.assertNotNull(moaSession, "MOASession");
+	public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(String ssoSessionId) {
+		MiscUtil.assertNotNull( ssoSessionId, "MOASession");
 
-		  Logger.trace("Get active IDPs for moaSession " + moaSession.getSessionID() + " from database.");
+		  Logger.trace("Get active IDPs for moaSession " +  ssoSessionId + " from database.");
 		  
 		  Query query =  entityManager.createNamedQuery("getAllActiveIDPsForSessionID");
-		  query.setParameter("sessionID", moaSession.getSessionID());		  
+		  query.setParameter("sessionID",  ssoSessionId);		  
 		  List<InterfederationSessionStore> results = query.getResultList();
 
 		  Logger.trace("Found entries: " + results.size());
@@ -399,7 +401,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 	}
 	
 	@Override
-	public IAuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) {	  
+	public String searchSSOSessionWithNameIDandOAID(String oaID, String userNameID) {	  
 		  MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
 		  MiscUtil.assertNotNull(userNameID, "userNameID");
 		  Logger.trace("Get moaSession for userNameID " + userNameID + " and OA " 
@@ -419,8 +421,10 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 		   	
 		  }
 		  
-		  try {			  		  
-			  return  decryptSession(results.get(0));
+		  try {			
+			  AuthenticationSession decrytedSession = decryptSession(results.get(0));
+			  
+			  return decrytedSession.getSSOSessionID();
 			
 		  } catch (BuildException e) {
 			  Logger.warn("MOASession deserialization-exception by using MOASessionID=" + results.get(0).getSessionid(), e);			
@@ -434,11 +438,11 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 		  MiscUtil.assertNotNull(moaSession, "MOASession");	  
 		  MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier");
 		  MiscUtil.assertNotNull(protocolType, "usedProtocol");
-		  Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSessionID() + " with OAID "
+		  Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSSOSessionID() + " with OAID "
 				  + oaID + " from database.");
 		  
 		  Query query =  entityManager.createNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol");
-		  query.setParameter("sessionID", moaSession.getSessionID());
+		  query.setParameter("sessionID", moaSession.getSSOSessionID());
 		  query.setParameter("oaID", oaID);
 		  query.setParameter("protocol", protocolType);		  
 		  List<AuthenticatedSessionStore> results = query.getResultList();
@@ -545,25 +549,25 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 	}
 	
 	@Override
-	public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException {		
+	public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException, EAAFConfigurationException {		
 		AuthenticatedSessionStore dbsession = null;
-		AuthenticationSession moaSession = null;
+		String ssoSessionId = null;		
 		Date now = new Date();
 		
 		//search for active session
-		if (MiscUtil.isNotEmpty(req.getInternalSSOSessionIdentifier())) {
-			Logger.debug("Internal SSO-Session object: " + req.getInternalSSOSessionIdentifier() + " used for federated SSO");
-			moaSession = getInternalMOASessionWithSSOID(req.getInternalSSOSessionIdentifier());
+		if (MiscUtil.isNotEmpty(req.getSSOSessionIdentifier())) {
+			Logger.debug("Internal SSO-Session object: " + req.getSSOSessionIdentifier() + " used for federated SSO");
+			ssoSessionId = getInternalSSOSessionWithSSOID(req.getSSOSessionIdentifier());
 			
 		} else {
 			Logger.debug("No internal SSO-Session object exists for federated SSO --> create new session object");
-			moaSession = createInternalSSOSession(req);
+			ssoSessionId = createInternalSSOSession(req).getSSOSessionID();
 			
 		}
 			
-		if (moaSession != null) {
+		if (MiscUtil.isNotEmpty(ssoSessionId)) {
 			try {
-				dbsession = searchInDatabase(moaSession.getSessionID());
+				dbsession = searchInDatabase(ssoSessionId);
 				
 			}catch (MOADatabaseException e) {
 				Logger.error("NO MOASession found but MOASession MUST already exist!");
@@ -617,7 +621,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			idp.setIdpurlprefix(idpEntityID);
 			idp.setAuthURL(req.getAuthURL());
 			
-			IOAAuthParameters oa = authConfig.getOnlineApplicationParameter(idp.getIdpurlprefix());			
+			IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(idp.getIdpurlprefix(), OAAuthParameterDecorator.class);			
 			idp.setStoreSSOInformation(oa.isInterfederationSSOStorageAllowed());						
 			idp.setMoasession(dbsession);
 			idpList.add(idp);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
index 958ef4977..27d9d394d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBTransactionStorage.java
@@ -241,16 +241,17 @@ public class DBTransactionStorage implements ITransactionStorage {
 		}
 	}
 
-//	public Object getAssertionStore(String key) throws MOADatabaseException{
-//		return searchInDatabase(key);
-//		
-//	}
+	@Override
+	public Object getRaw(String key) throws MOADatabaseException {
+		return searchInDatabase(key);
+		
+	}
 	
-//	@Override
-//	public void putAssertionStore(Object element) throws MOADatabaseException{
-//		entityManager.merge(element);
-//		
-//	}
+	@Override
+	public void putRaw(String key, Object element) throws MOADatabaseException {
+		entityManager.merge(element);
+		
+	}
 	
 	private void cleanDelete(AssertionStore element) {
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
index 414df1328..ff9c4e358 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
@@ -26,7 +26,8 @@ import java.util.Date;
 import java.util.List;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -110,13 +111,13 @@ public interface IAuthenticationSessionStoreage {
 	public void setAuthenticated(String internalSsoSessionID, boolean isAuthenticated);
 	
 	/**
-	 * Find the MOASessionId of an active Single Sign-On session
+	 * Find the internal SSO session identifier of an active Single Sign-On session
 	 * 
-	 * @param SSOSessionID Single Sign-On sessionID
-	 * @return internal MOA SSO-Session of the associated SSO-Session Id 
+	 * @param externelSSOId external Single Sign-On sessionID
+	 * @return internal SSO-Session identifier 
 	 * @throws MOADatabaseException 
 	 */
-	public AuthenticationSession getInternalMOASessionWithSSOID(String SSOSessionID) throws MOADatabaseException;
+	public String getInternalSSOSessionWithSSOID(String externelSSOId) throws MOADatabaseException;
 	
 	/**
 	 * Check if a MOASession is an active Single Sign-On session
@@ -151,28 +152,28 @@ public interface IAuthenticationSessionStoreage {
 	/**
 	 * Get all Single Sign-On authenticated Service-Provider of a MOASession
 	 * 
-	 * @param moaSession MOASession data object
+	 * @param ssoSessionId SSO session id
 	 * @return List of Service-Provider information
 	 */
-	public List<OASessionStore> getAllActiveOAFromMOASession(IAuthenticationSession moaSession);
+	public List<OASessionStore> getAllActiveOAFromMOASession(String ssoSessionId);
 	
 	
 	/**
 	 * Get all active interfederation connections for a MOASession
 	 * 
-	 * @param moaSession MOASession data object
+	 * @param ssoSessionId SSO session id
 	 * @return List of Interfederation-IDP information
 	 */
-	public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(IAuthenticationSession moaSession);
+	public List<InterfederationSessionStore> getAllActiveIDPsFromMOASession(String ssoSessionId);
 	
 	/**
-	 * Search a MOASession by using already transfered authentication information 
+	 * Search a SSO session by using already transfered authentication information 
 	 * 
 	 * @param oaID Service-Provider identifier, which has received the authentication information
 	 * @param userNameID UserId (bPK), which was send to this Service-Provider
-	 * @return MOASession, or null if no corresponding MOASession is found
+	 * @return SSO-session identifier, or null if no corresponding SSO session is found
 	 */
-	public IAuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID);
+	public String searchSSOSessionWithNameIDandOAID(String oaID, String userNameID);
 	
 	/**
 	 * Search a active Single Sign-On session for a specific Service-Provider
@@ -220,8 +221,9 @@ public interface IAuthenticationSessionStoreage {
 	 * @throws MOADatabaseException
 	 * @throws AssertionAttributeExtractorExeption
 	 * @throws BuildException
+	 * @throws EAAFConfigurationException 
 	 */
-	public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException;
+	public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException, EAAFConfigurationException;
 	
 	/**
 	 * Search an active federation IDP which could be used for federated Single Sign-On by using an AttributeQuery
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
index f30613474..8d36e81bb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/RedisTransactionStorage.java
@@ -40,6 +40,7 @@ import org.springframework.data.redis.serializer.JacksonJsonRedisSerializer;
 import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
@@ -352,12 +353,13 @@ private AssertionStore prepareAssertion(AssertionStore element, String key, Obje
 	}
 
 @Override
-public Object getAssertionStore(String key) throws MOADatabaseException {
+public Object getRaw(String key) throws EAAFException {
 	return searchInDatabase(key);
+	
 }
 
 @Override
-public void putAssertionStore(Object element) throws MOADatabaseException {
+public void putRaw(String key, Object element) throws EAAFException {
 	// TODO Auto-generated method stub
 	AssertionStore as = (AssertionStore)element;
 	final int expTime = redisTemplate.getExpire(as.getArtifact(), TimeUnit.MILLISECONDS).intValue();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
new file mode 100644
index 000000000..3e3d9dafc
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
@@ -0,0 +1,174 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.util;
+
+import java.io.IOException;
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.data.AuthenticationRole;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class LoALevelMapper {
+
+	private static final String PVP_SECCLASS_PREFIX = "http://www.ref.gv.at/ns/names/agiz/pvp/";
+	private static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/";
+	private static final String eIDAS_QAA_PREFIX = "http://eidas.europa.eu/";
+	
+	private static final String MAPPING_RESOURCE = 
+			"resources/properties/pvp-stork_mapping.properties";
+	
+	private static final String MAPPING_SECCLASS_PREFIX = "secclass_";
+	private static final String MAPPING_EIDAS_PREFIX = "eidas_";
+	
+	private Properties mapping = null;
+	
+	private static LoALevelMapper instance = null;
+	
+	public static LoALevelMapper getInstance() {
+		if (instance == null) {
+			instance = new LoALevelMapper();			
+		}
+		
+		return instance;
+	}
+	
+	private LoALevelMapper() {
+		try {
+			mapping = new Properties();
+			mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE));
+			Logger.debug("PVP -> STORK Role mapping initialisation finished.");
+			
+		} catch (IOException e) {
+			Logger.error("PVP -> STORK Role mapping initialisation FAILED." , e);
+			mapping = null;
+			
+		}
+		
+		
+	}
+
+	/**
+	 * Map STORK QAA level to eIDAS QAA level
+	 * 
+	 * @param storkQAA STORK QAA level
+	 * @return
+	 */
+	public String mapSTORKQAAToeIDASQAA(String storkQAA) {
+		if (mapping != null) {
+			String input = storkQAA.substring(STORK_QAA_PREFIX.length());			
+			String mappedQAA = mapping.getProperty(MAPPING_EIDAS_PREFIX + input);
+			if (MiscUtil.isNotEmpty(mappedQAA)) {
+				Logger.info("Map STORK-QAA " + storkQAA + " to eIDAS-QAA " + mappedQAA);
+				return mappedQAA;
+				
+			}						
+		}		
+		Logger.warn("No eIDAS-QAA mapping for STORK-QAA " + storkQAA +" !");
+		return null;
+		
+	}
+	
+	/**
+	 * Map eIDAS QAA-level to STORK QAA-level
+	 * 
+	 * @param qaaLevel eIDAS QAA-level
+	 * @return STORK QAA-level
+	 */
+	public String mapeIDASQAAToSTORKQAA(String qaaLevel) {
+		if (mapping != null) {
+			String input = qaaLevel.substring(eIDAS_QAA_PREFIX.length());			
+			String mappedQAA = mapping.getProperty(input);
+			if (MiscUtil.isNotEmpty(mappedQAA)) {
+				Logger.info("Map eIDAS-QAA " + qaaLevel + " to STORK-QAA " + mappedQAA);
+				return mappedQAA;
+				
+			}						
+		}		
+		Logger.warn("No eIDAS-QAA mapping for eIDAS-QAA " + qaaLevel +" !");
+		return null;
+	}
+	
+	/**Map a STORK QAA level to PVP SecClass
+	 * 
+	 * @param STORK-QAA level
+	 * @return PVP SecClass pvpQAALevel
+	 */	
+	public String mapToSecClass(String storkQAALevel) {
+		if (mapping != null) {
+			String input = storkQAALevel.substring(STORK_QAA_PREFIX.length());			
+			String mappedQAA = mapping.getProperty(MAPPING_SECCLASS_PREFIX + input);
+			if (MiscUtil.isNotEmpty(mappedQAA)) {
+				Logger.info("Map STORK-QAA " + storkQAALevel + " to PVP SecClass " + mappedQAA);
+				return mappedQAA;
+				
+			}						
+		}		
+		Logger.warn("No mapping for STORK-QAA " + storkQAALevel +" !");
+		return null;
+	}
+	
+	/**Map a PVP SecClass to STORK QAA level
+	 * 
+	 * @param PVP SecClass pvpQAALevel
+	 * @return STORK-QAA level
+	 */	
+	public String mapToQAALevel(String pvpQAALevel) {
+		if (mapping != null) {
+			String input = pvpQAALevel.substring(PVP_SECCLASS_PREFIX.length());			
+			String mappedQAA = mapping.getProperty(input);
+			if (MiscUtil.isNotEmpty(mappedQAA)) {
+				Logger.info("Map PVP SecClass " + pvpQAALevel + " to STORK-QAA " + mappedQAA);
+				return mappedQAA;
+				
+			}						
+		}		
+		Logger.warn("No mapping for PVP SecClass " + pvpQAALevel +" !");
+		return null;
+	}
+	
+	/**Map a PVP Role attribute to STORK ECAuthenticationRole attribute values
+	 * 
+	 * @param PVP Role attribute
+	 * @return STORK ECAuthenticationRole attribute value
+	 */
+	public String map(AuthenticationRole el) {
+		if (mapping != null) {
+			//String ecRole = mapping.getProperty(el.getRawRoleString());
+			String ecRole = mapping.getProperty(el.getRoleName());
+			if (MiscUtil.isNotEmpty(ecRole)) {
+				//Logger.info("Map PVPRole " + el.getRawRoleString() + " to ECRole " + ecRole);
+				Logger.info("Map PVPRole " + el.getRoleName() + " to ECRole " + ecRole);
+				return ecRole;
+			}			
+		}
+		//Logger.warn("NO mapping for PVPRole "+ el.getRawRoleString() + " !");
+		Logger.warn("NO mapping for PVPRole "+ el.getRoleName() + " !");
+		return null;
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
deleted file mode 100644
index 099a70470..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
+++ /dev/null
@@ -1,174 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.util;
-
-import java.io.IOException;
-import java.util.Properties;
-
-import at.gv.egovernment.moa.id.data.AuthenticationRole;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-public class PVPtoSTORKMapper {
-
-	private static final String PVP_SECCLASS_PREFIX = "http://www.ref.gv.at/ns/names/agiz/pvp/";
-	private static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/";
-	private static final String eIDAS_QAA_PREFIX = "http://eidas.europa.eu/";
-	
-	private static final String MAPPING_RESOURCE = 
-			"resources/properties/pvp-stork_mapping.properties";
-	
-	private static final String MAPPING_SECCLASS_PREFIX = "secclass_";
-	private static final String MAPPING_EIDAS_PREFIX = "eidas_";
-	
-	private Properties mapping = null;
-	
-	private static PVPtoSTORKMapper instance = null;
-	
-	public static PVPtoSTORKMapper getInstance() {
-		if (instance == null) {
-			instance = new PVPtoSTORKMapper();			
-		}
-		
-		return instance;
-	}
-	
-	private PVPtoSTORKMapper() {
-		try {
-			mapping = new Properties();
-			mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE));
-			Logger.debug("PVP -> STORK Role mapping initialisation finished.");
-			
-		} catch (IOException e) {
-			Logger.error("PVP -> STORK Role mapping initialisation FAILED." , e);
-			mapping = null;
-			
-		}
-		
-		
-	}
-
-	/**
-	 * Map STORK QAA level to eIDAS QAA level
-	 * 
-	 * @param storkQAA STORK QAA level
-	 * @return
-	 */
-	public String mapSTORKQAAToeIDASQAA(String storkQAA) {
-		if (mapping != null) {
-			String input = storkQAA.substring(STORK_QAA_PREFIX.length());			
-			String mappedQAA = mapping.getProperty(MAPPING_EIDAS_PREFIX + input);
-			if (MiscUtil.isNotEmpty(mappedQAA)) {
-				Logger.info("Map STORK-QAA " + storkQAA + " to eIDAS-QAA " + mappedQAA);
-				return mappedQAA;
-				
-			}						
-		}		
-		Logger.warn("No eIDAS-QAA mapping for STORK-QAA " + storkQAA +" !");
-		return null;
-		
-	}
-	
-	/**
-	 * Map eIDAS QAA-level to STORK QAA-level
-	 * 
-	 * @param qaaLevel eIDAS QAA-level
-	 * @return STORK QAA-level
-	 */
-	public String mapeIDASQAAToSTORKQAA(String qaaLevel) {
-		if (mapping != null) {
-			String input = qaaLevel.substring(eIDAS_QAA_PREFIX.length());			
-			String mappedQAA = mapping.getProperty(input);
-			if (MiscUtil.isNotEmpty(mappedQAA)) {
-				Logger.info("Map eIDAS-QAA " + qaaLevel + " to STORK-QAA " + mappedQAA);
-				return mappedQAA;
-				
-			}						
-		}		
-		Logger.warn("No eIDAS-QAA mapping for eIDAS-QAA " + qaaLevel +" !");
-		return null;
-	}
-	
-	/**Map a STORK QAA level to PVP SecClass
-	 * 
-	 * @param STORK-QAA level
-	 * @return PVP SecClass pvpQAALevel
-	 */	
-	public String mapToSecClass(String storkQAALevel) {
-		if (mapping != null) {
-			String input = storkQAALevel.substring(STORK_QAA_PREFIX.length());			
-			String mappedQAA = mapping.getProperty(MAPPING_SECCLASS_PREFIX + input);
-			if (MiscUtil.isNotEmpty(mappedQAA)) {
-				Logger.info("Map STORK-QAA " + storkQAALevel + " to PVP SecClass " + mappedQAA);
-				return mappedQAA;
-				
-			}						
-		}		
-		Logger.warn("No mapping for STORK-QAA " + storkQAALevel +" !");
-		return null;
-	}
-	
-	/**Map a PVP SecClass to STORK QAA level
-	 * 
-	 * @param PVP SecClass pvpQAALevel
-	 * @return STORK-QAA level
-	 */	
-	public String mapToQAALevel(String pvpQAALevel) {
-		if (mapping != null) {
-			String input = pvpQAALevel.substring(PVP_SECCLASS_PREFIX.length());			
-			String mappedQAA = mapping.getProperty(input);
-			if (MiscUtil.isNotEmpty(mappedQAA)) {
-				Logger.info("Map PVP SecClass " + pvpQAALevel + " to STORK-QAA " + mappedQAA);
-				return mappedQAA;
-				
-			}						
-		}		
-		Logger.warn("No mapping for PVP SecClass " + pvpQAALevel +" !");
-		return null;
-	}
-	
-	/**Map a PVP Role attribute to STORK ECAuthenticationRole attribute values
-	 * 
-	 * @param PVP Role attribute
-	 * @return STORK ECAuthenticationRole attribute value
-	 */
-	public String map(AuthenticationRole el) {
-		if (mapping != null) {
-			//String ecRole = mapping.getProperty(el.getRawRoleString());
-			String ecRole = mapping.getProperty(el.getRoleName());
-			if (MiscUtil.isNotEmpty(ecRole)) {
-				//Logger.info("Map PVPRole " + el.getRawRoleString() + " to ECRole " + ecRole);
-				Logger.info("Map PVPRole " + el.getRoleName() + " to ECRole " + ecRole);
-				return ecRole;
-			}			
-		}
-		//Logger.warn("NO mapping for PVPRole "+ el.getRawRoleString() + " !");
-		Logger.warn("NO mapping for PVPRole "+ el.getRoleName() + " !");
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
index 88a64bd07..ca71ad946 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
@@ -22,8 +22,9 @@
  */
 package at.gv.egovernment.moa.id.util;
 
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotAllowedException;
+import at.gv.egovernment.moa.logging.Logger;
 
 /**
  * @author tlenz
@@ -33,10 +34,23 @@ public class QAALevelVerifier {
 
 	public static void verifyQAALevel(String qaaAuth, String qaaRequest) throws QAANotAllowedException {
 		
-		Integer qaaA = Integer.valueOf(qaaAuth.substring(PVPConstants.STORK_QAA_PREFIX.length()));
-		Integer qaaR = Integer.valueOf(qaaRequest.substring(PVPConstants.STORK_QAA_PREFIX.length()));
+		if (EAAFConstants.EIDAS_QAA_LOW.equals(qaaRequest) && 
+					(EAAFConstants.EIDAS_QAA_LOW.equals(qaaAuth) || 
+							EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaAuth) ||
+									EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth))
+				) 
+			Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
 		
-		if (qaaA < qaaR)
+		else if (EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaRequest) && 
+					(EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaAuth) ||
+								EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth))
+				) 
+			Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
+		
+		else if (EAAFConstants.EIDAS_QAA_HIGH.equals(qaaRequest) && EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth)) 
+			Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
+		
+		else 
 			throw new QAANotAllowedException(qaaAuth, qaaRequest);
 		
 	}
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
index 1e3672a0d..14d4d9fb6 100644
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
@@ -1,8 +1,6 @@
-at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder
-at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSectorForIDAttributeBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN
 at.gv.egovernment.moa.id.protocols.builder.attributes.EncryptedBPKAttributeBuilder
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
deleted file mode 100644
index 9b6eedb11..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java
+++ /dev/null
@@ -1,285 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.module.test;
-
-import java.util.Collection;
-
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
-
-/**
- * @author tlenz
- *
- */
-public class TestRequestImpl implements IRequest {
-
-	private String processInstanceID = null; 
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedModule()
-	 */
-	@Override
-	public String requestedModule() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedAction()
-	 */
-	@Override
-	public String requestedAction() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getOAURL()
-	 */
-	@Override
-	public String getOAURL() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#isPassiv()
-	 */
-	@Override
-	public boolean isPassiv() {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#forceAuth()
-	 */
-	@Override
-	public boolean forceAuth() {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getGenericData(java.lang.String)
-	 */
-	@Override
-	public Object getGenericData(String key) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getGenericData(java.lang.String, java.lang.Class)
-	 */
-	@Override
-	public <T> T getGenericData(String key, Class<T> clazz) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#setGenericDataToSession(java.lang.String, java.lang.Object)
-	 */
-	@Override
-	public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException {
-		// TODO Auto-generated method stub
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestID()
-	 */
-	@Override
-	public String getRequestID() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getUniqueTransactionIdentifier()
-	 */
-	@Override
-	public String getUniqueTransactionIdentifier() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getUniqueSessionIdentifier()
-	 */
-	@Override
-	public String getUniqueSessionIdentifier() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getProcessInstanceId()
-	 */
-	@Override
-	public String getProcessInstanceId() {
-		return processInstanceID;
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getAuthURL()
-	 */
-	@Override
-	public String getAuthURL() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getAuthURLWithOutSlash()
-	 */
-	@Override
-	public String getAuthURLWithOutSlash() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#isNeedAuthentication()
-	 */
-	@Override
-	public boolean isNeedAuthentication() {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#needSingleSignOnFunctionality()
-	 */
-	@Override
-	public boolean needSingleSignOnFunctionality() {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#setNeedSingleSignOnFunctionality(boolean)
-	 */
-	@Override
-	public void setNeedSingleSignOnFunctionality(boolean needSSO) {
-		// TODO Auto-generated method stub
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#isAuthenticated()
-	 */
-	@Override
-	public boolean isAuthenticated() {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#setAuthenticated(boolean)
-	 */
-	@Override
-	public void setAuthenticated(boolean isAuthenticated) {
-		// TODO Auto-generated method stub
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getOnlineApplicationConfiguration()
-	 */
-	@Override
-	public IOAAuthParameters getOnlineApplicationConfiguration() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/**
-	 * @param processInstanceID the processInstanceID to set
-	 */
-	public void setProcessInstanceID(String processInstanceID) {
-		this.processInstanceID = processInstanceID;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#isAbortedByUser()
-	 */
-	@Override
-	public boolean isAbortedByUser() {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#setAbortedByUser(boolean)
-	 */
-	@Override
-	public void setAbortedByUser(boolean isAborted) {
-		// TODO Auto-generated method stub
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedAttributes()
-	 */
-	@Override
-	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.commons.api.IRequest#getInternalSSOSessionIdentifier()
-	 */
-	@Override
-	public String getInternalSSOSessionIdentifier() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.commons.api.IRequest#getMOASession()
-	 */
-	@Override
-	public IAuthenticationSession getMOASession() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.commons.api.IRequest#populateMOASessionWithSSOInformation(at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession)
-	 */
-	@Override
-	public void populateMOASessionWithSSOInformation(IAuthenticationSession ssoSession) {
-		// TODO Auto-generated method stub
-		
-	}
-	
-	
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java
deleted file mode 100644
index 08fb4e043..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/DummyTransactionStorage.java
+++ /dev/null
@@ -1,147 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test;
-
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.Iterator;
-import java.util.List;
-
-import javax.sql.DataSource;
-
-import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Dummy DataSource implementation for convenience in test cases where a
- * database connection will never actually be acquired.
- *
- * @see DataSource
- * @author Chris Beams
- */
-public class DummyTransactionStorage implements ITransactionStorage {
-
-	public class DummyDBEntry{
-		public DummyDBEntry(String key, Object value){
-			this.obj =value;
-			this.key = key;
-		}
-		public String getKey() {
-			return key;
-		}
-		public void setKey(String key) {
-			this.key = key;
-		}
-		public Object getObj() {
-			return obj;
-		}
-		public void setObj(Object obj) {
-			this.obj = obj;
-		}
-		private String key;
-		private Object obj;
-	}
-	
-	private ArrayList<DummyDBEntry> ds = new ArrayList<DummyDBEntry>();
-	
-
-	
-	@Override
-	public boolean containsKey(String key) {
-		// TODO Auto-generated method stub
-		Iterator<DummyDBEntry> it = ds.iterator();
-		while(it.hasNext()){
-			DummyDBEntry t = it.next();
-			if(t.getKey().equals(key))
-				return true;
-		}
-		return false;
-	}
-
-	@Override
-	public void put(String key, Object value, int timeout_ms)
-			throws MOADatabaseException {
-		// TODO Auto-generated method stub
-		this.remove(key);
-		this.ds.add(new DummyDBEntry(key, value));
-		
-	}
-
-	@Override
-	public Object get(String key) throws MOADatabaseException {
-		// TODO Auto-generated method stub
-		Iterator<DummyDBEntry> it = ds.iterator();
-		while(it.hasNext()){
-			DummyDBEntry t = it.next();
-			if(t.getKey().equals(key))
-				return t;
-		}
-		return null;
-	}
-
-	@Override
-	public <T> T get(String key, Class<T> clazz) throws MOADatabaseException {
-		
-		  DummyDBEntry o = (DummyDBEntry) get(key);
-		  if(o == null)
-			  return null;
-		  try {
-			  @SuppressWarnings("unchecked")
-			T test = (T) (clazz.cast(o.getObj()));
-			return test;
-			
-		  } catch (Exception e) {
-			Logger.warn("Sessioninformation Cast-Exception by using Artifact=" + key);
-			throw new MOADatabaseException("Sessioninformation Cast-Exception");
-			
-		  }
-	}
-
-	@Override
-	public <T> T get(String key, Class<T> clazz, long dataTimeOut)
-			throws MOADatabaseException, AuthenticationException {
-		// TODO Auto-generated method stub
-		return get(key,clazz);
-	}
-
-	@Override
-	public void changeKey(String oldKey, String newKey, Object value)
-			throws MOADatabaseException {
-		this.remove(oldKey);
-		this.put(newKey, value, -1);
-		
-	}
-
-	@Override
-	public void remove(String key) {
-		Iterator<DummyDBEntry> it = ds.iterator();
-		while(it.hasNext()){
-			DummyDBEntry t = it.next();
-			if(t.getKey().equals(key)){
-				this.ds.remove(t);
-				return;
-			}
-		}
-		
-	}
-
-	@Override
-	public List<String> clean(Date now, long dataTimeOut) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public Object getAssertionStore(String key) throws MOADatabaseException {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public void putAssertionStore(Object element) throws MOADatabaseException {
-		// TODO Auto-generated method stub
-		
-	}
-
-    
-}
\ No newline at end of file
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/ExpressionContextAdapter.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/ExpressionContextAdapter.java
deleted file mode 100644
index c26236619..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/ExpressionContextAdapter.java
+++ /dev/null
@@ -1,52 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test;
-
-
-import java.io.Serializable;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-
-import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext;
-
-/**
- * Adapter class for {@link ExpressionEvaluationContext}. Intended to be used for testing purposes.
- * 
- * @author tknall
- * 
- */
-public class ExpressionContextAdapter implements ExpressionEvaluationContext {
-
-	private static final long serialVersionUID = 1L;
-
-	private Map<String, Serializable> ctxData = Collections.synchronizedMap(new HashMap<String, Serializable>());
-
-	/**
-	 * Returns a certain {@link Serializable} object associated with a certain {@code key}.
-	 * 
-	 * @param key
-	 *            The key.
-	 * @return The object or {@code null} if no object was found stored with that key or if a {@code null} value was
-	 *         stored.
-	 */
-	Serializable get(String key) {
-		return ctxData.get(key);
-	}
-
-	/**
-	 * Stores a {@link Serializable} with a certain {@code key}.
-	 * 
-	 * @param key
-	 *            The key.
-	 * @param object
-	 *            The object.
-	 */
-	void put(String key, Serializable object) {
-		ctxData.put(key, object);
-	}
-
-	@Override
-	public Map<String, Serializable> getCtx() {
-		return Collections.unmodifiableMap(ctxData);
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SimplePojo.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SimplePojo.java
deleted file mode 100644
index 89f3c0383..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SimplePojo.java
+++ /dev/null
@@ -1,41 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test;
-
-import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator;
-
-/**
- * A dummy pojo used to test {@link ExpressionEvaluator} with Spring EL referencing Spring beans.
- * 
- * @author tknall
- * 
- */
-public class SimplePojo {
-
-	private Boolean booleanValue;
-	private String stringValue;
-	private Integer integerValue;
-
-	public Boolean getBooleanValue() {
-		return booleanValue;
-	}
-
-	public void setBooleanValue(Boolean booleanValue) {
-		this.booleanValue = booleanValue;
-	}
-
-	public String getStringValue() {
-		return stringValue;
-	}
-
-	public void setStringValue(String stringValue) {
-		this.stringValue = stringValue;
-	}
-
-	public Integer getIntegerValue() {
-		return integerValue;
-	}
-
-	public void setIntegerValue(Integer integerValue) {
-		this.integerValue = integerValue;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java
deleted file mode 100644
index c06735f9e..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java
+++ /dev/null
@@ -1,154 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test;
-
-import static at.gv.egovernment.moa.id.process.ProcessInstanceState.NOT_STARTED;
-import static at.gv.egovernment.moa.id.process.ProcessInstanceState.SUSPENDED;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Properties;
-
-import org.hibernate.cfg.Configuration;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
-import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
-import at.gv.egovernment.moa.id.module.test.TestRequestImpl;
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException;
-import at.gv.egovernment.moa.id.process.ProcessEngine;
-import at.gv.egovernment.moa.id.process.ProcessEngineImpl;
-import at.gv.egovernment.moa.id.process.ProcessExecutionException;
-import at.gv.egovernment.moa.id.process.ProcessInstance;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.spring.SpringExpressionEvaluator;
-
-/**
- * Tests the process engine using processes based on Spring EL referencing the process context and further Spring beans.
- * 
- * @author tknall
- * 
- */
-@RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration("/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml")
-public class SpringExpressionAwareProcessEngineTest {
-
-	@Autowired private static ProcessEngine pe;
-	@Autowired private ApplicationContext applicationContext;
-	
-	private boolean isInitialized = false;
-
-	@Before
-	public void init() throws IOException, ProcessDefinitionParserException {
-
-		if (!isInitialized) {
-
-			if (pe == null) {
-				pe = applicationContext.getBean("processEngine", ProcessEngine.class);
-				
-			}
-
-			((ProcessEngineImpl) pe).setTransitionConditionExpressionEvaluator(new SpringExpressionEvaluator());
-			try (InputStream in = SpringExpressionAwareProcessEngineTest.class.getResourceAsStream("SampleProcessDefinitionWithExpression1.xml")) {
-				((ProcessEngineImpl) pe).registerProcessDefinition(in);
-			}
-			try (InputStream in = SpringExpressionAwareProcessEngineTest.class.getResourceAsStream("SampleProcessDefinitionForSAML1Authentication.xml")) {
-				((ProcessEngineImpl) pe).registerProcessDefinition(in);
-			}
-
-		initHibernateForTesting();
-		}
-	}
-
-	private static void initHibernateForTesting() throws IOException{
-
-		InputStream in = SpringExpressionAwareProcessEngineTest.class.getResourceAsStream("/at/gv/egovernment/moa/id/process/hibernate.configuration.test.properties");
-		Properties props = new Properties();
-		props.load(in);
-
-		try {
-			//ConfigurationDBUtils.initHibernate(props);
-			Configuration config = new Configuration();
-			config.addProperties(props);
-			//config.addAnnotatedClass(ProcessInstanceStore.class);
-			config.addAnnotatedClass(AssertionStore.class);
-			//MOASessionDBUtils.initHibernate(config, props);
-		} catch (Exception e) {
-			e.printStackTrace();
-		}
-	}
-
-
-	@Test
-	public void testSampleProcessDefinitionWithExpression1() throws IOException, ProcessDefinitionParserException, ProcessExecutionException {
-
-		TestRequestImpl req =  new TestRequestImpl();
-		
-		String piId = pe.createProcessInstance("SampleProcessWithExpression1");
-		ProcessInstance pi = pe.getProcessInstance(piId);
-		assertEquals(NOT_STARTED, pi.getState());
-		
-		
-		// start process
-		req.setProcessInstanceID(piId);
-		pe.start(req);
-		
-		//processInstance should be removed when it ends
-		try {
-			pi = pe.getProcessInstance(piId);
-			throw new ProcessExecutionException("ProcessInstance should be removed already, but it was found.");
-			//assertEquals(ENDED, pi.getState());
-			
-		} catch (IllegalArgumentException e) {
-			// do nothing because processInstance should be already removed 
-			
-		}
-	}
-
-	@Test
-	public void testSampleProcessDefinitionForSAML1Authentication() throws IOException, ProcessDefinitionParserException, ProcessExecutionException {
-
-		TestRequestImpl req =  new TestRequestImpl();
-		
-		String piId = pe.createProcessInstance("SampleProcessDefinitionForSAML1Authentication");
-		ProcessInstance pi = pe.getProcessInstance(piId);
-		assertEquals(NOT_STARTED, pi.getState());
-
-		// start process
-		req.setProcessInstanceID(piId);
-		pe.start(req);		
-		pi = pe.getProcessInstance(piId);
-		assertEquals(SUSPENDED, pi.getState());
-		
-		ExecutionContext ec = pi.getExecutionContext();
-		assertNotNull(ec);
-		System.out.println(ec.keySet());
-
-		assertNotNull(ec.get("bkuURL"));
-		assertNotNull(ec.get("IdentityLink"));
-		assertNotNull(ec.get("isIdentityLinkValidated"));
-		assertNotNull(ec.get("SignedAuthBlock"));
-		assertNotNull(ec.get("isSignedAuthBlockValidated"));
-		assertNotNull(ec.get("SAML1Assertion"));
-		
-		pe.signal(req);
-		try {
-			pi = pe.getProcessInstance(piId);
-			throw new ProcessExecutionException("ProcessInstance should be removed already, but it was found.");
-			//assertEquals(ENDED, pi.getState());
-			
-		} catch (IllegalArgumentException e) {
-			// do nothing because processInstance should be already removed 
-			
-		}
-
-
-
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest.java
deleted file mode 100644
index bc9d1d399..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest.java
+++ /dev/null
@@ -1,54 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test;
-
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
-import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator;
-
-/**
- * Tests the {@link ExpressionEvaluator} using a Spring EL based implementation capable of dereferencing Spring beans.
- * 
- * @author tknall
- * 
- */
-@RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration
-public class SpringExpressionEvaluatorTest {
-
-	private ExpressionContextAdapter ctx;
-
-	@Autowired
-	private ExpressionEvaluator expressionEvaluator;
-
-	@Before
-	public void prepareTest() {
-		ctx = new ExpressionContextAdapter();
-	}
-
-	@Test
-	public void testEvaluateSimpleExpression() {
-		assertTrue(expressionEvaluator.evaluate(ctx, "'true'"));
-	}
-
-	@Test
-	public void testEvaluateExpressionWithCtx() {
-		ctx.put("myProperty", false);
-		assertFalse(expressionEvaluator.evaluate(ctx, "ctx['myProperty']"));
-	}
-
-	@Test
-	public void testEvaluateExpressionWithBeanReference() {
-		assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.booleanValue"));
-		assertTrue(expressionEvaluator.evaluate(ctx, "'HelloWorld'.equals(@simplePojo.stringValue)"));
-		assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.integerValue == 42"));
-		assertTrue(expressionEvaluator.evaluate(ctx, "@simplePojo.stringValue.length() == 10"));
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java
deleted file mode 100644
index d3b9789fc..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java
+++ /dev/null
@@ -1,63 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test.task;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.charset.Charset;
-import java.util.Objects;
-
-import org.apache.commons.io.IOUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * A dummy task simulating the creation of a SAML1 assertion.
- * <p>
- * Requires context data:
- * <ul>
- * <li>{@code IdentityLink}</li>
- * <li>{@code isIdentityLinkValidated}</li>
- * <li>{@code SignedAuthBlock}</li>
- * <li>{@code isSignedAuthBlockValidated}</li>
- * </ul>
- * </p>
- * <p>
- * Enriches context data with:
- * <ul>
- * <li>{@code SAML1Assertion}</li>
- * </ul>
- * </p>
- * 
- * @author tknall
- * 
- */
-@Service("CreateSAML1AssertionTask")
-public class CreateSAML1AssertionTask implements Task {
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-
-	@Override
-	public IRequest execute(IRequest penReq, ExecutionContext executionContext) throws TaskExecutionException {
-		Objects.requireNonNull(executionContext.get("IdentityLink"));
-		assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isIdentityLinkValidated"))));
-		Objects.requireNonNull(executionContext.get("SignedAuthBlock"));
-		assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isSignedAuthBlockValidated"))));
-
-		log.debug("Using IdentityLink and signed auth block in order to create SAML1 assertion.");
-
-		try (InputStream in = getClass().getResourceAsStream("SAML1Assertion.xml")) {
-			executionContext.put("SAML1Assertion", IOUtils.toString(in, Charset.forName("UTF-8")));
-			
-		} catch (IOException e) {
-			throw new TaskExecutionException(null, "", e);
-		}
-
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java
deleted file mode 100644
index 7657f1c1f..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java
+++ /dev/null
@@ -1,59 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test.task;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.charset.Charset;
-import java.util.Objects;
-
-import org.apache.commons.io.IOUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * A dummy task simulating the retrieval of an IdentityLink.
- * <p/>
- * Asynchonous
- * <p>
- * Requires context data:
- * <ul>
- * <li>{@code bkuURL}</li>
- * </ul>
- * </p>
- * <p>
- * Enriches context data with:
- * <ul>
- * <li>{@code IdentityLink}</li>
- * </ul>
- * </p>
- * 
- * @author tknall
- * 
- */
-@Service("GetIdentityLinkTask")
-public class GetIdentityLinkTask implements Task {
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-
-	@Override
-	public IRequest execute(IRequest penReq, ExecutionContext executionContext) throws TaskExecutionException {
-		Objects.requireNonNull(executionContext.get("bkuURL"));
-
-		log.debug("Using bkuURL in order to retrieve IdentityLink.");
-
-		try (InputStream in = getClass().getResourceAsStream("IdentityLink_Max_Mustermann.xml")) {
-			executionContext.put("IdentityLink", IOUtils.toString(in, Charset.forName("UTF-8")));
-			
-		} catch (IOException e) {
-			throw new TaskExecutionException(null, "", e);
-		}
-		
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java
deleted file mode 100644
index 1163a0706..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SelectBKUTask.java
+++ /dev/null
@@ -1,37 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test.task;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * A dummy task simulating a bku selection.
- * <p/>
- * Asynchonous
- * <p>
- * Enriches context data with:
- * <ul>
- * <li>{@code bkuURL}</li>
- * </ul>
- * </p>
- * 
- * @author tknall
- * 
- */
-@Service("SelectBKUTask")
-public class SelectBKUTask implements Task {
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-
-	@Override
-	public IRequest execute(IRequest penReq, ExecutionContext executionContext) {
-		log.debug("Providing BKU selection.");
-		executionContext.put("bkuURL", "https://127.0.0.1:3496/https-security-layer-request");
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java
deleted file mode 100644
index 1d10b08a8..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java
+++ /dev/null
@@ -1,61 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test.task;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.nio.charset.Charset;
-import java.util.Objects;
-
-import org.apache.commons.io.IOUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * A dummy task simulating the signature of an auth block.
- * <p/>
- * Asynchonous
- * <p>
- * Requires context data:
- * <ul>
- * <li>{@code IdentityLink}</li>
- * <li>{@code isIdentityLinkValidated}</li>
- * <li>{@code bkuURL}</li>
- * </ul>
- * </p>
- * <p>
- * Enriches context data with:
- * <ul>
- * <li>{@code SignedAuthBlock}</li>
- * </ul>
- * </p>
- * 
- * @author tknall
- * 
- */
-@Service("SignAuthBlockTask")
-public class SignAuthBlockTask implements Task {
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-
-	@Override
-	public IRequest execute(IRequest penReq, ExecutionContext executionContext) throws TaskExecutionException {
-		Objects.requireNonNull(executionContext.get("IdentityLink"));
-		assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isIdentityLinkValidated"))));
-		Objects.requireNonNull(executionContext.get("bkuURL"));
-
-		log.debug("Using validated IdentityLink and bkuURL in order to sign auth block.");
-		try (InputStream in = getClass().getResourceAsStream("SignedAuthBlock.xml")) {
-			executionContext.put("SignedAuthBlock", IOUtils.toString(in, Charset.forName("UTF-8")));
-		} catch (IOException e) {
-			throw new TaskExecutionException(null, "", e);
-						
-		}
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java
deleted file mode 100644
index 19a87d520..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateIdentityLinkTask.java
+++ /dev/null
@@ -1,46 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test.task;
-
-import java.util.Objects;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * Dummy task simulating the validation of an IdentityLink.
- * <p>
- * Requires context data:
- * <ul>
- * <li>{@code IdentityLink}</li>
- * </ul>
- * </p>
- * <p>
- * Enriches context data with:
- * <ul>
- * <li>{@code isIdentityLinkValidated}</li>
- * </ul>
- * </p>
- * 
- * @author tknall
- * 
- */
-@Service("ValidateIdentityLinkTask")
-public class ValidateIdentityLinkTask implements Task {
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-
-	@Override
-	public IRequest execute(IRequest penReq, ExecutionContext executionContext) {
-		Objects.requireNonNull(executionContext.get("IdentityLink"));
-
-		log.debug("Validating IdentityLink.");
-
-		executionContext.put("isIdentityLinkValidated", true);
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java
deleted file mode 100644
index afae6463d..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java
+++ /dev/null
@@ -1,51 +0,0 @@
-package at.gv.egovernment.moa.id.process.spring.test.task;
-
-import java.util.Objects;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * A dummy task simulating the validation of an auth block.
- * <p>
- * Requires context data:
- * <ul>
- * <li>{@code IdentityLink}</li>
- * <li>{@code isIdentityLinkValidated}</li>
- * <li>{@code SignedAuthBlock}</li>
- * </ul>
- * </p>
- * <p>
- * Enriches context data with:
- * <ul>
- * <li>{@code isSignedAuthBlockValidated}</li>
- * </ul>
- * </p>
- * 
- * @author tknall
- * 
- */
-@Service("ValidateSignedAuthBlockTask")
-public class ValidateSignedAuthBlockTask implements Task {
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-
-	@Override
-	public IRequest execute(IRequest penReq, ExecutionContext executionContext) throws TaskExecutionException {
-		Objects.requireNonNull(executionContext.get("IdentityLink"));
-		assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isIdentityLinkValidated"))));
-		Objects.requireNonNull(executionContext.get("SignedAuthBlock"));
-
-		log.debug("Using validated IdentityLink and signed auth block in order to validate signed auth block.");
-
-		executionContext.put("isSignedAuthBlockValidated", true);
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/BooleanStringExpressionEvaluator.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/BooleanStringExpressionEvaluator.java
deleted file mode 100644
index 20dfc50ef..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/BooleanStringExpressionEvaluator.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package at.gv.egovernment.moa.id.process.test;
-
-import java.util.Objects;
-
-import org.apache.commons.lang3.BooleanUtils;
-
-import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext;
-import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator;
-
-/**
- * Expression evaluator that guesses the boolean value from a String. Refer to {@link BooleanUtils#toBoolean(String)}
- * for further information.
- * 
- * @author tknall
- * 
- */
-public class BooleanStringExpressionEvaluator implements ExpressionEvaluator {
-
-	@Override
-	public boolean evaluate(ExpressionEvaluationContext expressionContext, String expression) {
-		return BooleanUtils.toBoolean(Objects.requireNonNull(expression, "Expression must not be null."));
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java
deleted file mode 100644
index d808713c1..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package at.gv.egovernment.moa.id.process.test;
-
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * Simple task that just outputs a "Hallo World" text to the console.
- * 
- * @author tknall
- * 
- */
-@Service("HalloWeltTask")
-public class HalloWeltTask implements Task {
-
-	@Override
-	public IRequest execute(IRequest pendingReq, ExecutionContext executionContext) {
-		System.out.println("Hallo Welt");
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java
deleted file mode 100644
index ee02d0030..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package at.gv.egovernment.moa.id.process.test;
-
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * Simple task that just outputs a "Hello World" text to the console.
- * 
- * @author tknall
- * 
- */
-@Service("HelloWorldTask")
-public class HelloWorldTask implements Task {
-
-	@Override
-	public IRequest execute(IRequest pendingReq, ExecutionContext executionContext) {
-		System.out.println("Hello World");
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessDefinitionParserTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessDefinitionParserTest.java
deleted file mode 100644
index df13f064b..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessDefinitionParserTest.java
+++ /dev/null
@@ -1,137 +0,0 @@
-package at.gv.egovernment.moa.id.process.test;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertTrue;
-
-import java.io.IOException;
-import java.io.InputStream;
-
-import org.junit.Test;
-
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParser;
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException;
-import at.gv.egovernment.moa.id.process.model.EndEvent;
-import at.gv.egovernment.moa.id.process.model.ProcessDefinition;
-import at.gv.egovernment.moa.id.process.model.ProcessNode;
-import at.gv.egovernment.moa.id.process.model.StartEvent;
-import at.gv.egovernment.moa.id.process.model.TaskInfo;
-import at.gv.egovernment.moa.id.process.model.Transition;
-
-public class ProcessDefinitionParserTest {
-	
-	@Test(expected = ProcessDefinitionParserException.class)
-	public void testParseInvalidProcessDefinition_MultipleStartEvents() throws IOException, ProcessDefinitionParserException {
-		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_MultipleStartEvents.xml")) {
-			new ProcessDefinitionParser().parse(in);
-		}
-	}
-	
-	@Test(expected = ProcessDefinitionParserException.class)
-	public void testParseInvalidProcessDefinition_TransitionLoop() throws IOException, ProcessDefinitionParserException {
-		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_TransitionLoop.xml")) {
-			new ProcessDefinitionParser().parse(in);
-		}
-	}
-	
-	@Test(expected = ProcessDefinitionParserException.class)
-	public void testParseInvalidProcessDefinition_TransitionStartsFromEndEvent() throws IOException, ProcessDefinitionParserException {
-		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_TransitionStartsFromEndEvent.xml")) {
-			new ProcessDefinitionParser().parse(in);
-		}
-	}
-	
-	@Test(expected = ProcessDefinitionParserException.class)
-	public void testParseInvalidProcessDefinition_TransitionRefsTransition() throws IOException, ProcessDefinitionParserException {
-		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_TransitionRefsTransition.xml")) {
-			new ProcessDefinitionParser().parse(in);
-		}
-	}
-	
-	@Test(expected = ProcessDefinitionParserException.class)
-	public void testParseInvalidProcessDefinition_NoStartEvents() throws IOException, ProcessDefinitionParserException {
-		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_NoStartEvents.xml")) {
-			new ProcessDefinitionParser().parse(in);
-		}
-	}
-	
-	@Test
-	public void testParseSampleProcessDefinition() throws IOException, ProcessDefinitionParserException {
-		try (InputStream in = getClass().getResourceAsStream("SampleProcessDefinition1.xml")) {
-			
-			ProcessDefinitionParser parser = new ProcessDefinitionParser();
-			ProcessDefinition pd = parser.parse(in);
-			
-			assertNotNull(pd);
-			assertEquals("SampleProcess1", pd.getId());
-			
-			// first assert tasks then transitions
-			// start event
-			StartEvent startEvent = pd.getStartEvent();
-			assertNotNull(startEvent);
-			assertEquals("start", startEvent.getId());
-			assertEquals(startEvent, pd.getProcessNode("start"));
-			// task1
-			ProcessNode processNode = pd.getProcessNode("task1");
-			assertNotNull(processNode);
-			assertTrue(processNode instanceof TaskInfo);
-			TaskInfo task1 = (TaskInfo) processNode;
-			assertEquals("task1", task1.getId());
-			assertFalse(task1.isAsync());
-			// task2 
-			processNode = pd.getProcessNode("task2");
-			assertNotNull(processNode);
-			assertTrue(processNode instanceof TaskInfo);
-			TaskInfo task2 = (TaskInfo) processNode;
-			assertEquals("task2", task2.getId());
-			assertTrue(task2.isAsync());
-			// end event
-			processNode = pd.getProcessNode("end");
-			assertNotNull(processNode);
-			assertTrue(processNode instanceof EndEvent);
-			EndEvent endEvent = (EndEvent) processNode;
-			assertEquals("end", endEvent.getId());
-			
-			// assert transitions
-			// start event
-			assertNotNull(startEvent.getIncomingTransitions());
-			assertTrue(startEvent.getIncomingTransitions().isEmpty());
-			assertNotNull(startEvent.getOutgoingTransitions());
-			assertEquals(1, startEvent.getOutgoingTransitions().size());
-			// transition from start to task1
-			Transition startToTask1 = startEvent.getOutgoingTransitions().get(0);
-			assertEquals("fromStart", startToTask1.getId());
-			assertEquals(startEvent, startToTask1.getFrom());
-			assertEquals(task1, startToTask1.getTo());
-			assertEquals("true", startToTask1.getConditionExpression());
-			// task1
-			assertNotNull(task1.getIncomingTransitions());
-			assertEquals(1, task1.getIncomingTransitions().size());
-			assertEquals(startToTask1, task1.getIncomingTransitions().get(0));
-			assertNotNull(task1.getOutgoingTransitions());
-			assertEquals(1, task1.getOutgoingTransitions().size());
-			// transition from task1 to task2
-			Transition task1ToTask2 = task1.getOutgoingTransitions().get(0);
-			assertNull(task1ToTask2.getId());
-			assertEquals(task1, task1ToTask2.getFrom());
-			assertEquals(task2, task1ToTask2.getTo());
-			assertNull(task1ToTask2.getConditionExpression());
-			// task2
-			assertNotNull(task2.getIncomingTransitions());
-			assertEquals(1, task2.getIncomingTransitions().size());
-			assertEquals(task1ToTask2, task2.getIncomingTransitions().get(0));
-			assertNotNull(task2.getOutgoingTransitions());
-			assertEquals(1, task2.getOutgoingTransitions().size());
-			// transition from task2 to end
-			Transition task2ToEnd = task2.getOutgoingTransitions().get(0);
-			assertNull(task2ToEnd.getId());
-			assertEquals(task2, task2ToEnd.getFrom());
-			assertEquals(endEvent, task2ToEnd.getTo());
-			assertNull(task2ToEnd.getConditionExpression());
-			
-		}
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java
deleted file mode 100644
index 6744c0403..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java
+++ /dev/null
@@ -1,146 +0,0 @@
-package at.gv.egovernment.moa.id.process.test;
-
-import static at.gv.egovernment.moa.id.process.ProcessInstanceState.NOT_STARTED;
-import static at.gv.egovernment.moa.id.process.ProcessInstanceState.SUSPENDED;
-import static org.junit.Assert.assertEquals;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Properties;
-
-import org.hibernate.cfg.Configuration;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-
-import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
-import at.gv.egovernment.moa.id.module.test.TestRequestImpl;
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParser;
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException;
-import at.gv.egovernment.moa.id.process.ProcessEngine;
-import at.gv.egovernment.moa.id.process.ProcessEngineImpl;
-import at.gv.egovernment.moa.id.process.ProcessExecutionException;
-import at.gv.egovernment.moa.id.process.ProcessInstance;
-
-@RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration("/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml")
-public class ProcessEngineTest {
-	
-	@Autowired private static ProcessEngine pe;
-
-	@Autowired private ApplicationContext applicationContext;
-	
-	private boolean isInitialized = false;
-	
-	@Before
-	public void init() throws IOException, ProcessDefinitionParserException {
-		
-		if (!isInitialized) {
-			ProcessDefinitionParser pdp = new ProcessDefinitionParser();
-
-			if (pe == null) {
-				pe = applicationContext.getBean("processEngine", ProcessEngine.class);
-				
-			}
-			
-			((ProcessEngineImpl) pe).setTransitionConditionExpressionEvaluator(new BooleanStringExpressionEvaluator());
-			try (InputStream in = ProcessEngineTest.class.getResourceAsStream("SampleProcessDefinition1.xml")) {
-				((ProcessEngineImpl) pe).registerProcessDefinition(pdp.parse(in));
-			}
-			try (InputStream in = ProcessEngineTest.class.getResourceAsStream("SampleProcessDefinition2.xml")) {
-				((ProcessEngineImpl) pe).registerProcessDefinition(pdp.parse(in));
-			}
-
-			initHibernateForTesting();
-			isInitialized = true;
-		}
-	}
-	
-	private static void initHibernateForTesting() throws IOException{
-
-		InputStream in = ProcessEngineTest.class.getResourceAsStream("/at/gv/egovernment/moa/id/process/hibernate.configuration.test.properties");
-		Properties props = new Properties();
-		props.load(in);
-
-		try {
-			//ConfigurationDBUtils.initHibernate(props);
-			Configuration config = new Configuration();
-			config.addProperties(props);
-			//config.addAnnotatedClass(ProcessInstanceStore.class);
-			config.addAnnotatedClass(AssertionStore.class);
-			//MOASessionDBUtils.initHibernate(config, props);
-		} catch (Exception e) {
-			e.printStackTrace();
-		}
-	}
-	
-	@Test
-	public void testSampleProcess1() throws IOException, ProcessDefinitionParserException, ProcessExecutionException {
-		
-		TestRequestImpl testReq = new TestRequestImpl();
-		
-		String piId = pe.createProcessInstance("SampleProcess1");
-		ProcessInstance pi = pe.getProcessInstance(piId);
-		assertEquals(NOT_STARTED, pi.getState());
-
-		// start process
-		testReq.setProcessInstanceID(piId);
-		pe.start(testReq);
-		pi = pe.getProcessInstance(piId);
-		assertEquals(SUSPENDED, pi.getState());
-
-		System.out.println("Do something asynchronously");
-		testReq.setProcessInstanceID(piId);
-		pe.signal(testReq);
-		try {
-			pi = pe.getProcessInstance(piId);
-			throw new ProcessExecutionException("ProcessInstance should be removed already, but it was found.");
-			//assertEquals(ENDED, pi.getState());
-			
-		} catch (IllegalArgumentException e) {
-			// do nothing because processInstance should be already removed 
-			
-		}
-	}
-	
-	@Test
-	public void testSampleProcess2() throws IOException, ProcessDefinitionParserException, ProcessExecutionException {
-
-		TestRequestImpl testReq = new TestRequestImpl();
-		
-		String piId = pe.createProcessInstance("SampleProcess2");
-		ProcessInstance pi = pe.getProcessInstance(piId);
-		assertEquals(NOT_STARTED, pi.getState());
-
-		// start process
-		testReq.setProcessInstanceID(piId);
-		pe.start(testReq);
-		pi = pe.getProcessInstance(piId);
-		assertEquals(SUSPENDED, pi.getState());
-
-		System.out.println("Do something asynchronously");
-		testReq.setProcessInstanceID(piId);
-		pe.signal(testReq);
-		try {
-			pi = pe.getProcessInstance(piId);
-			throw new ProcessExecutionException("ProcessInstance should be removed already, but it was found.");
-			//assertEquals(ENDED, pi.getState());
-			
-		} catch (IllegalArgumentException e) {
-			// do nothing because processInstance should be already removed 
-			
-		}
-		
-		
-	}
-
-	@Test(expected = IllegalArgumentException.class)
-	public void testProcessInstanceDoesNotExist() {
-		pe.getProcessInstance("does not exist");
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java
index fc415097c..0c410e966 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/storage/test/DBTransactionStorageTest.java
@@ -12,14 +12,14 @@ import org.w3c.dom.Element;
 import org.xml.sax.SAXException;
 
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egovernment.moa.id.storage.DBTransactionStorage;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.util.DOMUtils;
 
 public class DBTransactionStorageTest {
 
-	public static void main (String[] args) throws SAXException, IOException, ParserConfigurationException, MOADatabaseException{
+	public static void main (String[] args) throws SAXException, IOException, ParserConfigurationException, EAAFException{
 		DBTransactionStorageTest t = new DBTransactionStorageTest();
 		t.test();
 	}
@@ -32,7 +32,7 @@ public class DBTransactionStorageTest {
 	}
 
 	
-	public void test() throws SAXException, IOException, ParserConfigurationException, MOADatabaseException{
+	public void test() throws SAXException, IOException, ParserConfigurationException, EAAFException{
 
 
 		ApplicationContext context = new FileSystemXmlApplicationContext("src/test/java/testBeans.xml");
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
index 8ca65e745..67a6552ef 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java
@@ -27,7 +27,6 @@ import java.util.Collection;
 import java.util.List;
 
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
 import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
@@ -64,10 +63,9 @@ public interface IOAAuthParameters extends ISPConfiguration{
 	 * 'urn:publicid:gv.at:cdid+' is allowed to receive baseIDs
 	 * 
 	 * @return true if there is a restriction, otherwise false
-	 * @throws ConfigurationException In case of online-application configuration has public and private identifies
 	 */
 	@Override
-	public boolean hasBaseIdInternalProcessingRestriction() throws EAAFConfigurationException;
+	public boolean hasBaseIdInternalProcessingRestriction();
 	
 	
 	/**
@@ -78,22 +76,11 @@ public interface IOAAuthParameters extends ISPConfiguration{
 	 * 'urn:publicid:gv.at:cdid+' is allowed to receive baseIDs
 	 * 
 	 * @return true if there is a restriction, otherwise false
-	 * @throws ConfigurationException In case of online-application configuration has public and private identifies
 	 */
 	@Override
-	public boolean hasBaseIdTransferRestriction() throws EAAFConfigurationException;
-	
-	
-	/**
-	 * Get the full area-identifier for this online application to calculate the 
-	 * area-specific unique person identifier (bPK, wbPK, eIDAS unique identifier, ...). 
-	 * This identifier always contains the full prefix 
-	 * 
-	 * @return area identifier with prefix
-	 * @throws ConfigurationException In case of online-application configuration has public and private identifies  
-	 */
-	public String getAreaSpecificTargetIdentifier() throws ConfigurationException;
+	public boolean hasBaseIdTransferRestriction();
 	
+		
 	/**
 	 * Get a friendly name for the specific area-identifier of this online application
 	 * 
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
index 8f09dc1aa..e1f995e82 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
@@ -29,10 +29,10 @@ import java.util.Map;
 
 import org.apache.commons.lang.StringEscapeUtils;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -121,10 +121,10 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
 		params.put(PARAM_BKU_LOCAL, IOAAuthParameters.LOCALBKU);
 		
 		if (pendingReq != null) {							
-			params.put(PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq.getRequestID()));
+			params.put(PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq.getPendingRequestId()));
 
 			//add service-provider specific GUI parameters
-			IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+			IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
 			if (oaParam != null) {
 				params.put(PARAM_OANAME, StringEscapeUtils.escapeHtml(oaParam.getFriendlyName()));
 
@@ -170,7 +170,7 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
 	 */
 	private void addCountrySelection(Map<String, Object> params, IOAAuthParameters oaParam) {
 		String pepslist = "";
-		try {				
+		try {				 
 			for (CPEPS current : oaParam.getPepsList()) {
 				String countryName = null;							
 				if (MiscUtil.isNotEmpty(MOAIDAuthConstants.COUNTRYCODE_XX_TO_NAME.get(current.getFullCountryCode().toUpperCase())))
@@ -205,14 +205,14 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
 	 */
 	@Override
 	public InputStream getTemplate(String viewName) {		
-		if (pendingReq != null && pendingReq.getOnlineApplicationConfiguration() != null) {
+		if (pendingReq != null && pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class) != null) {
 			
 			byte[] oatemplate = null;			
 			if (VIEW_BKUSELECTION.equals(viewName))				
-				oatemplate = pendingReq.getOnlineApplicationConfiguration().getBKUSelectionTemplate();
+				oatemplate = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getBKUSelectionTemplate();
 			
 			else if (VIEW_SENDASSERTION.equals(viewName))
-				oatemplate = pendingReq.getOnlineApplicationConfiguration().getSendAssertionTemplate();
+				oatemplate = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getSendAssertionTemplate();
 			
 			// OA specific template requires a size of 8 bits minimum
 			if (oatemplate != null && oatemplate.length > 7)
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
index a1223b093..5283089ed 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
@@ -101,7 +101,7 @@ public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderCo
 	public Map<String, Object> getSpecificViewParameters() {
 		Map<String, Object> params =  new HashMap<String, Object>();
 		if (pendingReq != null) {							
-			params.put(PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq.getRequestID()));
+			params.put(PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq.getPendingRequestId()));
 			
 		}		
 		if (customParameters != null)
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
index 8d5a8bf9b..8afda3c71 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithDBLoad.java
@@ -26,6 +26,7 @@ import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 
 /**
  * @author tlenz
@@ -62,14 +63,14 @@ public class SPSpecificGUIBuilderConfigurationWithDBLoad extends AbstractService
 	 */
 	@Override
 	public InputStream getTemplate(String viewName) {		
-		if (pendingReq != null && pendingReq.getOnlineApplicationConfiguration() != null) {
+		if (pendingReq != null && pendingReq.getServiceProviderConfiguration() != null) {
 			
 			byte[] oatemplate = null;			
 			if (VIEW_BKUSELECTION.equals(viewName))				
-				oatemplate = pendingReq.getOnlineApplicationConfiguration().getBKUSelectionTemplate();
+				oatemplate = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getBKUSelectionTemplate();
 			
 			else if (VIEW_SENDASSERTION.equals(viewName))
-				oatemplate = pendingReq.getOnlineApplicationConfiguration().getSendAssertionTemplate();
+				oatemplate = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getSendAssertionTemplate();
 			
 			// OA specific template requires a size of 8 bits minimum
 			if (oatemplate != null && oatemplate.length > 7)
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
index bb947a15f..6092c8d5d 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
@@ -81,10 +81,10 @@ public class SPSpecificGUIBuilderConfigurationWithFileSystemLoad extends Abstrac
 	 */
 	@Override
 	public InputStream getTemplate(String viewName) {		
-		if (pendingReq != null && pendingReq.getOnlineApplicationConfiguration() != null && 
+		if (pendingReq != null && pendingReq.getServiceProviderConfiguration() != null && 
 				configKeyIdentifier != null) {
 			try {
-				String templateURL = pendingReq.getOnlineApplicationConfiguration().getConfigurationValue(configKeyIdentifier);
+				String templateURL = pendingReq.getServiceProviderConfiguration().getConfigurationValue(configKeyIdentifier);
 				if (MiscUtil.isNotEmpty(templateURL)) {
 					String absURL = FileUtils.makeAbsoluteURL(templateURL, configRootContextDir);				
 					if (!absURL.startsWith("file:")) {
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
index 947a42345..53ec222dc 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
@@ -26,7 +26,7 @@ package at.gv.egovernment.moa.id.auth.frontend.utils;
 import java.util.HashMap;
 import java.util.Map;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -76,7 +76,7 @@ public class FormBuildUtils {
 				
 				defaultmap.put(PARAM_REDIRECTTARGET, "_top");
 			}
-	}
+	} 
 	
 	public static void customiceLayoutBKUSelection(Map<String, Object> params, IOAAuthParameters oaParam) {
 		
diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
index d8146786a..d32ce972a 100644
--- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
+++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
@@ -91,7 +91,7 @@ public class MOAIDAuthSpringInitializer implements WebApplicationInitializer {
 					rootContext.getEnvironment().addActiveProfile(profile);
 				}
 			}
-
+		
 			Logger.info("Spring-context was initialized with active profiles: " + 
 					Arrays.asList(rootContext.getEnvironment().getActiveProfiles()));
 			
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
index 2e09bf55c..1269229d0 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
@@ -29,13 +29,13 @@ import javax.annotation.PostConstruct;
 
 import org.springframework.beans.factory.annotation.Autowired;
 
-import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager;
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager;
+import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.tasks.FirstBKAMobileAuthTask;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -48,7 +48,7 @@ public class BKAMobileAuthModule implements AuthModule {
 	private int priority = 1;
 	
 	@Autowired(required=true) protected AuthConfiguration authConfig;
-	@Autowired(required=true) private AuthenticationManager authManager;
+	@Autowired(required=true) private IAuthenticationManager authManager;
 	
 	private List<String> uniqueIDsDummyAuthEnabled = new ArrayList<String>();
 	
@@ -71,7 +71,7 @@ public class BKAMobileAuthModule implements AuthModule {
 	
 	@PostConstruct
 	public void initialDummyAuthWhiteList() {
-		String sensitiveSpIdentifier = authConfig.getBasicMOAIDConfiguration("modules.bkamobileAuth.entityID");
+		String sensitiveSpIdentifier = authConfig.getBasicConfiguration("modules.bkamobileAuth.entityID");
 		if (MiscUtil.isNotEmpty(sensitiveSpIdentifier)) {
 			uniqueIDsDummyAuthEnabled.addAll(KeyValueUtils.getListOfCSVValues(sensitiveSpIdentifier));
 			
@@ -91,7 +91,7 @@ public class BKAMobileAuthModule implements AuthModule {
 	 */
 	@Override
 	public String selectProcess(ExecutionContext context) {		
-		String spEntityID = (String) context.get(MOAIDAuthConstants.PROCESSCONTEXT_UNIQUE_OA_IDENTFIER);
+		String spEntityID = (String) context.get(EAAFConstants.PROCESS_ENGINE_SERVICE_PROVIDER_ENTITYID);
 		if (MiscUtil.isNotEmpty(spEntityID)) {				
 			if (uniqueIDsDummyAuthEnabled.contains(spEntityID)) {
 				String eIDBlob = (String)context.get(FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW);
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
index 37ee3f201..68b944814 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
@@ -29,6 +29,7 @@ import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.KeySpec;
+import java.util.Date;
 
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
@@ -54,15 +55,17 @@ import com.google.gson.JsonParseException;
 import com.google.gson.JsonParser;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
@@ -90,7 +93,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 	private static final String EIDCONTAINER_EID = "eid";
 	private static final String EIDCONTAINER_KEY_IDL = "idl";
 	private static final String EIDCONTAINER_KEY_BINDINGCERT = "cert";
-	
+	 
 	public static final String REQ_PARAM_eID_BLOW = "eidToken";
 	
 	@Autowired(required=true) private AuthConfiguration authConfig;
@@ -111,7 +114,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 				throw new MOAIDException("NO eID data blob included!", null);
 			}
 								
-			parseDemoValuesIntoMOASession(pendingReq, pendingReq.getMOASession(), eIDBlobRawB64);
+			parseDemoValuesIntoMOASession(pendingReq, eIDBlobRawB64);
 			
 		} catch (MOAIDException e) {
 			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
@@ -133,7 +136,9 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 	 * @throws MOAIDException 
 	 * @throws IOException 
 	 */
-	private void parseDemoValuesIntoMOASession(IRequest pendingReq, IAuthenticationSession moaSession, String eIDBlobRawB64) throws MOAIDException, IOException {
+	private void parseDemoValuesIntoMOASession(IRequest pendingReq, String eIDBlobRawB64) throws MOAIDException, IOException {
+		IAuthenticationSession moaSession = new AuthenticationSession("1235", new Date());
+		
 		Logger.debug("Check eID blob signature  ... ");
 		byte[] eIDBlobRaw = Base64Utils.decode(eIDBlobRawB64.trim(), false);
 		
@@ -209,6 +214,8 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 			Logger.info("Session Restore completed");
 			
 			
+			pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession());
+			
 		} catch (MOAIDException e) {
 			throw e;
 			
@@ -236,6 +243,10 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 			Logger.error("Can not extract mobile-app binding-certificate from eID blob.", e);
 			throw new MOAIDException("Can not extract mobile-app binding-certificate from eID blob.", null, e);
 						
+		} catch (EAAFStorageException e) {
+			Logger.error("Can not populate pending-request with eID data.", e);
+			throw new MOAIDException("Can not populate pending-request with eID data.", null, e);
+			
 		} finally {
 						
 		}
@@ -243,7 +254,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 	}
 	
 	private SecretKey generateDecryptionKey(byte[] salt) throws MOAIDException {
-		String decryptionPassPhrase = authConfig.getBasicMOAIDConfiguration(CONF_EID_TOKEN_ENCRYPTION_KEY, "DEFAULTPASSWORD");			
+		String decryptionPassPhrase = authConfig.getBasicConfiguration(CONF_EID_TOKEN_ENCRYPTION_KEY, "DEFAULTPASSWORD");			
 		try {
 			SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
 			KeySpec spec = new PBEKeySpec(decryptionPassPhrase.toCharArray(), salt, 2000, 128);
@@ -276,7 +287,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 		}
 		SignerInfo signerInfos = verifySigResult.getSignerInfo();
 		DateTime date = new DateTime(signerInfos.getSigningTime().getTime());
-		Integer signingTimeJitter = Integer.valueOf(authConfig.getBasicMOAIDConfiguration(CONF_SIGNING_TIME_JITTER, "5"));
+		Integer signingTimeJitter = Integer.valueOf(authConfig.getBasicConfiguration(CONF_SIGNING_TIME_JITTER, "5"));
 		if (date.plusMinutes(signingTimeJitter).isBeforeNow()) {
 			Logger.warn("CMS signature-time is before: " + date.plusMinutes(signingTimeJitter));
 			throw new MOAIDException("CMS signature-time is before: " + date.plusMinutes(signingTimeJitter), null);
@@ -290,7 +301,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 		cmsSigVerifyReq.setSignatories(VerifyCMSSignatureRequestImpl.ALL_SIGNATORIES);
 		cmsSigVerifyReq.setExtended(false);
 		cmsSigVerifyReq.setPDF(false);
-		cmsSigVerifyReq.setTrustProfileId(authConfig.getBasicMOAIDConfiguration(CONF_MOASPSS_TRUSTPROFILE, "!!NOT SET!!!"));
+		cmsSigVerifyReq.setTrustProfileId(authConfig.getBasicConfiguration(CONF_MOASPSS_TRUSTPROFILE, "!!NOT SET!!!"));
 		cmsSigVerifyReq.setCMSSignature(new ByteArrayInputStream(eIDBlobRaw));				
 		return cmsSigVerifyReq;		
 	}
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
index 5c70b2628..9ce987956 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
@@ -25,21 +25,26 @@ package at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.tasks;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.URL;
+import java.util.Date;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.FileUtils;
@@ -50,7 +55,9 @@ import at.gv.egovernment.moa.util.FileUtils;
  */
 @Component("SecondBKAMobileAuthTask")
 public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
-
+ 
+	@Autowired AuthConfiguration moaAuthConfig;
+	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
 	 */
@@ -60,7 +67,7 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
 		
 		try {
 			Logger.info("Add user credentials for BKA MobileAuth SAML2 test and finalize authentication");	
-			parseDemoValuesIntoMOASession(pendingReq, pendingReq.getMOASession());
+			parseDemoValuesIntoMOASession(pendingReq);
 
 			// store MOASession into database
 	    	requestStoreage.storePendingRequest(pendingReq);
@@ -78,8 +85,11 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
 	 * @param pendingReq
 	 * @param moaSession
 	 * @throws MOAIDException 
+	 * @throws EAAFStorageException 
 	 */
-	private void parseDemoValuesIntoMOASession(IRequest pendingReq, IAuthenticationSession moaSession) throws MOAIDException {
+	private void parseDemoValuesIntoMOASession(IRequest pendingReq) throws MOAIDException, EAAFStorageException {
+		IAuthenticationSession moaSession = new AuthenticationSession("1233", new Date());
+		
 		moaSession.setUseMandates(false);
 		moaSession.setForeigner(false);
 		
@@ -87,18 +97,20 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
 		moaSession.setQAALevel(PVPConstants.STORK_QAA_1_4);
 			
 		try {
-			String idlurl = FileUtils.makeAbsoluteURL(authConfig.getMonitoringTestIdentityLinkURL(), authConfig.getRootConfigFileDir());				
+			String idlurl = FileUtils.makeAbsoluteURL(moaAuthConfig.getMonitoringTestIdentityLinkURL(), moaAuthConfig.getRootConfigFileDir());				
 		  	URL keystoreURL = new URL(idlurl);					
 			InputStream idlstream = keystoreURL.openStream();
 			IIdentityLink identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink();			
 			moaSession.setIdentityLink(identityLink);
-			
+						
 		} catch (ParseException | IOException e) {
 			Logger.error("IdentityLink is not parseable.", e);
 			throw new MOAIDException("IdentityLink is not parseable.", null);
 			
 		}
 			
+		pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession());
+		
 	}
 
 }
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 6afc68161..46381fb3d 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -30,23 +30,25 @@ import org.apache.commons.lang.StringUtils;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonPrimitive;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIssuingNationAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType;
 import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIssuingNationAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSectorForIDAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePIN;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePINType;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder;
@@ -62,7 +64,6 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceVal
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.logging.Logger;
 
 public final class OAuth20AttributeBuilder {
@@ -70,7 +71,7 @@ public final class OAuth20AttributeBuilder {
 	private OAuth20AttributeBuilder() {
 		throw new InstantiationError();
 	}
-	
+	 
 	private static IAttributeGenerator<Pair<String, JsonPrimitive>> generator = new IAttributeGenerator<Pair<String, JsonPrimitive>>() {
 		
 		public Pair<String, JsonPrimitive> buildStringAttribute(final String friendlyName, final String name, final String value) {
@@ -206,7 +207,7 @@ public final class OAuth20AttributeBuilder {
 	}
 	
 	private static void addAttibutes(final List<IAttributeBuilder> builders, final JsonObject jsonObject,
-			final IOAAuthParameters oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) {
+			final ISPConfiguration oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) {
 		for (IAttributeBuilder b : builders) {
 			try {
 				//TODO: better solution requires more refactoring :(
@@ -222,7 +223,7 @@ public final class OAuth20AttributeBuilder {
 					jsonObject.add(attribute.getFirst(), attribute.getSecond());
 				}
 			}
-			catch (AttributeException e) {
+			catch (AttributeBuilderException e) {
 				Logger.info("Cannot add attribute " + b.getName());
 			}
 		}
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java
index 076ded75a..b3586245b 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java
@@ -22,12 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class OpenIdAudiencesAttribute implements IAttributeBuilder {
 	
@@ -35,9 +34,9 @@ public class OpenIdAudiencesAttribute implements IAttributeBuilder {
 		return "aud";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException { 
-		return g.buildStringAttribute(this.getName(), "", oaParam.getPublicURLPrefix());
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException { 
+		return g.buildStringAttribute(this.getName(), "", oaParam.getUniqueIdentifier());
 	}
 	
 	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
index 0e99a18c3..933ee8904 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
@@ -22,12 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class OpenIdAuthenticationTimeAttribute implements IAttributeBuilder {
 	
@@ -35,9 +34,9 @@ public class OpenIdAuthenticationTimeAttribute implements IAttributeBuilder {
 		return "auth_time";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
-		return g.buildLongAttribute(this.getName(), "", ((long) (authData.getIssueInstant().getTime() / 1000)));
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+		return g.buildLongAttribute(this.getName(), "", ((long) (authData.getAuthenticationIssueInstant().getTime() / 1000)));
 	}
 	
 	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
index 05638c907..04efa3979 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
@@ -24,12 +24,11 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
 import java.util.Date;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class OpenIdExpirationTimeAttribute implements IAttributeBuilder {
 	
@@ -39,8 +38,8 @@ public class OpenIdExpirationTimeAttribute implements IAttributeBuilder {
 		return "exp";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000 + expirationTime));
 	}
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
index b40d752eb..459d2b1cd 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
@@ -24,12 +24,11 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
 import java.util.Date;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class OpenIdIssueInstantAttribute implements IAttributeBuilder {
 	
@@ -37,8 +36,8 @@ public class OpenIdIssueInstantAttribute implements IAttributeBuilder {
 		return "iat";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000));
 	}
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
index d212feb12..2f4124c32 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
@@ -22,12 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class OpenIdIssuerAttribute implements IAttributeBuilder {
 	
@@ -35,9 +34,9 @@ public class OpenIdIssuerAttribute implements IAttributeBuilder {
 		return "iss";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
-		return g.buildStringAttribute(this.getName(), "", authData.getIssuer());
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+		return g.buildStringAttribute(this.getName(), "", authData.getAuthenticationIssuer());
 	}
 	
 	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
index 99465bf95..66b6a2518 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java
@@ -22,27 +22,27 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class OpenIdNonceAttribute implements IAttributeBuilder {
 	
-	public String getName() {
+	public String getName() { 
 		return "nonce";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException { 
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException { 
 		return g.buildStringAttribute(this.getName(), "", null);
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest,
-			IAttributeGenerator<ATT> g) throws AttributeException { 
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException { 
 		if (MiscUtil.isNotEmpty(oAuthRequest.getNonce()))
 			return g.buildStringAttribute(this.getName(), "", oAuthRequest.getNonce());
 		else
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
index 4b1219c9d..e3e717ec3 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
@@ -22,12 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class OpenIdSubjectIdentifierAttribute implements IAttributeBuilder {
 	
@@ -35,8 +34,8 @@ public class OpenIdSubjectIdentifierAttribute implements IAttributeBuilder {
 		return "sub";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		return g.buildStringAttribute(this.getName(), "", authData.getBPK());
 	}
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
index f1b0bd108..d23877395 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
@@ -22,12 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class ProfileDateOfBirthAttribute implements IAttributeBuilder {
 	
@@ -35,8 +34,8 @@ public class ProfileDateOfBirthAttribute implements IAttributeBuilder {
 		return "birthdate";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		return g.buildStringAttribute(this.getName(), "", authData.getFormatedDateOfBirth());
 	}
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
index 0ea6ba643..540962a29 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
@@ -22,12 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class ProfileFamilyNameAttribute implements IAttributeBuilder {
 	
@@ -35,8 +34,8 @@ public class ProfileFamilyNameAttribute implements IAttributeBuilder {
 		return "family_name";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		return g.buildStringAttribute(this.getName(), "", authData.getFamilyName());
 	}
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
index e6c7fd18d..f6f774a46 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
@@ -22,12 +22,11 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
-import at.gv.egiz.eaaf.core.api.data.IAuthData;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 
 public class ProfileGivenNameAttribute implements IAttributeBuilder {
 	
@@ -35,8 +34,8 @@ public class ProfileGivenNameAttribute implements IAttributeBuilder {
 		return "given_name";
 	}
 	
-	public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeException {
+	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
 		return g.buildStringAttribute(this.getName(), "", authData.getGivenName());
 	}
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index 67c0aafce..1528cfb28 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -22,30 +22,22 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
 
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Map;
-
 import javax.servlet.http.HttpServletRequest;
 
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
-import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
 import at.gv.egovernment.moa.logging.Logger;
 
 @Component("OAuth20AuthRequest")
@@ -102,7 +94,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 	 *            the state to set
 	 */
 	public void setState(String state) {
-		this.state = state;
+		this.state = state; 
 	}
 	
 	/**
@@ -188,7 +180,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 		// check if client id and redirect uri are ok
 		try {
 			// OAOAUTH20 cannot be null at this point. check was done in base request
-			IOAAuthParameters oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL());
+			IOAAuthParameters oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getSPEntityId());
 			
 			
 			if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))
@@ -206,40 +198,40 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 		
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
-	 */
-	@Override
-	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
-		Map<String, String> reqAttr = new HashMap<String, String>();
-		for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
-			reqAttr.put(el, "");
-						
-		for (String s : scope.split(" ")) {
-			if (s.equalsIgnoreCase("profile")) {
-				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile())
-					reqAttr.put(el.getName(), "");
-
-			} else if (s.equalsIgnoreCase("eID")) {
-				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid())
-					reqAttr.put(el.getName(), "");
-				
-			} else if (s.equalsIgnoreCase("eID_gov")) {
-				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov())
-					reqAttr.put(el.getName(), "");
-				
-			} else if (s.equalsIgnoreCase("mandate")) {
-				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate())
-					reqAttr.put(el.getName(), "");
-				
-			} else if (s.equalsIgnoreCase("stork")) {
-				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork())
-					reqAttr.put(el.getName(), "");
-				
-			}
-		}
-		
-		//return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
-		return reqAttr.keySet();
-	}
+//	/* (non-Javadoc)
+//	 * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
+//	 */
+//	@Override
+//	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
+//		Map<String, String> reqAttr = new HashMap<String, String>();
+//		for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
+//			reqAttr.put(el, "");
+//						
+//		for (String s : scope.split(" ")) {
+//			if (s.equalsIgnoreCase("profile")) {
+//				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile())
+//					reqAttr.put(el.getName(), "");
+//
+//			} else if (s.equalsIgnoreCase("eID")) {
+//				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid())
+//					reqAttr.put(el.getName(), "");
+//				
+//			} else if (s.equalsIgnoreCase("eID_gov")) {
+//				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov())
+//					reqAttr.put(el.getName(), "");
+//				
+//			} else if (s.equalsIgnoreCase("mandate")) {
+//				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate())
+//					reqAttr.put(el.getName(), "");
+//				
+//			} else if (s.equalsIgnoreCase("stork")) {
+//				for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork())
+//					reqAttr.put(el.getName(), "");
+//				
+//			}
+//		}
+//		
+//		//return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
+//		return reqAttr.keySet();
+//	}
 }
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
index d3136b43e..2ce5234ac 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -30,12 +30,13 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
 
-import at.gv.egiz.eaaf.core.api.IOAAuthParameters;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException;
@@ -49,6 +50,8 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 	
 	protected Set<String> allowedParameters = new HashSet<String>();
 		
+	@Autowired(required=true) protected IConfiguration authConfig;
+	
 	protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception {
 		String param = request.getParameter(name);
 		Logger.debug("Reading param " + name + " from HttpServletRequest with value " + param);
@@ -70,8 +73,8 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 			if (!ParamValidatorUtils.isValidOA(oaURL)) {
 				throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
 			}
-			this.setOAURL(oaURL);
-			IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL);
+			this.setSPEntityId(oaURL);
+			ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaURL);
 			
 			if (oaParam == null) {
 				throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
@@ -83,7 +86,7 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 				throw new OAuth20OANotSupportedException();
 			}
 		}
-		catch (ConfigurationException e) {
+		catch (EAAFConfigurationException e) {
 			throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
 		}
 		
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 5acb1c547..ff802136f 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -57,7 +57,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 		return PATH;
 	}
 	
-	/**
+	/** 
 	 * 
 	 */
 	public OAuth20Protocol() {
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
index 4c829f6ca..4ae255d1d 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
@@ -49,7 +49,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper;
+import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -182,7 +182,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 					pendingReq.getClass().isInstance(storkRequst)) {
 				
 				try {									
-					secClass = PVPtoSTORKMapper.getInstance().mapToSecClass(
+					secClass = LoALevelMapper.getInstance().mapToSecClass(
 							PVPConstants.STORK_QAA_PREFIX + String.valueOf(storkSecClass));
 				
 				} catch (Exception e) {
-- 
cgit v1.2.3


From 5d46366bfebd7bc38d7df3d648bf03bd29700a2e Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 15 Jun 2018 13:16:19 +0200
Subject: fix first refactoring problems

---
 .../egovernment/moa/id/util/PVPtoSTORKMapper.java  | 174 +++++++++++++++++++++
 .../main/resources/moaid.authentication.beans.xml  |  26 +--
 .../main/resources/moaid.configuration.beans.xml   |   2 +
 ...ingExpressionAwareProcessEngineTest-context.xml |  24 +--
 .../moa/id/commons/utils/MOAIDMessageProvider.java |   8 +-
 id/server/moa-id-frontend-resources/pom.xml        |   4 +
 .../MOAIDGuiBilderConfigurationFactory.java        |  17 ++
 7 files changed, 219 insertions(+), 36 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
 create mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java

(limited to 'id/server/moa-id-frontend-resources/src')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
new file mode 100644
index 000000000..099a70470
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/PVPtoSTORKMapper.java
@@ -0,0 +1,174 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.util;
+
+import java.io.IOException;
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.data.AuthenticationRole;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class PVPtoSTORKMapper {
+
+	private static final String PVP_SECCLASS_PREFIX = "http://www.ref.gv.at/ns/names/agiz/pvp/";
+	private static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/";
+	private static final String eIDAS_QAA_PREFIX = "http://eidas.europa.eu/";
+	
+	private static final String MAPPING_RESOURCE = 
+			"resources/properties/pvp-stork_mapping.properties";
+	
+	private static final String MAPPING_SECCLASS_PREFIX = "secclass_";
+	private static final String MAPPING_EIDAS_PREFIX = "eidas_";
+	
+	private Properties mapping = null;
+	
+	private static PVPtoSTORKMapper instance = null;
+	
+	public static PVPtoSTORKMapper getInstance() {
+		if (instance == null) {
+			instance = new PVPtoSTORKMapper();			
+		}
+		
+		return instance;
+	}
+	
+	private PVPtoSTORKMapper() {
+		try {
+			mapping = new Properties();
+			mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE));
+			Logger.debug("PVP -> STORK Role mapping initialisation finished.");
+			
+		} catch (IOException e) {
+			Logger.error("PVP -> STORK Role mapping initialisation FAILED." , e);
+			mapping = null;
+			
+		}
+		
+		
+	}
+
+	/**
+	 * Map STORK QAA level to eIDAS QAA level
+	 * 
+	 * @param storkQAA STORK QAA level
+	 * @return
+	 */
+	public String mapSTORKQAAToeIDASQAA(String storkQAA) {
+		if (mapping != null) {
+			String input = storkQAA.substring(STORK_QAA_PREFIX.length());			
+			String mappedQAA = mapping.getProperty(MAPPING_EIDAS_PREFIX + input);
+			if (MiscUtil.isNotEmpty(mappedQAA)) {
+				Logger.info("Map STORK-QAA " + storkQAA + " to eIDAS-QAA " + mappedQAA);
+				return mappedQAA;
+				
+			}						
+		}		
+		Logger.warn("No eIDAS-QAA mapping for STORK-QAA " + storkQAA +" !");
+		return null;
+		
+	}
+	
+	/**
+	 * Map eIDAS QAA-level to STORK QAA-level
+	 * 
+	 * @param qaaLevel eIDAS QAA-level
+	 * @return STORK QAA-level
+	 */
+	public String mapeIDASQAAToSTORKQAA(String qaaLevel) {
+		if (mapping != null) {
+			String input = qaaLevel.substring(eIDAS_QAA_PREFIX.length());			
+			String mappedQAA = mapping.getProperty(input);
+			if (MiscUtil.isNotEmpty(mappedQAA)) {
+				Logger.info("Map eIDAS-QAA " + qaaLevel + " to STORK-QAA " + mappedQAA);
+				return mappedQAA;
+				
+			}						
+		}		
+		Logger.warn("No eIDAS-QAA mapping for eIDAS-QAA " + qaaLevel +" !");
+		return null;
+	}
+	
+	/**Map a STORK QAA level to PVP SecClass
+	 * 
+	 * @param STORK-QAA level
+	 * @return PVP SecClass pvpQAALevel
+	 */	
+	public String mapToSecClass(String storkQAALevel) {
+		if (mapping != null) {
+			String input = storkQAALevel.substring(STORK_QAA_PREFIX.length());			
+			String mappedQAA = mapping.getProperty(MAPPING_SECCLASS_PREFIX + input);
+			if (MiscUtil.isNotEmpty(mappedQAA)) {
+				Logger.info("Map STORK-QAA " + storkQAALevel + " to PVP SecClass " + mappedQAA);
+				return mappedQAA;
+				
+			}						
+		}		
+		Logger.warn("No mapping for STORK-QAA " + storkQAALevel +" !");
+		return null;
+	}
+	
+	/**Map a PVP SecClass to STORK QAA level
+	 * 
+	 * @param PVP SecClass pvpQAALevel
+	 * @return STORK-QAA level
+	 */	
+	public String mapToQAALevel(String pvpQAALevel) {
+		if (mapping != null) {
+			String input = pvpQAALevel.substring(PVP_SECCLASS_PREFIX.length());			
+			String mappedQAA = mapping.getProperty(input);
+			if (MiscUtil.isNotEmpty(mappedQAA)) {
+				Logger.info("Map PVP SecClass " + pvpQAALevel + " to STORK-QAA " + mappedQAA);
+				return mappedQAA;
+				
+			}						
+		}		
+		Logger.warn("No mapping for PVP SecClass " + pvpQAALevel +" !");
+		return null;
+	}
+	
+	/**Map a PVP Role attribute to STORK ECAuthenticationRole attribute values
+	 * 
+	 * @param PVP Role attribute
+	 * @return STORK ECAuthenticationRole attribute value
+	 */
+	public String map(AuthenticationRole el) {
+		if (mapping != null) {
+			//String ecRole = mapping.getProperty(el.getRawRoleString());
+			String ecRole = mapping.getProperty(el.getRoleName());
+			if (MiscUtil.isNotEmpty(ecRole)) {
+				//Logger.info("Map PVPRole " + el.getRawRoleString() + " to ECRole " + ecRole);
+				Logger.info("Map PVPRole " + el.getRoleName() + " to ECRole " + ecRole);
+				return ecRole;
+			}			
+		}
+		//Logger.warn("NO mapping for PVPRole "+ el.getRawRoleString() + " !");
+		Logger.warn("NO mapping for PVPRole "+ el.getRoleName() + " !");
+		return null;
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
index ba8c47304..d8565112b 100644
--- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
+++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
@@ -15,18 +15,10 @@
  	<task:annotation-driven executor="MOA-ID-Auth_TaskExecutor" scheduler="MOA-ID-Auth_Scheduler"/>
 	<task:executor id="MOA-ID-Auth_TaskExecutor" pool-size="5"/>
 	<task:scheduler id="MOA-ID-Auth_Scheduler" pool-size="10"/>
- 
- 	<bean id="processEngine" class="at.gv.egovernment.moa.id.process.ProcessEngineImpl">
-		<property name="transitionConditionExpressionEvaluator">
-			<bean class="at.gv.egovernment.moa.id.process.springweb.SpringWebExpressionEvaluator" />
-		</property>
-	</bean>
-	
+  	
 	<!-- import auth modules -->
 	<import resource="classpath*:**/*.authmodule.beans.xml" />
 
-	<bean id="moduleRegistration" class="at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration" factory-method="getInstance" />
-	
 	<context:component-scan base-package="at.gv.egovernment.moa.id.auth.servlet" />
 	<context:component-scan base-package="at.gv.egovernment.moa.id.protocols" />
  
@@ -42,17 +34,13 @@
 	<bean id="MOAID_SSOManager" 
 				class="at.gv.egovernment.moa.id.moduls.SSOManager"/>
 
+	<bean 	id="moaGUIConfigurationFactory" 
+			class="at.gv.egovernment.moa.id.auth.frontend.MOAIDGuiBilderConfigurationFactory" />
 	
 
 	<bean id="AuthenticationSessionStoreage" 
 				class="at.gv.egovernment.moa.id.storage.DBAuthenticationSessionStoreage"/>
-				
-	<bean id="RequestStorage" 
-				class="at.gv.egovernment.moa.id.moduls.RequestStorage"/>
-				
-	<bean id="ProcessInstanceStoreage" 
-				class="at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAOImpl"/>
-
+								
 	<bean id="MOAReversionLogger" 
 				class="at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger"/>
 				
@@ -80,11 +68,7 @@
 	<bean id="RestartAuthProzessManagement" 
 				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.RestartAuthProzessManagement"
 				scope="prototype"/>				
-
-	<bean id="FinalizeAuthenticationTask" 
-				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.FinalizeAuthenticationTask"
-				scope="prototype"/>
-				
+			
 	<bean id="GenerateSSOConsentEvaluatorFrameTask" 
 				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GenerateSSOConsentEvaluatorFrameTask"
 				scope="prototype"/>
diff --git a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
index 9c27ba581..b23948688 100644
--- a/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
+++ b/id/server/idserverlib/src/main/resources/moaid.configuration.beans.xml
@@ -11,6 +11,8 @@
 
 	<context:property-placeholder location="${moa.id.configuration}"/> 
 
+	<bean id="MOAIDMessageProvider" class="at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider" />
+
 	<bean id="moaidauthconfig" class="at.gv.egovernment.moa.id.config.auth.PropertyBasedAuthConfigurationProvider">
 		<constructor-arg value="#{systemProperties['moa.id.configuration']}"/>
 	</bean>
diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml
index 7d9db0ab7..2f4648de3 100644
--- a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml
+++ b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml
@@ -9,40 +9,40 @@
 		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
 		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
 
-	<bean id="springElAwareExpressionEvaluator" class="at.gv.egovernment.moa.id.process.spring.SpringExpressionEvaluator" />
+	<bean id="springElAwareExpressionEvaluator" class="at.gv.egiz.eaaf.core.impl.idp.process.spring.SpringExpressionEvaluator" />
 
-	<bean id="processEngine" class="at.gv.egovernment.moa.id.process.ProcessEngineImpl">
+	<bean id="processEngine" class="at.gv.egiz.eaaf.core.impl.idp.process.ProcessEngineImpl">
 		<property name="transitionConditionExpressionEvaluator" ref="springElAwareExpressionEvaluator" />
 	</bean>
 	
 	<bean id="TransactionStorage" 
-				class="at.gv.egovernment.moa.id.process.spring.test.DummyTransactionStorage"/>
+				class="at.gv.egiz.eaaf.core.impl.idp.process.spring.test.DummyTransactionStorage"/>
 	
 	<bean id="ProcessInstanceStoreage" 
-				class="at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAOImpl"/>	
+				class="at.gv.egiz.eaaf.core.impl.idp.process.dao.ProcessInstanceStoreDAOImpl"/>	
 	
 	<bean id="HelloWorldTask" 
-				class="at.gv.egovernment.moa.id.process.test.HelloWorldTask"/>
+				class="at.gv.egiz.eaaf.core.impl.idp.process.test.HelloWorldTask"/>
 	
 	<bean id="HalloWeltTask" 
-				class="at.gv.egovernment.moa.id.process.test.HalloWeltTask"/>
+				class="at.gv.egiz.eaaf.core.impl.idp.process.test.HalloWeltTask"/>
 				
 	<bean id="SelectBKUTask" 
-				class="at.gv.egovernment.moa.id.process.spring.test.task.SelectBKUTask"/>
+				class="at.gv.egiz.eaaf.core.impl.idp.process.spring.test.task.SelectBKUTask"/>
 				
 	<bean id="CreateSAML1AssertionTask" 
-				class="at.gv.egovernment.moa.id.process.spring.test.task.CreateSAML1AssertionTask"/>
+				class="at.gv.egiz.eaaf.core.impl.idp.process.spring.test.task.CreateSAML1AssertionTask"/>
 
 	<bean id="GetIdentityLinkTask" 
-				class="at.gv.egovernment.moa.id.process.spring.test.task.GetIdentityLinkTask"/>
+				class="at.gv.egiz.eaaf.core.impl.idp.process.spring.test.task.GetIdentityLinkTask"/>
 
 	<bean id="SignAuthBlockTask" 
-				class="at.gv.egovernment.moa.id.process.spring.test.task.SignAuthBlockTask"/>
+				class="at.gv.egiz.eaaf.core.impl.idp.process.spring.test.task.SignAuthBlockTask"/>
 				
 	<bean id="ValidateIdentityLinkTask" 
-				class="at.gv.egovernment.moa.id.process.spring.test.task.ValidateIdentityLinkTask"/>
+				class="at.gv.egiz.eaaf.core.impl.idp.process.spring.test.task.ValidateIdentityLinkTask"/>
 				
 	<bean id="ValidateSignedAuthBlockTask" 
-				class="at.gv.egovernment.moa.id.process.spring.test.task.ValidateSignedAuthBlockTask"/>																	
+				class="at.gv.egiz.eaaf.core.impl.idp.process.spring.test.task.ValidateSignedAuthBlockTask"/>																	
 	
 </beans>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java
index bc1e2dcdb..2cb867cbc 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAIDMessageProvider.java
@@ -48,6 +48,8 @@ package at.gv.egovernment.moa.id.commons.utils;
 
 import java.util.Locale;
 
+import org.springframework.stereotype.Service;
+
 import at.gv.egiz.eaaf.core.api.IStatusMessager;
 import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException;
@@ -57,7 +59,7 @@ import at.gv.egovernment.moa.util.Messages;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 
-//@Service("MOAIDMessageProvider")
+@Service("MOAIDMessageProvider")
 public class MOAIDMessageProvider implements IStatusMessager {
   
   //internal messanges
@@ -81,7 +83,7 @@ public class MOAIDMessageProvider implements IStatusMessager {
 	  
 	}
   
-  private MOAIDMessageProvider() {
+  public MOAIDMessageProvider() {
 	  this.messages = new Messages(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES);
 	  this.externalError = new Messages(DEFAULT_EXTERNALERROR_RESOURCES, DEFAULT_EXTERNALERROR_LOCALES);
 	  
@@ -136,7 +138,7 @@ public String getResponseErrorCode(Throwable throwable) {
 
 @Override
 public String mapInternalErrorToExternalError(String intErrorCode) {
-	String extErrorCode = messages.getMessage(intErrorCode, null);
+	String extErrorCode = externalError.getMessage(intErrorCode, null);
 	
 	if (MiscUtil.isEmpty(extErrorCode))
 		extErrorCode = IStatusMessager.CODES_EXTERNAL_ERROR_GENERIC;
diff --git a/id/server/moa-id-frontend-resources/pom.xml b/id/server/moa-id-frontend-resources/pom.xml
index 342cedac8..4a960e359 100644
--- a/id/server/moa-id-frontend-resources/pom.xml
+++ b/id/server/moa-id-frontend-resources/pom.xml
@@ -106,6 +106,10 @@
   		<groupId>MOA.id.server</groupId>
   		<artifactId>moa-id-commons</artifactId>
   	</dependency>
+  	<dependency>
+    	<groupId>at.gv.egiz.eaaf</groupId>
+		<artifactId>eaaf-core</artifactId>
+    </dependency> 
   	
   	<dependency>
 			<groupId>org.springframework</groupId>
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java
new file mode 100644
index 000000000..98f7fccf5
--- /dev/null
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java
@@ -0,0 +1,17 @@
+package at.gv.egovernment.moa.id.auth.frontend;
+
+import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
+import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfigurationFactory;
+import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
+
+public class MOAIDGuiBilderConfigurationFactory implements IGUIBuilderConfigurationFactory {
+
+	@Override
+	public IGUIBuilderConfiguration getDefaultErrorGUI(String authURL) {
+		return new DefaultGUIFormBuilderConfiguration(authURL, 
+				DefaultGUIFormBuilderConfiguration.VIEW_ERRORMESSAGE, null); 
+
+	}
+
+	
+}
-- 
cgit v1.2.3


From 139926faa31ae3ed34dc0083fee503d439112281 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 20 Jun 2018 15:11:13 +0200
Subject: refactor PVP2 S-Profile implementation and perform first tests

---
 id/ConfigWebTool/pom.xml                           |  10 +
 .../auth/pvp2/AttributeListBuilder.java            |   6 +-
 .../auth/pvp2/MetaDataVerificationFilter.java      |  12 +-
 .../auth/pvp2/PVPSOAPRequestSecurityPolicy.java    |   6 +-
 .../config/ConfigurationProvider.java              |   2 +-
 .../moa/id/configuration/helper/MailHelper.java    |   2 +-
 .../configuration/struts/action/BasicOAAction.java |   2 +-
 .../configuration/struts/action/IndexAction.java   |  10 +-
 .../validation/oa/OAPVP2ConfigValidation.java      |   8 +-
 .../id/config/webgui/MOAIDWebGUIConfiguration.java |   2 +-
 id/server/idserverlib/pom.xml                      |  65 +-
 .../id/advancedlogging/MOAIDEventConstants.java    |   3 -
 .../moa/id/advancedlogging/MOAReversionLogger.java |   5 +-
 .../moa/id/auth/IDestroyableObject.java            |  36 -
 .../moa/id/auth/IGarbageCollectorProcessing.java   |  36 -
 .../moa/id/auth/IPostStartupInitializable.java     |  41 -
 .../moa/id/auth/MOAGarbageCollector.java           |   1 +
 .../id/auth/builder/AuthenticationDataBuilder.java |  31 +-
 .../moa/id/auth/builder/BPKBuilder.java            |   2 +-
 .../builder/DynamicOAAuthParameterBuilder.java     |   4 +-
 .../auth/builder/MOAIDSubjectNameIdGenerator.java  | 114 +++
 .../tasks/RestartAuthProzessManagement.java        | 108 ---
 .../StartAuthentificationParameterParser.java      |   2 +-
 .../id/auth/servlet/IDPSingleLogOutServlet.java    |  12 +-
 .../moa/id/config/ConfigurationProviderImpl.java   |   4 +-
 .../moa/id/data/ISLOInformationContainer.java      |  70 --
 .../moa/id/data/MOAAuthenticationData.java         |  10 +-
 .../java/at/gv/egovernment/moa/id/data/Pair.java   |  45 --
 .../moa/id/data/SLOInformationImpl.java            | 190 -----
 .../java/at/gv/egovernment/moa/id/data/Trible.java |  51 --
 .../moa/id/moduls/AuthenticationManager.java       |  12 +-
 .../moa/id/opemsaml/MOAIDHTTPPostEncoder.java      | 114 ---
 .../opemsaml/MOAKeyStoreX509CredentialAdapter.java |  52 --
 .../opemsaml/MOAStringRedirectDeflateEncoder.java  |  75 --
 .../MandateNaturalPersonBPKAttributeBuilder.java   |   2 +-
 .../id/protocols/pvp2x/AttributQueryAction.java    |  60 +-
 .../id/protocols/pvp2x/AuthenticationAction.java   | 151 ----
 .../moa/id/protocols/pvp2x/MetadataAction.java     |  93 ---
 .../moa/id/protocols/pvp2x/PVP2XProtocol.java      | 835 --------------------
 .../moa/id/protocols/pvp2x/PVPConstants.java       |  99 +--
 .../id/protocols/pvp2x/PVPTargetConfiguration.java | 133 ----
 .../moa/id/protocols/pvp2x/SingleLogOutAction.java |  31 +-
 .../moa/id/protocols/pvp2x/binding/IDecoder.java   |  44 --
 .../moa/id/protocols/pvp2x/binding/IEncoder.java   |  71 --
 .../id/protocols/pvp2x/binding/MOAURICompare.java  |  53 --
 .../id/protocols/pvp2x/binding/PostBinding.java    | 240 ------
 .../protocols/pvp2x/binding/RedirectBinding.java   | 244 ------
 .../id/protocols/pvp2x/binding/SoapBinding.java    | 176 -----
 .../pvp2x/builder/AttributQueryBuilder.java        |  11 +-
 .../pvp2x/builder/AuthResponseBuilder.java         | 147 ----
 .../pvp2x/builder/CitizenTokenBuilder.java         | 171 -----
 .../pvp2x/builder/PVPAttributeBuilder.java         | 207 -----
 .../pvp2x/builder/PVPAuthnRequestBuilder.java      | 221 ------
 .../pvp2x/builder/PVPMetadataBuilder.java          | 442 -----------
 .../pvp2x/builder/SingleLogOutBuilder.java         |  82 +-
 .../builder/assertion/PVP2AssertionBuilder.java    | 543 -------------
 .../builder/attributes/SamlAttributeGenerator.java |  88 ---
 .../pvp2x/config/IDPPVPMetadataConfiguration.java  |  27 +-
 .../IPVPAuthnRequestBuilderConfiguruation.java     | 162 ----
 .../config/IPVPMetadataBuilderConfiguration.java   | 238 ------
 .../pvp2x/config/MOADefaultBootstrap.java          |  64 --
 .../MOADefaultSecurityConfigurationBootstrap.java  | 152 ----
 .../config/MOAPVPMetadataConfigurationFactory.java |  21 +
 .../protocols/pvp2x/config/PVPConfiguration.java   |  87 +--
 .../AssertionAttributeExtractorExeption.java       |  50 --
 .../exceptions/AssertionValidationExeption.java    |  49 --
 .../pvp2x/exceptions/AttributQueryException.java   |  44 --
 .../exceptions/AuthnRequestBuildException.java     |  47 --
 .../AuthnResponseValidationException.java          |  48 --
 .../exceptions/BindingNotSupportedException.java   |  41 -
 .../InvalidAssertionConsumerServiceException.java  |  48 --
 .../InvalidAssertionEncryptionException.java       |  36 -
 .../exceptions/InvalidDateFormatException.java     |  39 -
 .../MandateAttributesNotHandleAbleException.java   |   2 +
 .../NOSLOServiceDescriptorException.java           |   2 +
 .../NameIDFormatNotSupportedException.java         |  42 -
 .../pvp2x/exceptions/NoCredentialsException.java   |   2 +
 .../NoMandateDataAvailableException.java           |   2 +
 .../exceptions/NoMetadataInformationException.java |  39 -
 .../protocols/pvp2x/exceptions/PVP2Exception.java  |  61 --
 .../pvp2x/exceptions/QAANotAllowedException.java   |  40 -
 .../pvp2x/exceptions/QAANotSupportedException.java |  40 -
 .../pvp2x/exceptions/RequestDeniedException.java   |  39 -
 .../pvp2x/exceptions/ResponderErrorException.java  |  44 --
 .../exceptions/SAMLRequestNotSignedException.java  |  44 --
 .../pvp2x/exceptions/SAMLRequestNotSupported.java  |  40 -
 .../protocols/pvp2x/exceptions/SLOException.java   |  41 -
 .../exceptions/SchemaValidationException.java      |  52 --
 .../UnprovideableAttributeException.java           |  37 -
 .../filter/SchemaValidationException.java          |  43 --
 .../filter/SignatureValidationException.java       |  58 --
 .../protocols/pvp2x/exceptions/loginFormFull.html  | 851 ---------------------
 .../protocols/pvp2x/messages/InboundMessage.java   | 116 ---
 .../pvp2x/messages/InboundMessageInterface.java    |  38 -
 .../id/protocols/pvp2x/messages/MOARequest.java    |  66 --
 .../id/protocols/pvp2x/messages/MOAResponse.java   |  56 --
 .../metadata/IMOARefreshableMetadataProvider.java  |  38 -
 .../pvp2x/metadata/MOAMetadataProvider.java        | 615 +++------------
 .../pvp2x/metadata/SimpleMOAMetadataProvider.java  | 257 -------
 .../pvp2x/signer/AbstractCredentialProvider.java   | 218 ------
 .../signer/CredentialsNotAvailableException.java   |  44 --
 .../pvp2x/signer/IDPCredentialProvider.java        |  10 +-
 .../moa/id/protocols/pvp2x/signer/SAMLSigner.java  |  27 -
 .../pvp2x/utils/AssertionAttributeExtractor.java   | 292 -------
 .../protocols/pvp2x/utils/MOASAMLSOAPClient.java   |   1 +
 .../moa/id/protocols/pvp2x/utils/SAML2Utils.java   | 145 ----
 .../AbstractRequestSignedSecurityPolicyRule.java   | 187 -----
 .../pvp2x/validation/AuthnRequestValidator.java    |  62 --
 .../pvp2x/validation/ChainSAMLValidator.java       |   5 +-
 .../protocols/pvp2x/validation/ISAMLValidator.java |  31 -
 .../validation/MOAPVPSignedRequestPolicyRule.java  |  81 --
 .../validation/MOASAML2AuthRequestSignedRole.java  |  49 --
 .../pvp2x/validation/SAMLSignatureValidator.java   |   9 +-
 .../pvp2x/verification/EntityVerifier.java         | 158 ++--
 .../pvp2x/verification/SAMLVerificationEngine.java | 197 -----
 .../verification/SAMLVerificationEngineSP.java     |   5 +-
 .../pvp2x/verification/TrustEngineFactory.java     |  87 ---
 .../metadata/MetadataSignatureFilter.java          | 138 +---
 .../metadata/PVPEntityCategoryFilter.java          | 230 ------
 .../metadata/PVPMetadataFilterChain.java           |  54 --
 .../metadata/SchemaValidationFilter.java           | 106 ---
 .../moa/id/saml2/MetadataFilterChain.java          |  73 --
 .../storage/DBAuthenticationSessionStoreage.java   |   4 +-
 .../id/storage/IAuthenticationSessionStoreage.java |   4 +-
 .../gv/egovernment/moa/id/util/LoALevelMapper.java |  61 +-
 .../egovernment/moa/id/util/QAALevelVerifier.java  |  57 --
 .../main/resources/moaid.authentication.beans.xml  |  36 +-
 .../src/test/java/test/MOAIDTestCase.java          |   2 +-
 .../moa/id/auth/MOAIDAuthInitialiserTest.java      |   2 +-
 .../moa/id/commons/MOAIDAuthConstants.java         |   4 +
 .../commons/api/data/BPKDecryptionParameters.java  |   2 +-
 .../moa/id/commons/utils/ssl/SSLUtils.java         |   2 +-
 .../java/at/gv/egovernment/moa/util/FileUtils.java | 146 ----
 .../at/gv/egovernment/moa/util/KeyStoreUtils.java  | 223 ------
 .../at/gv/egovernment/moa/util/StreamUtils.java    | 197 -----
 .../test/at/gv/egovernment/moa/util/FileUtils.java |   4 +-
 .../gv/egovernment/moa/util/KeyStoreUtilsTest.java |   3 +-
 .../MOAIDGuiBilderConfigurationFactory.java        |  18 +-
 .../auth/frontend/builder/GUIFormBuilderImpl.java  |   2 +-
 ...cGUIBuilderConfigurationWithFileSystemLoad.java |   2 +-
 .../auth/frontend/velocity/VelocityLogAdapter.java |  99 ---
 .../auth/frontend/velocity/VelocityProvider.java   | 121 ---
 .../moa/id/auth/MOAContextCloseHandler.java        |   1 +
 .../moa/id/auth/MOAIDAuthSpringInitializer.java    |   1 +
 .../moa/id/auth/AuthenticationServer.java          |   7 +-
 .../CertInfoVerifyXMLSignatureRequestBuilder.java  |   2 +-
 .../modules/internal/tasks/GetForeignIDTask.java   |   2 +-
 .../tasks/InitializeBKUAuthenticationTask.java     |   2 +-
 .../CreateXMLSignatureResponseValidator.java       |   2 +-
 .../moa/id/auth/validator/parep/ParepUtils.java    |   2 +-
 .../tasks/SecondBKAMobileAuthTask.java             |   4 +-
 .../moa/id/auth/modules/eidas/Constants.java       |   2 +-
 .../MOAeIDASSAMLEngineConfigurationImpl.java       |   2 +-
 .../MOAeIDASSAMLInstanceConfigurationImpl.java     |   2 +-
 .../engine/MOAeIDASChainingMetadataProvider.java   | 111 ++-
 .../engine/MOAeIDASMetadataProviderDecorator.java  |   6 +-
 .../eidas/tasks/GenerateAuthnRequestTask.java      |   4 +-
 .../auth/modules/eidas/utils/SAMLEngineUtils.java  |   2 +-
 .../modules/eidas/utils/eIDASAttributeBuilder.java |   4 +-
 .../eidas/utils/eIDASAttributeProcessingUtils.java |   2 +-
 .../moa/id/protocols/eidas/EIDASProtocol.java      |  11 +-
 .../id/protocols/eidas/EidasMetaDataRequest.java   |  11 +-
 .../eIDASAttrNaturalPersonalIdentifier.java        |   2 +-
 ...ttrRepresentativeNaturalPersonalIdentifier.java |   4 +-
 .../eidas/eIDASAuthenticationRequest.java          |   6 +-
 .../eidas/validator/eIDASResponseValidator.java    |   2 +-
 .../elgamandates/ELGAMandatesAuthConstants.java    |   2 +-
 .../config/ELGAMandatesMetadataConfiguration.java  |  25 +-
 .../ELGAMandatesRequestBuilderConfiguration.java   |   4 +-
 .../controller/ELGAMandateMetadataController.java  |   8 +-
 .../tasks/ReceiveElgaMandateResponseTask.java      |  42 +-
 .../elgamandates/tasks/RequestELGAMandateTask.java |   8 +-
 .../utils/ELGAMandateServiceMetadataProvider.java  |  58 +-
 .../utils/ELGAMandatesCredentialProvider.java      |   4 +-
 .../id/protocols/oauth20/OAuth20Configuration.java |   2 +-
 .../attributes/OAuth20AttributeBuilder.java        |   6 +-
 .../oauth20/json/OAuth20SignatureUtil.java         |   2 +-
 .../oauth20/protocol/OAuth20AuthAction.java        |   4 +-
 .../oauth20/protocol/OAuth20Protocol.java          |   5 +-
 .../gv/egovernment/moa/id/auth/oauth/CertTest.java |   3 +-
 .../modules/sl20_auth/sl20/JsonSecurityUtils.java  |   4 +-
 .../ssotransfer/servlet/SSOTransferServlet.java    |   4 +-
 .../ssotransfer/task/RestoreSSOSessionTask.java    |   2 +-
 .../ssotransfer/utils/SSOContainerUtils.java       |  33 +-
 .../src/test/java/at/gv/egiz/tests/Tests.java      |   2 +-
 .../config/FederatedAuthMetadataConfiguration.java |  29 +-
 .../FederatedAuthnRequestBuilderConfiguration.java |   2 +-
 .../FederatedAuthMetadataController.java           |   8 +-
 .../tasks/CreateAuthnRequestTask.java              |  11 +-
 .../tasks/ReceiveAuthnResponseTask.java            |  43 +-
 .../utils/FederatedAuthCredentialProvider.java     |   4 +-
 .../moa/id/protocols/saml1/GetArtifactAction.java  |   4 +-
 .../saml1/GetAuthenticationDataService.java        |   4 +-
 .../protocols/saml1/SAML1AuthenticationData.java   |   4 +-
 .../protocols/saml1/SAML1AuthenticationServer.java |   4 +-
 .../moa/id/protocols/saml1/SAML1Protocol.java      |   5 +-
 .../egovernment/moa/id/monitoring/TestManager.java |   2 +-
 pom.xml                                            |  24 +-
 198 files changed, 1060 insertions(+), 11799 deletions(-)
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAKeyStoreX509CredentialAdapter.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOAPVPMetadataConfigurationFactory.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestBuildException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnResponseValidationException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotAllowedException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOASAML2AuthRequestSignedRole.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java
 delete mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java
 delete mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java

(limited to 'id/server/moa-id-frontend-resources/src')

diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml
index 28c0a9fe4..59e03aa43 100644
--- a/id/ConfigWebTool/pom.xml
+++ b/id/ConfigWebTool/pom.xml
@@ -66,6 +66,16 @@
             <artifactId>moa-id-commons</artifactId>
         </dependency>
         
+        <dependency>
+        	<groupId>at.gv.egiz.eaaf</groupId>
+        	<artifactId>eaaf_module_pvp2_core</artifactId>
+        </dependency>
+        
+        <dependency>
+        	<groupId>at.gv.egiz.eaaf</groupId>
+  			<artifactId>eaaf-core</artifactId>
+        </dependency>
+        
         <dependency>
           	<groupId>MOA.id</groupId>
   					<artifactId>moa-id-webgui</artifactId>
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java
index f17ec82cb..0d416b8c0 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/AttributeListBuilder.java
@@ -28,16 +28,16 @@ import java.util.List;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.metadata.RequestedAttribute;
 
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
 import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 
-public class AttributeListBuilder implements PVPConstants{
+public class AttributeListBuilder implements PVPAttributeDefinitions{
 
 	protected static RequestedAttribute buildReqAttribute(String name, String friendlyName, boolean required) {
 		RequestedAttribute attribute = SAML2Utils.createSAMLObject(RequestedAttribute.class);
 		attribute.setIsRequired(required);
 		attribute.setName(name);
-		attribute.setFriendlyName(friendlyName);
+		attribute.setFriendlyName(friendlyName); 
 		attribute.setNameFormat(Attribute.URI_REFERENCE);
 		return attribute;
 	}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
index e3de84b0b..730dfe764 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
@@ -30,8 +30,8 @@ import org.opensaml.saml2.metadata.provider.MetadataFilter;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.security.x509.BasicX509Credential;
 
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egovernment.moa.id.config.webgui.exception.SignatureValidationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
 
 public class MetaDataVerificationFilter implements MetadataFilter {
@@ -51,9 +51,9 @@ public class MetaDataVerificationFilter implements MetadataFilter {
 				throw new SignatureValidationException("Root element of metadata file has to be signed");
 			}
 			try {
-				processEntitiesDescriptor(entitiesDescriptor);
+				processEntitiesDescriptor(entitiesDescriptor); 
 				
-			} catch (MOAIDException e) {
+			} catch (EAAFException e) {
 				throw new SignatureValidationException("Invalid signature element in EntitiesDescriptor");
 			}
 			
@@ -66,13 +66,13 @@ public class MetaDataVerificationFilter implements MetadataFilter {
 				else
 					throw new SignatureValidationException("Root element of metadata file has to be signed", null);
 				
-			} catch (MOAIDException e) {
+			} catch (EAAFException e) {
 				throw new SignatureValidationException("Invalid signature element in EntityDescriptor", null);
 			}				
 		}
 	}
 	
-	private void processEntitiesDescriptor(EntitiesDescriptor desc) throws MOAIDException {
+	private void processEntitiesDescriptor(EntitiesDescriptor desc) throws EAAFException {
 		Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator();
 		
 		if(desc.getSignature() != null) {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java
index a25cc44ef..27673eafd 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/PVPSOAPRequestSecurityPolicy.java
@@ -32,8 +32,8 @@ import org.opensaml.ws.soap.soap11.Envelope;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.signature.SignatureTrustEngine;
 
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.AbstractRequestSignedSecurityPolicyRule;
 import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule;
 
 /**
  * @author tlenz
@@ -42,8 +42,8 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSigned
 public class PVPSOAPRequestSecurityPolicy extends
 		AbstractRequestSignedSecurityPolicyRule {
 
-	/**
-	 * @param trustEngine
+	/** 
+	 * @param trustEngine 
 	 * @param peerEntityRole
 	 */
 	public PVPSOAPRequestSecurityPolicy(SignatureTrustEngine trustEngine,
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index cfb39b15c..d249fa597 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -55,6 +55,7 @@ import org.springframework.context.ApplicationContext;
 import org.springframework.context.support.ClassPathXmlApplicationContext;
 import org.springframework.context.support.GenericApplicationContext;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.db.NewConfigurationDBRead;
 import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
 import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
@@ -64,7 +65,6 @@ import at.gv.egovernment.moa.id.configuration.Constants;
 import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter;
 import at.gv.egovernment.moa.id.configuration.config.usermanagement.FileBasedUserConfiguration;
 import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import iaik.asn1.structures.AlgorithmID;
 import iaik.x509.X509Certificate;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java
index 0fb41189d..8f3b8f479 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java
@@ -43,11 +43,11 @@ import javax.mail.internet.MimeMultipart;
 import org.apache.commons.io.IOUtils;
 import org.apache.log4j.Logger;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
 import at.gv.egovernment.moa.id.configuration.Constants;
 import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class MailHelper {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
index 7d411b161..9e0b8b1cd 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
@@ -44,11 +44,11 @@ import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
 
 import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.frontend.builder.AbstractServiceProviderSpecificGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
index f1d1c94af..6f9d233b1 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
@@ -60,6 +60,7 @@ import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
 import org.opensaml.xml.security.x509.X509Credential;
 import org.opensaml.xml.signature.Signature;
 
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
 import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
@@ -76,7 +77,6 @@ import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper;
 import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
 import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class IndexAction extends BasicAction {
@@ -401,19 +401,19 @@ public class IndexAction extends BasicAction {
 								{
 									String strAttributeName = attributes.get(x).getDOM().getAttribute("Name");
 									
-									if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) {
+									if (strAttributeName.equals(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME)) {
 										user.setFamilyName(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue());
 									}
 									
-									if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) {
+									if (strAttributeName.equals(PVPAttributeDefinitions.GIVEN_NAME_NAME)) {
 										user.setGivenName(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue());
 									}
 									
-									if (strAttributeName.equals(PVPConstants.MANDATE_TYPE_NAME)) {
+									if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_TYPE_NAME)) {
 										user.setIsmandateuser(true);
 									}
 									
-									if (strAttributeName.equals(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME)) {
+									if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME)) {
 										user.setInstitut(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue());
 									}		
 								}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index 79e7e9252..8b41823e1 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -47,13 +47,13 @@ import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException
 import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
 import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.SchemaValidationException;
+import at.gv.egovernment.moa.id.config.webgui.exception.SignatureValidationException;
+import at.gv.egovernment.moa.id.config.webgui.validation.utils.SchemaValidationFilter;
 import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter;
 import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
 import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;
 import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import iaik.x509.X509Certificate;
@@ -158,7 +158,7 @@ public class OAPVP2ConfigValidation {
 							
 							} catch (ConfigurationException e) {
 								log.warn("Configuration access FAILED!", e);
-							
+							 
 							}
 						
 							MetadataFilterChain filter = new MetadataFilterChain();
diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java
index 0a3a9eef8..e9c8fa719 100644
--- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java
+++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/MOAIDWebGUIConfiguration.java
@@ -35,9 +35,9 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 5d7071a19..3a0bdb8c0 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -261,11 +261,64 @@
 		<dependency>
 			<groupId>httpsclient</groupId>
 			<artifactId>httpsclient</artifactId>
-		</dependency>		
-	<dependency>
-  		<groupId>org.opensaml</groupId>
-  		<artifactId>opensaml</artifactId>
-  		<exclusions>
+		</dependency>
+		<dependency>
+  			<groupId>at.gv.egiz.eaaf</groupId>
+  			<artifactId>eaaf_module_pvp2_idp</artifactId>
+  			<exclusions>
+				<exclusion>
+					<groupId>org.slf4j</groupId>
+					<artifactId>log4j-over-slf4j</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.slf4j</groupId>
+					<artifactId>log4j-over-slf4j</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.apache.xerces</groupId>
+					<artifactId>*</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>xalan</groupId>
+					<artifactId>*</artifactId>
+				</exclusion>
+				<exclusion>
+					<artifactId>bcprov-jdk15on</artifactId>
+					<groupId>org.bouncycastle</groupId>
+				</exclusion>
+  			</exclusions>
+  		</dependency>
+		<dependency>
+  			<groupId>at.gv.egiz.eaaf</groupId>
+  			<artifactId>eaaf_module_pvp2_sp</artifactId>
+  			<exclusions>
+				<exclusion>
+					<groupId>org.slf4j</groupId>
+					<artifactId>log4j-over-slf4j</artifactId>
+				</exclusion>
+				<exclusion> 
+					<groupId>org.slf4j</groupId>
+					<artifactId>log4j-over-slf4j</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>org.apache.xerces</groupId>
+					<artifactId>*</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>xalan</groupId>
+					<artifactId>*</artifactId>
+				</exclusion>
+				<exclusion>
+					<artifactId>bcprov-jdk15on</artifactId>
+					<groupId>org.bouncycastle</groupId>
+				</exclusion>
+  			</exclusions>
+  		</dependency>
+						
+<!-- 		<dependency>
+  			<groupId>org.opensaml</groupId>
+  			<artifactId>opensaml</artifactId>
+  			<exclusions>
 				<exclusion>
 					<groupId>org.slf4j</groupId>
 					<artifactId>log4j-over-slf4j</artifactId>
@@ -309,7 +362,7 @@
 	<dependency>
 	    <groupId>org.apache.santuario</groupId>
 	    <artifactId>xmlsec</artifactId>
-	</dependency>
+	</dependency> -->
 
 		<!-- the core, which includes Streaming API, shared low-level abstractions (but NOT data-binding) -->
 		<dependency>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
index 54e459db1..2c1e47009 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAIDEventConstants.java
@@ -35,10 +35,7 @@ import at.gv.egiz.components.eventlog.api.EventConstants;
 public interface MOAIDEventConstants extends EventConstants {
 
 	//auth protocol specific information
-	public static final int AUTHPROTOCOL_TYPE = 3000;
 	
-	public static final int AUTHPROTOCOL_PVP_METADATA = 3100;
-	public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST = 3101;
 	public static final int AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE = 3102;
 	public static final int AUTHPROTOCOL_PVP_REQUEST_SLO = 3103;
 	public static final int AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY = 3104;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index e630455b4..8298b082b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -34,6 +34,7 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
+import at.gv.egiz.eaaf.modules.pvp2.PVPEventConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
@@ -63,8 +64,8 @@ public class MOAReversionLogger implements IRevisionLogger {
 			MOAIDEventConstants.TRANSACTION_DESTROYED,
 			MOAIDEventConstants.TRANSACTION_ERROR,
 			MOAIDEventConstants.TRANSACTION_IP,
-			MOAIDEventConstants.AUTHPROTOCOL_TYPE,
-			MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA,
+			IRevisionLogger.AUTHPROTOCOL_TYPE,
+			PVPEventConstants.AUTHPROTOCOL_PVP_METADATA,
 			
 			MOAIDEventConstants.AUTHPROCESS_SERVICEPROVIDER,
 			MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java
deleted file mode 100644
index 6f98357e2..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IDestroyableObject.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth;
-
-/**
- * @author tlenz
- *
- */
-public interface IDestroyableObject {
-	/**
-	 * Manually deep destroy a Java object with all child objects like timers and threads 
-	 * 
-	 */
-	public void fullyDestroy();
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java
deleted file mode 100644
index 27d142f2c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IGarbageCollectorProcessing.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth;
-
-/**
- * @author tlenz
- *
- */
-public interface IGarbageCollectorProcessing {
-
-	/**
-	 * This method gets executed by the MOA garbage collector at regular intervals.
-	 * 
-	 */
-	public void runGarbageCollector();
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java
deleted file mode 100644
index d918be463..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/IPostStartupInitializable.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth;
-
-
-/**
- * 
- * @author tlenz
- *
- * Interface initialize a Object when the MOA-ID-Auth start-up process is fully completed
- *
- */
-public interface IPostStartupInitializable {
-
-	/**
-	 * This method is called once when MOA-ID-Auth start-up process is fully completed
-	 * 
-	 */
-	public void executeAfterStartup();
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java
index 52e30a2f0..f88267ad7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAGarbageCollector.java
@@ -33,6 +33,7 @@ import org.springframework.scheduling.annotation.EnableScheduling;
 import org.springframework.scheduling.annotation.Scheduled;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
 import at.gv.egovernment.moa.logging.Logger;
 
 @Service("MOAGarbageCollector")
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 738f733a8..998817b19 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -50,6 +50,7 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
 import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -73,9 +74,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
 import at.gv.egovernment.moa.id.util.LoALevelMapper;
@@ -100,6 +99,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
 	@Autowired protected AuthConfiguration authConfig;
+	@Autowired private LoALevelMapper loaLevelMapper; 
 	
 	@Override
 	public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
@@ -124,7 +124,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 		try {
 			//check if SAML1 authentication module is in Classpath
 			Class<?> saml1RequstTemplate = Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl");
-			IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").newInstance();			
+			//IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").newInstance();
+			IAuthData saml1authdata = (IAuthData) Class.forName("at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData").getConstructor(LoALevelMapper.class).newInstance(loaLevelMapper);
 			if (saml1RequstTemplate != null && 
 					saml1RequstTemplate.isInstance(pendingReq)) {				
 				//request is SAML1  --> invoke SAML1 protocol specific methods 
@@ -138,12 +139,12 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 				authdata = (MOAAuthenticationData) saml1authdata;
 							
 			} else {			
-				authdata = new MOAAuthenticationData();
+				authdata = new MOAAuthenticationData(loaLevelMapper);
 							
 			}
 						
 		} catch (ClassNotFoundException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | NoSuchMethodException | java.lang.SecurityException ex) {			
-			authdata = new MOAAuthenticationData();
+			authdata = new MOAAuthenticationData(loaLevelMapper);
 			
 		}
 				
@@ -162,13 +163,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 			oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, pendingReq);
 				
 		Boolean isMinimalFrontChannelResp = pendingReq.getGenericData(
-				PVPTargetConfiguration.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, Boolean.class);
+				MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, Boolean.class);
 		if (isMinimalFrontChannelResp != null && isMinimalFrontChannelResp) {
 			//only set minimal response attributes			
 			authdata.setQAALevel(
-					pendingReq.getGenericData(PVPTargetConfiguration.DATAID_INTERFEDERATION_QAALEVEL, String.class));
+					pendingReq.getGenericData(MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, String.class));
 			authdata.setBPK(
-					pendingReq.getGenericData(PVPTargetConfiguration.DATAID_INTERFEDERATION_NAMEID, String.class));
+					pendingReq.getGenericData(MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, String.class));
 						
 		} else {
 			//build AuthenticationData from MOASession
@@ -297,18 +298,18 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 			if (MiscUtil.isNotEmpty(currentLoA)) {					
 				if (currentLoA.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
 					authData.setQAALevel(currentLoA);
-					authData.seteIDASLoA(LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(currentLoA));
+					authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(currentLoA));
 
 				} else if (currentLoA.startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) {
-					authData.setQAALevel(LoALevelMapper.getInstance().mapeIDASQAAToSTORKQAA(currentLoA));
+					authData.setQAALevel(loaLevelMapper.mapeIDASQAAToSTORKQAA(currentLoA));
 					authData.seteIDASLoA(currentLoA);
 										
-				} else {
-					Logger.debug("Found PVP QAA level. QAA mapping process starts ... ");				
-					String mappedStorkQAA = LoALevelMapper.getInstance().mapToQAALevel(currentLoA);
+				} else { 
+					Logger.debug("Found PVP SecClass. QAA mapping process starts ... ");				
+					String mappedStorkQAA = loaLevelMapper.mapSecClassToQAALevel(currentLoA);
 					if (MiscUtil.isNotEmpty(mappedStorkQAA)) {
-						authData.setQAALevel(currentLoA);
-						authData.seteIDASLoA(LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(currentLoA));
+						authData.setQAALevel(mappedStorkQAA);
+						authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(mappedStorkQAA));
 						
 					}										
 				}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
index a7f6e873f..4bc4a7e81 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -59,9 +59,9 @@ import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.NoSuchPaddingException;
 
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
index a1d31f5ae..e600505a2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java
@@ -28,7 +28,7 @@ import java.util.List;
 import org.opensaml.saml2.core.Attribute;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.data.PVPAttributeConstants;
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
 import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -50,7 +50,7 @@ public class DynamicOAAuthParameterBuilder {
 				
 		for (Attribute attr : reqAttributes) {				
 			//get Target or BusinessService from request 
-			if (attr.getName().equals(PVPAttributeConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
+			if (attr.getName().equals(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME)) {
 				String attrValue = attr.getAttributeValues().get(0).getDOM().getTextContent();
 				if (attrValue.startsWith(Constants.URN_PREFIX_CDID)) {
 					//dynamicOA.setBusinessService(false);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
new file mode 100644
index 000000000..aa462c480
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
@@ -0,0 +1,114 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.stereotype.Service;
+import org.w3c.dom.Element;
+
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.idp.api.builder.ISubjectNameIdGenerator;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
+import at.gv.egovernment.moa.id.util.MandateBuilder;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+@Service("MOASAML2SubjectNameIDGenerator")
+public class MOAIDSubjectNameIdGenerator implements ISubjectNameIdGenerator {
+	
+	@Override
+	public Pair<String, String> generateSubjectNameId(IAuthData authData, ISPConfiguration spConfig) throws PVP2Exception {
+		//build nameID and nameID Format from moasessio
+		if (authData instanceof IMOAAuthData && 
+				((IMOAAuthData)authData).isUseMandate()) {
+			String bpktype = null;
+			String bpk = null;
+			
+			Element mandate = ((IMOAAuthData)authData).getMandate();
+			if(mandate != null) {
+				Logger.debug("Read mandator bPK|baseID from full-mandate ... ");
+				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
+				if(mandateObject == null) {
+					throw new NoMandateDataAvailableException();
+				}
+				CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
+				PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson();
+				
+				IdentificationType id;
+				if(corporation != null && corporation.getIdentification().size() > 0)
+					id = corporation.getIdentification().get(0);
+	
+					
+				else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0)
+					id = pysicalperson.getIdentification().get(0);
+					
+				else {
+					Logger.error("Failed to generate IdentificationType");
+					throw new NoMandateDataAvailableException();		
+				}
+			
+				bpktype = id.getType();
+				bpk = id.getValue().getValue();
+								
+			} else {
+				Logger.debug("Read mandator bPK|baseID from PVP attributes ... ");
+				bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME, String.class);
+				bpktype = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, String.class);				
+				
+				if (StringUtils.isEmpty(bpk)) {
+					//no sourcePin is included --> search for bPK
+					bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_BPK_NAME, String.class);
+					
+					try {
+						if (bpk.contains(":"))
+							bpk = bpk.split(":")[1];
+						
+					} catch (Exception e) {
+						Logger.warn("Can not split bPK from mandator attribute!", e);
+						
+					}
+					
+					//set bPK-Type from configuration, because it MUST be equal to service-provider type
+					bpktype = spConfig.getAreaSpecificTargetIdentifier();
+										
+				} else {
+					//sourcePin is include --> check sourcePinType
+					if (StringUtils.isEmpty(bpktype))
+						bpktype = Constants.URN_PREFIX_BASEID;
+					
+				}				
+			}
+			
+			if (StringUtils.isEmpty(bpk) || StringUtils.isEmpty(bpktype)) {
+				throw new NoMandateDataAvailableException();
+				
+			}
+			
+			if (bpktype.equals(Constants.URN_PREFIX_BASEID)) {				
+				try {
+					return new BPKBuilder().generateAreaSpecificPersonIdentifier(bpk, spConfig.getAreaSpecificTargetIdentifier());
+										
+				} catch (BuildException e) {
+					Logger.warn("Can NOT generate SubjectNameId." , e);
+					throw new ResponderErrorException("pvp2.01", null);
+
+				}								
+				
+			} else
+				return Pair.newInstance(bpk, bpktype);
+									
+		} else
+			return Pair.newInstance(authData.getBPK(), authData.getBPKType());
+
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
deleted file mode 100644
index 8def0f860..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-
-import java.util.Set;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
-import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
-import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.idp.auth.modules.ModuleRegistration;
-import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-@Component("RestartAuthProzessManagement")
-public class RestartAuthProzessManagement  extends AbstractAuthServletTask {
-
-	@Autowired ProcessEngine processEngine;
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
-	 */
-	@Override
-	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
-			throws TaskExecutionException {
-		try {			
-			//create a new execution context and copy all elements to new context
-			ExecutionContext newec = new ExecutionContextImpl(); 
-			Set<String> entries = executionContext.keySet();
-			for (String key : entries) {
-				newec.put(key, executionContext.get(key));
-				
-			}
-			
-			Logger.debug("Select new auth.-process and restart restart process-engine ... ");
-			
-			// select and create new process instance
-			String processDefinitionId = ModuleRegistration.getInstance().selectProcess(newec);
-			if (processDefinitionId == null) {
-				Logger.warn("No suitable authentication process found for SessionID " + pendingReq.getPendingRequestId());
-				throw new MOAIDException("process.02", new Object[] { pendingReq.getPendingRequestId() });
-			}			
-			
-			String processInstanceId = processEngine.createProcessInstance(processDefinitionId, newec);
-
-			// keep process instance id in moa session
-			((RequestImpl)pendingReq).setProcessInstanceId(processInstanceId);
-
-			// make sure pending request has been persisted before running the process
-			try {
-				requestStoreage.storePendingRequest(pendingReq);
-				
-			} catch (MOAIDException e) {
-				Logger.error("Database Error! MOASession is not stored!");
-				throw new MOAIDException("init.04", new Object[] { pendingReq.getPendingRequestId() });
-				
-			}
-			
-			Logger.info("Restart process-engine with auth.process:" + processDefinitionId);
-			
-			// start process
-			processEngine.start(pendingReq);
-			
-			
-		} catch (MOAIDException e) {
-			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
-			
-		} catch (Exception e) {
-			Logger.warn("RestartAuthProzessManagement has an internal error", e);
-			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
-			
-		}			
-		
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 10c271b6a..0e1e1bf12 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -33,6 +33,7 @@ import org.springframework.stereotype.Service;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -43,7 +44,6 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index f9aa1b83c..448e2a0f5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -44,6 +44,8 @@ import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
 import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
@@ -52,10 +54,8 @@ import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -169,11 +169,11 @@ public class IDPSingleLogOutServlet extends AbstractController {
 							
 						String redirectURL = null;
 						IRequest sloReq = sloContainer.getSloRequest();
-						if (sloReq != null && sloReq instanceof PVPTargetConfiguration) {
+						if (sloReq != null && sloReq instanceof PVPSProfilePendingRequest) {
 							//send SLO response to SLO request issuer
-							SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPTargetConfiguration)sloContainer.getSloRequest());
-							LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPTargetConfiguration)sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
-							redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, ((PVPTargetConfiguration)sloContainer.getSloRequest()).getRequest().getRelayState());
+							SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPSProfilePendingRequest)sloContainer.getSloRequest());
+							LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPSProfilePendingRequest)sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
+							redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, ((PVPSProfilePendingRequest)sloContainer.getSloRequest()).getRequest().getRelayState());
 															
 						} else {
 							//print SLO information directly
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
index 9380d3b64..a9be3f51d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java
@@ -53,10 +53,10 @@ import java.util.Properties;
 
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.impl.idp.conf.AbstractConfigurationImpl;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap;
 import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.SpringProfileConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.util.config.EgovUtilPropertiesConfiguration;
 
@@ -187,7 +187,7 @@ public abstract class ConfigurationProviderImpl extends AbstractConfigurationImp
 					
 			//Initialize OpenSAML for STORK
 			Logger.info("Starting initialization of OpenSAML...");
-			MOADefaultBootstrap.bootstrap();
+			EAAFDefaultSAML2Bootstrap.bootstrap();
 			//DefaultBootstrap.bootstrap();
 			Logger.debug("OpenSAML successfully initialized");	  
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java
deleted file mode 100644
index 38f6948d3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/ISLOInformationContainer.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.data;
-
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map.Entry;
-import java.util.Set;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-
-/**
- * @author tlenz
- *
- */
-public interface ISLOInformationContainer {
-
-	boolean hasFrontChannelOA();
-
-	Set<Entry<String, SLOInformationImpl>> getFrontChannelOASessionDescriptions();
-
-	void removeFrontChannelOA(String oaID);
-
-	Iterator<String> getNextBackChannelOA();
-
-	SLOInformationImpl getBackChannelOASessionDescripten(String oaID);
-
-	void removeBackChannelOA(String oaID);
-
-	/**
-	 * @return the sloRequest
-	 */
-	PVPTargetConfiguration getSloRequest();
-
-	/**
-	 * @param sloRequest the sloRequest to set
-	 */
-	void setSloRequest(PVPTargetConfiguration sloRequest);
-
-	/**
-	 * @return the sloFailedOAs
-	 */
-	List<String> getSloFailedOAs();
-
-	void putFailedOA(String oaID);
-	
-	public String getTransactionID();
-	
-	public String getSessionID();
-}
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
index ba3eba2e6..e0dd30db3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
@@ -29,10 +29,10 @@ import java.util.List;
 import org.w3c.dom.Element;
 
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DOMUtils;
@@ -68,6 +68,12 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 	private boolean interfederatedSSOSession;
 	private String interfederatedIDP;
 
+	private LoALevelMapper loaMapper;
+	
+	public MOAAuthenticationData(LoALevelMapper loaMapper) {	
+		this.loaMapper = loaMapper;
+		
+	}
 	
 	/**
 	 * @return
@@ -76,7 +82,7 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 	public String getQAALevel() {
 		if (this.QAALevel != null && 
 				this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) {
-			String mappedQAA = LoALevelMapper.getInstance().mapeIDASQAAToSTORKQAA(this.QAALevel);
+			String mappedQAA = loaMapper.mapeIDASQAAToSTORKQAA(this.QAALevel);
 			if (MiscUtil.isNotEmpty(mappedQAA))
 				return mappedQAA;
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java
deleted file mode 100644
index 0b46345d3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.data;
-
-public class Pair<P1, P2> {
-	private final P1 first;
-	private final P2 second;
-	
-	private Pair(final P1 newFirst, final P2 newSecond) {
-		this.first = newFirst;
-		this.second = newSecond;
-	}
-	
-	public P1 getFirst() {
-		return this.first;
-	}
-	
-	public P2 getSecond() {
-		return this.second;
-	}
-	
-	public static <P1, P2> Pair<P1, P2> newInstance(final P1 newFirst, final P2 newSecond) {
-		return new Pair<P1, P2>(newFirst, newSecond);
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
deleted file mode 100644
index 5ff923bce..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java
+++ /dev/null
@@ -1,190 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.data;
-
-import java.io.Serializable;
-
-import org.opensaml.saml2.metadata.SingleLogoutService;
-
-import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
-
-
-/**
- * @author tlenz
- *
- */
-public class SLOInformationImpl implements SLOInformationInterface, Serializable {
-	
-	private static final long serialVersionUID = 295577931870512387L;
-	private String sessionIndex = null;
-	private String nameID = null;
-	private String protocolType = null;
-	private String nameIDFormat = null;
-	private String binding = null;
-	private String serviceURL = null;
-	private String authURL = null;
-	private String spEntityID = null;
-	
-	public SLOInformationImpl(String authURL, String spEntityID, String sessionID, String nameID, String nameIDFormat, String protocolType) {
-		new SLOInformationImpl(authURL, spEntityID, sessionID, nameID, nameIDFormat, protocolType, null);
-	}
-	
-	public SLOInformationImpl(String authURL, String spEntityID, String sessionID, String nameID, String nameIDFormat, String protocolType, SingleLogoutService sloService) {
-		this.sessionIndex = sessionID;
-		this.nameID = nameID;
-		this.nameIDFormat = nameIDFormat;
-		this.protocolType = protocolType;
-		this.spEntityID = spEntityID;
-		
-		if (authURL.endsWith("/"))
-			this.authURL = authURL.substring(0, authURL.length()-1);
-		else
-			this.authURL = authURL;
-		
-		if (sloService != null) {
-			this.binding = sloService.getBinding();
-			this.serviceURL = sloService.getLocation();
-			
-		}				
-	}
-	
-	
-	/**
-	 * 
-	 */
-	public SLOInformationImpl() {
-		
-	}
-
-
-	
-	/**
-	 * @return the spEntityID
-	 */
-	public String getSpEntityID() {
-		return spEntityID;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getSessionIndex()
-	 */
-	@Override
-	public String getSessionIndex() {
-		return sessionIndex;
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIdentifier()
-	 */
-	@Override
-	public String getUserNameIdentifier() {
-		return nameID;
-		
-	}
-
-
-	/**
-	 * @param sessionIndex the sessionIndex to set
-	 */
-	public void setSessionIndex(String sessionIndex) {
-		this.sessionIndex = sessionIndex;
-	}
-
-
-	/**
-	 * @param nameID the nameID to set
-	 */
-	public void setUserNameIdentifier(String nameID) {
-		this.nameID = nameID;
-	}
-
-	
-
-	/**
-	 * @param protocolType the protocolType to set
-	 */
-	public void setProtocolType(String protocolType) {
-		this.protocolType = protocolType;
-	}
-
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getProtocolType()
-	 */
-	@Override
-	public String getProtocolType() {
-		return protocolType;
-	}
-
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIDFormat()
-	 */
-	@Override
-	public String getUserNameIDFormat() {
-		return this.nameIDFormat;
-	}
-
-
-	/**
-	 * @param nameIDFormat the nameIDFormat to set
-	 */
-	public void setNameIDFormat(String nameIDFormat) {
-		this.nameIDFormat = nameIDFormat;
-	}
-
-	/**
-	 * @return the binding
-	 */
-	public String getBinding() {
-		return binding;
-	}
-
-	/**
-	 * @return the serviceURL
-	 */
-	public String getServiceURL() {
-		return serviceURL;
-	}
-
-	/**
-	 * @return the authURL from requested IDP without ending /
-	 */
-	public String getAuthURL() {
-		return authURL;
-	}
-
-	/**
-	 * @param spEntityID the spEntityID to set
-	 */
-	public void setSpEntityID(String spEntityID) {
-		this.spEntityID = spEntityID;
-	}
-	
-	
-	
-	
-	
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java
deleted file mode 100644
index 78e8be452..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Trible.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.data;
-
-public class Trible<P1, P2, P3> {
-	private final P1 first;
-	private final P2 second;
-	private final P3 third;
-	
-	private Trible(final P1 newFirst, final P2 newSecond, final P3 newThird) {
-		this.first = newFirst;
-		this.second = newSecond;
-		this.third = newThird;
-	}
-	
-	public P1 getFirst() {
-		return this.first;
-	}
-	
-	public P2 getSecond() {
-		return this.second;
-	}
-	
-	public P3 getThird() {
-		return this.third;
-	}
-	
-	public static <P1, P2, P3> Trible<P1, P2, P3> newInstance(final P1 newFirst, final P2 newSecond, final P3 newThird) {
-		return new Trible<P1, P2, P3>(newFirst, newSecond, newThird);
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 72b350991..c2dd7b4ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -41,6 +41,8 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -49,9 +51,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionSto
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
@@ -79,7 +79,7 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 		String pvpSLOIssuer = null;
 		String uniqueSessionIdentifier = "notSet";
 		String uniqueTransactionIdentifier = "notSet";
-		PVPTargetConfiguration pvpReq = null;		
+		PVPSProfilePendingRequest pvpReq = null;		
 		Logger.debug("Start technical Single LogOut process ... ");
 		
 		
@@ -87,9 +87,9 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 			uniqueSessionIdentifier = pendingReq.getUniqueSessionIdentifier();
 			uniqueTransactionIdentifier = pendingReq.getUniqueTransactionIdentifier();
 			
-			if (pendingReq instanceof PVPTargetConfiguration) {
-				pvpReq = ((PVPTargetConfiguration)pendingReq);
-				MOARequest samlReq = (MOARequest) pvpReq.getRequest();
+			if (pendingReq instanceof PVPSProfileRequest) {
+				pvpReq = ((PVPSProfilePendingRequest)pendingReq);
+				PVPSProfileRequest samlReq = (PVPSProfileRequest) pvpReq.getRequest();
 				LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
 				pvpSLOIssuer = logOutReq.getIssuer().getValue();
 			}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java
deleted file mode 100644
index dbfeb5e90..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAIDHTTPPostEncoder.java
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.opemsaml;
-
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.OutputStreamWriter;
-import java.io.Writer;
-
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
-import org.opensaml.common.binding.SAMLMessageContext;
-import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.transport.http.HTTPOutTransport;
-import org.opensaml.ws.transport.http.HTTPTransportUtils;
-
-import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class MOAIDHTTPPostEncoder extends HTTPPostEncoder {
-
-	private VelocityEngine velocityEngine;
-	private IGUIBuilderConfiguration guiConfig;
-	private GUIFormBuilderImpl guiBuilder;
-	
-	/**
-	 * @param engine
-	 * @param templateId
-	 */
-	public MOAIDHTTPPostEncoder(IGUIBuilderConfiguration guiConfig, GUIFormBuilderImpl guiBuilder, VelocityEngine engine) {
-		super(engine, null);
-		this.velocityEngine = engine;
-		this.guiConfig = guiConfig;
-		this.guiBuilder = guiBuilder;
-		
-	}
-
-    /**
-     * Base64 and POST encodes the outbound message and writes it to the outbound transport.
-     * 
-     * @param messageContext current message context
-     * @param endpointURL endpoint URL to which to encode message
-     * 
-     * @throws MessageEncodingException thrown if there is a problem encoding the message
-     */
-    protected void postEncode(SAMLMessageContext messageContext, String endpointURL) throws MessageEncodingException {
-        Logger.debug("Invoking Velocity template to create POST body");
-        InputStream is = null;
-        try {        	
-        	//build Velocity Context from GUI input paramters
-			VelocityContext context = guiBuilder.generateVelocityContextFromConfiguration(guiConfig);
-        	
-			//load template
-			is = guiBuilder.getTemplateInputStream(guiConfig);
-						
-			//populate velocity context with SAML2 parameters
-            populateVelocityContext(context, messageContext, endpointURL);
-
-            //populate transport parameter
-            HTTPOutTransport outTransport = (HTTPOutTransport) messageContext.getOutboundMessageTransport();
-            HTTPTransportUtils.addNoCacheHeaders(outTransport);
-            HTTPTransportUtils.setUTF8Encoding(outTransport);
-            HTTPTransportUtils.setContentType(outTransport, "text/html");
-
-            //evaluate template and write content to response
-            Writer out = new OutputStreamWriter(outTransport.getOutgoingStream(), "UTF-8");                        
-            velocityEngine.evaluate(context, out, "SAML2_POST_BINDING", new BufferedReader(new InputStreamReader(is)));            
-            out.flush();
-            
-        } catch (Exception e) {
-            Logger.error("Error invoking Velocity template", e);
-            throw new MessageEncodingException("Error creating output document", e);
-            
-        } finally {
-			if (is != null) {
-				try {
-					is.close();
-					
-				} catch (IOException e) {
-					Logger.error("Can NOT close GUI-Template InputStream.", e);
-				}
-			}
-        	
-		}
-    }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAKeyStoreX509CredentialAdapter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAKeyStoreX509CredentialAdapter.java
deleted file mode 100644
index 81afcfbc1..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAKeyStoreX509CredentialAdapter.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.opemsaml;
-
-import java.security.KeyStore;
-
-import org.opensaml.xml.security.x509.X509Credential;
-
-
-/**
- * @author tlenz
- *
- */
-public class MOAKeyStoreX509CredentialAdapter extends
-		org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter {
-
-	/**
-	 * @param store
-	 * @param alias
-	 * @param password
-	 */
-	public MOAKeyStoreX509CredentialAdapter(KeyStore store, String alias,
-			char[] password) {
-		super(store, alias, password);
-	}
-	
-	public Class<? extends X509Credential> getCredentialType() {
-		return X509Credential.class;
-	}
-	
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java
deleted file mode 100644
index acbb67b34..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/opemsaml/MOAStringRedirectDeflateEncoder.java
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.opemsaml;
-
-import org.opensaml.common.binding.SAMLMessageContext;
-import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
-import org.opensaml.ws.message.MessageContext;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class MOAStringRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder {
-
-	private String redirectURL = null;
-	
-	public void encode(MessageContext messageContext)
-			throws MessageEncodingException {
-		if (!(messageContext instanceof SAMLMessageContext)) {
-			Logger.error("Invalid message context type, this encoder only support SAMLMessageContext");
-			throw new MessageEncodingException(
-					"Invalid message context type, this encoder only support SAMLMessageContext");
-		}
-
-		//load default PVP security configurations
-		MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-		
-		SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext;
-
-		String endpointURL = getEndpointURL(samlMsgCtx).buildURL();
-
-		setResponseDestination(samlMsgCtx.getOutboundSAMLMessage(), endpointURL);
-
-		removeSignature(samlMsgCtx);
-
-		String encodedMessage = deflateAndBase64Encode(samlMsgCtx
-				.getOutboundSAMLMessage());
-
-		redirectURL = buildRedirectURL(samlMsgCtx, endpointURL,
-				encodedMessage);
-	}
-
-	/**
-	 * @return the redirectURL
-	 */
-	public String getRedirectURL() {
-		return redirectURL;
-	}
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index ac3828750..b2a2aad88 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -33,12 +33,12 @@ import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
index c17f1a4dd..9e7f18842 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java
@@ -51,6 +51,20 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.AuthResponseBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.PVP2AssertionBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.SoapBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.auth.builder.DynamicOAAuthParameterBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
@@ -62,22 +76,11 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionSto
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.data.Trible;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -98,6 +101,8 @@ public class AttributQueryAction implements IAction {
 	
 	@Autowired private AttributQueryBuilder attributQueryBuilder;
 	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
+	@Autowired(required=true) IPVP2BasicConfiguration pvpBasicConfiguration;
+	@Autowired(required=true) PVP2AssertionBuilder assertionBuilder;
 	
 	private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList(
 			new String[]{PVPConstants.EID_STORK_TOKEN_NAME});	
@@ -114,11 +119,11 @@ public class AttributQueryAction implements IAction {
 	@Override
 	public SLOInformationInterface processRequest(IRequest pendingReq,
 			HttpServletRequest httpReq, HttpServletResponse httpResp,
-			IAuthData authData) throws MOAIDException {
+			IAuthData authData) throws EAAFException {
 		
-		if (pendingReq instanceof PVPTargetConfiguration && 
-				((PVPTargetConfiguration) pendingReq).getRequest() instanceof MOARequest && 
-				((MOARequest)((PVPTargetConfiguration) pendingReq).getRequest()).getSamlRequest() instanceof AttributeQuery) {
+		if (pendingReq instanceof PVPSProfilePendingRequest && 
+				((PVPSProfilePendingRequest) pendingReq).getRequest() instanceof PVPSProfileRequest && 
+				((PVPSProfileRequest)((PVPSProfilePendingRequest) pendingReq).getRequest()).getSamlRequest() instanceof AttributeQuery) {
 			
 			//set time reference
 			DateTime date = new DateTime();
@@ -136,7 +141,7 @@ public class AttributQueryAction implements IAction {
 						authenticationSessionStorage.searchInterfederatedIDPFORAttributeQueryWithSessionID(moaSession.getSSOSessionID());
 			
 				AttributeQuery attrQuery = 
-						(AttributeQuery)((MOARequest)((PVPTargetConfiguration) pendingReq).getRequest()).getSamlRequest();
+						(AttributeQuery)((PVPSProfileRequest)((PVPSProfilePendingRequest) pendingReq).getRequest()).getSamlRequest();
 													
 				//build PVP 2.1 response-attribute information for this AttributQueryRequest
 				Trible<List<Attribute>, Date, String> responseInfo = 
@@ -148,10 +153,9 @@ public class AttributQueryAction implements IAction {
 				
 				//build PVP 2.1 assertion
 								
-				String issuerEntityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(
-						pendingReq.getAuthURL());
+				String issuerEntityID = pvpBasicConfiguration.getIDPEntityId(pendingReq.getAuthURL());
 				
-				Assertion assertion = PVP2AssertionBuilder.buildAssertion(issuerEntityID, 
+				Assertion assertion = assertionBuilder.buildAssertion(issuerEntityID, 
 						attrQuery, responseInfo.getFirst(), date, new DateTime(responseInfo.getSecond().getTime()), 
 						responseInfo.getThird(), authData.getSessionIndex());
 				
@@ -201,16 +205,16 @@ public class AttributQueryAction implements IAction {
 	 */
 	@Override
 	public String getDefaultActionName() {
-		return PVP2XProtocol.ATTRIBUTEQUERY;
+		return at.gv.egiz.eaaf.modules.pvp2.PVPConstants.ATTRIBUTEQUERY;
 	}
 	
 	private Trible<List<Attribute>, Date, String> buildResponseInformationForAttributQuery(IRequest pendingReq, 
-            AuthenticationSession session, List<Attribute> reqAttributes, InterfederationSessionStore nextIDPInformation) throws MOAIDException {		
+            AuthenticationSession session, List<Attribute> reqAttributes, InterfederationSessionStore nextIDPInformation) throws MOAIDException, AssertionAttributeExtractorExeption, AttributQueryException, AssertionValidationExeption {		
 		try {
 			//mark AttributeQuery as used if it exists
-			if ( pendingReq instanceof PVPTargetConfiguration && 
-					((PVPTargetConfiguration) pendingReq).getRequest() instanceof MOARequest &&
-					((PVPTargetConfiguration) pendingReq).getRequest().getInboundMessage() instanceof AttributeQuery) {				
+			if ( pendingReq instanceof PVPSProfileRequest && 
+					((PVPSProfilePendingRequest) pendingReq).getRequest() instanceof PVPSProfileRequest &&
+					((PVPSProfilePendingRequest) pendingReq).getRequest().getInboundMessage() instanceof AttributeQuery) {				
 				
 				authenticationSessionStorage.markOAWithAttributeQueryUsedFlag(session, pendingReq.getSPEntityId(), pendingReq.requestedModule());
 			}
@@ -218,7 +222,7 @@ public class AttributQueryAction implements IAction {
 			//build OnlineApplication dynamic from requested attributes (AttributeQuerry Request) and configuration
 			IOAAuthParameters spConfig = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(reqAttributes);
 			
-			//search federated IDP information for this MOASession
+			//search federated IDP information for this MOASession 
 			if (nextIDPInformation != null) {				
 				Logger.info("Find active federated IDP information."
 					+ ". --> Request next IDP:" + nextIDPInformation.getIdpurlprefix() 
@@ -354,9 +358,11 @@ public class AttributQueryAction implements IAction {
 	 * @return 
 	 * @return PVP attribute DAO, which contains all received information
 	 * @throws MOAIDException
+	 * @throws AttributQueryException 
+	 * @throws AssertionValidationExeption 
 	 */
 	public AssertionAttributeExtractor getAuthDataFromAttributeQuery(List<Attribute> reqQueryAttr,
-			String userNameID, IOAAuthParameters idpConfig, String spEntityID) throws MOAIDException{
+			String userNameID, IOAAuthParameters idpConfig, String spEntityID) throws MOAIDException, AttributQueryException, AssertionValidationExeption{
 		String idpEnityID = idpConfig.getPublicURLPrefix();
 		
 		try {		
@@ -407,7 +413,7 @@ public class AttributQueryAction implements IAction {
 						new Object[]{idpEnityID, "Receive AttributeQuery response-body include no PVP 2.1 response"});
 			
 			}
-				 										
+				 								 		
 		} catch (SOAPException e) {
 			throw new BuildException("builder.06", null, e);
 			
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
deleted file mode 100644
index 43c860488..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ /dev/null
@@ -1,151 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.joda.time.DateTime;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.xml.security.SecurityException;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.idp.IAction;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-
-@Service("PVPAuthenticationRequestAction")
-public class AuthenticationAction implements IAction {
-	@Autowired IDPCredentialProvider pvpCredentials; 
-	@Autowired AuthConfiguration authConfig;
-	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
-	@Autowired(required=true) ApplicationContext springContext;
-	
-	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
-			HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
-		
-		PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req;
-		
-		//get basic information
-		MOARequest moaRequest = (MOARequest) pvpRequest.getRequest();
-		AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest();
-		EntityDescriptor peerEntity = moaRequest.getEntityMetadata(metadataProvider);		
-		
-		AssertionConsumerService consumerService = 
-				SAML2Utils.createSAMLObject(AssertionConsumerService.class);
-		consumerService.setBinding(pvpRequest.getBinding());
-		consumerService.setLocation(pvpRequest.getConsumerURL());
-				
-		DateTime date = new DateTime();
-		
-		SLOInformationImpl sloInformation = new SLOInformationImpl();
-
-		//change to entity value from entity name to IDP EntityID (URL)
-//		String issuerEntityID = pvpRequest.getAuthURL();
-//		if (issuerEntityID.endsWith("/"))
-//			issuerEntityID = issuerEntityID.substring(0, issuerEntityID.length()-1);
-
-		String issuerEntityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(
-				pvpRequest.getAuthURL());
-		
-		//build Assertion
-		Assertion assertion = PVP2AssertionBuilder.buildAssertion(issuerEntityID, pvpRequest, authnRequest, authData, 
-				peerEntity, date, consumerService, sloInformation);
-		
-		Response authResponse = AuthResponseBuilder.buildResponse(
-				metadataProvider, issuerEntityID, authnRequest, 
-				date, assertion, authConfig.isPVP2AssertionEncryptionActive());
-							
-		IEncoder binding = null;
-
-		if (consumerService.getBinding().equals(
-				SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
-			binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
-						
-		} else if (consumerService.getBinding().equals(
-				SAMLConstants.SAML2_POST_BINDING_URI)) {
-			binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
-			
-		}
-
-		if (binding == null) {
-			throw new BindingNotSupportedException(consumerService.getBinding());
-		}
-		
-		try {
-			binding.encodeRespone(httpReq, httpResp, authResponse, 
-					consumerService.getLocation(), moaRequest.getRelayState(),
-					pvpCredentials.getIDPAssertionSigningCredential(), req);
-
-			//set protocol type
-			sloInformation.setProtocolType(req.requestedModule());
-			sloInformation.setSpEntityID(req.getServiceProviderConfiguration().getUniqueIdentifier());
-			return sloInformation;
-			
-		} catch (MessageEncodingException e) {
-			Logger.error("Message Encoding exception", e);
-			throw new MOAIDException("pvp2.01", null, e);
-			
-		} catch (SecurityException e) {
-			Logger.error("Security exception", e);
-			throw new MOAIDException("pvp2.01", null, e);
-
-		}
-		
-	}
-
-	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
-			HttpServletResponse httpResp) {
-		return true;
-	}
-
-	public String getDefaultActionName() {
-		return "PVPAuthenticationRequestAction";
-		
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
deleted file mode 100644
index 76956b5a8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ /dev/null
@@ -1,93 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import com.google.common.net.MediaType;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.idp.IAction;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
-import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IDPPVPMetadataConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-@Service("pvpMetadataService")
-public class MetadataAction implements IAction {
-
-	
-
-	@Autowired private IRevisionLogger revisionsLogger; 
-	@Autowired private IDPCredentialProvider credentialProvider;
-	@Autowired private PVPMetadataBuilder metadatabuilder;
-	
-	public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq,
-			HttpServletResponse httpResp, IAuthData authData) throws MOAIDException {
-		try {
-			revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_PVP_METADATA);
-			
-			//build metadata
-			IPVPMetadataBuilderConfiguration metadataConfig = 
-					new IDPPVPMetadataConfiguration(req.getAuthURLWithOutSlash(), credentialProvider);
-			
-			String metadataXML = metadatabuilder.buildPVPMetadata(metadataConfig);			
-			Logger.debug("METADATA: " + metadataXML);
-					
-			byte[] content = metadataXML.getBytes("UTF-8");
-			httpResp.setStatus(HttpServletResponse.SC_OK);
-			httpResp.setContentLength(content.length);
-			httpResp.setContentType(MediaType.XML_UTF_8.toString());
-			httpResp.getOutputStream().write(content);			
-			return null;
-			
-		} catch (Exception e) {
-			Logger.error("Failed to generate metadata", e);
-			throw new MOAIDException("pvp2.13", null);
-		} 
-	}
-
-	public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
-			HttpServletResponse httpResp) {
-		return false;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
-	 */
-	@Override
-	public String getDefaultActionName() {
-		return "IDP - PVP Metadata action";
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
deleted file mode 100644
index 176b1af43..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ /dev/null
@@ -1,835 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x;
-
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.util.Arrays;
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-import org.joda.time.DateTime;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.AttributeQuery;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.LogoutRequest;
-import org.opensaml.saml2.core.LogoutResponse;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.Status;
-import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.core.StatusMessage;
-import org.opensaml.saml2.core.impl.AuthnRequestImpl;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.ws.security.SecurityPolicyException;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.x509.X509Credential;
-import org.opensaml.xml.signature.SignableXMLObject;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
-import at.gv.egiz.eaaf.core.exceptions.EAAFException;
-import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
-import at.gv.egiz.eaaf.core.exceptions.NoPassivAuthenticationException;
-import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException;
-import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
-import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityLogAdapter;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
- 
-@Controller
-public class PVP2XProtocol extends AbstractAuthProtocolModulController implements IModulInfo {
-
-	@Autowired IDPCredentialProvider pvpCredentials;
-	@Autowired SAMLVerificationEngineSP samlVerificationEngine;
-	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
-	
-	@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
-	
-	public static final String NAME = PVP2XProtocol.class.getName();
-	public static final String PATH = "id_pvp2x";
-
-	public static final String REDIRECT = "Redirect";
-	public static final String POST = "Post";
-	public static final String SOAP = "Soap";
-	public static final String METADATA = "Metadata";
-	public static final String ATTRIBUTEQUERY = "AttributeQuery";
-	public static final String SINGLELOGOUT = "SingleLogOut";
-	
-	public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList(
-			new String[] {
-					PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME
-			});
-	
-	static {			
-		new VelocityLogAdapter();
-		
-	}
-
-	public String getName() {
-		return NAME;
-	}
-
-	public String getPath() {
-		return PATH;
-	}
-	
-	public PVP2XProtocol() {
-		super();
-	} 
-		
-	//PVP2.x metadata end-point
-	@RequestMapping(value = "/pvp2/metadata", method = {RequestMethod.POST, RequestMethod.GET})
-	public void PVPMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
-//		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
-//			Logger.info("PVP2.1 is deaktivated!");
-//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
-//			
-//		}
-		
-		//create pendingRequest object
-		PVPTargetConfiguration pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
-		pendingReq.initialize(req, authConfig);
-		pendingReq.setModule(NAME);
-		
-		revisionsLogger.logEvent(
-				pendingReq.getUniqueSessionIdentifier(), 
-				pendingReq.getUniqueTransactionIdentifier(), 
-				MOAIDEventConstants.TRANSACTION_IP, 
-				req.getRemoteAddr());
-				
-		MetadataAction metadataAction = applicationContext.getBean(MetadataAction.class);
-		metadataAction.processRequest(pendingReq, 
-				req, resp, null);
-		
-	}
-	
-	//PVP2.x IDP POST-Binding end-point
-	@RequestMapping(value = "/pvp2/post", method = {RequestMethod.POST})
-	public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
-//		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
-//			Logger.info("PVP2.1 is deaktivated!");
-//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
-//			
-//		}
-		
-		PVPTargetConfiguration pendingReq = null;
-		
-		try {
-			//create pendingRequest object
-			pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
-			pendingReq.initialize(req, authConfig);
-			pendingReq.setModule(NAME);
-			
-			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
-			revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());						
-			revisionsLogger.logEvent(
-					pendingReq.getUniqueSessionIdentifier(), 
-					pendingReq.getUniqueTransactionIdentifier(), 
-					MOAIDEventConstants.TRANSACTION_IP, 
-					req.getRemoteAddr());
-			
-			//get POST-Binding decoder implementation
-			InboundMessage msg = (InboundMessage) new PostBinding().decode(
-					req, resp, metadataProvider, false,
-					new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(pendingReq.getAuthURL())));
-			pendingReq.setRequest(msg);
-						
-			//preProcess Message
-			preProcess(req, resp, pendingReq);
-						
-		} catch (SecurityPolicyException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
-			
-		} catch (SecurityException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
-		
-		} catch (MOAIDException e) {
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw e;
-			
-		} catch (Throwable e) {			
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()});
-		}					
-	}
-	
-	//PVP2.x IDP Redirect-Binding end-point
-	@RequestMapping(value = "/pvp2/redirect", method = {RequestMethod.GET})
-	public void PVPIDPRedirecttRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
-		if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isPVP21Active()) {
-			Logger.info("PVP2.1 is deaktivated!");
-			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
-			
-		}
-		PVPTargetConfiguration pendingReq = null;
-		try {
-			//create pendingRequest object
-			pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
-			pendingReq.initialize(req, authConfig);
-			pendingReq.setModule(NAME);
-			
-			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
-			revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());						
-			revisionsLogger.logEvent(
-					pendingReq.getUniqueSessionIdentifier(), 
-					pendingReq.getUniqueTransactionIdentifier(), 
-					MOAIDEventConstants.TRANSACTION_IP, 
-					req.getRemoteAddr());
-			
-			//get POST-Binding decoder implementation
-			InboundMessage msg = (InboundMessage) new RedirectBinding().decode(
-					req, resp, metadataProvider, false,
-					new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService(pendingReq.getAuthURL())));
-			pendingReq.setRequest(msg);
-			
-			//preProcess Message
-			preProcess(req, resp, pendingReq);
-						
-		} catch (SecurityPolicyException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
-			
-		} catch (SecurityException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
-			
-		} catch (MOAIDException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.info("Receive INVALID protocol request: " + samlRequest);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw e;
-						
-		} catch (Throwable e) {			
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-						
-			throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()});
-		}					
-	}
-	
-	
-	//PVP2.x IDP SOAP-Binding end-point
-	@RequestMapping(value = "/pvp2/soap", method = {RequestMethod.POST})
-	public void PVPIDPSOAPRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException {
-//		if (!authConfig.getAllowedProtocols().isPVP21Active()) {
-//			Logger.info("PVP2.1 is deaktivated!");
-//			throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }, "PVP2.1 is deaktivated!");
-//			
-//		}
-				
-		PVPTargetConfiguration pendingReq = null;
-		try {
-			//create pendingRequest object
-			pendingReq = applicationContext.getBean(PVPTargetConfiguration.class);
-			pendingReq.initialize(req, authConfig);
-			pendingReq.setModule(NAME);
-			
-			revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier());
-			revisionsLogger.logEvent(MOAIDEventConstants.TRANSACTION_CREATED, pendingReq.getUniqueTransactionIdentifier());						
-			revisionsLogger.logEvent(
-					pendingReq.getUniqueSessionIdentifier(), 
-					pendingReq.getUniqueTransactionIdentifier(), 
-					MOAIDEventConstants.TRANSACTION_IP, 
-					req.getRemoteAddr());
-			
-			//get POST-Binding decoder implementation
-			InboundMessage msg = (InboundMessage) new SoapBinding().decode(
-					req, resp, metadataProvider, false,
-					new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService(pendingReq.getAuthURL())));
-			pendingReq.setRequest(msg);
-			
-			//preProcess Message
-			preProcess(req, resp, pendingReq);
-						
-		} catch (SecurityPolicyException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-						
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, e.getMessage());
-			
-		} catch (SecurityException e) {
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, e.getMessage());
-		
-		} catch (MOAIDException e) {			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw e;
-						
-		} catch (Throwable e) {			
-			String samlRequest = req.getParameter("SAMLRequest");			
-			Logger.warn("Receive INVALID protocol request: " + samlRequest, e);
-			
-			//write revision log entries
-			if (pendingReq != null)
-				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR, pendingReq.getUniqueTransactionIdentifier());
-			
-			throw new MOAIDException("pvp2.24", new Object[] {e.getMessage()});
-		}					
-	}
-	
-	
-	
-	private void preProcess(HttpServletRequest request,
-			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable {
-			
-			InboundMessage msg = pendingReq.getRequest();
-		
-			if (MiscUtil.isEmpty(msg.getEntityID())) {
-				throw new InvalidProtocolRequestException("pvp2.20", new Object[] {}, "EntityId is null or empty");
-				
-			}
-			
-			if(!msg.isVerified()) {
-				samlVerificationEngine.verify(msg, 
-						TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
-				msg.setVerified(true);
-								
-			}
-							
-			if (msg instanceof MOARequest && 
-					((MOARequest)msg).getSamlRequest() instanceof AuthnRequest)
-				preProcessAuthRequest(request, response, pendingReq);
-			
-			else if (msg instanceof MOARequest && 
-					((MOARequest)msg).getSamlRequest() instanceof AttributeQuery)
-				preProcessAttributQueryRequest(request, response, pendingReq);
-
-			else if (msg instanceof MOARequest && 
-					((MOARequest)msg).getSamlRequest() instanceof LogoutRequest)
-				preProcessLogOut(request, response, pendingReq);
-			
-			else if (msg instanceof MOAResponse && 
-					((MOAResponse)msg).getResponse() instanceof LogoutResponse)
-				preProcessLogOut(request, response, pendingReq);
-			
-			else {
-				Logger.error("Receive unsupported PVP21 message");
-				throw new MOAIDException("Unsupported PVP21 message", new Object[] {});
-			}
-			
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_TYPE, PATH);
-			
-			//switch to session authentication
-			performAuthentication(request, response, pendingReq);								
-	}
-
-	public boolean generateErrorMessage(Throwable e,
-			HttpServletRequest request, HttpServletResponse response,
-			IRequest protocolRequest) throws Throwable {
-		
-		if(protocolRequest == null) {
-			throw e;
-		}
-		
-		if(!(protocolRequest instanceof PVPTargetConfiguration) ) {
-			throw e;
-		}
-		PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration)protocolRequest;
-		
-		Response samlResponse = 
-				SAML2Utils.createSAMLObject(Response.class);
-		Status status = SAML2Utils.createSAMLObject(Status.class);
-		StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
-		StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
-		
-		String moaError = null;
-		
-		if(e instanceof NoPassivAuthenticationException) {
-			statusCode.setValue(StatusCode.NO_PASSIVE_URI);
-			statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));	
-			
-		} else if (e instanceof NameIDFormatNotSupportedException) {
-			statusCode.setValue(StatusCode.INVALID_NAMEID_POLICY_URI);
-			statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
-
-		} else if (e instanceof SLOException) {
-			//SLOExecpetions only occurs if session information is lost
-			return false;
-			
-		} else if(e instanceof PVP2Exception) {
-			PVP2Exception ex = (PVP2Exception) e;
-			statusCode.setValue(ex.getStatusCodeValue());
-			String statusMessageValue = ex.getStatusMessageValue();
-			if(statusMessageValue != null) {
-				statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue));
-			}						
-			moaError = statusMessager.mapInternalErrorToExternalError(ex.getMessageId());
-			
-		} else {
-			statusCode.setValue(StatusCode.RESPONDER_URI);
-			statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage()));
-			moaError = statusMessager.getResponseErrorCode(e);
-		}
-		
-		
-		if (MiscUtil.isNotEmpty(moaError)) {
-			StatusCode moaStatusCode = SAML2Utils.createSAMLObject(StatusCode.class);
-			moaStatusCode.setValue(moaError);
-			statusCode.setStatusCode(moaStatusCode);
-		}
-		
-		status.setStatusCode(statusCode);
-		if(statusMessage.getMessage() != null) {
-			status.setStatusMessage(statusMessage);
-		}
-		samlResponse.setStatus(status);
-		String remoteSessionID = SAML2Utils.getSecureIdentifier();
-		samlResponse.setID(remoteSessionID);
-
-		samlResponse.setIssueInstant(new DateTime());
-		Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
-		nissuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(
-				pvpRequest.getAuthURL()));
-		nissuer.setFormat(NameID.ENTITY);
-		samlResponse.setIssuer(nissuer);
-		
-		IEncoder encoder = null;
-		
-		if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {			
-			encoder = applicationContext.getBean("PVPRedirectBinding", RedirectBinding.class);
-						
-		} else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI))  {
-			encoder = applicationContext.getBean("PVPPOSTBinding", PostBinding.class);
-			
-		} else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI))  {
-			encoder = applicationContext.getBean("PVPSOAPBinding", SoapBinding.class);
-		}
-
-		if(encoder == null) {
-			// default to redirect binding
-			encoder = new RedirectBinding();
-		}
-
-		String relayState = null;
-		if (pvpRequest.getRequest() != null)
-			relayState = pvpRequest.getRequest().getRelayState();
-		
-		X509Credential signCred = pvpCredentials.getIDPAssertionSigningCredential();
-		
-		encoder.encodeRespone(request, response, samlResponse, pvpRequest.getConsumerURL(), 
-				relayState, signCred, protocolRequest);
-		return true;
-	}
-
-	public boolean validate(HttpServletRequest request,
-			HttpServletResponse response, IRequest pending) {
-		
-		return true;
-	}
-
-	
-	/**
-	 * PreProcess Single LogOut request
-	 * @param request
-	 * @param response
-	 * @param msg
-	 * @return
-	 * @throws EAAFException 
-	 * @throws MOAIDException 
-	 */
-	private void preProcessLogOut(HttpServletRequest request,
-			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws EAAFException {
-
-		InboundMessage inMsg = pendingReq.getRequest();		
-		MOARequest msg;
-		if (inMsg instanceof MOARequest && 
-				((MOARequest)inMsg).getSamlRequest() instanceof LogoutRequest) {
-			//preProcess single logout request from service provider
-			
-			msg = (MOARequest) inMsg;
-			
-			EntityDescriptor metadata = msg.getEntityMetadata(metadataProvider);
-			if(metadata == null) {
-				throw new NoMetadataInformationException();
-			}
-
-			String oaURL = metadata.getEntityID();
-			oaURL = StringEscapeUtils.escapeHtml(oaURL);
-			ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
-			
-			Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding());
-						
-			pendingReq.setSPEntityId(oaURL);
-			pendingReq.setOnlineApplicationConfiguration(oa);
-			pendingReq.setBinding(msg.getRequestBinding());
-			
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_SLO);
-			
-
-						
-		} else if (inMsg instanceof MOAResponse && 
-				((MOAResponse)inMsg).getResponse() instanceof LogoutResponse) {
-			//preProcess single logour response from service provider
-						
-			LogoutResponse resp = (LogoutResponse) (((MOAResponse)inMsg).getResponse());
-			
-			Logger.debug("PreProcess SLO Response from " + resp.getIssuer());
-			
-//			List<String> allowedPublicURLPrefix = authConfig.getIDPPublicURLPrefixes();
-//					AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
-			
-			boolean isAllowedDestination = false;			
-			try {
-				isAllowedDestination = MiscUtil.isNotEmpty(authConfig.validateIDPURL(new URL(resp.getDestination())));
-				
-			} catch (MalformedURLException e) {
-				Logger.info(resp.getDestination() + " is NOT valid. Reason: " + e.getMessage());
-				
-			}
-			
-//			for (String prefix : allowedPublicURLPrefix) {
-//				if (resp.getDestination().startsWith(
-//					prefix)) {
-//					isAllowedDestination = true;
-//					break;
-//				}
-//			}
-						
-			if (!isAllowedDestination) {
-				Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL");
-				throw new AssertionValidationExeption("PVP 2.1 single logout response destination does not match to IDP URL", null);
-				
-			}
-			
-			//TODO: check if relayState exists
-			inMsg.getRelayState();
-						
-						
-		} else 
-			throw new EAAFException("Unsupported request");
-		
-		
-		pendingReq.setRequest(inMsg);
-		pendingReq.setAction(SINGLELOGOUT);
-		
-		//Single LogOut Request needs no authentication 
-		pendingReq.setNeedAuthentication(false);
-		
-		//set protocol action, which should be executed
-		pendingReq.setAction(SingleLogOutAction.class.getName());
-	}
-	
-	/**
-	 * PreProcess AttributeQuery request 
-	 * @param request
-	 * @param response
-	 * @param pendingReq
-	 * @throws Throwable
-	 */
-	private void preProcessAttributQueryRequest(HttpServletRequest request,
-			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable {
-		MOARequest moaRequest = ((MOARequest)pendingReq.getRequest());
-		AttributeQuery attrQuery = (AttributeQuery) moaRequest.getSamlRequest();
-		moaRequest.setEntityID(attrQuery.getIssuer().getValue());
-		
-		//validate destination
-		String destinaten = attrQuery.getDestination();
-		if (!PVPConfiguration.getInstance().getIDPSSOSOAPService(HTTPUtils.extractAuthURLFromRequest(request)).equals(destinaten)) {
-			Logger.warn("AttributeQuery destination does not match IDP AttributeQueryService URL");
-			throw new AttributQueryException("AttributeQuery destination does not match IDP AttributeQueryService URL", null);
-			
-		}
-
-		//check if Issuer is an interfederation IDP		
-		IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(moaRequest.getEntityID(), IOAAuthParameters.class);
-		if (!oa.isInderfederationIDP()) {
-			Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs.");
-			throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null);
-			
-		}
-		
-		if (!oa.isOutboundSSOInterfederationAllowed()) {
-			Logger.warn("Interfederation IDP " + oa.getPublicURLPrefix() + " does not allow outgoing SSO interfederation.");
-			throw new AttributQueryException("Interfederation IDP does not allow outgoing SSO interfederation.", null);
-			
-		}
-					
-		//check active MOASession
-		String nameID = attrQuery.getSubject().getNameID().getValue();			
-		IAuthenticationSession session = authenticatedSessionStorage.getSessionWithUserNameID(nameID);
-		if (session == null) {
-			Logger.warn("AttributeQuery nameID does not match to an active single sign-on session.");
-			throw new AttributQueryException("auth.31", null);
-			
-		}
-		
-		//set preProcessed information into pending-request
-		pendingReq.setRequest(moaRequest);
-		pendingReq.setSPEntityId(moaRequest.getEntityID());
-		pendingReq.setOnlineApplicationConfiguration(oa);
-		pendingReq.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
-		
-		//Attribute-Query Request needs authentication, because session MUST be already authenticated 
-		pendingReq.setNeedAuthentication(false);
-				
-		//set protocol action, which should be executed after authentication
-		pendingReq.setAction(AttributQueryAction.class.getName());
-
-		//add moasession
-		pendingReq.setSSOSessionIdentifier(session.getSSOSessionID());
-				
-		//write revisionslog entry
-		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_ATTRIBUTQUERY);
-		
-		
-	}
-	
-	/**
-	 * PreProcess Authn request
-	 * @param request
-	 * @param response
-	 * @param pendingReq
-	 * @throws Throwable
-	 */
-	private void preProcessAuthRequest(HttpServletRequest request,
-			HttpServletResponse response, PVPTargetConfiguration pendingReq) throws Throwable {
-
-		MOARequest moaRequest = ((MOARequest)pendingReq.getRequest());		
-		SignableXMLObject samlReq =  moaRequest.getSamlRequest();
-
-		if(!(samlReq instanceof AuthnRequest)) {
-			throw new MOAIDException("Unsupported request", new Object[] {});
-		}
-				
-		EntityDescriptor metadata = moaRequest.getEntityMetadata(metadataProvider);
-		if(metadata == null) {
-			throw new NoMetadataInformationException();
-		}
-		SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-		
-		AuthnRequest authnRequest = (AuthnRequest)samlReq;
-		
-		if (authnRequest.getIssueInstant() == null) {
-			Logger.warn("Unsupported request: No IssueInstant Attribute found.");
-			throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant Attribute found.", new Object[] {}, 
-					"Unsupported request: No IssueInstant Attribute found", pendingReq);
-			
-		}
-		
-		if (authnRequest.getIssueInstant().minusMinutes(MOAIDAuthConstants.TIME_JITTER).isAfterNow()) {
-			Logger.warn("Unsupported request: No IssueInstant DateTime is not valid anymore.");
-			throw new AuthnRequestValidatorException("Unsupported request: No IssueInstant DateTime is not valid anymore.", new Object[] {},
-					"Unsupported request: No IssueInstant DateTime is not valid anymore.", pendingReq);
-			
-		}
-			
-		//parse AssertionConsumerService
-		AssertionConsumerService consumerService = null;
-		if (MiscUtil.isNotEmpty(authnRequest.getAssertionConsumerServiceURL()) && 
-				MiscUtil.isNotEmpty(authnRequest.getProtocolBinding())) {
-			//use AssertionConsumerServiceURL from request
-
-			//check requested AssertionConsumingService URL against metadata
-			List<AssertionConsumerService> metadataAssertionServiceList = spSSODescriptor.getAssertionConsumerServices();
-			for (AssertionConsumerService service : metadataAssertionServiceList) {
-				if (authnRequest.getProtocolBinding().equals(service.getBinding())
-						&& authnRequest.getAssertionConsumerServiceURL().equals(service.getLocation())) {
-					consumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class);
-					consumerService.setBinding(authnRequest.getProtocolBinding());
-					consumerService.setLocation(authnRequest.getAssertionConsumerServiceURL());					
-					Logger.debug("Requested AssertionConsumerServiceURL is valid.");
-				}				
-			}
-			
-			if (consumerService == null) {				
-				throw new InvalidAssertionConsumerServiceException(authnRequest.getAssertionConsumerServiceURL());
-				
-			}
-
-
-		} else {
-			//use AssertionConsumerServiceIndex and select consumerService from metadata
-			Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
-			int assertionidx = 0;
-		
-			if(aIdx != null) {
-				assertionidx = aIdx.intValue();
-			
-			} else {				
-				assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor);
-				
-			}		
-			consumerService  = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
-			
-			if (consumerService == null) {			
-				throw new InvalidAssertionConsumerServiceException(aIdx);
-				
-			}			
-		}
-		
-		
-		//select AttributeConsumingService from request
-		AttributeConsumingService attributeConsumer = null;		
-		Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
-		int attributeIdx = 0;
-	
-		if(aIdx != null) {
-			attributeIdx = aIdx.intValue();
-		}
-		
-		if (spSSODescriptor.getAttributeConsumingServices() != null  && 
-				spSSODescriptor.getAttributeConsumingServices().size() > 0) {
-			attributeConsumer  = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
-		} 
-		
-		//validate AuthnRequest
-		AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq;
-		AuthnRequestValidator.validate(authReq);
-		
-//		String useMandate = request.getParameter(PARAM_USEMANDATE);
-//		if(useMandate != null) {
-//			if(useMandate.equals("true") && attributeConsumer != null) {
-//				if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
-//					throw new MandateAttributesNotHandleAbleException();
-//				}
-//			}
-//		}
-						
-		String oaURL = moaRequest.getEntityMetadata(metadataProvider).getEntityID();
-		oaURL = StringEscapeUtils.escapeHtml(oaURL);
-		ISPConfiguration oa = authConfig.getServiceProviderConfiguration(oaURL);
-		
-		Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + consumerService.getBinding());		
-
-		pendingReq.setSPEntityId(oaURL);
-		pendingReq.setOnlineApplicationConfiguration(oa);
-		pendingReq.setBinding(consumerService.getBinding());
-		pendingReq.setRequest(moaRequest);
-		pendingReq.setConsumerURL(consumerService.getLocation());
-		
-		//parse AuthRequest
-		pendingReq.setPassiv(authReq.isPassive());
-		pendingReq.setForce(authReq.isForceAuthn());
-		
-		//AuthnRequest needs authentication
-		pendingReq.setNeedAuthentication(true);
-
-		//set protocol action, which should be executed after authentication
-		pendingReq.setAction(AuthenticationAction.class.getName());
-		
-		//write revisionslog entry
-		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHREQUEST);
-		
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index 67e7a47f3..cdd0b659e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -22,25 +22,9 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x;
 
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import org.opensaml.xml.encryption.EncryptionConstants;
-import org.opensaml.xml.signature.SignatureConstants;
-
-import at.gv.egiz.eaaf.core.api.data.PVPAttributeConstants;
-import at.gv.egovernment.moa.id.data.Trible;
-
-public interface PVPConstants extends PVPAttributeConstants {
+public interface PVPConstants extends at.gv.egiz.eaaf.modules.pvp2.PVPConstants {
 	
 	public static final String SSLSOCKETFACTORYNAME = "MOAMetaDataProvider";
-		
-	public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
-	public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256;
-	public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
-	public static final String DEFAULT_ASYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP;
-	
 	
 	public static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/citizenQAALevel/";
 	public static final String STORK_QAA_1_1 = "http://www.stork.gov.eu/1.0/citizenQAALevel/1";
@@ -52,84 +36,5 @@ public interface PVPConstants extends PVPAttributeConstants {
 	public static final String EIDAS_QAA_LOW = EIDAS_QAA_PREFIX + "low";
 	public static final String EIDAS_QAA_SUBSTANTIAL = EIDAS_QAA_PREFIX + "substantial";
 	public static final String EIDAS_QAA_HIGH = EIDAS_QAA_PREFIX + "high";
-	
-	public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/";
-	
-	
-	
-	
-	public static final String ENTITY_CATEGORY_ATTRIBITE = "http://macedir.org/entity-category";
-	public static final String EGOVTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/egovtoken";
-	public static final String CITIZENTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/citizentoken";
-	
-	/** 
-	 * 
-	 * Get required PVP attributes for egovtoken
-	 * First : PVP attribute name (OID) 
-	 * Second: FriendlyName
-	 * Third: Required
-	 * 
-	 */
-	public static final List<Trible<String, String, Boolean>> EGOVTOKEN_PVP_ATTRIBUTES = 
-			Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
-				private static final long serialVersionUID = 1L;
-				{	
-					//currently supported attributes
-					add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
-					add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
-					
-					//currently not supported attributes
-					add(Trible.newInstance(USERID_NAME, USERID_FRIENDLY_NAME, false));
-					add(Trible.newInstance(GID_NAME, GID_FRIENDLY_NAME, false));
-					add(Trible.newInstance(PARTICIPANT_ID_NAME, PARTICIPANT_ID_FRIENDLY_NAME, false));
-					add(Trible.newInstance(OU_GV_OU_ID_NAME, OU_GV_OU_ID_FRIENDLY_NAME, false));
-					add(Trible.newInstance(OU_NAME, OU_FRIENDLY_NAME, false));
-					add(Trible.newInstance(SECCLASS_NAME, SECCLASS_FRIENDLY_NAME, false));
-					
-					
-				}
-			});
-	
-	/** 
-	 * 
-	 * Get required PVP attributes for citizenToken
-	 * First : PVP attribute name (OID) 
-	 * Second: FriendlyName
-	 * Third: Required
-	 * 
-	 */
-	public static final List<Trible<String, String, Boolean>> CITIZENTOKEN_PVP_ATTRIBUTES = 
-			Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
-				private static final long serialVersionUID = 1L;
-				{	
-					//required attributes - eIDAS minimal-data set
-					add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
-					add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
-					add(Trible.newInstance(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true));
-					add(Trible.newInstance(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, true));
-					add(Trible.newInstance(BPK_NAME, BPK_FRIENDLY_NAME, true));
-					
-					
-					//not required attributes
-					add(Trible.newInstance(EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, false));
-					add(Trible.newInstance(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, false));
-					add(Trible.newInstance(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_TYPE_OID_NAME, MANDATE_TYPE_OID_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_NAME, MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_NAT_PER_BPK_NAME, MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_NAT_PER_GIVEN_NAME_NAME, MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_NAT_PER_FAMILY_NAME_NAME, MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_NAT_PER_BIRTHDATE_NAME, MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_LEG_PER_FULL_NAME_NAME, MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_PROF_REP_OID_NAME, MANDATE_PROF_REP_OID_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_PROF_REP_DESC_NAME, MANDATE_PROF_REP_DESC_FRIENDLY_NAME, false));
-					add(Trible.newInstance(MANDATE_REFERENCE_VALUE_NAME, MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false));
-					
-					
-										
-				}
-			});
-	
+		
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
deleted file mode 100644
index 279d88860..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ /dev/null
@@ -1,133 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x;
-
-import org.springframework.beans.factory.config.BeanDefinition;
-import org.springframework.context.annotation.Scope;
-import org.springframework.stereotype.Component;
-
-import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-
-@Component("PVPTargetConfiguration")
-@Scope(value = BeanDefinition.SCOPE_PROTOTYPE)
-public class PVPTargetConfiguration extends RequestImpl {
-
-	
-	public static final String DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP = "useMinimalFrontChannelResponse";
-	public static final String DATAID_INTERFEDERATION_NAMEID = "federatedNameID";
-	public static final String DATAID_INTERFEDERATION_QAALEVEL = "federatedQAALevel";	
-	
-	public static final String DATAID_INTERFEDERATION_REQUESTID = "authnReqID";
-	
-	private static final long serialVersionUID = 4889919265919638188L;
-	
-	
-	
-	InboundMessage request;
-	String binding;
-	String consumerURL;
-		
-	public InboundMessage getRequest() {
-		return request;
-	}
-
-	public void setRequest(InboundMessage request) {
-		this.request = request;
-	}
-
-	public String getBinding() {
-		return binding;
-	}
-
-	public void setBinding(String binding) {
-		this.binding = binding;
-	}
-
-	public String getConsumerURL() {
-		return consumerURL;
-	}
-
-	public void setConsumerURL(String consumerURL) {
-		this.consumerURL = consumerURL;
-		
-	}
-
-//	/* (non-Javadoc)
-//	 * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes()
-//	 */
-//	@Override
-//	public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) {
-//
-//		Map<String, String> reqAttr = new HashMap<String, String>();
-//		for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION)
-//			reqAttr.put(el, "");
-//						
-//		try {			
-//			SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata(metadataProvider).getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-//			if (spSSODescriptor.getAttributeConsumingServices() != null && 
-//					spSSODescriptor.getAttributeConsumingServices().size() > 0) {
-//							
-//				Integer aIdx = null;
-//				if (getRequest() instanceof MOARequest && 
-//						((MOARequest)getRequest()).getSamlRequest() instanceof AuthnRequestImpl) {					
-//					AuthnRequestImpl authnRequest = (AuthnRequestImpl)((MOARequest)getRequest()).getSamlRequest();					
-//					aIdx = authnRequest.getAttributeConsumingServiceIndex();
-//					
-//				} else {
-//					Logger.error("MOARequest is NOT of type AuthnRequest");
-//				}
-//				
-//				int idx = 0;
-//
-//				AttributeConsumingService attributeConsumingService = null;
-//				
-//				if (aIdx != null) {
-//					idx = aIdx.intValue();
-//					attributeConsumingService = spSSODescriptor
-//							.getAttributeConsumingServices().get(idx);
-//					
-//				} else {
-//					List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
-//					for (AttributeConsumingService el : attrConsumingServiceList) {
-//						if (el.isDefault())
-//							attributeConsumingService = el;
-//					}				
-//				}
-//				
-//				for ( RequestedAttribute attr : attributeConsumingService.getRequestAttributes())
-//					reqAttr.put(attr.getName(), "");
-//			}
-//			
-//			//return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator());
-//			return reqAttr.keySet();
-//			
-//		} catch (NoMetadataInformationException e) {
-//			Logger.warn("NO metadata found for Entity " + getRequest().getEntityID());
-//			return null;
-//					
-//		}
-//		
-//	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index 6b945d692..ab88a765e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -44,7 +44,11 @@ import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.SLOException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
@@ -55,9 +59,6 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -86,12 +87,12 @@ public class SingleLogOutAction implements IAction {
 			HttpServletRequest httpReq, HttpServletResponse httpResp,
 			IAuthData authData) throws EAAFException {
 
-		PVPTargetConfiguration pvpReq = (PVPTargetConfiguration) req;  
+		PVPSProfilePendingRequest pvpReq = (PVPSProfilePendingRequest) req;  
 
-		if (pvpReq.getRequest() instanceof MOARequest &&
-				((MOARequest)pvpReq.getRequest()).getSamlRequest() instanceof LogoutRequest) {
+		if (pvpReq.getRequest() instanceof PVPSProfileRequest &&
+				((PVPSProfileRequest)pvpReq.getRequest()).getSamlRequest() instanceof LogoutRequest) {
 			Logger.debug("Process Single LogOut request");
-			MOARequest samlReq = (MOARequest) pvpReq.getRequest();
+			PVPSProfileRequest samlReq = (PVPSProfileRequest) pvpReq.getRequest();
 			LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
 
 			String ssoSessionId = 
@@ -141,10 +142,10 @@ public class SingleLogOutAction implements IAction {
 			Logger.debug("Starting technical SLO process ... ");
 			sloBuilder.toTechnicalLogout(sloInformationContainer, httpReq, httpResp, null);
 													
-		} else if (pvpReq.getRequest() instanceof MOAResponse &&
-				((MOAResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) {
+		} else if (pvpReq.getRequest() instanceof PVPSProfileResponse &&
+				((PVPSProfileResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) {
 			Logger.debug("Process Single LogOut response");
-			LogoutResponse logOutResp = (LogoutResponse) ((MOAResponse)pvpReq.getRequest()).getResponse();
+			LogoutResponse logOutResp = (LogoutResponse) ((PVPSProfileResponse)pvpReq.getRequest()).getResponse();
 
 			//Transaction tx = null;
 
@@ -236,11 +237,11 @@ public class SingleLogOutAction implements IAction {
 								storageSuccess = true;
 								String redirectURL = null;
 								IRequest sloReq = sloContainer.getSloRequest();
-								if (sloReq != null && sloReq instanceof PVPTargetConfiguration) {
+								if (sloReq != null && sloReq instanceof PVPSProfilePendingRequest) {
 									//send SLO response to SLO request issuer									
-									SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPTargetConfiguration)sloReq);
-									LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPTargetConfiguration)sloReq, sloContainer.getSloFailedOAs());
-									redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, ((PVPTargetConfiguration)sloReq).getRequest().getRelayState());
+									SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor((PVPSProfilePendingRequest)sloReq);
+									LogoutResponse message = sloBuilder.buildSLOResponseMessage(sloService, (PVPSProfilePendingRequest)sloReq, sloContainer.getSloFailedOAs());
+									redirectURL = sloBuilder.getFrontChannelSLOMessageURL(sloService, message, httpReq, httpResp, ((PVPSProfilePendingRequest)sloReq).getRequest().getRelayState());
 
 								} else {
 									//print SLO information directly
@@ -324,7 +325,7 @@ public class SingleLogOutAction implements IAction {
 	 */
 	@Override
 	public String getDefaultActionName() {
-		return PVP2XProtocol.SINGLELOGOUT;
+		return PVPConstants.SINGLELOGOUT;
 	}
 
 	protected static String addURLParameter(String url, String paramname,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
deleted file mode 100644
index 71c5a46a4..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.common.binding.decoding.URIComparator;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
-import org.opensaml.xml.security.SecurityException;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
-
-public interface IDecoder {
-	public InboundMessageInterface decode(HttpServletRequest req, 
-			HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator)
-					throws MessageDecodingException, SecurityException, PVP2Exception;
-		
-	public boolean handleDecode(String action, HttpServletRequest req);
-	
-	public String getSAML2BindingName();
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
deleted file mode 100644
index 409f995fc..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
+++ /dev/null
@@ -1,71 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-
-public interface IEncoder {
-	
-	/**
-	 * 
-	 * @param req The http request
-	 * @param resp The http response
-	 * @param request The SAML2 request object
-	 * @param targetLocation URL, where the request should be transmit
-	 * @param relayState token for session handling
-	 * @param credentials Credential to sign the request object
-	 * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null
-	 * @throws MessageEncodingException
-	 * @throws SecurityException
-	 * @throws PVP2Exception
-	 */
-	public void encodeRequest(HttpServletRequest req, 
-			HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) 
-					throws MessageEncodingException, SecurityException, PVP2Exception;
-	
-	/**
-	 * Encoder SAML Response
-	 * @param req The http request
-	 * @param resp The http response
-	 * @param response The SAML2 repsonse object
-	 * @param targetLocation URL, where the request should be transmit
-	 * @param relayState token for session handling
-	 * @param credentials Credential to sign the response object
-	 * @param pendingReq Internal MOA-ID request object that contains session-state informations but never null
-	 * @throws MessageEncodingException
-	 * @throws SecurityException
-	 */
-	public void encodeRespone(HttpServletRequest req, 
-			HttpServletResponse resp, StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq) 
-					throws MessageEncodingException, SecurityException, PVP2Exception;
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
deleted file mode 100644
index 7bb64a106..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import org.opensaml.common.binding.decoding.URIComparator;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-public class MOAURICompare implements URIComparator {
-
-	/**
-	 * @param idpssoPostService
-	 */
-	
-	private String serviceURL = "";
-	
-	public MOAURICompare(String serviceURL) {
-		this.serviceURL = serviceURL;
-	}
-
-	public boolean compare(String uri1, String uri2) {				
-		if (this.serviceURL.equals(uri1))		
-			return true;
-		
-		else {
-			Logger.warn("PVP request destination-endpoint: " + uri1 
-					+ " does not match to IDP endpoint:" + serviceURL);
-			return false;
-			
-		}
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
deleted file mode 100644
index 998249028..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ /dev/null
@@ -1,240 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.common.binding.decoding.URIComparator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.security.SecurityPolicyResolver;
-import org.opensaml.ws.security.provider.BasicSecurityPolicy;
-import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver;
-import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.parse.BasicParserPool;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
-import at.gv.egovernment.moa.id.auth.frontend.builder.GUIFormBuilderImpl;
-import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.opemsaml.MOAIDHTTPPostEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.validation.MOAPVPSignedRequestPolicyRule;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-@Service("PVPPOSTBinding")
-public class PostBinding implements IDecoder, IEncoder {
-	
-	@Autowired(required=true) AuthConfiguration authConfig;
-	@Autowired(required=true) GUIFormBuilderImpl guiBuilder;
-		
-	public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
-			RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)	
-			throws MessageEncodingException, SecurityException {
-	
-		try {
-//			X509Credential credentials = credentialProvider
-//					.getIDPAssertionSigningCredential();
-		
-			//load default PVP security configurations
-			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-			
-			//initialize POST binding encoder with template decoration
-			IGUIBuilderConfiguration guiConfig = 
-					new SPSpecificGUIBuilderConfigurationWithFileSystemLoad(
-							pendingReq, 
-							"pvp_postbinding_template.html", 
-							MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, 
-							null, 
-							authConfig.getRootConfigFileDir());								
-			MOAIDHTTPPostEncoder encoder = new MOAIDHTTPPostEncoder(guiConfig, guiBuilder,
-					VelocityProvider.getClassPathVelocityEngine());	
-			
-			//set OpenSAML2 process parameter into binding context dao
-			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
-					resp, true);
-			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-			SingleSignOnService service = new SingleSignOnServiceBuilder().buildObject();
-			service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
-			service.setLocation(targetLocation);;
-		
-			context.setOutboundSAMLMessageSigningCredential(credentials);
-			context.setPeerEntityEndpoint(service);
-			context.setOutboundSAMLMessage(request);
-			context.setOutboundMessageTransport(responseAdapter);
-			context.setRelayState(relayState);
-
-			encoder.encode(context);
-			
-//		} catch (CredentialsNotAvailableException e) {
-//			e.printStackTrace();
-//			throw new SecurityException(e);
-		} catch (Exception e) {
-			e.printStackTrace();
-			throw new SecurityException(e);
-		}
-	}
-
-	public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
-			StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
-			throws MessageEncodingException, SecurityException {
-
-		try {
-			//load default PVP security configurations
-			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-			
-			Logger.debug("create SAML POSTBinding response");
-			
-			//initialize POST binding encoder with template decoration
-			IGUIBuilderConfiguration guiConfig = 
-					new SPSpecificGUIBuilderConfigurationWithFileSystemLoad(
-							pendingReq, 
-							"pvp_postbinding_template.html", 
-							MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, 
-							null, 
-							authConfig.getRootConfigFileDir());								
-			MOAIDHTTPPostEncoder encoder = new MOAIDHTTPPostEncoder(guiConfig, guiBuilder,
-					VelocityProvider.getClassPathVelocityEngine());	
-			
-			//set OpenSAML2 process parameter into binding context dao			
-			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
-					resp, true);
-			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-			SingleSignOnService service = new SingleSignOnServiceBuilder()
-					.buildObject();
-			service.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
-			service.setLocation(targetLocation);
-			context.setOutboundSAMLMessageSigningCredential(credentials);			
-			context.setPeerEntityEndpoint(service);
-			// context.setOutboundMessage(authReq);
-			context.setOutboundSAMLMessage(response);
-			context.setOutboundMessageTransport(responseAdapter);
-			context.setRelayState(relayState);
-
-			encoder.encode(context);
-//		} catch (CredentialsNotAvailableException e) {
-//			e.printStackTrace();
-//			throw new SecurityException(e);
-		} catch (Exception e) {
-			e.printStackTrace();
-			throw new SecurityException(e);
-		}
-	}
-
-	public InboundMessageInterface decode(HttpServletRequest req,
-			HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
-			SecurityException {
-
-		HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
-		BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-		messageContext
-				.setInboundMessageTransport(new HttpServletRequestAdapter(req));
-		//set metadata descriptor type
-		if (isSPEndPoint) {
-			messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-			decode.setURIComparator(comparator);
-			
-		} else {
-			messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-			decode.setURIComparator(comparator);
-		}
-							
-		messageContext.setMetadataProvider(metadataProvider);
-		
-		//set security policy context
-		BasicSecurityPolicy policy = new BasicSecurityPolicy();
-		policy.getPolicyRules().add(
-				new MOAPVPSignedRequestPolicyRule(metadataProvider,
-						TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider),
-						messageContext.getPeerEntityRole()));		
-		SecurityPolicyResolver secResolver = new StaticSecurityPolicyResolver(policy);
-		messageContext.setSecurityPolicyResolver(secResolver);
-		
-		decode.decode(messageContext);
-		
-		InboundMessage msg = null;		
-		if (messageContext.getInboundMessage() instanceof RequestAbstractType) {			
-			RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
-					.getInboundMessage();			
-			msg = new MOARequest(inboundMessage, getSAML2BindingName());
-			msg.setEntityID(inboundMessage.getIssuer().getValue());
-			
-		} else if (messageContext.getInboundMessage() instanceof StatusResponseType){
-			StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage();
-			msg = new MOAResponse(inboundMessage);
-			msg.setEntityID(inboundMessage.getIssuer().getValue());
-			
-		} else
-			//create empty container if request type is unknown
-			msg = new InboundMessage();
-				
-		if (messageContext.getPeerEntityMetadata() != null)
-			msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
-		
-		else {
-			if (MiscUtil.isEmpty(msg.getEntityID()))
-				Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
-		}
-				
-
-		msg.setVerified(true);
-		msg.setRelayState(messageContext.getRelayState());
-		
-		return msg;
-	}
-
-	public boolean handleDecode(String action, HttpServletRequest req) {
-		return (req.getMethod().equals("POST") && action.equals(PVP2XProtocol.POST));
-	}
-	
-	public String getSAML2BindingName() {
-		return SAMLConstants.SAML2_POST_BINDING_URI;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
deleted file mode 100644
index caebd456b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ /dev/null
@@ -1,244 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.common.binding.decoding.URIComparator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder;
-import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
-import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.security.SecurityPolicyResolver;
-import org.opensaml.ws.security.provider.BasicSecurityPolicy;
-import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver;
-import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.parse.BasicParserPool;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.validation.MOASAML2AuthRequestSignedRole;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-@Service("PVPRedirectBinding")
-public class RedirectBinding implements IDecoder, IEncoder {
-	
-	public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
-			RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
-			throws MessageEncodingException, SecurityException {
-		
-//		try {
-//			X509Credential credentials = credentialProvider
-//					.getIDPAssertionSigningCredential();
-
-			//load default PVP security configurations
-			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-			
-			Logger.debug("create SAML RedirectBinding response");
-			
-			HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
-			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
-					resp, true);
-			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-			SingleSignOnService service = new SingleSignOnServiceBuilder()
-					.buildObject();
-			service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			service.setLocation(targetLocation);
-			context.setOutboundSAMLMessageSigningCredential(credentials);
-			context.setPeerEntityEndpoint(service);
-			context.setOutboundSAMLMessage(request);
-			context.setOutboundMessageTransport(responseAdapter);
-			context.setRelayState(relayState);
-
-			encoder.encode(context);
-//		} catch (CredentialsNotAvailableException e) {
-//			e.printStackTrace();
-//			throw new SecurityException(e);
-//		}
-	}
-
-	public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
-			StatusResponseType response, String targetLocation, String relayState, 
-			Credential credentials, IRequest pendingReq) throws MessageEncodingException, SecurityException {
-//		try {
-//			X509Credential credentials = credentialProvider
-//					.getIDPAssertionSigningCredential();
-
-			//load default PVP security configurations
-			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-			
-			Logger.debug("create SAML RedirectBinding response");
-			
-			HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
-			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
-					resp, true);
-			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-			SingleSignOnService service = new SingleSignOnServiceBuilder()
-					.buildObject();
-			service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			service.setLocation(targetLocation);
-			context.setOutboundSAMLMessageSigningCredential(credentials);
-			context.setPeerEntityEndpoint(service);
-			context.setOutboundSAMLMessage(response);
-			context.setOutboundMessageTransport(responseAdapter);
-			context.setRelayState(relayState);
-			
-			encoder.encode(context);
-//		} catch (CredentialsNotAvailableException e) {
-//			e.printStackTrace();
-//			throw new SecurityException(e);
-//		}
-	}
-
-	public InboundMessageInterface decode(HttpServletRequest req,
-			HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
-			SecurityException {
-
-		HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
-				new BasicParserPool());
-		
-		BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-		messageContext
-				.setInboundMessageTransport(new HttpServletRequestAdapter(req));
-		
-		//set metadata descriptor type
-		if (isSPEndPoint) {
-			messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-			decode.setURIComparator(comparator);
-			
-		} else {
-			messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-			decode.setURIComparator(comparator);
-		}
-							
-		messageContext.setMetadataProvider(metadataProvider);
-				
-		SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
-				TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
-		MOASAML2AuthRequestSignedRole signedRole = new MOASAML2AuthRequestSignedRole();
-		BasicSecurityPolicy policy = new BasicSecurityPolicy();
-		policy.getPolicyRules().add(signedRole);
-		policy.getPolicyRules().add(signatureRule);		
-		SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
-				policy);		
-		messageContext.setSecurityPolicyResolver(resolver);
-		
-		//set metadata descriptor type
-		if (isSPEndPoint)
-			messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-		else
-			messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-		
-		try {		
-			decode.decode(messageContext);		
-
-			//check signature
-			signatureRule.evaluate(messageContext);
-			
-		} catch (SecurityException e) {
-			if (MiscUtil.isEmpty(messageContext.getInboundMessageIssuer())) {
-				throw e;
-			
-			}
-			
-			if (metadataProvider instanceof IMOARefreshableMetadataProvider) {
-				Logger.debug("PVP2X message validation FAILED. Reload metadata for entityID: " + messageContext.getInboundMessageIssuer());
-				if (!((IMOARefreshableMetadataProvider) metadataProvider).refreshMetadataProvider(messageContext.getInboundMessageIssuer()))
-					throw e;
-				
-				else {
-					Logger.trace("PVP2X metadata reload finished. Check validate message again.");
-					decode.decode(messageContext);		
-
-					//check signature
-					signatureRule.evaluate(messageContext);					
-										
-				}
-				Logger.trace("Second PVP2X message validation finished");
-				
-			} else {
-				throw e;
-				
-			}
-		}		
-					
-		InboundMessage msg = null;
-		if (messageContext.getInboundMessage() instanceof RequestAbstractType) {			
-			RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
-					.getInboundMessage();			
-			msg = new MOARequest(inboundMessage, getSAML2BindingName());
-			
-			
-		} else if (messageContext.getInboundMessage() instanceof StatusResponseType){
-			StatusResponseType inboundMessage = (StatusResponseType) messageContext.getInboundMessage();			
-			msg = new MOAResponse(inboundMessage);
-			
-		} else 
-			//create empty container if request type is unknown
-			msg = new InboundMessage();
-
-		if (messageContext.getPeerEntityMetadata() != null)
-			msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
-		
-		else
-			Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer());
-		
-		msg.setVerified(true);
-		msg.setRelayState(messageContext.getRelayState());
-		
-		return msg;
-	}
-
-	public boolean handleDecode(String action, HttpServletRequest req) {
-		return ((action.equals(PVP2XProtocol.REDIRECT) || action.equals(PVP2XProtocol.SINGLELOGOUT)) 
-				&& req.getMethod().equals("GET"));
-	}
-	
-	public String getSAML2BindingName() {
-		return SAMLConstants.SAML2_REDIRECT_BINDING_URI;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
deleted file mode 100644
index 2b4374a64..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ /dev/null
@@ -1,176 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
-
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opensaml.common.SAMLObject;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.common.binding.decoding.URIComparator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.ws.soap.soap11.Envelope;
-import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder;
-import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.parse.BasicParserPool;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.signature.SignableXMLObject;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-@Service("PVPSOAPBinding")
-public class SoapBinding implements IDecoder, IEncoder {
-
-	@Autowired(required=true) private MOAMetadataProvider metadataProvider;
-	@Autowired private IDPCredentialProvider credentialProvider;
-	
-	public InboundMessageInterface decode(HttpServletRequest req,
-			HttpServletResponse resp, MetadataProvider metadataProvider, boolean isSPEndPoint, URIComparator comparator) throws MessageDecodingException,
-			SecurityException, PVP2Exception {
-		HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool());
-		BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = 
-				new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-		messageContext
-				.setInboundMessageTransport(new HttpServletRequestAdapter(
-						req));		
-		messageContext.setMetadataProvider(metadataProvider);
-
-		//TODO: update in a futher version: 
-		//      requires a special SignedSOAPRequestPolicyRole because 
-		//		messageContext.getInboundMessage() is not directly signed
-		
-		//set security context
-//		BasicSecurityPolicy policy = new BasicSecurityPolicy();
-//		policy.getPolicyRules().add(
-//				new MOAPVPSignedRequestPolicyRule(
-//						TrustEngineFactory.getSignatureKnownKeysTrustEngine(),
-//						SPSSODescriptor.DEFAULT_ELEMENT_NAME));		
-//		SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
-//				policy);			
-//		messageContext.setSecurityPolicyResolver(resolver);
-		
-		//decode message
-		soapDecoder.decode(messageContext);
-		
-		Envelope inboundMessage = (Envelope) messageContext
-				.getInboundMessage();
-		
-		if (inboundMessage.getBody() != null) {		
-			List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects();
-		
-			if (!xmlElemList.isEmpty()) {
-				SignableXMLObject attrReq = (SignableXMLObject) xmlElemList.get(0);			
-				MOARequest request = new MOARequest(attrReq, getSAML2BindingName());				
-				
-				if (messageContext.getPeerEntityMetadata() != null)
-					request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
-				
-				else if (attrReq instanceof RequestAbstractType) {
-					RequestAbstractType attributeRequest = (RequestAbstractType) attrReq;
-					try {						
-						if (MiscUtil.isNotEmpty(attributeRequest.getIssuer().getValue()) && 
-								metadataProvider.getRole(
-										attributeRequest.getIssuer().getValue(), 
-										SPSSODescriptor.DEFAULT_ELEMENT_NAME) != null)
-							request.setEntityID(attributeRequest.getIssuer().getValue());
-						
-					} catch (Exception e) {
-						Logger.warn("No Metadata found with EntityID " + attributeRequest.getIssuer().getValue());
-					}					
-				} 
-				
-				request.setVerified(false);			
-				return request;
-						
-			} 
-		}
-		
-		Logger.error("Receive empty PVP 2.1 attributequery request.");
-		throw new AttributQueryException("Receive empty PVP 2.1 attributequery request.", null);
-	}
-
-	public boolean handleDecode(String action, HttpServletRequest req) {
-		return (req.getMethod().equals("POST") && 
-				(action.equals(PVP2XProtocol.SOAP) || action.equals(PVP2XProtocol.ATTRIBUTEQUERY)));
-	}
-
-	public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
-			RequestAbstractType request, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
-			throws MessageEncodingException, SecurityException, PVP2Exception {
-		
-	}
-
-	public void encodeRespone(HttpServletRequest req, HttpServletResponse resp,
-			StatusResponseType response, String targetLocation, String relayState, Credential credentials, IRequest pendingReq)
-			throws MessageEncodingException, SecurityException, PVP2Exception {
-//		try {
-//			Credential credentials = credentialProvider
-//					.getIDPAssertionSigningCredential();
-			
-			//load default PVP security configurations
-			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-			
-			HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
-			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
-					resp, true);
-			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-			context.setOutboundSAMLMessageSigningCredential(credentials);
-			context.setOutboundSAMLMessage(response);
-			context.setOutboundMessageTransport(responseAdapter);
-			
-			encoder.encode(context);
-//		} catch (CredentialsNotAvailableException e) {
-//			e.printStackTrace();
-//			throw new SecurityException(e);
-//		}
-	}
-	
-	public String getSAML2BindingName() {
-		return SAMLConstants.SAML2_SOAP11_BINDING_URI;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
index f3af12a2c..b5f77ce1a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java
@@ -49,14 +49,15 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.Document;
 
+import at.gv.egiz.eaaf.modules.pvp2.exception.AttributQueryException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.SamlAttributeGenerator;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -104,7 +105,7 @@ public class AttributQueryBuilder {
 			String endpoint, List<Attribute> requestedAttributes) throws AttributQueryException {
 		
 		
-		try {
+		try { 
 		
 			AttributeQuery query = new AttributeQueryBuilder().buildObject();
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
deleted file mode 100644
index 78ddab488..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.joda.time.DateTime;
-import org.opensaml.Configuration;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.EncryptedAssertion;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.encryption.Encrypter;
-import org.opensaml.saml2.encryption.Encrypter.KeyPlacement;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.security.MetadataCredentialResolver;
-import org.opensaml.security.MetadataCriteria;
-import org.opensaml.xml.encryption.EncryptionException;
-import org.opensaml.xml.encryption.EncryptionParameters;
-import org.opensaml.xml.encryption.KeyEncryptionParameters;
-import org.opensaml.xml.security.CriteriaSet;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.criteria.EntityIDCriteria;
-import org.opensaml.xml.security.criteria.UsageCriteria;
-import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
-import org.opensaml.xml.security.x509.X509Credential;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class AuthResponseBuilder {
-
-	public static Response buildResponse(MetadataProvider metadataProvider, String issuerEntityID, RequestAbstractType req, DateTime date, Assertion assertion, boolean enableEncryption) throws InvalidAssertionEncryptionException, ConfigurationException {
-		Response authResponse = SAML2Utils.createSAMLObject(Response.class);
-
-		Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
-		
-		nissuer.setValue(issuerEntityID);
-		nissuer.setFormat(NameID.ENTITY);
-		authResponse.setIssuer(nissuer);
-		authResponse.setInResponseTo(req.getID());
-
-		//set responseID
-		String remoteSessionID = SAML2Utils.getSecureIdentifier();
-		authResponse.setID(remoteSessionID);
-		
-		
-		//SAML2 response required IssueInstant
-		authResponse.setIssueInstant(date);
-		
-		authResponse.setStatus(SAML2Utils.getSuccessStatus());
-				
-		//check, if metadata includes an encryption key				
-		MetadataCredentialResolver mdCredResolver = 
-				new MetadataCredentialResolver(metadataProvider);
-	
-		CriteriaSet criteriaSet = new CriteriaSet();
-		criteriaSet.add( new EntityIDCriteria(req.getIssuer().getValue()) );
-		criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
-		criteriaSet.add( new UsageCriteria(UsageType.ENCRYPTION) );
-	
-		X509Credential encryptionCredentials = null;
-		try {
-			encryptionCredentials = (X509Credential) mdCredResolver.resolveSingle(criteriaSet);
-				
-		} catch (SecurityException e2) {
-			Logger.warn("Can not extract the Assertion Encryption-Key from metadata", e2);
-			throw new InvalidAssertionEncryptionException();
-			
-		}
-			
-		if (encryptionCredentials != null && enableEncryption) {
-			//encrypt SAML2 assertion
-				
-			try {
-				
-				EncryptionParameters dataEncParams = new EncryptionParameters();
-				dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE);
-								
-				List<KeyEncryptionParameters> keyEncParamList = new ArrayList<KeyEncryptionParameters>();
-				KeyEncryptionParameters  keyEncParam = new KeyEncryptionParameters();
-			
-				keyEncParam.setEncryptionCredential(encryptionCredentials);
-				keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE);
-				KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration()
-						.getKeyInfoGeneratorManager().getDefaultManager()
-						.getFactory(encryptionCredentials);
-				keyEncParam.setKeyInfoGenerator(kigf.newInstance());
-				keyEncParamList.add(keyEncParam);
-											
-				Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList); 
-				//samlEncrypter.setKeyPlacement(KeyPlacement.INLINE);
-				samlEncrypter.setKeyPlacement(KeyPlacement.PEER);
-				
-				EncryptedAssertion encryptAssertion = null;
-				
-				encryptAssertion = samlEncrypter.encrypt(assertion);
-				
-				authResponse.getEncryptedAssertions().add(encryptAssertion);
-				
-			} catch (EncryptionException e1) {
-				Logger.warn("Can not encrypt the PVP2 assertion", e1);
-				throw new InvalidAssertionEncryptionException();
-					
-			} 
-
-		} else {
-			authResponse.getAssertions().add(assertion);
-				
-		}
-		
-		return authResponse;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
deleted file mode 100644
index d2a63c72f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
+++ /dev/null
@@ -1,171 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeValue;
-import org.opensaml.xml.Configuration;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.schema.XSInteger;
-import org.opensaml.xml.schema.XSString;
-import org.opensaml.xml.schema.impl.XSIntegerBuilder;
-import org.opensaml.xml.schema.impl.XSStringBuilder;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-
-public class CitizenTokenBuilder {
-
-	public static XMLObject buildAttributeStringValue(String value) {
-		XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
-		XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
-		stringValue.setValue(value);
-		return stringValue;
-	}
-	
-	public static XMLObject buildAttributeIntegerValue(int value) {
-		XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME);
-		XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
-		integerValue.setValue(value);
-		return integerValue;
-	}
-	
-	public static Attribute buildStringAttribute(String friendlyName, 
-			String name, String value) {
-		Attribute attribute = 
-				SAML2Utils.createSAMLObject(Attribute.class);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setName(name);
-		attribute.getAttributeValues().add(buildAttributeStringValue(value));
-		return attribute;
-	}
-	
-	public static Attribute buildIntegerAttribute(String friendlyName, 
-			String name, int value) {
-		Attribute attribute = 
-				SAML2Utils.createSAMLObject(Attribute.class);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setName(name);
-		attribute.getAttributeValues().add(buildAttributeIntegerValue(value));
-		return attribute;
-	}
-	
-	public static Attribute buildPVPVersion(String value) {
-		return buildStringAttribute("PVP-VERSION",
-				"urn:oid:1.2.40.0.10.2.1.1.261.10", value);
-	}
-	
-	public static Attribute buildSecClass(int value) {
-		return buildIntegerAttribute("SECCLASS",
-				"", value);
-	}
-	
-	public static Attribute buildPrincipalName(String value) {
-		return buildStringAttribute("PRINCIPAL-NAME",
-				"urn:oid:1.2.40.0.10.2.1.1.261.20", value);
-	}
-	
-	public static Attribute buildGivenName(String value) {
-		return buildStringAttribute("GIVEN-NAME",
-				"urn:oid:2.5.4.42", value);
-	}
-	
-	public static Attribute buildBirthday(String value) {
-		return buildStringAttribute("BIRTHDATE",
-				"urn:oid:1.2.40.0.10.2.1.1.55", value);
-	}
-	
-	public static Attribute buildBPK(String value) {
-		return buildStringAttribute("BPK",
-				"urn:oid:1.2.40.0.10.2.1.1.149", value);
-	}
-	
-	public static Attribute buildEID_CITIZEN_QAALEVEL(int value) {
-		return buildIntegerAttribute("EID-CITIZEN-QAA-LEVEL",
-				"urn:oid:1.2.40.0.10.2.1.1.261.94", value);
-	}
-	
-	public static Attribute buildEID_ISSUING_NATION(String value) {
-		return buildStringAttribute("EID-ISSUING-NATION",
-				"urn:oid:1.2.40.0.10.2.1.1.261.32", value);
-	}
-	
-	public static Attribute buildEID_SECTOR_FOR_IDENTIFIER(String value) {
-		return buildStringAttribute("EID-SECTOR-FOR-IDENTIFIER",
-				"urn:oid:1.2.40.0.10.2.1.1.261.34", value);
-	}
-	
-	
-//	public static AttributeStatement buildCitizenToken(MOARequest obj,
-//			AuthenticationSession authSession) {
-//		AttributeStatement statement = 
-//				SAML2Utils.createSAMLObject(AttributeStatement.class);
-//
-//		//TL: AuthData generation is moved out from VerifyAuthBlockServlet
-//		try {
-//
-//			//TODO: LOAD oaParam from request and not from MOASession in case of SSO
-//			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
-//					.getOnlineApplicationParameter(authSession.getPublicOAURLPrefix());
-//		
-//			AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession,
-//					oaParam,
-//					authSession.getTarget());
-//			
-//			Attribute pvpVersion = buildPVPVersion("2.1");
-//			Attribute secClass = buildSecClass(3);
-//			Attribute principalName = buildPrincipalName(authData.getFamilyName());
-//			Attribute givenName = buildGivenName(authData.getGivenName());
-//			Attribute birthdate = buildBirthday(authData.getDateOfBirth());
-//			
-//			//TL: getIdentificationValue holds the baseID  --> change to pBK
-//			Attribute bpk = buildBPK(authData.getBPK());
-//			
-//			Attribute eid_citizen_qaa = buildEID_CITIZEN_QAALEVEL(3);
-//			Attribute eid_issuing_nation = buildEID_ISSUING_NATION("AT");
-//			Attribute eid_sector_for_id = buildEID_SECTOR_FOR_IDENTIFIER(authData.getIdentificationType());
-//			
-//			statement.getAttributes().add(pvpVersion);
-//			statement.getAttributes().add(secClass);
-//			statement.getAttributes().add(principalName);
-//			statement.getAttributes().add(givenName);
-//			statement.getAttributes().add(birthdate);
-//			statement.getAttributes().add(bpk);
-//			statement.getAttributes().add(eid_citizen_qaa);
-//			statement.getAttributes().add(eid_issuing_nation);
-//			statement.getAttributes().add(eid_sector_for_id);
-//			
-//			return statement;
-//			
-//		} catch (ConfigurationException e) {
-//			
-//			// TODO: check Exception Handling
-//			return null;
-//		} catch (BuildException e) {
-//			
-//			// TODO: check Exception Handling
-//			return null;
-//		}
-//		
-//
-//	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
deleted file mode 100644
index 07da57d2a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
+++ /dev/null
@@ -1,207 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.ServiceLoader;
-
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
-import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-
-public class PVPAttributeBuilder {
-	
-	private static IAttributeGenerator<Attribute> generator = new SamlAttributeGenerator();
-	
-	private static HashMap<String, IAttributeBuilder> builders;
-	
-	private static ServiceLoader<IAttributeBuilder> attributBuilderLoader = 
-			ServiceLoader.load(IAttributeBuilder.class);
-	
-	private static void addBuilder(IAttributeBuilder builder) {
-		builders.put(builder.getName(), builder);
-	}
-	
-	static {
-		builders = new HashMap<String, IAttributeBuilder>();
-		
-		Logger.info("Loading protocol attribut-builder modules:");
-		if (attributBuilderLoader != null ) {		
-			Iterator<IAttributeBuilder> moduleLoaderInterator = attributBuilderLoader.iterator();
-			while (moduleLoaderInterator.hasNext()) {
-				try {
-					IAttributeBuilder modul = moduleLoaderInterator.next();
-					Logger.info("Loading attribut-builder Modul Information: " + modul.getName());
-					addBuilder(modul);
-					
-				} catch(Throwable e) {
-					Logger.error("Check configuration! " + "Some attribute-builder modul" + 
-							" is not a valid IAttributeBuilder", e);
-				}	
-			}
-		}
-		
-		Logger.info("Loading attribute-builder modules done");
-				
-	}
-	
-	
-	/**
-	 * Get a specific attribute builder
-	 * 
-	 * @param name Attribute-builder friendly name
-	 * 
-	 * @return Attribute-builder with this name or null if builder does not exists
-	 */
-	public static IAttributeBuilder getAttributeBuilder(String name) {
-		return builders.get(name);
-		
-	}
-	
-	public static Attribute buildAttribute(String name, ISPConfiguration  oaParam,
-			IAuthData authData) throws PVP2Exception, AttributeBuilderException {
-		if (builders.containsKey(name)) {
-			try {
-				return builders.get(name).build(oaParam, authData, generator);
-			}
-			catch (AttributeBuilderException e) {
-				if (e instanceof UnavailableAttributeException) {
-					throw e;
-				} else if (e instanceof InvalidDateFormatAttributeException) {
-					throw new InvalidDateFormatException();
-				} else if (e instanceof NoMandateDataAttributeException) {
-					throw new NoMandateDataAvailableException();
-				} else {
-					throw new UnprovideableAttributeException(name);
-				}
-			}
-		}
-		return null;
-	}
-	
-	public static Attribute buildEmptyAttribute(String name) {
-		if (builders.containsKey(name)) {
-			return builders.get(name).buildEmpty(generator);
-		}
-		return null;
-	}
-
-	public static Attribute buildAttribute(String name, String value) {
-		if (builders.containsKey(name)) {
-			return builders.get(name).buildEmpty(generator);
-		}
-		return null;
-	}
-	
-	
-	
-	public static List<Attribute> buildSupportedEmptyAttributes() {
-		List<Attribute> attributes = new ArrayList<Attribute>();
-		Iterator<IAttributeBuilder> builderIt = builders.values().iterator();
-		while (builderIt.hasNext()) {
-			IAttributeBuilder builder = builderIt.next();
-			Attribute emptyAttribute = builder.buildEmpty(generator);
-			if (emptyAttribute != null) {
-				attributes.add(emptyAttribute);
-			}
-		}
-		return attributes;
-	}
-	
-	public static RequestedAttribute buildReqAttribute(String name, String friendlyName, boolean required) {
-		RequestedAttribute attribute = SAML2Utils.createSAMLObject(RequestedAttribute.class);
-		attribute.setIsRequired(required);
-		attribute.setName(name);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setNameFormat(Attribute.URI_REFERENCE);
-		return attribute;
-	}
-	
-	/**
-	 * Build a set of PVP Response-Attributes
-	 * <br><br>
-	 * <b>INFO:</b> If a specific attribute can not be build, a info is logged, but no execpetion is thrown.
-	 * Therefore, the return List must not include all requested attributes.    
-	 * 
-	 * @param authData AuthenticationData <code>IAuthData</code> which is used to build the attribute values, but never <code>null</code>
-	 * @param reqAttributenName List of PVP attribute names which are requested, but never <code>null</code>
-	 * @return List of PVP attributes, but never <code>null</code>
-	 */
-	public static List<Attribute> buildSetOfResponseAttributes(IAuthData authData, 
-			Collection<String> reqAttributenName) {
-		List<Attribute> attrList = new ArrayList<Attribute>();
-		if (reqAttributenName != null) {		
-			Iterator<String> it = reqAttributenName.iterator();
-			while (it.hasNext()) {
-				String reqAttributName = it.next();
-				try {
-					Attribute attr = PVPAttributeBuilder.buildAttribute(
-							reqAttributName, null, authData);
-					if (attr == null) {
-						Logger.info(
-								"Attribute generation failed! for "
-										+ reqAttributName);
-					
-					} else {
-						attrList.add(attr);
-					
-					}
-									
-				} catch (PVP2Exception e) {
-					Logger.info(
-							"Attribute generation failed! for "
-									+ reqAttributName);
-				
-				} catch (Exception e) {
-					Logger.warn(
-							"General Attribute generation failed! for "
-									+ reqAttributName, e);
-				
-				}
-			}
-		}
-		
-		return attrList;
-	}
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
deleted file mode 100644
index a55e873b5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAuthnRequestBuilder.java
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import java.security.NoSuchAlgorithmException;
-
-import javax.servlet.http.HttpServletResponse;
-
-import org.joda.time.DateTime;
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.NameIDPolicy;
-import org.opensaml.saml2.core.NameIDType;
-import org.opensaml.saml2.core.RequestedAuthnContext;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.SubjectConfirmationData;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.ws.message.encoder.MessageEncodingException;
-import org.opensaml.xml.security.SecurityException;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.stereotype.Service;
-
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-@Service("PVPAuthnRequestBuilder")
-public class PVPAuthnRequestBuilder {
-	
-	@Autowired(required=true) ApplicationContext springContext;
-	
-	/**
-	 * Build a PVP2.x specific authentication request
-	 * 
-	 * @param pendingReq Currently processed pendingRequest 
-	 * @param config AuthnRequest builder configuration, never null
-	 * @param idpEntity SAML2 EntityDescriptor of the IDP, which receive this AuthnRequest, never null
-	 * @param httpResp
-	 * @throws NoSuchAlgorithmException 
-	 * @throws SecurityException 
-	 * @throws PVP2Exception 
-	 * @throws MessageEncodingException 
-	 */
-	public void buildAuthnRequest(IRequest pendingReq, IPVPAuthnRequestBuilderConfiguruation config, 
-			HttpServletResponse httpResp) throws NoSuchAlgorithmException, MessageEncodingException, PVP2Exception, SecurityException {
-		//get IDP Entity element from config
-		EntityDescriptor idpEntity = config.getIDPEntityDescriptor();
-		
-		AuthnRequest authReq = SAML2Utils
-				.createSAMLObject(AuthnRequest.class);
-		
-		//select SingleSignOn Service endpoint from IDP metadata
-		SingleSignOnService endpoint = null;  
-		for (SingleSignOnService sss : 
-				idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
-			
-			// use POST binding as default if it exists 
-			if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { 
-				endpoint = sss; 
-				
-			} else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) 
-					&& endpoint == null )
-				endpoint = sss;
-			
-		}
-		
-		if (endpoint == null) {
-			Logger.warn("Building AuthnRequest FAILED: > Requested IDP " + idpEntity.getEntityID() 
-					+ " does not support POST or Redirect Binding.");
-			throw new AuthnRequestBuildException("sp.pvp2.00", new Object[]{config.getSPNameForLogging(), idpEntity.getEntityID()});
-			
-		} else
-			authReq.setDestination(endpoint.getLocation());
-		
-		
-		//set basic AuthnRequest information
-		String reqID = config.getRequestID();
-		if (MiscUtil.isNotEmpty(reqID))
-			authReq.setID(reqID);
-		
-		else {
-			SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
-			authReq.setID(gen.generateIdentifier());
-			
-		}
-		
-		authReq.setIssueInstant(new DateTime());
-		
-		//set isPassive flag
-		if (config.isPassivRequest() == null)
-			authReq.setIsPassive(false);
-		else
-			authReq.setIsPassive(config.isPassivRequest());
-
-		//set EntityID of the service provider
-		Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
-		issuer.setFormat(NameIDType.ENTITY);
-		issuer.setValue(config.getSPEntityID());
-		authReq.setIssuer(issuer);
-
-		//set AssertionConsumerService ID
-		if (config.getAssertionConsumerServiceId() != null)
-			authReq.setAssertionConsumerServiceIndex(config.getAssertionConsumerServiceId());
-		
-		//set NameIDPolicy
-		if (config.getNameIDPolicyFormat() != null) {
-			NameIDPolicy policy = SAML2Utils.createSAMLObject(NameIDPolicy.class);
-			policy.setAllowCreate(config.getNameIDPolicyAllowCreation());
-			policy.setFormat(config.getNameIDPolicyFormat());
-			authReq.setNameIDPolicy(policy);
-		}
-		
-		//set requested QAA level
-		if (config.getAuthnContextClassRef() != null) {
-			RequestedAuthnContext reqAuthContext = SAML2Utils.createSAMLObject(RequestedAuthnContext.class);		
-			AuthnContextClassRef authnClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
-		
-			authnClassRef.setAuthnContextClassRef(config.getAuthnContextClassRef());
-			
-			if (config.getAuthnContextComparison() == null)
-				reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
-			else
-				reqAuthContext.setComparison(config.getAuthnContextComparison());
-			
-			reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);					
-			authReq.setRequestedAuthnContext(reqAuthContext);
-		}
-						
-		//set request Subject element
-		if (MiscUtil.isNotEmpty(config.getSubjectNameID())) {
-			Subject reqSubject = SAML2Utils.createSAMLObject(Subject.class);
-			NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
-			
-			subjectNameID.setValue(config.getSubjectNameID());
-			if (MiscUtil.isNotEmpty(config.getSubjectNameIDQualifier()))
-				subjectNameID.setNameQualifier(config.getSubjectNameIDQualifier());
-			
-			if (MiscUtil.isNotEmpty(config.getSubjectNameIDFormat()))
-				subjectNameID.setFormat(config.getSubjectNameIDFormat());
-			else
-				subjectNameID.setFormat(NameID.TRANSIENT);
-			
-			reqSubject.setNameID(subjectNameID);
-						
-			if (config.getSubjectConformationDate() != null) {
-				SubjectConfirmation subjectConformation = SAML2Utils.createSAMLObject(SubjectConfirmation.class);
-				SubjectConfirmationData subjectConformDate = SAML2Utils.createSAMLObject(SubjectConfirmationData.class);			
-				subjectConformation.setSubjectConfirmationData(subjectConformDate);
-				reqSubject.getSubjectConfirmations().add(subjectConformation );
-							
-				if (config.getSubjectConformationMethode() != null)
-					subjectConformation.setMethod(config.getSubjectConformationMethode());
-								
-				subjectConformDate.setDOM(config.getSubjectConformationDate());
-								
-			}
-						
-			authReq.setSubject(reqSubject );
-						
-		}
-		
-		//TODO: implement requested attributes
-		//maybe: config.getRequestedAttributes();
-		
-		//select message encoder
-		IEncoder binding = null;
-		if (endpoint.getBinding().equals(
-				SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
-			binding = springContext.getBean("PVPRedirectBinding", RedirectBinding.class);
-														
-		} else if (endpoint.getBinding().equals(
-				SAMLConstants.SAML2_POST_BINDING_URI)) {
-			binding = springContext.getBean("PVPPOSTBinding", PostBinding.class);
-			
-		}
-		
-		//encode message
-		binding.encodeRequest(null, httpResp, authReq, 
-				endpoint.getLocation(), pendingReq.getPendingRequestId(), config.getAuthnRequestSigningCredential(), pendingReq);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
deleted file mode 100644
index e2ac50e5e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPMetadataBuilder.java
+++ /dev/null
@@ -1,442 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
-
-import java.io.IOException;
-import java.io.StringWriter;
-import java.util.List;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.TransformerFactoryConfigurationError;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.joda.time.DateTime;
-import org.opensaml.Configuration;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.ContactPerson;
-import org.opensaml.saml2.metadata.EntitiesDescriptor;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.KeyDescriptor;
-import org.opensaml.saml2.metadata.LocalizedString;
-import org.opensaml.saml2.metadata.NameIDFormat;
-import org.opensaml.saml2.metadata.Organization;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.saml2.metadata.RoleDescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.ServiceName;
-import org.opensaml.saml2.metadata.SingleLogoutService;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.xml.io.Marshaller;
-import org.opensaml.xml.io.MarshallingException;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.security.SecurityHelper;
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
-import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
-import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureException;
-import org.opensaml.xml.signature.Signer;
-import org.springframework.stereotype.Service;
-import org.w3c.dom.Document;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-
-@Service("PVPMetadataBuilder")
-public class PVPMetadataBuilder {
-
-	X509KeyInfoGeneratorFactory keyInfoFactory = null;
-	
-	/**
-	 * 
-	 */
-	public PVPMetadataBuilder() {
-		keyInfoFactory = new X509KeyInfoGeneratorFactory();
-		keyInfoFactory.setEmitEntityIDAsKeyName(true);
-		keyInfoFactory.setEmitEntityCertificate(true);
-		
-	}
-	
-	
-	/**
-	 * 
-	 * Build PVP 2.1 conform SAML2 metadata
-	 * 
-	 * @param config 
-	 * 				PVPMetadataBuilder configuration
-	 * 
-	 * @return PVP metadata as XML String
-	 * @throws SecurityException 
-	 * @throws ConfigurationException 
-	 * @throws CredentialsNotAvailableException 
-	 * @throws TransformerFactoryConfigurationError 
-	 * @throws MarshallingException 
-	 * @throws TransformerException 
-	 * @throws ParserConfigurationException 
-	 * @throws IOException 
-	 * @throws SignatureException 
-	 */
-	public String buildPVPMetadata(IPVPMetadataBuilderConfiguration config) throws CredentialsNotAvailableException, ConfigurationException, SecurityException, TransformerFactoryConfigurationError, MarshallingException, TransformerException, ParserConfigurationException, IOException, SignatureException {				
-		DateTime date = new DateTime();
-		EntityDescriptor entityDescriptor = SAML2Utils
-				.createSAMLObject(EntityDescriptor.class);
-		
-		//set entityID
-		entityDescriptor.setEntityID(config.getEntityID());		
-								
-		//set contact and organisation information
-		List<ContactPerson> contactPersons = config.getContactPersonInformation();
-		if (contactPersons != null)
-			entityDescriptor.getContactPersons().addAll(contactPersons);
-		
-		Organization organisation = config.getOrgansiationInformation();
-		if (organisation != null)
-			entityDescriptor.setOrganization(organisation);
-
-		//set IDP metadata
-		if (config.buildIDPSSODescriptor()) {
-			RoleDescriptor idpSSODesc = generateIDPMetadata(config);
-			if (idpSSODesc != null)
-				entityDescriptor.getRoleDescriptors().add(idpSSODesc);
-						
-		}
-		
-		//set SP metadata for interfederation
-		if (config.buildSPSSODescriptor()) {
-			RoleDescriptor spSSODesc = generateSPMetadata(config);
-			if (spSSODesc != null)
-				entityDescriptor.getRoleDescriptors().add(spSSODesc);
-		
-		}
-
-		//set metadata signature parameters
-		Credential metadataSignCred = config.getMetadataSigningCredentials();		
-		Signature signature = AbstractCredentialProvider.getIDPSignature(metadataSignCred);
-		SecurityHelper.prepareSignatureParams(signature, metadataSignCred, null, null);
-				
-		//initialize XML document builder
-		DocumentBuilder builder;
-		DocumentBuilderFactory factory = DocumentBuilderFactory
-				.newInstance();
-
-		builder = factory.newDocumentBuilder();
-		Document document = builder.newDocument();
-		
-
-		//build entities descriptor
-		if (config.buildEntitiesDescriptorAsRootElement()) {
-			EntitiesDescriptor entitiesDescriptor = 
-					SAML2Utils.createSAMLObject(EntitiesDescriptor.class);					
-			entitiesDescriptor.setName(config.getEntityFriendlyName());
-			entitiesDescriptor.setID(SAML2Utils.getSecureIdentifier());							
-			entitiesDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil()));			
-			entitiesDescriptor.getEntityDescriptors().add(entityDescriptor);
-			
-			//load default PVP security configurations
-			MOADefaultBootstrap.initializeDefaultPVPConfiguration();
-			entitiesDescriptor.setSignature(signature);
-			
-			
-			//marshall document
-			Marshaller out = Configuration.getMarshallerFactory()
-					.getMarshaller(entitiesDescriptor);
-			out.marshall(entitiesDescriptor, document);
-						
-		} else {
-			entityDescriptor.setValidUntil(date.plusHours(config.getMetadataValidUntil()));
-			entityDescriptor.setID(SAML2Utils.getSecureIdentifier());
-			
-			entityDescriptor.setSignature(signature);
-			
-			
-			
-			//marshall document
-			Marshaller out = Configuration.getMarshallerFactory()
-					.getMarshaller(entityDescriptor);
-			out.marshall(entityDescriptor, document);
-			
-		}
-		
-		//sign metadata
-		Signer.signObject(signature);
-
-		//transform metadata object to XML string
-		Transformer transformer = TransformerFactory.newInstance()
-				.newTransformer();
-
-		StringWriter sw = new StringWriter();
-		StreamResult sr = new StreamResult(sw);
-		DOMSource source = new DOMSource(document);
-		transformer.transform(source, sr);
-		sw.close();
-
-		return sw.toString();
-	}
-	
-	
-	private RoleDescriptor generateSPMetadata(IPVPMetadataBuilderConfiguration config) throws CredentialsNotAvailableException, SecurityException, ConfigurationException {		
-		SPSSODescriptor spSSODescriptor = SAML2Utils.createSAMLObject(SPSSODescriptor.class);
-		spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
-		spSSODescriptor.setAuthnRequestsSigned(config.wantAuthnRequestSigned());
-		spSSODescriptor.setWantAssertionsSigned(config.wantAssertionSigned());
-	
-		KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
-		
-		//Set AuthRequest Signing certificate
-		Credential authcredential = config.getRequestorResponseSigningCredentials();
-		if (authcredential == null) {
-			Logger.warn("SP Metadata generation FAILED! --> Builder has NO request signing-credential. ");			
-			return null;
-						
-		} else {			
-			KeyDescriptor signKeyDescriptor = SAML2Utils
-					.createSAMLObject(KeyDescriptor.class);
-			signKeyDescriptor.setUse(UsageType.SIGNING);
-			signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential));	
-			spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
-			
-		}
-		
-		//Set assertion encryption credentials		
-		Credential authEncCredential = config.getEncryptionCredentials();			
-
-		if (authEncCredential != null) {
-			KeyDescriptor encryKeyDescriptor = SAML2Utils
-					.createSAMLObject(KeyDescriptor.class);
-			encryKeyDescriptor.setUse(UsageType.ENCRYPTION);
-			encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential));	
-			spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor);
-			
-		} else {
-			Logger.warn("No Assertion Encryption-Key defined. This setting is not recommended!");
-			
-		}
-
-		//check nameID formates
-		if (config.getSPAllowedNameITTypes() == null || config.getSPAllowedNameITTypes().size() == 0) {
-			Logger.warn("SP Metadata generation FAILED! --> Builder has NO provideable SAML2 nameIDFormats. ");
-			return null;
-			
-		} else {
-			for (String format : config.getSPAllowedNameITTypes()) {
-				NameIDFormat nameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
-				nameIDFormat.setFormat(format);		
-				spSSODescriptor.getNameIDFormats().add(nameIDFormat);
-						 	
-			}			
-		}
-		
-
-		//add POST-Binding assertion consumer services
-		if (MiscUtil.isNotEmpty(config.getSPAssertionConsumerServicePostBindingURL())) {
-			AssertionConsumerService postassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class);		
-			postassertionConsumerService.setIndex(0);
-			postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
-			postassertionConsumerService.setLocation(config.getSPAssertionConsumerServicePostBindingURL());	
-			postassertionConsumerService.setIsDefault(true);
-			spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService);
-			
-		}
-		
-		//add POST-Binding assertion consumer services
-		if (MiscUtil.isNotEmpty(config.getSPAssertionConsumerServiceRedirectBindingURL())) {
-			AssertionConsumerService redirectassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class);		
-			redirectassertionConsumerService.setIndex(1);
-			redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			redirectassertionConsumerService.setLocation(config.getSPAssertionConsumerServiceRedirectBindingURL());
-			spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService);
-			
-		}
-		
-		//validate WebSSO endpoints
-		if (spSSODescriptor.getAssertionConsumerServices().size() == 0) {
-			Logger.warn("SP Metadata generation FAILED! --> NO SAML2 AssertionConsumerService endpoint found. ");
-			return null;
-			
-		}
-		
-		//add POST-Binding SLO descriptor
-		if (MiscUtil.isNotEmpty(config.getSPSLOPostBindingURL())) {
-			SingleLogoutService postSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);			
-			postSLOService.setLocation(config.getSPSLOPostBindingURL());
-			postSLOService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
-			spSSODescriptor.getSingleLogoutServices().add(postSLOService);
-			
-		}
-		
-		//add POST-Binding SLO descriptor
-		if (MiscUtil.isNotEmpty(config.getSPSLORedirectBindingURL())) {
-			SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);			
-			redirectSLOService.setLocation(config.getSPSLORedirectBindingURL());
-			redirectSLOService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			spSSODescriptor.getSingleLogoutServices().add(redirectSLOService);
-			
-		}
-		
-		//add POST-Binding SLO descriptor
-		if (MiscUtil.isNotEmpty(config.getSPSLOSOAPBindingURL())) {
-			SingleLogoutService soapSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);			
-			soapSLOService.setLocation(config.getSPSLOSOAPBindingURL());
-			soapSLOService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
-			spSSODescriptor.getSingleLogoutServices().add(soapSLOService);
-			
-		}
-		
-		
-		//add required attributes
-		List<RequestedAttribute> reqSPAttr = config.getSPRequiredAttributes();
-		AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class);		
-			
-		attributeService.setIndex(0);
-		attributeService.setIsDefault(true);
-		ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class);
-		serviceName.setName(new LocalizedString("Default Service", "en"));
-		attributeService.getNames().add(serviceName);
-
-		if (reqSPAttr != null && reqSPAttr.size() > 0) {
-			Logger.debug("Add " + reqSPAttr.size() + " attributes to SP metadata");
-			attributeService.getRequestAttributes().addAll(reqSPAttr);
-			
-		} else {
-			Logger.debug("SP metadata contains NO requested attributes.");
-			
-		}
-			
-		spSSODescriptor.getAttributeConsumingServices().add(attributeService);
-						
-		return spSSODescriptor;
-	}
-	
-	private IDPSSODescriptor generateIDPMetadata(IPVPMetadataBuilderConfiguration config) throws ConfigurationException, CredentialsNotAvailableException, SecurityException {					
-		//check response signing credential
-		Credential responseSignCred = config.getRequestorResponseSigningCredentials();
-		if (responseSignCred == null) {
-			Logger.warn("IDP Metadata generation FAILED! --> Builder has NO Response signing credential. ");			
-			return null;
-			
-		}
-
-		//check nameID formates
-		if (config.getIDPPossibleNameITTypes() == null || config.getIDPPossibleNameITTypes().size() == 0) {
-			Logger.warn("IDP Metadata generation FAILED! --> Builder has NO provideable SAML2 nameIDFormats. ");
-			return null;
-			
-		}
-				
-		// build SAML2 IDP-SSO descriptor element
-		IDPSSODescriptor idpSSODescriptor = SAML2Utils
-				.createSAMLObject(IDPSSODescriptor.class);
-
-		idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
-
-		//set ass default value, because PVP 2.x specification defines this feature as MUST
-		idpSSODescriptor.setWantAuthnRequestsSigned(config.wantAuthnRequestSigned());			
-		
-		// add WebSSO descriptor for POST-Binding
-		if (MiscUtil.isNotEmpty(config.getIDPWebSSOPostBindingURL())) {
-			SingleSignOnService postSingleSignOnService = SAML2Utils.createSAMLObject(SingleSignOnService.class);
-			postSingleSignOnService.setLocation(config.getIDPWebSSOPostBindingURL());
-			postSingleSignOnService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
-			idpSSODescriptor.getSingleSignOnServices().add(postSingleSignOnService);
-						
-		}
-		
-		// add WebSSO descriptor for Redirect-Binding
-		if (MiscUtil.isNotEmpty(config.getIDPWebSSORedirectBindingURL())) {
-			SingleSignOnService postSingleSignOnService = SAML2Utils.createSAMLObject(SingleSignOnService.class);
-			postSingleSignOnService.setLocation(config.getIDPWebSSORedirectBindingURL());
-			postSingleSignOnService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			idpSSODescriptor.getSingleSignOnServices().add(postSingleSignOnService);
-						
-		}
-		
-		//add Single LogOut POST-Binding endpoing
-		if (MiscUtil.isNotEmpty(config.getIDPSLOPostBindingURL())) {
-			SingleLogoutService postSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);			
-			postSLOService.setLocation(config.getIDPSLOPostBindingURL());
-			postSLOService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
-			idpSSODescriptor.getSingleLogoutServices().add(postSLOService);
-			
-		}
-		
-		//add Single LogOut Redirect-Binding endpoing
-		if (MiscUtil.isNotEmpty(config.getIDPSLORedirectBindingURL())) {
-			SingleLogoutService redirectSLOService = SAML2Utils.createSAMLObject(SingleLogoutService.class);			
-			redirectSLOService.setLocation(config.getIDPSLORedirectBindingURL());
-			redirectSLOService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
-			idpSSODescriptor.getSingleLogoutServices().add(redirectSLOService);
-			
-		}
-		
-		//validate WebSSO endpoints
-		if (idpSSODescriptor.getSingleSignOnServices().size() == 0) {
-			Logger.warn("IDP Metadata generation FAILED! --> NO SAML2 SingleSignOnService endpoint found. ");
-			return null;
-			
-		}
-				
-		//set assertion signing key
-		KeyDescriptor signKeyDescriptor = SAML2Utils
-				.createSAMLObject(KeyDescriptor.class);
-		signKeyDescriptor.setUse(UsageType.SIGNING);
-		KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
-		signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(config.getRequestorResponseSigningCredentials()));
-		idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
-
-		//set IDP attribute set
-		idpSSODescriptor.getAttributes().addAll(config.getIDPPossibleAttributes());
-			
-		//set providable nameID formats
-		for (String format : config.getIDPPossibleNameITTypes()) {
-			NameIDFormat nameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
-			nameIDFormat.setFormat(format);		
-			idpSSODescriptor.getNameIDFormats().add(nameIDFormat);
-						
-		}
-			
-		return idpSSODescriptor;
-		
-	}
-		
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index a1d7f5d3a..53606b341 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -75,37 +75,39 @@ import at.gv.egiz.eaaf.core.api.idp.slo.ISLOInformationContainer;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.exception.BindingNotSupportedException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.NoMetadataInformationException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PVPSProfilePendingRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.StringRedirectDeflateEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.opemsaml.MOAStringRedirectDeflateEncoder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -120,14 +122,15 @@ public class SingleLogOutBuilder {
 	@Autowired(required=true) ApplicationContext springContext;
 	@Autowired private IDPCredentialProvider credentialProvider;
 	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
-	@Autowired private IGUIFormBuilder guiBuilder;
+	@Autowired private IGUIFormBuilder guiBuilder; 
 	@Autowired(required=true) protected IRevisionLogger revisionsLogger;
 	@Autowired private ITransactionStorage transactionStorage;
+	@Autowired(required=true) IPVP2BasicConfiguration pvpBasicConfiguration;
 
 	public static final int SLOTIMEOUT = 30 * 1000; //30 sec
 	
 	public void toTechnicalLogout(ISLOInformationContainer sloContainer, 
-			HttpServletRequest httpReq, HttpServletResponse httpResp, String authUrl) throws MOAIDException {		
+			HttpServletRequest httpReq, HttpServletResponse httpResp, String authUrl) throws EAAFException {		
 		Logger.trace("Starting Service-Provider logout process ... ");		
 		revisionsLogger.logEvent(sloContainer.getSessionID(), sloContainer.getTransactionID(), MOAIDEventConstants.AUTHPROCESS_SLO_STARTED);		
 		
@@ -174,7 +177,7 @@ public class SingleLogOutBuilder {
 		}
 						
 		IRequest pendingReq = null;		
-		PVPTargetConfiguration pvpReq = null;
+		PVPSProfilePendingRequest pvpReq = null;
 		//start service provider front channel logout process
 		try {
 			if (sloContainer.hasFrontChannelOA()) {
@@ -221,9 +224,9 @@ public class SingleLogOutBuilder {
 								
 			} else {
 				pendingReq = sloContainer.getSloRequest();
-				if (pendingReq != null && pendingReq instanceof PVPTargetConfiguration) {
+				if (pendingReq != null && pendingReq instanceof PVPSProfilePendingRequest) {
 					//send SLO response to SLO request issuer
-					pvpReq = (PVPTargetConfiguration)pendingReq;
+					pvpReq = (PVPSProfilePendingRequest)pendingReq;
 					SingleLogoutService sloService = getResponseSLODescriptor(pvpReq);
 					LogoutResponse message = buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs());
 					sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, pvpReq.getRequest().getRelayState(), pvpReq);
@@ -321,10 +324,11 @@ public class SingleLogOutBuilder {
 	 * @param httpResp
 	 * @param relayState
 	 * @return 
+	 * @throws CredentialsNotAvailableException 
 	 */
 	public String getFrontChannelSLOMessageURL(String serviceURL, String bindingType,
 			RequestAbstractType sloReq, HttpServletRequest httpReq,
-			HttpServletResponse httpResp, String relayState) throws MOAIDException {
+			HttpServletResponse httpResp, String relayState) throws MOAIDException, CredentialsNotAvailableException {
 		
 		try {
 			X509Credential credentials = credentialProvider
@@ -332,7 +336,7 @@ public class SingleLogOutBuilder {
 
 			Logger.debug("create SAML RedirectBinding response");
 			
-			MOAStringRedirectDeflateEncoder encoder = new MOAStringRedirectDeflateEncoder();			
+			StringRedirectDeflateEncoder encoder = new StringRedirectDeflateEncoder();			
 			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
 			SingleLogoutService service = new SingleLogoutServiceBuilder()
 					.buildObject();
@@ -356,7 +360,7 @@ public class SingleLogOutBuilder {
 
 	public String getFrontChannelSLOMessageURL(SingleLogoutService service,
 			StatusResponseType sloResp, HttpServletRequest httpReq,
-			HttpServletResponse httpResp, String relayState) throws MOAIDException {
+			HttpServletResponse httpResp, String relayState) throws MOAIDException, CredentialsNotAvailableException {
 		
 		try {
 			X509Credential credentials = credentialProvider
@@ -364,7 +368,7 @@ public class SingleLogOutBuilder {
 
 			Logger.debug("create SAML RedirectBinding response");
 			
-			MOAStringRedirectDeflateEncoder encoder = new MOAStringRedirectDeflateEncoder();			
+			StringRedirectDeflateEncoder encoder = new StringRedirectDeflateEncoder();			
 			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
 			context.setOutboundSAMLMessageSigningCredential(credentials);
 			context.setPeerEntityEndpoint(service);
@@ -384,7 +388,7 @@ public class SingleLogOutBuilder {
 	
 	public void sendFrontChannelSLOMessage(SingleLogoutService consumerService, 
 			LogoutResponse sloResp, HttpServletRequest req, HttpServletResponse resp, 
-			String relayState, PVPTargetConfiguration pvpReq) throws MOAIDException {
+			String relayState, PVPSProfilePendingRequest pvpReq) throws MOAIDException, PVP2Exception, CredentialsNotAvailableException {
 		IEncoder binding = null;
 		if (consumerService.getBinding().equals(
 				SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
@@ -417,7 +421,7 @@ public class SingleLogOutBuilder {
 	}
 	
 	
-	public LogoutRequest buildSLORequestMessage(SLOInformationInterface sloDescr) throws ConfigurationException, MOAIDException {
+	public LogoutRequest buildSLORequestMessage(SLOInformationInterface sloDescr) throws EAAFException {
 		LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class);
 		
 		SecureRandomIdentifierGenerator gen;
@@ -433,7 +437,7 @@ public class SingleLogOutBuilder {
 
 		DateTime now = new DateTime();
 		Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
-		issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(sloDescr.getAuthURL()));
+		issuer.setValue(pvpBasicConfiguration.getIDPEntityId(sloDescr.getAuthURL()));
 		issuer.setFormat(NameID.ENTITY);
 		sloReq.setIssuer(issuer);		
 		sloReq.setIssueInstant(now);
@@ -477,7 +481,7 @@ public class SingleLogOutBuilder {
 		return sloReq;		
 	}
 	
-	public LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest, String firstLevelStatusCode) throws ConfigurationException, MOAIDException {
+	public LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPSProfilePendingRequest spRequest, String firstLevelStatusCode) throws EAAFException {
 		LogoutResponse sloResp = buildBasicResponse(sloService, spRequest);
 		
 		Status status = SAML2Utils.createSAMLObject(Status.class);
@@ -494,7 +498,7 @@ public class SingleLogOutBuilder {
 		return sloResp;
 	}
 	
-	public LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPTargetConfiguration spRequest, List<String> failedOAs) throws MOAIDException {		
+	public LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPSProfilePendingRequest spRequest, List<String> failedOAs) throws EAAFException {		
 		LogoutResponse sloResp = buildBasicResponse(sloService, spRequest);
 		
 		Status status;
@@ -519,11 +523,10 @@ public class SingleLogOutBuilder {
 		
 	}
 	
-	private LogoutResponse buildBasicResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException, MOAIDException {
+	private LogoutResponse buildBasicResponse(SingleLogoutService sloService, PVPSProfilePendingRequest spRequest) throws EAAFException {
 		LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class);		
 		Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);		
-		issuer.setValue(PVPConfiguration.getInstance().getIDPSSOMetadataService(
-				spRequest.getAuthURLWithOutSlash()));
+		issuer.setValue(pvpBasicConfiguration.getIDPEntityId(spRequest.getAuthURLWithOutSlash()));
 		issuer.setFormat(NameID.ENTITY);
 		sloResp.setIssuer(issuer);		
 		sloResp.setIssueInstant(new DateTime());		
@@ -540,9 +543,9 @@ public class SingleLogOutBuilder {
 			
 		}			
 
-		if (spRequest.getRequest() instanceof MOARequest &&
-				((MOARequest)spRequest.getRequest()).getSamlRequest() instanceof LogoutRequest) {
-			LogoutRequest sloReq =  (LogoutRequest) ((MOARequest)spRequest.getRequest()).getSamlRequest();
+		if (spRequest.getRequest() instanceof PVPSProfileRequest &&
+				((PVPSProfileRequest)spRequest.getRequest()).getSamlRequest() instanceof LogoutRequest) {
+			LogoutRequest sloReq =  (LogoutRequest) ((PVPSProfileRequest)spRequest.getRequest()).getSamlRequest();
 			sloResp.setInResponseTo(sloReq.getID());
 			
 		}
@@ -592,8 +595,8 @@ public class SingleLogOutBuilder {
 
 	}
 	
-	public SingleLogoutService getResponseSLODescriptor(PVPTargetConfiguration spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException {
-		MOARequest moaReq = (MOARequest) spRequest.getRequest();
+	public SingleLogoutService getResponseSLODescriptor(PVPSProfilePendingRequest spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException {
+		PVPSProfileRequest moaReq = (PVPSProfileRequest) spRequest.getRequest();
 		EntityDescriptor metadata = moaReq.getEntityMetadata(metadataProvider);
 		SSODescriptor ssodesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
 		
@@ -655,7 +658,8 @@ public class SingleLogOutBuilder {
 											oa.getUserNameID(), 
 											oa.getUserNameIDFormat(), 
 											oa.getProtocolType(),
-											sloDesc));
+											sloDesc.getBinding(),
+											sloDesc.getLocation()));
 						
 							else
 								container.getActiveFrontChannalOAs().put(oa.getOaurlprefix(), 
@@ -666,7 +670,8 @@ public class SingleLogOutBuilder {
 											oa.getUserNameID(), 
 											oa.getUserNameIDFormat(), 
 											oa.getProtocolType(),
-											sloDesc));
+											sloDesc.getBinding(),
+											sloDesc.getLocation()));
 							
 						} catch (NOSLOServiceDescriptorException e) {
 							container.putFailedOA(oa.getOaurlprefix());
@@ -707,7 +712,8 @@ public class SingleLogOutBuilder {
 										el.getUserNameID(), 
 										NameID.TRANSIENT, 
 										PVP2XProtocol.NAME,
-										sloDesc));
+										sloDesc.getBinding(),
+										sloDesc.getLocation()));
 						
 					} catch (NOSLOServiceDescriptorException e) {
 						container.putFailedOA(el.getIdpurlprefix());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
deleted file mode 100644
index 056e2bba0..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ /dev/null
@@ -1,543 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion;
-
-import java.security.MessageDigest;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-import org.joda.time.DateTime;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeQuery;
-import org.opensaml.saml2.core.AttributeStatement;
-import org.opensaml.saml2.core.Audience;
-import org.opensaml.saml2.core.AudienceRestriction;
-import org.opensaml.saml2.core.AuthnContext;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.AuthnStatement;
-import org.opensaml.saml2.core.Conditions;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.RequestedAuthnContext;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.SubjectConfirmationData;
-import org.opensaml.saml2.core.impl.AuthnRequestImpl;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.NameIDFormat;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.w3c.dom.Element;
-
-import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
-import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
-import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
-import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egiz.eaaf.core.impl.utils.Random;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.id.util.LoALevelMapper;
-import at.gv.egovernment.moa.id.util.MandateBuilder;
-import at.gv.egovernment.moa.id.util.QAALevelVerifier;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class PVP2AssertionBuilder implements PVPConstants {
-	
-	/**
-	 * Build a PVP assertion as response for a SAML2 AttributeQuery request
-	 * 
-	 * @param issuerEntityID EnitiyID, which should be used for this IDP response 
-	 * @param attrQuery AttributeQuery request from Service-Provider
-	 * @param attrList List of PVP response attributes
-	 * @param now Current time 
-	 * @param validTo ValidTo time of the assertion
-	 * @param qaaLevel QAA level of the authentication
-	 * @param sessionIndex SAML2 SessionIndex, which should be included	 * 
-	 * @return PVP 2.1 Assertion
-	 * @throws ConfigurationException
-	 */
-	public static Assertion buildAssertion(String issuerEntityID, AttributeQuery attrQuery,
-			List<Attribute> attrList, DateTime now, DateTime validTo, String qaaLevel, String sessionIndex) throws ConfigurationException {
-			
-		AuthnContextClassRef authnContextClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
-		authnContextClassRef.setAuthnContextClassRef(qaaLevel);
-		
-		NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
-		subjectNameID.setFormat(attrQuery.getSubject().getNameID().getFormat());
-		subjectNameID.setValue(attrQuery.getSubject().getNameID().getValue());
-		
-		SubjectConfirmationData subjectConfirmationData = null;
-		
-		return buildGenericAssertion(issuerEntityID, attrQuery.getIssuer().getValue(), now, 
-				authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex,
-				validTo);
-	}
-	
-	
-	/**
-	 * Build a PVP 2.1 assertion as response of a SAML2 AuthnRequest
-	 * 
-	 * @param issuerEntityID EnitiyID, which should be used for this IDP response 
-	 * @param pendingReq Current processed pendingRequest DAO
-	 * @param authnRequest Current processed PVP AuthnRequest
-	 * @param authData AuthenticationData of the user, which is already authenticated
-	 * @param peerEntity SAML2 EntityDescriptor of the service-provider, which receives the response
-	 * @param date TimeStamp
-	 * @param assertionConsumerService SAML2 endpoint of the service-provider, which should be used
-	 * @param sloInformation Single LogOut information DAO
-	 * @return
-	 * @throws MOAIDException
-	 */
-	public static Assertion buildAssertion(String issuerEntityID, PVPTargetConfiguration pendingReq, AuthnRequest authnRequest,
-			IAuthData authData, EntityDescriptor peerEntity, DateTime date, 
-			AssertionConsumerService assertionConsumerService, SLOInformationImpl sloInformation)
-			throws MOAIDException {
-
-		RequestedAuthnContext reqAuthnContext = authnRequest
-				.getRequestedAuthnContext();
-
-		AuthnContextClassRef authnContextClassRef = SAML2Utils
-				.createSAMLObject(AuthnContextClassRef.class);
-		
-		ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
-		
-		if (reqAuthnContext == null) {
-			 authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
-			
-		} else {
-
-			boolean eIDAS_qaa_found = false;
-	
-			List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
-					.getAuthnContextClassRefs();
-		
-			if (reqAuthnContextClassRefIt.size() == 0) {			 
-				QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), EAAFConstants.EIDAS_QAA_HIGH);
-			
-				eIDAS_qaa_found = true;
-				authnContextClassRef.setAuthnContextClassRef(EAAFConstants.EIDAS_QAA_HIGH);
-			 
-			} else {
-				for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
-					String qaa_uri = authnClassRef.getAuthnContextClassRef();
-					
-					if (qaa_uri.trim().startsWith(STORK_QAA_PREFIX)) {
-						Logger.debug("Find STORK QAA leven in AuthnRequest. Starting mapping to eIDAS level ... ");
-						qaa_uri = LoALevelMapper.getInstance().mapSTORKQAAToeIDASQAA(qaa_uri.trim());
-						
-					}
-					
-					if (qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_HIGH)
-							|| qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_SUBSTANTIAL)
-							|| qaa_uri.trim().equals(EAAFConstants.EIDAS_QAA_LOW)) {
-					
-						 if (authData.isForeigner()) {
-							 QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), oaParam.getMinimumLevelOfAssurence());
-							 
-							 eIDAS_qaa_found = true;
-							 authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
-							 
-						 } else {
-							 
-							 QAALevelVerifier.verifyQAALevel(authData.getEIDASQAALevel(), 
-									 qaa_uri.trim());
-							 
-							 eIDAS_qaa_found = true;
-							 authnContextClassRef.setAuthnContextClassRef(authData.getEIDASQAALevel());
-							 							 
-						 }
-						 break;
-					 }
-				 }
-			 }
-	
-			if (!eIDAS_qaa_found)
-				throw new QAANotSupportedException(EAAFConstants.EIDAS_QAA_HIGH);
-				
-		}
-		
-
-
-		SPSSODescriptor spSSODescriptor = peerEntity
-				.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-				
-		//add Attributes to Assertion
-		List<Attribute> attrList = new ArrayList<Attribute>();
-		if (spSSODescriptor.getAttributeConsumingServices() != null && 
-				spSSODescriptor.getAttributeConsumingServices().size() > 0) {
-		
-			Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
-			int idx = 0;
-
-			AttributeConsumingService attributeConsumingService = null;						
-			if (aIdx != null) {
-				idx = aIdx.intValue();
-				attributeConsumingService = spSSODescriptor
-						.getAttributeConsumingServices().get(idx);
-				
-			} else {
-				List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
-				for (AttributeConsumingService el : attrConsumingServiceList) {
-					if (el.isDefault())
-						attributeConsumingService = el;
-				}				
-			}
-			
-			/* 
-			 * TODO: maybe use first AttributeConsumingService if no is selected 
-			 * in request or on service is marked as default
-			 * 
-			 */
-			if (attributeConsumingService == null ) {
-				List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices();
-				if (attrConsumingServiceList != null && !attrConsumingServiceList.isEmpty())
-					attributeConsumingService = attrConsumingServiceList.get(0);
-								
-			}
-			
-			
-			if (attributeConsumingService != null) {						
-				Iterator<RequestedAttribute> it = attributeConsumingService
-						.getRequestAttributes().iterator();
-				while (it.hasNext()) {
-					RequestedAttribute reqAttribut = it.next();
-					try {
-						Attribute attr = PVPAttributeBuilder.buildAttribute(
-								reqAttribut.getName(), oaParam, authData);
-						if (attr == null) {
-							if (reqAttribut.isRequired()) {
-								throw new UnprovideableAttributeException(
-										reqAttribut.getName());
-							}
-						} else {
-							attrList.add(attr);
-						}
-					
-					} catch (UnavailableAttributeException e) {
-						Logger.info(
-								"Attribute generation for "
-										+ reqAttribut.getFriendlyName() + " not possible.");
-						if (reqAttribut.isRequired()) {
-							throw new UnprovideableAttributeException(
-									reqAttribut.getName());
-						}
-						
-					
-					} catch (PVP2Exception e) {
-						Logger.info(
-								"Attribute generation failed! for "
-										+ reqAttribut.getFriendlyName());
-						if (reqAttribut.isRequired()) {
-							throw new UnprovideableAttributeException(
-									reqAttribut.getName());
-						}
-						
-					} catch (Exception e) {
-						Logger.warn(
-								"General Attribute generation failed! for "
-										+ reqAttribut.getFriendlyName(), e);
-						if (reqAttribut.isRequired()) {
-							throw new UnprovideableAttributeException(
-									reqAttribut.getName());
-						}
-						
-					}
-				}
-			}
-		}
-		
-		NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class);
-		
-		//build nameID and nameID Format from moasession
-		//TODO: nameID generation
-		if (authData instanceof IMOAAuthData && 
-				((IMOAAuthData)authData).isUseMandate()) {
-			String bpktype = null;
-			String bpk = null;
-			
-			Element mandate = ((IMOAAuthData)authData).getMandate();
-			if(mandate != null) {
-				Logger.debug("Read mandator bPK|baseID from full-mandate ... ");
-				Mandate mandateObject = MandateBuilder.buildMandate(mandate);
-				if(mandateObject == null) {
-					throw new NoMandateDataAvailableException();
-				}
-				CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
-				PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson();
-				
-				IdentificationType id;
-				if(corporation != null && corporation.getIdentification().size() > 0)
-					id = corporation.getIdentification().get(0);
-	
-					
-				else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0)
-					id = pysicalperson.getIdentification().get(0);
-					
-				else {
-					Logger.error("Failed to generate IdentificationType");
-					throw new NoMandateDataAvailableException();		
-				}
-			
-				bpktype = id.getType();
-				bpk = id.getValue().getValue();
-								
-			} else {
-				Logger.debug("Read mandator bPK|baseID from PVP attributes ... ");
-				bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME, String.class);
-				bpktype = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, String.class);				
-				
-				if (MiscUtil.isEmpty(bpk)) {
-					//no sourcePin is included --> search for bPK
-					bpk = authData.getGenericData(PVPConstants.MANDATE_NAT_PER_BPK_NAME, String.class);
-					
-					try {
-						if (bpk.contains(":"))
-							bpk = bpk.split(":")[1];
-						
-					} catch (Exception e) {
-						Logger.warn("Can not split bPK from mandator attribute!", e);
-						
-					}
-					
-					//set bPK-Type from configuration, because it MUST be equal to service-provider type
-					bpktype = oaParam.getAreaSpecificTargetIdentifier();
-										
-				} else {
-					//sourcePin is include --> check sourcePinType
-					if (MiscUtil.isEmpty(bpktype))
-						bpktype = Constants.URN_PREFIX_BASEID;
-					
-				}				
-			}
-			
-			if (MiscUtil.isEmpty(bpk) || MiscUtil.isEmpty(bpktype)) {
-				throw new NoMandateDataAvailableException();
-				
-			}
-			
-			if (bpktype.equals(Constants.URN_PREFIX_BASEID)) {				
-				Pair<String, String> calcbPK = new BPKBuilder().generateAreaSpecificPersonIdentifier(bpk, oaParam.getAreaSpecificTargetIdentifier());								
-				subjectNameID.setValue(calcbPK.getFirst());
-				subjectNameID.setNameQualifier(calcbPK.getSecond());
-				
-				
-			} else {
-				subjectNameID.setNameQualifier(bpktype);
-				subjectNameID.setValue(bpk);
-			}
-					
-		} else {
-			subjectNameID.setNameQualifier(authData.getBPKType());
-			subjectNameID.setValue(authData.getBPK());
-		}
-		
-		String nameIDFormat = NameID.TRANSIENT;
-		
-		//get NameIDFormat from request		
-		AuthnRequest authnReq = (AuthnRequestImpl) authnRequest;
-		if (authnReq.getNameIDPolicy() != null && 
-				MiscUtil.isNotEmpty(authnReq.getNameIDPolicy().getFormat())) {
-			nameIDFormat = authnReq.getNameIDPolicy().getFormat();
-			
-		} else {
-			//get NameIDFormat from metadata
-			List<NameIDFormat> metadataNameIDFormats = spSSODescriptor.getNameIDFormats();
-			
-			if (metadataNameIDFormats != null) {
-				
-				for (NameIDFormat el : metadataNameIDFormats) {
-					if (NameID.PERSISTENT.equals(el.getFormat())) {
-						nameIDFormat = NameID.PERSISTENT;
-						break;
-						
-					} else if (NameID.TRANSIENT.equals(el.getFormat()) ||
-							NameID.UNSPECIFIED.equals(el.getFormat()))
-						break;
-					
-				}				
-			}
-		}
-	
-		if (NameID.TRANSIENT.equals(nameIDFormat) || NameID.UNSPECIFIED.equals(nameIDFormat)) {
-			String random = Random.nextRandom();
-			String nameID = subjectNameID.getValue();
-			
-			try {
-				MessageDigest md = MessageDigest.getInstance("SHA-1");
-				byte[] hash = md.digest((nameID + random).getBytes("ISO-8859-1"));			
-				subjectNameID.setValue(Base64Utils.encode(hash));
-				subjectNameID.setNameQualifier(null);
-				subjectNameID.setFormat(NameID.TRANSIENT);
-				
-			} catch (Exception e) {
-				Logger.warn("PVP2 subjectNameID error", e);
-				throw new MOAIDException("pvp2.13", null, e);
-			}
-			
-		} else 
-			subjectNameID.setFormat(nameIDFormat);
-			
-
-		String sessionIndex = null;
-					
-		//if request is a reauthentication and NameIDFormat match reuse old session information
-		if (MiscUtil.isNotEmpty(authData.getNameID()) && 
-				MiscUtil.isNotEmpty(authData.getNameIDFormat()) && 
-				nameIDFormat.equals(authData.getNameIDFormat())) {
-			subjectNameID.setValue(authData.getNameID());
-			sessionIndex = authData.getSessionIndex();
-			
-		}
-		
-		//
-		if (MiscUtil.isEmpty(sessionIndex))
-			sessionIndex = SAML2Utils.getSecureIdentifier();
-									
-		SubjectConfirmationData subjectConfirmationData = SAML2Utils
-				.createSAMLObject(SubjectConfirmationData.class);
-		subjectConfirmationData.setInResponseTo(authnRequest.getID());
-		subjectConfirmationData.setNotOnOrAfter(new DateTime(authData.getSsoSessionValidTo().getTime()));
-//		subjectConfirmationData.setNotBefore(date);
-		
-		//set 'recipient' attribute in subjectConformationData 
-		subjectConfirmationData.setRecipient(assertionConsumerService.getLocation());
-		
-		//set IP address of the user machine as 'Address' attribute in subjectConformationData 
-		String usersIPAddress = pendingReq.getGenericData(
-				PVPTargetConfiguration.DATAID_REQUESTER_IP_ADDRESS, String.class);
-		if (MiscUtil.isNotEmpty(usersIPAddress))
-			subjectConfirmationData.setAddress(usersIPAddress);
-		
-		//set SLO information
-		sloInformation.setUserNameIdentifier(subjectNameID.getValue());
-		sloInformation.setNameIDFormat(subjectNameID.getFormat());
-		sloInformation.setSessionIndex(sessionIndex);
-		
-		return buildGenericAssertion(issuerEntityID, peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex, subjectConfirmationData.getNotOnOrAfter());
-	}
-	
-	/**
-	 * 
-	 * @param issuer IDP EntityID
-	 * @param entityID Service Provider EntityID
-	 * @param date 
-	 * @param authnContextClassRef
-	 * @param attrList
-	 * @param subjectNameID
-	 * @param subjectConfirmationData
-	 * @param sessionIndex
-	 * @param isValidTo
-	 * @return
-	 * @throws ConfigurationException
-	 */
-	
-	public static Assertion buildGenericAssertion(String issuer, String entityID, DateTime date, 
-			AuthnContextClassRef authnContextClassRef, List<Attribute> attrList, 
-			NameID subjectNameID, SubjectConfirmationData subjectConfirmationData, 
-			String sessionIndex, DateTime isValidTo) throws ConfigurationException {
-		Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
-		
-		AuthnContext authnContext = SAML2Utils
-				.createSAMLObject(AuthnContext.class);
-		authnContext.setAuthnContextClassRef(authnContextClassRef);
-
-		AuthnStatement authnStatement = SAML2Utils
-				.createSAMLObject(AuthnStatement.class);
-		
-		authnStatement.setAuthnInstant(date);
-		authnStatement.setSessionIndex(sessionIndex);
-		authnStatement.setAuthnContext(authnContext);
-
-		assertion.getAuthnStatements().add(authnStatement);
-		
-		AttributeStatement attributeStatement = SAML2Utils
-				.createSAMLObject(AttributeStatement.class);		
-		attributeStatement.getAttributes().addAll(attrList);		
-		if (attributeStatement.getAttributes().size() > 0) {
-			assertion.getAttributeStatements().add(attributeStatement);
-		}
-		
-		Subject subject = SAML2Utils.createSAMLObject(Subject.class);
-		subject.setNameID(subjectNameID);
-		
-		SubjectConfirmation subjectConfirmation = SAML2Utils
-				.createSAMLObject(SubjectConfirmation.class);
-		subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
-		subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
-
-		subject.getSubjectConfirmations().add(subjectConfirmation);
-
-		Conditions conditions = SAML2Utils.createSAMLObject(Conditions.class);
-		AudienceRestriction audienceRestriction = SAML2Utils
-				.createSAMLObject(AudienceRestriction.class);
-		Audience audience = SAML2Utils.createSAMLObject(Audience.class);
-		
-		audience.setAudienceURI(entityID);
-		audienceRestriction.getAudiences().add(audience);
-		conditions.setNotBefore(date);		
-		conditions.setNotOnOrAfter(isValidTo);
-				
-		conditions.getAudienceRestrictions().add(audienceRestriction);
-
-		assertion.setConditions(conditions);
-
-		Issuer issuerObj = SAML2Utils.createSAMLObject(Issuer.class);
-				
-		if (issuer.endsWith("/"))
-			issuer = issuer.substring(0, issuer.length()-1);
-		issuerObj.setValue(issuer);
-		issuerObj.setFormat(NameID.ENTITY);
-		
-		assertion.setIssuer(issuerObj);
-		assertion.setSubject(subject);
-		assertion.setID(SAML2Utils.getSecureIdentifier());
-		assertion.setIssueInstant(date);
-		
-		return assertion;		
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
deleted file mode 100644
index 6ccacd6c8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
+++ /dev/null
@@ -1,88 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeValue;
-import org.opensaml.xml.Configuration;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.schema.XSInteger;
-import org.opensaml.xml.schema.XSString;
-import org.opensaml.xml.schema.impl.XSIntegerBuilder;
-import org.opensaml.xml.schema.impl.XSStringBuilder;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-
-public class SamlAttributeGenerator implements IAttributeGenerator<Attribute> {
-	
-	private XMLObject buildAttributeStringValue(String value) {
-		XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
-		XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
-		stringValue.setValue(value);
-		return stringValue;
-	}
-	
-	private XMLObject buildAttributeIntegerValue(int value) {
-		XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME);
-		XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
-		integerValue.setValue(value);
-		return integerValue;
-	}
-	
-	public Attribute buildStringAttribute(final String friendlyName, final String name, final String value) {
-		Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setName(name);
-		attribute.setNameFormat(Attribute.URI_REFERENCE);
-		attribute.getAttributeValues().add(buildAttributeStringValue(value));
-		return attribute;
-	}
-	
-	public Attribute buildIntegerAttribute(final String friendlyName, final String name, final int value) {
-		Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setName(name);
-		attribute.setNameFormat(Attribute.URI_REFERENCE);
-		attribute.getAttributeValues().add(buildAttributeIntegerValue(value));
-		return attribute;
-	}
-	
-	public Attribute buildEmptyAttribute(final String friendlyName, final String name) {
-		Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setName(name);
-		attribute.setNameFormat(Attribute.URI_REFERENCE);
-		return attribute;
-	}
-
-	public Attribute buildLongAttribute(String friendlyName, String name, long value) {
-		Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
-		attribute.setFriendlyName(friendlyName);
-		attribute.setName(name);
-		attribute.setNameFormat(Attribute.URI_REFERENCE);
-		attribute.getAttributeValues().add(buildAttributeIntegerValue((int) value));
-		return attribute;
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
index c0fb5bf5b..d4c94e5c5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IDPPVPMetadataConfiguration.java
@@ -32,11 +32,12 @@ import org.opensaml.saml2.metadata.Organization;
 import org.opensaml.saml2.metadata.RequestedAttribute;
 import org.opensaml.xml.security.credential.Credential;
 
+import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -48,16 +49,18 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
 	private static final int VALIDUNTIL_IN_HOURS = 24;
 	
 	private String authURL;
-	private IDPCredentialProvider credentialProvider;
+	private AbstractCredentialProvider credentialProvider;
+	private PVPConfiguration pvpBasicConfiguration;
 	
-	public IDPPVPMetadataConfiguration(String authURL, IDPCredentialProvider credentialProvider) {
+	public IDPPVPMetadataConfiguration(String authURL, AbstractCredentialProvider pvpIDPCredentials, PVPConfiguration pvpBasicConfiguration) {
 		this.authURL = authURL;
-		this.credentialProvider = credentialProvider;
+		this.credentialProvider = pvpIDPCredentials;
+		this.pvpBasicConfiguration = pvpBasicConfiguration;
 				
 	}
 	
 	public String getDefaultActionName() {
-		return (PVP2XProtocol.METADATA);
+		return (PVPConstants.METADATA);
 	}
 
 	/* (non-Javadoc)
@@ -98,7 +101,7 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
 	@Override
 	public String getEntityID() {
 		try {
-			return PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL);
+			return pvpBasicConfiguration.getIDPSSOMetadataService(authURL);
 		
 		} catch (ConfigurationException e) {
 			Logger.error("Can not load Metadata entry: EntityID", e);
@@ -113,7 +116,7 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
 	@Override
 	public String getEntityFriendlyName() {
 		try {
-			return PVPConfiguration.getInstance().getIDPIssuerName();
+			return pvpBasicConfiguration.getIDPIssuerName();
 			
 		} catch (ConfigurationException e) {
 			Logger.error("Can not load Metadata entry: EntityID friendlyName.", e);
@@ -129,7 +132,7 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
 	@Override
 	public List<ContactPerson> getContactPersonInformation() {
 		try {
-			return PVPConfiguration.getInstance().getIDPContacts();
+			return pvpBasicConfiguration.getIDPContacts();
 			
 		} catch (ConfigurationException e) {
 			Logger.warn("Can not load Metadata entry: Contect Person", e);
@@ -145,7 +148,7 @@ public class IDPPVPMetadataConfiguration implements IPVPMetadataBuilderConfigura
 	@Override
 	public Organization getOrgansiationInformation() {
 		try {
-			return PVPConfiguration.getInstance().getIDPOrganisation();
+			return pvpBasicConfiguration.getIDPOrganisation();
 			
 		} catch (ConfigurationException e) {
 			Logger.warn("Can not load Metadata entry: Organisation", e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java
deleted file mode 100644
index 814a2387d..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPAuthnRequestBuilderConfiguruation.java
+++ /dev/null
@@ -1,162 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.config;
-
-import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.xml.security.credential.Credential;
-import org.w3c.dom.Element;
-
-/**
- * @author tlenz
- *
- */
-public interface IPVPAuthnRequestBuilderConfiguruation {
-
-	/**
-	 * Defines a unique name for this PVP Service-provider, which is used for logging
-	 * 
-	 * @return
-	 */
-	public String getSPNameForLogging();
-	
-	/**
-	 * If true, the SAML2 isPassive flag is set in the AuthnRequest
-	 * 
-	 * @return
-	 */
-	public Boolean isPassivRequest();
-
-	/**
-	 * Define the ID of the AssertionConsumerService, 
-	 * which defines the required attributes in service-provider metadata.
-	 * 
-	 * @return
-	 */
-	public Integer getAssertionConsumerServiceId();
-
-	/**
-	 * Define the SAML2 EntityID of the service provider.
-	 * 
-	 * @return
-	 */
-	public String getSPEntityID();
-
-	/**
-	 * Define the SAML2 NameIDPolicy
-	 * 
-	 * @return Service-Provider EntityID, but never null
-	 */
-	public String getNameIDPolicyFormat();
-
-	/**
-	 * Define the AuthnContextClassRefernece of this request
-	 * 
-	 * Example: 
-	 * 			http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3 
-	 * 			http://www.stork.gov.eu/1.0/citizenQAALevel/4
-	 *          
-	 * 
-	 * @return
-	 */
-	public String getAuthnContextClassRef();
-
-	/**
-	 * Define the AuthnContextComparison model, which should be used
-	 * 
-	 * @return
-	 */
-	public AuthnContextComparisonTypeEnumeration getAuthnContextComparison();
-	
-	
-	/**
-	 * Define the credential, which should be used to sign the AuthnRequest
-	 * 
-	 * @return
-	 */
-	public Credential getAuthnRequestSigningCredential();
-	
-	
-	/**
-	 * Define the SAML2 EntityDescriptor of the IDP, which should receive the AuthnRequest
-	 * 
-	 * @return Credential, but never null.
-	 */
-	public EntityDescriptor getIDPEntityDescriptor();
-
-	/**
-	 * Set the SAML2 NameIDPolicy allow-creation flag
-	 * 
-	 * @return EntityDescriptor, but never null.
-	 */
-	public boolean getNameIDPolicyAllowCreation();
-
-	
-	/**
-	 * Set the requested SubjectNameID
-	 * 
-	 * @return SubjectNameID, or null if no SubjectNameID should be used
-	 */
-	public String getSubjectNameID();
-
-	/**
-	 * Define the qualifier of the <code>SubjectNameID</code>
-	 * <br><br>
-	 * Like: 'urn:publicid:gv.at:cdid+BF'
-	 * 
-	 * @return qualifier, or null if no qualifier should be set
-	 */
-	public String getSubjectNameIDQualifier();
-	
-	/**
-	 * Define the format of the subjectNameID, which is included in authn-request
-	 * 
-	 * 
-	 * @return nameIDFormat, of SAML2 'transient' if nothing is defined
-	 */
-	public String getSubjectNameIDFormat();
-
-	/**
-	 * Define a SP specific SAML2 requestID
-	 * 
-	 * @return requestID, or null if the requestID should be generated automatically
-	 */
-	public String getRequestID();
-
-	/**
-	 * Defines the 'method' attribute in 'SubjectConformation' element 
-	 * 
-	 * @return method, or null if no method should set
-	 */
-	public String getSubjectConformationMethode();
-
-	/**
-	 * Define the information, which should be added as 'subjectConformationDate' 
-	 * in 'SubjectConformation' element 
-	 * 
-	 * @return subjectConformation information or null if no subjectConformation should be set
-	 */
-	public Element getSubjectConformationDate();
-
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java
deleted file mode 100644
index 3a8404cae..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/IPVPMetadataBuilderConfiguration.java
+++ /dev/null
@@ -1,238 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.config;
-
-import java.util.List;
-
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.metadata.ContactPerson;
-import org.opensaml.saml2.metadata.Organization;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.xml.security.credential.Credential;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-
-/**
- * @author tlenz
- *
- */
-public interface IPVPMetadataBuilderConfiguration {
-
-	
-	/**
-	 * Defines a unique name for this PVP Service-provider, which is used for logging
-	 * 
-	 * @return
-	 */
-	public String getSPNameForLogging();
-	
-	/**
-	 * Set metadata valid area
-	 * 
-	 * @return valid until in hours [h]
-	 */
-	public int getMetadataValidUntil();
-	
-	/**
-	 * Build a SAML2 Entities element as metadata root element
-	 * 
-	 * @return true, if the metadata should start with entities element 
-	 */
-	public boolean buildEntitiesDescriptorAsRootElement();
-	
-	/**
-	 * 
-	 * 
-	 * @return true, if an IDP SSO-descriptor element should be generated 
-	 */
-	public boolean buildIDPSSODescriptor();
-	
-	/**
-	 * 
-	 * 
-	 * @return true, if an SP SSO-descriptor element should be generated 
-	 */
-	public boolean buildSPSSODescriptor();
-	
-	/**
-	 * Set the PVP entityID for this SAML2 metadata.
-	 * The entityID must be an URL and must be start with the public-URL prefix of the server
-	 * 
-	 * @return PVP entityID postfix as String
-	 */
-	public String getEntityID();
-	
-	/**
-	 * Set a friendlyName for this PVP entity
-	 * 
-	 * @return 
-	 */
-	public String getEntityFriendlyName();
-	
-	/**
-	 * Set the contact information for this metadata entity
-	 * 
-	 * @return
-	 */
-	public List<ContactPerson> getContactPersonInformation();
-	
-	/**
-	 * Set organisation information for this metadata entity
-	 * 
-	 * @return
-	 */
-	public Organization getOrgansiationInformation();
-	
-
-	/**
-	 * Set the credential for metadata signing
-	 * 
-	 * @return
-	 * @throws CredentialsNotAvailableException 
-	 */
-	public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException;
-	
-	/**
-	 * Set the credential for request/response signing
-	 * IDP metadata: this credential is used for SAML2 response signing
-	 * SP metadata: this credential is used for SAML2 response signing
-	 * 
-	 * @return
-	 * @throws CredentialsNotAvailableException 
-	 */
-	public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException;
-	
-	/**
-	 * Set the credential for response encryption
-	 * 
-	 * @return
-	 * @throws CredentialsNotAvailableException 
-	 */
-	public Credential getEncryptionCredentials() throws CredentialsNotAvailableException;
-	
-	/**
-	 * Set the IDP Post-Binding URL for WebSSO 
-	 * 
-	 * @return
-	 */
-	public String getIDPWebSSOPostBindingURL();
-	
-	/**
-	 * Set the IDP Redirect-Binding URL for WebSSO 
-	 * 
-	 * @return
-	 */
-	public String getIDPWebSSORedirectBindingURL();
-	
-	/**
-	 * Set the IDP Post-Binding URL for Single LogOut 
-	 * 
-	 * @return
-	 */
-	public String getIDPSLOPostBindingURL();
-	
-	/**
-	 * Set the IDP Redirect-Binding URL for Single LogOut 
-	 * 
-	 * @return
-	 */
-	public String getIDPSLORedirectBindingURL();
-	
-	/**
-	 * Set the SP Post-Binding URL for for the Assertion-Consumer Service
-	 * 
-	 * @return
-	 */
-	public String getSPAssertionConsumerServicePostBindingURL();
-	
-	/**
-	 * Set the SP Redirect-Binding URL for the Assertion-Consumer Service 
-	 * 
-	 * @return
-	 */
-	public String getSPAssertionConsumerServiceRedirectBindingURL();
-	
-	/**
-	 * Set the SP Post-Binding URL for Single LogOut 
-	 * 
-	 * @return
-	 */
-	public String getSPSLOPostBindingURL();
-	
-	/**
-	 * Set the SP Redirect-Binding URL for Single LogOut 
-	 * 
-	 * @return
-	 */
-	public String getSPSLORedirectBindingURL();
-	
-	/**
-	 * Set the SP SOAP-Binding URL for Single LogOut 
-	 * 
-	 * @return
-	 */
-	public String getSPSLOSOAPBindingURL();
-	
-	
-	/**
-	 * Set all SAML2 attributes which could be provided by this IDP
-	 * 
-	 * @return
-	 */
-	public List<Attribute> getIDPPossibleAttributes();
-	
-	/**
-	 * Set all nameID types which could be provided by this IDP
-	 * 
-	 * @return a List of SAML2 nameID types
-	 */
-	public List<String> getIDPPossibleNameITTypes();
-	
-	/**
-	 * Set all SAML2 attributes which are required by the SP
-	 * 
-	 * @return
-	 */
-	public List<RequestedAttribute> getSPRequiredAttributes();
-	
-	/**
-	 * Set all nameID types which allowed from the SP
-	 * 
-	 * @return a List of SAML2 nameID types
-	 */
-	public List<String> getSPAllowedNameITTypes();
-	
-	/**
-	 * Set the 'wantAssertionSigned' attribute in SP metadata
-	 * 
-	 * @return
-	 */
-	public boolean wantAssertionSigned();
-	
-	/**
-	 * Set the 'wantAuthnRequestSigned' attribute
-	 * 
-	 * @return
-	 */
-	public boolean wantAuthnRequestSigned();
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
deleted file mode 100644
index b731e2a95..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultBootstrap.java
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.config;
-
-import org.opensaml.Configuration;
-import org.opensaml.DefaultBootstrap;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.saml2.binding.encoding.BaseSAML2MessageEncoder;
-import org.opensaml.xml.ConfigurationException;
-
-/**
- * @author tlenz
- *
- */
-public class MOADefaultBootstrap extends DefaultBootstrap {
-
-    public static synchronized void bootstrap() throws ConfigurationException {
-
-        initializeXMLSecurity();
-
-        initializeXMLTooling();
-
-        initializeArtifactBuilderFactories();
-
-        initializeGlobalSecurityConfiguration();
-        
-        initializeParserPool();
-        
-        initializeESAPI();
-        
-    }
-  
-    public static void initializeDefaultPVPConfiguration() {
-    	initializeGlobalSecurityConfiguration();
-    	
-    }
-    
-    /**
-     * Initializes the default global security configuration.
-     */
-    protected static void initializeGlobalSecurityConfiguration() {
-        Configuration.setGlobalSecurityConfiguration(MOADefaultSecurityConfigurationBootstrap.buildDefaultConfig());
-    }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java
deleted file mode 100644
index f878b95d3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOADefaultSecurityConfigurationBootstrap.java
+++ /dev/null
@@ -1,152 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.config;
-
-import org.opensaml.xml.encryption.EncryptionConstants;
-import org.opensaml.xml.security.BasicSecurityConfiguration;
-import org.opensaml.xml.security.DefaultSecurityConfigurationBootstrap;
-import org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory;
-import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorManager;
-import org.opensaml.xml.security.keyinfo.NamedKeyInfoGeneratorManager;
-import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
-import org.opensaml.xml.signature.SignatureConstants;
-
-/**
- * @author tlenz
- *
- */
-public class MOADefaultSecurityConfigurationBootstrap extends
-		DefaultSecurityConfigurationBootstrap {
-	
-	public static BasicSecurityConfiguration buildDefaultConfig() {
-		BasicSecurityConfiguration config = new BasicSecurityConfiguration();
-
-		populateSignatureParams(config);
-		populateEncryptionParams(config);
-		populateKeyInfoCredentialResolverParams(config);
-		populateKeyInfoGeneratorManager(config);
-		populateKeyParams(config);
-
-		return config;
-	}
-
-	protected static void populateKeyInfoGeneratorManager(
-			BasicSecurityConfiguration config) {
-		NamedKeyInfoGeneratorManager namedManager = new NamedKeyInfoGeneratorManager();
-		config.setKeyInfoGeneratorManager(namedManager);
-
-		namedManager.setUseDefaultManager(true);
-		KeyInfoGeneratorManager defaultManager = namedManager
-				.getDefaultManager();
-
-		BasicKeyInfoGeneratorFactory basicFactory = new BasicKeyInfoGeneratorFactory();
-		basicFactory.setEmitPublicKeyValue(true);
-
-		X509KeyInfoGeneratorFactory x509Factory = new X509KeyInfoGeneratorFactory();
-		x509Factory.setEmitEntityCertificate(true);
-
-		defaultManager.registerFactory(basicFactory);
-		defaultManager.registerFactory(x509Factory);
-	}
-	
-	protected static void populateSignatureParams(
-			BasicSecurityConfiguration config) {
-		
-		//use SHA256 instead of SHA1
-		config.registerSignatureAlgorithmURI("RSA",
-				SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
-	
-		config.registerSignatureAlgorithmURI("DSA",
-				"http://www.w3.org/2000/09/xmldsig#dsa-sha1");
-		
-		//use SHA256 instead of SHA1
-		config.registerSignatureAlgorithmURI("EC",
-				SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256);
-
-		//use SHA256 instead of SHA1
-		config.registerSignatureAlgorithmURI("AES",
-				SignatureConstants.ALGO_ID_MAC_HMAC_SHA256);
-		
-		
-		config.registerSignatureAlgorithmURI("DESede",
-				SignatureConstants.ALGO_ID_MAC_HMAC_SHA256);
-
-		config.setSignatureCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
-		config.setSignatureHMACOutputLength(null);
-		
-		//use SHA256 instead of SHA1
-		config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256);
-	}
-
-	protected static void populateEncryptionParams(
-			BasicSecurityConfiguration config) {
-		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128),
-				"http://www.w3.org/2001/04/xmlenc#aes128-cbc");
-		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192),
-				"http://www.w3.org/2001/04/xmlenc#aes192-cbc");
-		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256),
-				"http://www.w3.org/2001/04/xmlenc#aes256-cbc");
-		
-		//support GCM mode
-		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(128), 
-				EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM);
-		
-		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(192), 
-				EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES192_GCM);
-		
-		config.registerDataEncryptionAlgorithmURI("AES", Integer.valueOf(256), 
-				EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256_GCM);
-		
-		
-		config.registerDataEncryptionAlgorithmURI("DESede",
-				Integer.valueOf(168),
-				"http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
-		config.registerDataEncryptionAlgorithmURI("DESede",
-				Integer.valueOf(192),
-				"http://www.w3.org/2001/04/xmlenc#tripledes-cbc");
-
-		config.registerKeyTransportEncryptionAlgorithmURI("RSA", null, "AES",
-				"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
-		
-		config.registerKeyTransportEncryptionAlgorithmURI("RSA", null,
-				"DESede", "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
-
-		config.registerKeyTransportEncryptionAlgorithmURI("AES",
-				Integer.valueOf(128), null,
-				"http://www.w3.org/2001/04/xmlenc#kw-aes128");
-		config.registerKeyTransportEncryptionAlgorithmURI("AES",
-				Integer.valueOf(192), null,
-				"http://www.w3.org/2001/04/xmlenc#kw-aes192");
-		config.registerKeyTransportEncryptionAlgorithmURI("AES",
-				Integer.valueOf(256), null,
-				"http://www.w3.org/2001/04/xmlenc#kw-aes256");
-		config.registerKeyTransportEncryptionAlgorithmURI("DESede",
-				Integer.valueOf(168), null,
-				"http://www.w3.org/2001/04/xmlenc#kw-tripledes");
-		config.registerKeyTransportEncryptionAlgorithmURI("DESede",
-				Integer.valueOf(192), null,
-				"http://www.w3.org/2001/04/xmlenc#kw-tripledes");
-
-		config.setAutoGeneratedDataEncryptionKeyAlgorithmURI("http://www.w3.org/2001/04/xmlenc#aes128-cbc");
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOAPVPMetadataConfigurationFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOAPVPMetadataConfigurationFactory.java
new file mode 100644
index 000000000..54940a9d3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/MOAPVPMetadataConfigurationFactory.java
@@ -0,0 +1,21 @@
+package at.gv.egovernment.moa.id.protocols.pvp2x.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataConfigurationFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
+
+@Service("MOAPVPMetadataConfigurationFactory")
+public class MOAPVPMetadataConfigurationFactory implements IPVPMetadataConfigurationFactory {
+
+	@Autowired(required=true) PVPConfiguration pvpBasicConfiguration;
+	
+	@Override
+	public IPVPMetadataBuilderConfiguration generateMetadataBuilderConfiguration(String authURL,
+			AbstractCredentialProvider pvpIDPCredentials) {
+			return new IDPPVPMetadataConfiguration(authURL, pvpIDPCredentials, pvpBasicConfiguration);
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index 81eca3765..5f39af7a4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -22,9 +22,7 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x.config;
 
-import java.io.IOException;
 import java.net.URL;
-import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@@ -43,29 +41,19 @@ import org.opensaml.saml2.metadata.OrganizationName;
 import org.opensaml.saml2.metadata.OrganizationURL;
 import org.opensaml.saml2.metadata.SurName;
 import org.opensaml.saml2.metadata.TelephoneNumber;
+import org.springframework.stereotype.Service;
 
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
-import iaik.x509.X509Certificate;
 
-public class PVPConfiguration {
+@Service("MOAPVP2Configuration")
+public class PVPConfiguration implements IPVP2BasicConfiguration {
 	
-	private static PVPConfiguration instance;
-
-	public static PVPConfiguration getInstance() {
-		if (instance == null) {
-			instance = new PVPConfiguration();
-		}
-		return instance;
-	}
-
 	public static final String PVP2_METADATA = 	"/pvp2/metadata";
 	public static final String PVP2_IDP_REDIRECT = 	"/pvp2/redirect";
 	public static final String PVP2_IDP_POST = 		"/pvp2/post";
@@ -90,22 +78,7 @@ public class PVPConfiguration {
 	public static final String IDP_CONTACT_PHONE = "phone";	
 	
 	private static String moaIDVersion = null;
-	
-	//PVP2 generalpvpconfigdb;
-	//Properties props;
-	//String rootDir = null;
-	
-	private PVPConfiguration() {
-//		 try {
-//			//generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig();
-//			//props = AuthConfigurationProviderFactory.getInstance().getGeneralPVP2ProperiesConfig();
-//			//rootDir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir();				
-//						
-//		} catch (ConfigurationException e) {
-//			e.printStackTrace();
-//		}
-	}
-	
+		
 	public List<String> getIDPPublicPath() throws ConfigurationException {
 		List<String> publicPath = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix();
 		List<String> returnvalue = new ArrayList<String>();
@@ -144,6 +117,12 @@ public class PVPConfiguration {
 		return publicURLPrefix + PVP2_METADATA;
 	}
 	
+	@Override
+	public String getIDPEntityId(String authURL) throws ConfigurationException {
+		return getIDPSSOMetadataService(authURL);
+		
+	}
+	
 	public String getIDPIssuerName() throws ConfigurationException {
 		
 		if (moaIDVersion == null) {
@@ -153,47 +132,6 @@ public class PVPConfiguration {
 		return AuthConfigurationProviderFactory.getInstance().getConfigurationWithKey(
 				MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_SERVICENAMME) + moaIDVersion;
 	}
-	
-	public iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) {
-				
-		try {
-			Logger.trace("Load metadata signing certificate for online application " + entityID);
-			ISPConfiguration  oaParam = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);		
-			if (oaParam == null) {
-				Logger.info("Online Application with ID " + entityID + " not found!");
-				return null;
-			}
-		
-			String pvp2MetadataCertificateString = 
-					oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);		 
-			if (MiscUtil.isEmpty(pvp2MetadataCertificateString)) {
-				Logger.info("Online Application with ID " + entityID + " include not PVP2X metadata signing certificate!");
-				return null;
-				
-			}	
-			
-			X509Certificate cert = new X509Certificate(Base64Utils.decode(pvp2MetadataCertificateString, false));
-			Logger.debug("Metadata signing certificate is loaded for ("+entityID+") is loaded.");
-			return cert;
-			
-		} catch (CertificateException e) {
-			Logger.warn("Metadata signer certificate is not parsed.", e);
-			return null;
-			
-		} catch (ConfigurationException e) {
-			Logger.error("Configuration is not accessable.", e);
-			return null;
-			
-		} catch (IOException e) {
-			Logger.warn("Metadata signer certificate is not decodeable.", e);
-			return null;
-			
-		} catch (EAAFConfigurationException e) {
-			Logger.error("Configuration is not accessable.", e);
-			return null;
-			
-		}
-	}
 
 	public List<ContactPerson> getIDPContacts() throws ConfigurationException {
 		List<ContactPerson> list = new ArrayList<ContactPerson>();
@@ -356,4 +294,5 @@ public class PVPConfiguration {
 		
 		
 	}
+
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java
deleted file mode 100644
index 69ca4e8f5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class AssertionAttributeExtractorExeption extends PVP2Exception {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -6459000942830951492L;
-
-	public AssertionAttributeExtractorExeption(String attributeName) {
-		super("Parse PVP2.1 assertion FAILED: Attribute " + attributeName 
-				+ " can not extract.", null);
-	}
-	
-	public AssertionAttributeExtractorExeption(String messageId,
-			Object[] parameters) {
-		super(messageId, parameters);
-	}
-
-	public AssertionAttributeExtractorExeption() {
-		super("Parse PVP2.1 assertion FAILED. Interfederation not possible", null); 
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java
deleted file mode 100644
index 1e029f567..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-
-/**
- * @author tlenz
- *
- */
-public class AssertionValidationExeption extends PVP2Exception {
-
-	private static final long serialVersionUID = -3987805399122286259L;
-
-	public AssertionValidationExeption(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-	}
-
-	/**
-	 * @param string
-	 * @param object
-	 * @param e
-	 */
-	public AssertionValidationExeption(String string, Object[] parameters,
-			Throwable e) {
-		super(string, parameters, e);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java
deleted file mode 100644
index 9008a7183..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class AttributQueryException extends PVP2Exception {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -4302422507173728748L;
-
-	public AttributQueryException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-	}
-	
-	public AttributQueryException(String messageId, Object[] parameters, Throwable e) {
-		super(messageId, parameters, e);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestBuildException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestBuildException.java
deleted file mode 100644
index eebaf6c9e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnRequestBuildException.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class AuthnRequestBuildException extends PVP2Exception {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -1375451065455859354L;
-
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public AuthnRequestBuildException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-	}
-
-	public AuthnRequestBuildException(String messageId, Object[] parameters, Throwable e) {
-		super(messageId, parameters, e);
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnResponseValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnResponseValidationException.java
deleted file mode 100644
index 957f9af1d..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AuthnResponseValidationException.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class AuthnResponseValidationException extends PVP2Exception {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 8023812861029406575L;
-
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public AuthnResponseValidationException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-	}
-	
-	public AuthnResponseValidationException(String messageId, Object[] parameters, Throwable e) {
-		super(messageId, parameters, e);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java
deleted file mode 100644
index 9f4c7fed3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class BindingNotSupportedException extends PVP2Exception {
-
-	public BindingNotSupportedException(String binding) {
-		super("pvp2.11", new Object[] {binding});
-		this.statusCodeValue = StatusCode.UNSUPPORTED_BINDING_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -7227603941387879360L;
-
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
deleted file mode 100644
index 392569366..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class InvalidAssertionConsumerServiceException extends PVP2Exception {
-
-	public InvalidAssertionConsumerServiceException(int idx) {
-		super("pvp2.00", new Object[]{idx});
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-	}
-
-	/**
-	 * 
-	 */
-	public InvalidAssertionConsumerServiceException(String wrongURL) {
-		super("pvp2.23", new Object[]{wrongURL});
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-		
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 7861790149343943091L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java
deleted file mode 100644
index b49070bd6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java
+++ /dev/null
@@ -1,36 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class InvalidAssertionEncryptionException extends PVP2Exception {
-
-	private static final long serialVersionUID = 6513388841485355549L;
-
-	public InvalidAssertionEncryptionException() {
-		super("pvp2.16", new Object[]{});
-		this.statusCodeValue = StatusCode.RESPONDER_URI;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
deleted file mode 100644
index 252539bf5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class InvalidDateFormatException extends PVP2Exception {
-
-	public InvalidDateFormatException() {
-		super("pvp2.02", null);
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -6867976890237846085L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
index 15a0ccf72..0e48dfbd6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
@@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
 
 import org.opensaml.saml2.core.StatusCode;
 
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+
 public class MandateAttributesNotHandleAbleException extends PVP2Exception {
 
 	public MandateAttributesNotHandleAbleException() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java
index 204e1c2a5..94e1874a5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java
@@ -22,6 +22,8 @@
  */
 package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
 
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+
 /**
  * @author tlenz
  *
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
deleted file mode 100644
index c82e6bdf1..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
-
-public class NameIDFormatNotSupportedException extends AuthnRequestValidatorException {
-
-	public NameIDFormatNotSupportedException(String nameIDFormat) {
-		super("pvp2.12", new Object[] {nameIDFormat}, "NameID format not supported");
-		statusCodeValue = StatusCode.INVALID_NAMEID_POLICY_URI;
-
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -2270762519437873336L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
index 333ef9765..58c2a032d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
@@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
 
 import org.opensaml.saml2.core.StatusCode;
 
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+
 public class NoCredentialsException extends PVP2Exception {
 
 	public static final String MOA_IDP_TARGET = "MOA-ID";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
index ce80ac5cb..821813b69 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
@@ -22,6 +22,8 @@
  *******************************************************************************/
 package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
 
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
+
 public class NoMandateDataAvailableException  extends PVP2Exception {
 
 	public NoMandateDataAvailableException() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java
deleted file mode 100644
index 50a1af6ad..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class NoMetadataInformationException extends PVP2Exception {
-
-	public NoMetadataInformationException() {
-		super("pvp2.15", null);
-		this.statusCodeValue = StatusCode.UNKNOWN_PRINCIPAL_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -4608068445208032193L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
deleted file mode 100644
index 00fb97151..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-public abstract class PVP2Exception extends MOAIDException {
-
-	protected String statusCodeValue = StatusCode.RESPONDER_URI;
-	protected String statusMessageValue = null;
-	
-	public PVP2Exception(String messageId, Object[] parameters,
-			Throwable wrapped) {
-		super(messageId, parameters, wrapped);
-		this.statusMessageValue = this.getMessage();
-	}
-
-	public PVP2Exception(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-		this.statusMessageValue = this.getMessage();
-	}
-	
-	
-	public String getStatusCodeValue() {
-		return (this.statusCodeValue);
-	}
-	
-	public String getStatusMessageValue() {
-		return (this.statusMessageValue);
-	}
-	
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 7669537952484421069L;
-
-	
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotAllowedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotAllowedException.java
deleted file mode 100644
index 63f42cbe5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotAllowedException.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-
-public class QAANotAllowedException extends PVP2Exception {
-
-	public QAANotAllowedException(String qaa_auth, String qaa_request) {
-		super("pvp2.17", new Object[] {qaa_auth, qaa_request});
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -3964192953884089323L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java
deleted file mode 100644
index fdf1063c0..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-
-public class QAANotSupportedException extends PVP2Exception {
-
-	public QAANotSupportedException(String qaa) {
-		super("pvp2.05", new Object[] {qaa});
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -3964192953884089323L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java
deleted file mode 100644
index 8f12f3cce..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class RequestDeniedException extends PVP2Exception {
-
-	public RequestDeniedException() {
-		super("pvp2.14", null);
-		this.statusCodeValue = StatusCode.REQUEST_DENIED_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 4415896615794730553L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java
deleted file mode 100644
index fe921f8b5..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class ResponderErrorException extends PVP2Exception {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -425416760138285446L;
-
-	public ResponderErrorException(String messageId, Object[] parameters,
-			Throwable wrapped) {
-		super(messageId, parameters, wrapped);
-		this.statusCodeValue = StatusCode.RESPONDER_URI;
-	}
-	
-	public ResponderErrorException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-		this.statusCodeValue = StatusCode.RESPONDER_URI;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
deleted file mode 100644
index 65def4602..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class SAMLRequestNotSignedException extends PVP2Exception {
-
-	public SAMLRequestNotSignedException() {
-		super("pvp2.07", null);
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-	}
-	
-	public SAMLRequestNotSignedException(Throwable e) {
-		super("pvp2.07", null, e);
-		this.statusCodeValue = StatusCode.REQUESTER_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 1L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
deleted file mode 100644
index 8a386c951..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-
-public class SAMLRequestNotSupported extends PVP2Exception {
-
-	public SAMLRequestNotSupported() {
-		super("pvp2.09", null);
-		this.statusCodeValue = StatusCode.REQUEST_UNSUPPORTED_URI;
-	}
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 1244883178458802767L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java
deleted file mode 100644
index 9f1b6168e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class SLOException extends PVP2Exception {
-	private static final long serialVersionUID = -5284624715788385022L;
-
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public SLOException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-		// TODO Auto-generated constructor stub
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java
deleted file mode 100644
index fc4ed1f28..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-/**
- * @author tlenz
- *
- */
-public class SchemaValidationException extends PVP2Exception {
-
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 1L;
-
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public SchemaValidationException(String messageId, Object[] parameters) {
-		super(messageId, parameters);
-	}
-	
-	/**
-	 * @param messageId
-	 * @param parameters
-	 */
-	public SchemaValidationException(String messageId, Object[] parameters, Throwable e) {
-		super(messageId, parameters, e);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
deleted file mode 100644
index a8bfe1070..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
-
-import org.opensaml.saml2.core.StatusCode;
-
-public class UnprovideableAttributeException extends PVP2Exception {
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 3972197758163647157L;
-
-	public UnprovideableAttributeException(String attributeName) {
-		super("pvp2.10", new Object[] {attributeName});
-		this.statusCodeValue = StatusCode.UNKNOWN_ATTR_PROFILE_URI;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java
deleted file mode 100644
index 8da5edeed..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter;
-
-import org.opensaml.saml2.metadata.provider.FilterException;
-
-/**
- * @author tlenz
- *
- */
-public class SchemaValidationException extends FilterException {
-
-	/**
-	 * @param string
-	 */
-	public SchemaValidationException(String string) {
-		super(string);
-		
-	}
-
-	private static final long serialVersionUID = 1L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java
deleted file mode 100644
index 86a6a777b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter;
-
-import org.opensaml.saml2.metadata.provider.FilterException;
-
-/**
- * @author tlenz
- *
- */
-public class SignatureValidationException extends FilterException {
-
-	/**
-	 * @param string
-	 */
-	public SignatureValidationException(String string) {
-		super(string);
-		
-	}
-
-	/**
-	 * @param e
-	 */
-	public SignatureValidationException(Exception e) {
-		super(e);
-	}
-
-	/**
-	 * @param string
-	 * @param object
-	 */
-	public SignatureValidationException(String string, Exception e) {
-		super(string, e);
-	}
-
-	private static final long serialVersionUID = 1L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html
deleted file mode 100644
index 5ae76ed96..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html
+++ /dev/null
@@ -1,851 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
-
-<!-- MOA-ID 2.x BKUSelection Layout CSS -->
-<style type="text/css">
-@media screen and (min-width: 650px) {
-	body {
-		margin: 0;
-		padding: 0;
-		color: #000;
-		background-color: #fff;
-		text-align: center;
-		background-color: #6B7B8B;
-	}
-	#localBKU p {
-		font-size: 0.7em;
-	}
-	#localBKU input {
-		font-size: 0.7em;
-		/*border-radius: 5px;*/
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.85em;
-		/*border-radius: 7px;*/
-		margin-bottom: 25px;
-		min-width: 80px;
-	}
-	#mandateLogin {
-		font-size: 0.85em;
-	}
-	#bku_header h2 {
-		font-size: 0.8em;
-	}
-	#page {
-		display: block;
-		border: 2px solid rgb(0, 0, 0);
-		width: 650px;
-		height: 440px;
-		margin: 0 auto;
-		margin-top: 5%;
-		position: relative;
-		border-radius: 25px;
-		background: rgb(255, 255, 255);
-	}
-	#page1 {
-		text-align: center;
-	}
-	#main {
-		/*	clear:both; */
-		position: relative;
-		margin: 0 auto;
-		width: 250px;
-		text-align: center;
-	}
-	.OA_header {
-		/*	  background-color: white;*/
-		font-size: 20pt;
-		margin-bottom: 25px;
-		margin-top: 25px;
-	}
-	#leftcontent {
-		/*float:left; */
-		width: 250px;
-		margin-bottom: 25px;
-		text-align: left;
-		border: 1px solid rgb(0, 0, 0);
-	}
-	#selectArea {
-		font-size: 15px;
-		padding-bottom: 65px;
-	}
-	#leftcontent {
-		width: 300px;
-		margin-top: 30px;
-	}
-	#bku_header {
-		height: 5%;
-		padding-bottom: 3px;
-		padding-top: 3px;
-	}
-	#bkulogin {
-		overflow: hidden;
-		min-width: 190px;
-		min-height: 180px;
-		/*height: 260px;*/
-	}
-	h2#tabheader {
-		font-size: 1.1em;
-		padding-left: 2%;
-		padding-right: 2%;
-		position: relative;
-	}
-	.setAssertionButton_full {
-		background: #efefef;
-		cursor: pointer;
-		margin-top: 15px;
-		width: 100px;
-		height: 30px
-	}
-	#leftbutton {
-		width: 30%;
-		float: left;
-		margin-left: 40px;
-	}
-	#rightbutton {
-		width: 30%;
-		float: right;
-		margin-right: 45px;
-		text-align: right;
-	}
-	button {
-		height: 25px;
-		width: 75px;
-		margin-bottom: 10px;
-	}
-	#validation {
-		position: absolute;
-		bottom: 0px;
-		margin-left: 270px;
-		padding-bottom: 10px;
-	}
-}
-
-@media screen and (max-width: 205px) {
-	#localBKU p {
-		font-size: 0.6em;
-	}
-	#localBKU input {
-		font-size: 0.6em;
-		min-width: 60px;
-		/* max-width: 65px; */
-		min-height: 1.0em;
-		/* border-radius: 5px; */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.7em;
-		min-width: 55px;
-		/*min-height: 1.1em;
-          border-radius: 5px;*/
-		margin-bottom: 2%
-	}
-	#mandateLogin {
-		font-size: 0.65em;
-	}
-	#bku_header h2 {
-		font-size: 0.8em;
-		margin-top: -0.4em;
-		padding-top: 0.4em;
-	}
-	#bkulogin {
-		min-height: 150px;
-	}
-}
-
-@media screen and (max-width: 249px) and (min-width: 206px) {
-	#localBKU p {
-		font-size: 0.7em;
-	}
-	#localBKU input {
-		font-size: 0.7em;
-		min-width: 70px;
-		/*    max-width: 75px;    */
-		min-height: 0.95em;
-		/*  border-radius: 6px;    */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.75em;
-		min-width: 60px;
-		/*    min-height: 0.95em;
-          border-radius: 6px;    */
-		margin-bottom: 5%
-	}
-	#mandateLogin {
-		font-size: 0.75em;
-	}
-	#bku_header h2 {
-		font-size: 0.9em;
-		margin-top: -0.45em;
-		padding-top: 0.45em;
-	}
-	#bkulogin {
-		min-height: 180px;
-	}
-}
-
-@media screen and (max-width: 299px) and (min-width: 250px) {
-	#localBKU p {
-		font-size: 0.9em;
-	}
-	#localBKU input {
-		font-size: 0.8em;
-		min-width: 70px;
-		/*    max-width: 75px;      */
-		/*    border-radius: 6px;  */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.85em;
-		/*     min-height: 1.05em;
-          border-radius: 7px;        */
-		margin-bottom: 10%;
-	}
-	#mandateLogin {
-		font-size: 1em;
-	}
-	#bku_header h2 {
-		font-size: 1.0em;
-		margin-top: -0.50em;
-		padding-top: 0.50em;
-	}
-}
-
-@media screen and (max-width: 399px) and (min-width: 300px) {
-	#localBKU p {
-		font-size: 0.9em;
-	}
-	#localBKU input {
-		font-size: 0.8em;
-		min-width: 70px;
-		/*     max-width: 75px;     */
-		/*    border-radius: 6px;       */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 0.9em;
-		/*       min-height: 1.2em;
-          border-radius: 8px;          */
-		margin-bottom: 10%;
-		max-width: 80px;
-	}
-	#mandateLogin {
-		font-size: 1em;
-	}
-	#bku_header h2 {
-		font-size: 1.1em;
-		margin-top: -0.55em;
-		padding-top: 0.55em;
-	}
-}
-
-@media screen and (max-width: 649px) and (min-width: 400px) {
-	#localBKU p {
-		font-size: 0.9em;
-	}
-	#localBKU input {
-		font-size: 0.8em;
-		min-width: 70px;
-		/*     max-width: 80px;       */
-		/*     border-radius: 6px;          */
-	}
-	#bkuselectionarea input[type=button] {
-		font-size: 1.0em;
-		/*      min-height: 1.3em;
-         border-radius: 10px;         */
-		margin-bottom: 10%;
-		max-width: 85px;
-	}
-	#mandateLogin {
-		font-size: 1.2em;
-	}
-	#bku_header h2 {
-		font-size: 1.3em;
-		margin-top: -0.65em;
-		padding-top: 0.65em;
-	}
-}
-
-@media screen and (max-width: 649px) {
-	body {
-		margin: 0;
-		padding: 0;
-		color: #000;
-		text-align: center;
-		font-size: 100%;
-		background-color: #MAIN_BACKGOUNDCOLOR#;
-	}
-	#page {
-		visibility: hidden;
-		margin-top: 0%;
-	}
-	#page1 {
-		visibility: hidden;
-	}
-	#main {
-		visibility: hidden;
-	}
-	#validation {
-		visibility: hidden;
-		display: none;
-	}
-	.OA_header {
-		margin-bottom: 0px;
-		margin-top: 0px;
-		font-size: 0pt;
-		visibility: hidden;
-	}
-	#leftcontent {
-		visibility: visible;
-		margin-bottom: 0px;
-		text-align: left;
-		border: none;
-		vertical-align: middle;
-		min-height: 173px;
-		min-width: 204px;
-	}
-	#bku_header {
-		height: 10%;
-		min-height: 1.2em;
-		margin-top: 1%;
-	}
-	h2#tabheader {
-		padding-left: 2%;
-		padding-right: 2%;
-		position: relative;
-		top: 50%;
-	}
-	#bkulogin {
-		min-width: 190px;
-		min-height: 155px;
-	}
-	.setAssertionButton_full {
-		background: #efefef;
-		cursor: pointer;
-		margin-top: 15px;
-		width: 70px;
-		height: 25px;
-	}
-	input[type=button] {
-		/*          height: 11%;  */
-		width: 70%;
-	}
-}
-
-			
-			@media screen and (max-width: 649px) {
-				
-        body {
-					margin:0;
-					padding:0;
-					color : #000;
-			  	text-align: center;
-          font-size: 100%;
-			  	background-color: #MAIN_BACKGOUNDCOLOR#;
-				}
-        				
-			  #page {
-			     visibility: hidden;
-			     margin-top: 0%;
-			  }
-			  
-			  #page1 {
-			    visibility: hidden;
-			  }
-			  
-			  #main {
-			    visibility: hidden;
-			  }
-        
-        #validation {
-          visibility: hidden;
-          display: none;
-        }
-			  
-			  .OA_header {
-			    margin-bottom: 0px;
-			    margin-top: 0px;
-			    font-size: 0pt;
-			    visibility: hidden;
-			  }
-			
-			  #leftcontent {
-			    visibility: visible;
-			    margin-bottom: 0px;
-			    text-align: left;
-			    border:none;
-          vertical-align: middle;
-          min-height: 173px;
-          min-width: 204px;
-          
-			  }
-			  
-        #bku_header {
-          height: 10%;
-          min-height: 1.2em;
-          margin-top: 1%;
-        }
-        
-        h2#tabheader{
-          padding-left: 2%;
-          padding-right: 2%;
-          position: relative;
-          top: 50%;
-			  }
-        
-       	#bkulogin {	
-          min-width: 190px;
-          min-height: 155px;	
-			 }
-        
-			 .setAssertionButton_full {
-			     	background: #efefef;
-				    cursor: pointer;
-				    margin-top: 15px;
-			      width: 70px;
-			      height: 25px;
-			 }
-       
-        input[type=button] {
-/*          height: 11%;  */
-          width: 70%;
-        }
-			}
-			      
-			* {
-				margin: 0;
-				padding: 0;
-        font-family: #FONTTYPE#;
-			}
-							      			
-			#selectArea {
-				padding-top: 10px;
-				padding-bottom: 55px;
-				padding-left: 10px;
-			}
-			
-			.setAssertionButton {
-				background: #efefef;
-				cursor: pointer;
-				margin-top: 15px;
-			  width: 70px;
-			  height: 25px;
-			}
-			
-			#leftbutton  {
-				width: 35%; 
-				float:left; 
-				margin-left: 15px;
-			}
-			
-			#rightbutton {
-				width: 35%; 
-				float:right; 
-				margin-right: 25px; 
-				text-align: right;
-			}
-			
-      #mandateLogin {
-        padding-bottom: 4%;
-        padding-top: 4%;
-        height: 10%;
-        position: relative;
-        text-align: center;
-			}
-      
-      .verticalcenter {
-        vertical-align: middle;
-      }
-      
-      #mandateLogin div {
-        clear: both;
-        margin-top: -1%;
-        position: relative;
-        top: 50%;
-      }
-      
-      #bkuselectionarea {
-          position: relative;
-          display: block;
-      }
-      
-      #localBKU {
-        padding-left: 5%;
-        padding-right: 2%;
-        padding-bottom: 4%;
-        padding-top: 4%;
-        position: relative;
-        clear: both;        
-			}
-          			
-			#bkukarte {
-				float:left;
-				text-align:center;
-				width:40%;
-        min-height: 70px;
-        padding-left: 5%;
-        padding-top: 2%;
-			}
-			
-			#bkuhandy {
-				float:right;
-				text-align:center;
-				width:40%;
-        min-height: 90px;
-        padding-right: 5%;
-        padding-top: 2%;
-			}
-			
-      .bkuimage {
-        width: 90%;
-        height: auto;
-      }
-      
-			#mandate{
-				text-align:center;
-				padding : 5px 5px 5px 5px;
-			}
-      
-/*		input[type=button], .sendButton {
-				background: #BUTTON_BACKGROUNDCOLOR#;
-        color: #BUTTON_COLOR#;
-/*				border:1px solid #000;  */
-/*				cursor: pointer;
-/*        box-shadow: 3px 3px 3px #222222;  */
-/*			}
-			
-/*      button:hover, button:focus, button:active, 
-      .sendButton:hover , .sendButton:focus, .sendButton:active,
-      #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
-				background: #BUTTON_BACKGROUNDCOLOR_FOCUS#;
-        color: #BUTTON_COLOR#;
-/*				border:1px solid #000;                */
-/*				cursor: pointer;
-/*        box-shadow: -1px -1px 3px #222222;  */
-/*			}
-      
-*/
-input {
-	/*border:1px solid #000;*/
-	cursor: pointer;
-}
-
-#localBKU input {
-	/*        color: #BUTTON_COLOR#;  */
-	border: 0px;
-	display: inline-block;
-}
-
-#localBKU input:hover,#localBKU input:focus,#localBKU input:active {
-	text-decoration: underline;
-}
-
-#installJava,#BrowserNOK {
-	clear: both;
-	font-size: 0.8em;
-	padding: 4px;
-}
-
-.selectText {
-	
-}
-
-.selectTextHeader {
-	
-}
-
-.sendButton {
-	width: 30%;
-	margin-bottom: 1%;
-}
-
-#leftcontent a {
-	text-decoration: none;
-	color: #000;
-	/*	display:block;*/
-	padding: 4px;
-}
-
-#leftcontent a:hover,#leftcontent a:focus,#leftcontent a:active {
-	text-decoration: underline;
-	color: #000;
-}
-
-.infobutton {
-	background-color: #005a00;
-	color: white;
-	font-family: serif;
-	text-decoration: none;
-	padding-top: 2px;
-	padding-right: 4px;
-	padding-bottom: 2px;
-	padding-left: 4px;
-	font-weight: bold;
-}
-
-.hell {
-	background-color: #MAIN_BACKGOUNDCOLOR#;
-	color: #MAIN_COLOR#;
-}
-
-.dunkel {
-	background-color: #HEADER_BACKGROUNDCOLOR#;
-	color: #HEADER_COLOR#;
-}
-
-.main_header {
-	color: black;
-	font-size: 32pt;
-	position: absolute;
-	right: 10%;
-	top: 40px;
-}
-</style>
-<!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
-<script type="text/javascript">
-		function isIE() {
-			return (/MSIE (\d+\.\d+);/.test(navigator.userAgent));
-		}
-		function isFullscreen() {
-			try {
-				return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height));
-			} catch (e) {
-				return false;
-			}
-		}
-		function isActivexEnabled() {
-			var supported = null;
-			try {
-				supported = !!new ActiveXObject("htmlfile");
-			} catch (e) {
-				supported = false;
-			}
-			return supported;
-		}
-		function isMetro() {
-			if (!isIE())
-				return false;
-			return !isActivexEnabled() && isFullscreen();
-		}
-		window.onload=function() {
-			document.getElementById("localBKU").style.display="block";
-			return;
-		}
-		function bkuOnlineClicked() {
-			if (isMetro())
-				document.getElementById("metroDetected").style.display="block";
-			document.getElementById("localBKU").style.display="block";
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-						
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#ONLINE#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-/* 			iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-			iFrameURL += "&MOASessionID=" + "#SESSIONID#";
-			generateIFrame(iFrameURL);
-		}
-		function bkuHandyClicked() {
-			document.getElementById("localBKU").style.display="none";
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-			
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#HANDY#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-/* 			iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-			iFrameURL += "&MOASessionID=" + "#SESSIONID#";
-			generateIFrame(iFrameURL);
-		}
-		function storkClicked() {
-			document.getElementById("localBKU").style.display="none"; 
-/* 			if (checkMandateSSO())
-				return; */
-			
-			setMandateSelection();
-/* 			setSSOSelection(); */
-			
-			var ccc = "AT";
-			var countrySelection = document.getElementById("cccSelection");
-			if (countrySelection !=  null) {
-				ccc = document.getElementById("cccSelection").value;
-			}
-			var iFrameURL = "#AUTH_URL#" + "?";
-			iFrameURL += "bkuURI=" + "#ONLINE#";
-			iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-			iFrameURL += "&CCC=" + ccc;
-/* 			iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
-			iFrameURL += "&MODUL=" + "#MODUL#";
-			iFrameURL += "&ACTION=" + "#ACTION#";
-			iFrameURL += "&MOASessionID=" + "#SESSIONID#";
-			generateIFrame(iFrameURL);
-		}
-		function generateIFrame(iFrameURL) {
-			var el = document.getElementById("bkulogin");
-      var width = el.clientWidth;
-      var heigth = el.clientHeight - 20;
-			var parent = el.parentNode;
-            
-      iFrameURL += "&heigth=" + heigth;
-      iFrameURL += "&width=" + width;
-      
-			var iframe = document.createElement("iframe");
-			iframe.setAttribute("src", iFrameURL);
-			iframe.setAttribute("width", el.clientWidth - 1);
-			iframe.setAttribute("height", el.clientHeight - 1);
-			iframe.setAttribute("frameborder", "0");
-			iframe.setAttribute("scrolling", "no");
-			iframe.setAttribute("title", "Login");
-			parent.replaceChild(iframe, el);
-		}
-		function setMandateSelection() {
-			document.getElementById("moaidform").action = "#AUTH_URL#";
-			document.getElementById("useMandate").value = "false";
-			var checkbox = document.getElementById("mandateCheckBox");
-			if (checkbox !=  null) {
-				if (document.getElementById("mandateCheckBox").checked) {
-					document.getElementById("useMandate").value = "true";
-				}
-			}
-		}
-		function onChangeChecks() {
-      if (top.innerWidth < 650) {
-         document.getElementById("moaidform").setAttribute("target","_parent");
-      } else {
-         document.getElementById("moaidform").removeAttribute("target");
-      }
-      
-    }
-/* 		function setSSOSelection() {
-			document.getElementById("useSSO").value = "false";
-			var checkbox = document.getElementById("SSOCheckBox");
-			if (checkbox !=  null) {
-				if (document.getElementById("SSOCheckBox").checked) {
-					document.getElementById("useSSO").value = "true";
-				}
-			}
-		} */
-		
-/* 		function checkMandateSSO() {
-			var sso = document.getElementById("SSOCheckBox");
-			var mandate = document.getElementById("mandateCheckBox");
-			
-			
-			if (sso.checked && mandate.checked) {
-				alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!")
-				mandate.checked = false;
-				sso.checked = false;
-				return true;
-			} else {
-				return false;
-			}
-		} */
-	</script>
-<title>Anmeldung mittels Bürgerkarte oder Handy-Signatur</title>
-</head>
-<body onload="onChangeChecks();" onresize="onChangeChecks();">
-	<div id="page">
-		<div id="page1" class="case selected-case" role="main">
-			<h2 class="OA_header" role="heading">Anmeldung an: #OAName#</h2>
-			<div id="main">
-				<div id="leftcontent" class="hell" role="application">
-					<div id="bku_header" class="dunkel">
-						<h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2>
-					</div>
-					<div id="bkulogin" class="hell" role="form">
-						<div id="mandateLogin" style="">
-							<div>
-								<input tabindex="1" type="checkbox" name="Mandate"
-									id="mandateCheckBox" class="verticalcenter" role="checkbox"
-									onClick='document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);'#MANDATECHECKED#>
-								<label for="mandateCheckBox" class="verticalcenter">in
-									Vertretung anmelden</label>
-								<!--a      href="info_mandates.html" 
-                        target="_blank"
-                        class="infobutton verticalcenter" 
-                        tabindex="5">i</a-->
-							</div>
-						</div>
-						<div id="bkuselectionarea">
-							<div id="bkukarte">
-								<img class="bkuimage" src="#CONTEXTPATH#/img/online-bku.png"
-									alt="OnlineBKU" /> <input name="bkuButtonOnline" type="button"
-									onClick="bkuOnlineClicked();" tabindex="2" role="button"
-									value="Karte" />
-							</div>
-							<div id="bkuhandy">
-								<img class="bkuimage" src="#CONTEXTPATH#/img/mobile-bku.png"
-									alt="HandyBKU" /> <input name="bkuButtonHandy" type="button"
-									onClick="bkuHandyClicked();" tabindex="3" role="button"
-									value="HANDY" />
-							</div>
-						</div>
-						<div id="localBKU">
-							<form method="get" id="moaidform" action="#AUTH_URL#"
-								class="verticalcenter" target="_parent">
-								<input type="hidden" name="bkuURI" value="#LOCAL#"> <input
-									type="hidden" name="useMandate" id="useMandate"> <input
-									type="hidden" name="SSO" id="useSSO"> <input
-									type="hidden" name="CCC" id="ccc"> <input type="hidden"
-									name="MODUL" value="#MODUL#"> <input type="hidden"
-									name="ACTION" value="#ACTION#"> <input type="hidden"
-									name="MOASessionID" value="#SESSIONID#"> <input
-									type="submit" value=">lokale Bürgerkartenumgebung" tabindex="4"
-									role="button" class="hell">
-								<!--p>
-                    <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small>								                                  
-                  </p-->								                                  
-                </form>								                                                          
-              </div>
-              <div id="stork" align="center" style="#STORKVISIBLE#">
-                <h2 id="tabheader" class="dunkel">Home Country Selection</h2>
-                <p>
-                  <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" >
-                    <option value="BE">Belgi&euml;/Belgique</option>
-                    <option value="EE">Eesti</option>
-                    <option value="ES">Espa&ntilde;a</option>
-                    <option value="IS">&Iacute;sland</option>
-                    <option value="IT">Italia</option>
-                    <option value="LI">Liechtenstein</option>
-                    <option value="LT">Lithuania</option>
-                    <option value="PT">Portugal</option>
-                    <option value="SI">Slovenija</option>
-                    <option value="FI">Suomi</option>
-                    <option value="SE">Sverige</option>
-                  </select>
-                  <button name="bkuButton" type="button" onClick="storkClicked();">Proceed</button>
-                  <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a>
-                </p>
-              </div>
-
-						<div id="metroDetected" style="display: none">
-							<p>Anscheinend verwenden Sie Internet Explorer im
-								Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den
-								Optionen um die Karten-Anmeldung starten zu können.</p>
-						</div>
-					</div>
-				</div>
-			</div>
-		</div>
-		<div id="validation">
-			<a href="http://validator.w3.org/check?uri="> <img
-				style="border: 0; width: 88px; height: 31px"
-				src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
-			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
-				style="border: 0; width: 88px; height: 31px"
-				src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
-				alt="CSS ist valide!" />
-			</a>
-		</div>
-	</div>
-</body>
-</html>
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
deleted file mode 100644
index 8c8345bbf..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
-
-import java.io.Serializable;
-
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class InboundMessage implements InboundMessageInterface, Serializable{
-
-	private static final long serialVersionUID = 2395131650841669663L;
-	
-	private Element samlMessage = null;
-	private boolean verified = false;
-	private String entityID = null;
-	private String relayState = null;
-	
-	
-	public EntityDescriptor getEntityMetadata(MetadataProvider metadataProvider) throws NoMetadataInformationException {
-		try {
-			if (metadataProvider == null)
-				throw new NullPointerException("No PVP MetadataProvider found.");
-			
-			return metadataProvider.getEntityDescriptor(this.entityID);
-			
-		} catch (MetadataProviderException e) {
-			Logger.warn("No Metadata for EntitiyID " + entityID);
-			throw new NoMetadataInformationException();
-		}			
-	}
-	
-	/**
-	 * @param entitiyID the entitiyID to set
-	 */
-	public void setEntityID(String entitiyID) {
-		this.entityID = entitiyID;
-	}
-	
-	public void setVerified(boolean verified) {
-		this.verified = verified;
-	}
-		
-	/**
-	 * @param relayState the relayState to set
-	 */
-	public void setRelayState(String relayState) {
-		this.relayState = relayState;
-	}
-	
-	public void setSAMLMessage(Element msg) {
-		this.samlMessage = msg;
-	}
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getRelayState()
-	 */
-	@Override
-	public String getRelayState() {
-		return relayState;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getEntityID()
-	 */
-	@Override
-	public String getEntityID() {
-		return entityID;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#isVerified()
-	 */
-	@Override
-	public boolean isVerified() {
-		return verified;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getInboundMessage()
-	 */
-	@Override
-	public Element getInboundMessage() {
-		return samlMessage;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java
deleted file mode 100644
index 60a6f069a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
-
-import org.w3c.dom.Element;
-
-/**
- * @author tlenz
- *
- */
-public interface InboundMessageInterface {
-	
-	public String getRelayState();
-	public String getEntityID();
-	public boolean isVerified();
-	public Element getInboundMessage();
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
deleted file mode 100644
index 7679e74a6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
-
-
-import org.opensaml.Configuration;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.xml.io.Unmarshaller;
-import org.opensaml.xml.io.UnmarshallerFactory;
-import org.opensaml.xml.io.UnmarshallingException;
-import org.opensaml.xml.signature.SignableXMLObject;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.logging.Logger;
-
-public class MOARequest extends InboundMessage{
-	
-	private static final long serialVersionUID = 8613921176727607896L;
-
-	private String binding = null;
-	
-	public MOARequest(SignableXMLObject inboundMessage, String binding) {
-		setSAMLMessage(inboundMessage.getDOM());
-		this.binding = binding;
-		
-	}
-	
-	public String getRequestBinding() {
-		return binding;
-	}
-	
-	public SignableXMLObject getSamlRequest() {
-		UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
-		Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage());
-		
-		try {
-			return (SignableXMLObject) unmashaller.unmarshall(getInboundMessage());
-			
-		} catch (UnmarshallingException e) {
-			Logger.warn("AuthnRequest Unmarshaller error", e);
-			return null;
-		}
-		
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java
deleted file mode 100644
index f2512b122..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.messages;
-
-import org.opensaml.Configuration;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.xml.io.Unmarshaller;
-import org.opensaml.xml.io.UnmarshallerFactory;
-import org.opensaml.xml.io.UnmarshallingException;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.logging.Logger;
-
-public class MOAResponse extends InboundMessage {
-		
-	private static final long serialVersionUID = -1133012928130138501L;
-
-	public MOAResponse(StatusResponseType response) {
-		setSAMLMessage(response.getDOM());
-	}
-
-	public StatusResponseType getResponse() {		
-		UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
-		Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage());
-		
-		try {
-			return (StatusResponseType) unmashaller.unmarshall(getInboundMessage());
-			
-		} catch (UnmarshallingException e) {
-			Logger.warn("AuthnResponse Unmarshaller error", e);
-			return null;
-		}
-		
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java
deleted file mode 100644
index 3da4dc18a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/IMOARefreshableMetadataProvider.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
-
-/**
- * @author tlenz
- *
- */
-public interface IMOARefreshableMetadataProvider {
-
-	/**
-	 * Refresh a entity or load a entity in a metadata provider 
-	 * 
-	 * @param entityID
-	 * @return true, if refresh is success, otherwise false
-	 */
-	public boolean refreshMetadataProvider(String entityID);
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 7d43732a6..1fa17c683 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -23,401 +23,91 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
 
 import java.io.IOException;
+import java.net.MalformedURLException;
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
-import java.util.Timer;
 
-import javax.xml.namespace.QName;
-
-import org.opensaml.saml2.metadata.EntitiesDescriptor;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.RoleDescriptor;
-import org.opensaml.saml2.metadata.provider.BaseMetadataProvider;
-import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
-import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
-import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.parse.BasicParserPool;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
-import at.gv.egovernment.moa.id.auth.IDestroyableObject;
-import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PVPEntityCategoryFilter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPEntityCategoryFilter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.PVPMetadataFilterChain;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataSignatureFilter;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 @Service("PVPMetadataProvider")
-public class MOAMetadataProvider extends SimpleMOAMetadataProvider
-	implements ObservableMetadataProvider, IGarbageCollectorProcessing, 
-	IMOARefreshableMetadataProvider, IDestroyableObject {
+public class MOAMetadataProvider extends AbstractChainingMetadataProvider {
 
-	//private static final int METADATA_GARBAGE_TIMEOUT_SEC = 604800;  //7 days   
-	
-//	private static MOAMetadataProvider instance = null;
-	MetadataProvider internalProvider = null;
-	private Timer timer = null; 
-	private static Object mutex = new Object();
-	//private Map<String, Date> lastAccess = null;
-	
-	
-	public MOAMetadataProvider() {
-		internalProvider = new ChainingMetadataProvider();	
-		//lastAccess = new HashMap<String, Date>();
+	@Autowired(required=true) AuthConfiguration moaAuthConfig;
 		
-	}
-	
-//	public static MOAMetadataProvider getInstance() {
-//		if (instance == null) {
-//			synchronized (mutex) {
-//				if (instance == null) {
-//					instance = new MOAMetadataProvider();
-//					
-//					//add this to MOA garbage collector
-//					MOAGarbageCollector.addModulForGarbageCollection(instance);
-//										
-//				}
-//			}
-//		}
-//		return instance;
-//	}
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.config.auth.IGarbageCollectorProcessing#runGarbageCollector()
-	 */
 	@Override
-	public void runGarbageCollector() {
-		synchronized (mutex) {
-			
-			/**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
-			try {
-				Logger.trace("Check consistence of PVP2X metadata");	
-				addAndRemoveMetadataProvider();
-					
-			} catch (ConfigurationException | EAAFConfigurationException e) {
-				Logger.error("Access to MOA-ID configuration FAILED.", e);
-					
-			}
-		}
+	protected String getMetadataURL(String entityId) throws EAAFConfigurationException {
+		ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityId);
+		if (oaParam != null)
+			return oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
 		
-	}
-	
-	
-//	private static void reInitialize() {
-//		synchronized (mutex) {
-//			
-//			/**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
-//			if (instance != null)
-//				try {
-//					Logger.trace("Check consistence of PVP2X metadata");	
-//					instance.addAndRemoveMetadataProvider();
-//					
-//				} catch (ConfigurationException e) {
-//					Logger.error("Access to MOA-ID configuration FAILED.", e);
-//					
-//				}
-//			else
-//				Logger.info("MOAMetadataProvider is not loaded.");
-//		}
-//	}
-	
-	public void fullyDestroy() {
-		internalDestroy();
+		else {		
+			Logger.debug("Can not process PVP2X metadata: NO onlineApplication with Id: " + entityId);
+			return null;
 			
+		}
+							
 	}
 	
-
-
 	@Override
-	public synchronized boolean refreshMetadataProvider(String entityID) {
-		try {			
-			//check if metadata provider is already loaded
-			try {
-				if (internalProvider.getEntityDescriptor(entityID) != null)
-					return true;
-				
-			} catch (MetadataProviderException e) {}
-			
+	protected MetadataProvider createNewMetadataProvider(String entityId) throws EAAFConfigurationException, IOException, CertificateException {
+		ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityId);
+		if (oaParam != null) {
+			String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);		
+			String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
+			if (MiscUtil.isNotEmpty(certBase64)) {
+				byte[] cert = Base64Utils.decode(certBase64, false);
+				String oaFriendlyName = oaParam.getUniqueIdentifier();
+														
+				return createNewSimpleMetadataProvider(metadataURL, 								 
+						buildMetadataFilterChain(oaParam, metadataURL, cert), 
+						oaFriendlyName,
+						getTimer(),
+						new BasicParserPool(),
+						createHttpClient(metadataURL));
 			
-			//reload metadata provider 
-			ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(entityID);
-			if (oaParam != null) {
-				String metadataURL = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
-				if (MiscUtil.isNotEmpty(metadataURL)) {
-					Map<String, HTTPMetadataProvider> actuallyLoadedProviders = getAllActuallyLoadedProviders();
-
-					// check if MetadataProvider is actually loaded
-					if (actuallyLoadedProviders.containsKey(metadataURL)) {
-						actuallyLoadedProviders.get(metadataURL).refresh();						
-						Logger.info("PVP2X metadata for onlineApplication: " 
-								+ entityID + " is refreshed.");
-						return true;
-						
-					} else {
-						//load new Metadata Provider
-						String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
-						if (MiscUtil.isNotEmpty(certBase64)) {
-						byte[] cert = Base64Utils.decode(certBase64, false);
-						String oaFriendlyName = oaParam.getUniqueIdentifier();
-					
-						if (timer == null)
-							timer = new Timer(true);
-						
-						ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;						
-						MetadataProvider newMetadataProvider = createNewMoaMetadataProvider(metadataURL, 								 
-								buildMetadataFilterChain(oaParam, metadataURL, cert), 
-								oaFriendlyName,
-								timer,
-								new BasicParserPool());
-						
-						chainProvider.addMetadataProvider(newMetadataProvider);
-						
-						emitChangeEvent();
-						
-						Logger.info("PVP2X metadata for onlineApplication: " 
-								+ entityID + " is added.");
-						return true;
-						
-						} else
-							Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata certificate for OA with Id: " + entityID);
-						
-					}
-															
-				} else
-					Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata URL for OA with Id: " + entityID);
-								
 			} else
-				Logger.debug("Can not refresh PVP2X metadata: NO onlineApplication with Id: " + entityID);
-				
-						
-		} catch (MetadataProviderException e) {
-			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
-					+ entityID + " FAILED.", e);
-			
-		} catch (IOException e) {
-			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
-					+ entityID + " FAILED.", e);
-			
-		} catch (CertificateException e) {
-			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
-					+ entityID + " FAILED.", e);
+				Logger.debug("Can not refresh PVP2X metadata: NO PVP2X metadata certificate for OA with Id: " + entityId);
 			
-		} catch (ConfigurationException e) {
-			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
-					+ entityID + " FAILED.", e);
-			
-		} catch (EAAFConfigurationException e) {			
-			Logger.warn("Refresh PVP2X metadata for onlineApplication: " 
-					+ entityID + " FAILED.", e);
-		}
-		
-		return false;
-		
-	}
-	
-	private Map<String, HTTPMetadataProvider> getAllActuallyLoadedProviders() {
-		Map<String, HTTPMetadataProvider> loadedproviders = new HashMap<String, HTTPMetadataProvider>();
-		ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
-		
-		//make a Map of all actually loaded HTTPMetadataProvider
-		List<MetadataProvider> providers = chainProvider.getProviders();
-		for (MetadataProvider provider : providers) {
-			if (provider instanceof HTTPMetadataProvider) {
-				HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
-				loadedproviders.put(httpprovider.getMetadataURI(), httpprovider);
-
-			}
 		}
 		
-		return loadedproviders;		
-	}
-	
-	
-	private void addAndRemoveMetadataProvider() throws ConfigurationException, EAAFConfigurationException {
-		if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
-			Logger.info("Reload MOAMetaDataProvider.");
-			
-			/*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
-			 *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/ 
-			Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
-			ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
-			
-			//get all actually loaded metadata providers
-			Map<String, HTTPMetadataProvider> loadedproviders = getAllActuallyLoadedProviders();
+		Logger.debug("Can not process PVP2X metadata: NO onlineApplication with Id: " + entityId);
+		return null;			
 						
-			/* TODO: maybe add metadata provider destroy after timeout.
-			 *       But could be a problem if one Metadataprovider load an EntitiesDescriptor 
-			 *       with more the multiple EntityDescriptors. If one of this EntityDesciptors 
-			 *       are expired the full EntitiesDescriptor is removed. 
-			 *       
-			 *       Timeout requires a better solution in this case! 
-			 */
-//			Date now = new Date();
-//			Date expioredate = new Date(now.getTime() - (METADATA_GARBAGE_TIMEOUT_SEC * 1000));
-//			Logger.debug("Starting PVP Metadata garbag collection (Expioredate:" 
-//					+ expioredate + ")");
-									
-			//load all PVP2 OAs form ConfigurationDatabase and 
-			//compare actually loaded Providers with configured PVP2 OAs
-			Map<String, String> allOAs = authConfig.getConfigurationWithWildCard(
-					MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES 
-					+ ".%." 
-					+ MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
-			
-			if (allOAs != null) {
-				Iterator<Entry<String, String>> oaInterator = allOAs.entrySet().iterator();
-				while (oaInterator.hasNext()) {
-					Entry<String, String> oaKeyPair = oaInterator.next();
-					
-					ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
-					if (oaParam != null) {
-						String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
-						
-						HTTPMetadataProvider httpProvider = null;				
-						try {
-							if (MiscUtil.isNotEmpty(metadataurl)) {						
-								if (loadedproviders.containsKey(metadataurl)) {									
-									//	PVP2 OA is actually loaded, to nothing
-									providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
-									loadedproviders.remove(metadataurl);
-							
-							
-									//INFO: load metadata dynamically if they are requested 
-//								} else if ( MiscUtil.isNotEmpty(metadataurl) &&
-//										!providersinuse.containsKey(metadataurl) ) {
-//									//PVP2 OA is new, add it to MOAMetadataProvider
-//									String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
-//									if (MiscUtil.isNotEmpty(certBase64)) {
-//										byte[] cert = Base64Utils.decode(certBase64, false);
-//										String oaFriendlyName = oaParam.getFriendlyName();
-//									
-//									
-//										Logger.info("Loading metadata for: " + oaFriendlyName);
-//										httpProvider = createNewHTTPMetaDataProvider(
-//												metadataurl, 												
-//												buildMetadataFilterChain(oaParam, metadataurl, cert),
-//												oaFriendlyName);
-//							
-//										if (httpProvider != null)
-//											providersinuse.put(metadataurl, httpProvider);
-//									}
-						
-								}
-							}
-						} catch (Throwable e) {
-							Logger.error(
-							"Failed to add Metadata (unhandled reason: "
-									+ e.getMessage(), e);
-					
-							if (httpProvider != null) {
-								Logger.debug("Destroy failed Metadata provider");
-								httpProvider.destroy();
-							}
-					
-						}	
-					}
-				}
-			}
-			
-			//remove all actually loaded MetadataProviders with are not in ConfigurationDB any more
-			Collection<HTTPMetadataProvider> notusedproviders = loadedproviders.values();
-			for (HTTPMetadataProvider provider : notusedproviders) {
-				String metadataurl = provider.getMetadataURI();
-				
-				try {
-					
-					provider.destroy();
-					
-					/*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
-					 *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
-					//chainProvider.removeMetadataProvider(provider);
-					
-					Logger.info("Remove not used MetadataProvider with MetadataURL " + metadataurl);
-					
-				} catch (Throwable e) {
-					Logger.error("HTTPMetadataProvider with URL " + metadataurl 
-							+ " can not be removed from the list of actually loaded Providers.", e);
-					
-				}
-				
-			}
-			
-			try {
-				chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values()));
-				
-				emitChangeEvent();
-								
-			} catch (MetadataProviderException e) {
-				Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy", e);
-				
-			}
-			
-			
-			
-		} else {
-			Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
-		}
-		
 	}
 	
-	
-	public void internalDestroy() {
-		if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
-			Logger.info("Destrorying PVP-Authentication MetaDataProvider.");
-			ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;				
-			
-			List<MetadataProvider> providers = chainProvider.getProviders();
-			for (MetadataProvider provider : providers) {
-				if (provider instanceof HTTPMetadataProvider) {
-					HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
-					Logger.debug("Destroy HTTPMetadataProvider +" + httpprovider.getMetadataURI());
-					httpprovider.destroy();
-					
-				} else {
-					Logger.warn("MetadataProvider can not be destroyed.");
-				}
-			}
-				
-			internalProvider = new ChainingMetadataProvider();
-			
-			if (timer != null)
-				timer.cancel();
-			
-		} else {
-			Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
-		}
-	}
-	
-	@Deprecated
-	/**
-	 * Load all PVP metadata from OA configuration
-	 * 
-	 * This method is deprecated because OA metadata should be loaded dynamically 
-	 * if the corresponding OA is requested.
-	 */
-	private void loadAllPVPMetadataFromKonfiguration() throws EAAFConfigurationException {
-		ChainingMetadataProvider chainProvider = new ChainingMetadataProvider();
-		Logger.info("Loading metadata");		
-		Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
-		Map<String, String> allOAs = authConfig.getConfigurationWithWildCard(
+	@Override
+	protected List<String> getAllMetadataURLsFromConfiguration() throws EAAFConfigurationException {
+		List<String> metadataURLs = new ArrayList<String>();
+		
+		Map<String, String> allOAs = moaAuthConfig.getConfigurationWithWildCard(
 				MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES 
 				+ ".%." 
 				+ MOAIDConfigurationConstants.SERVICE_UNIQUEIDENTIFIER);
@@ -430,71 +120,56 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 				ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaKeyPair.getValue());
 				if (oaParam != null) {
 					String metadataurl = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_URL);
-					String oaFriendlyName = oaParam.getUniqueIdentifier();
-					MetadataProvider httpProvider = null;
-			
-					try {
-						String certBase64 = oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
-						if (MiscUtil.isNotEmpty(certBase64) && MiscUtil.isNotEmpty(metadataurl)) {
-							byte[] cert = Base64Utils.decode(certBase64, false);
-							
-							
-							if (timer == null)
-								timer = new Timer(true);
-							
-							Logger.info("Loading metadata for: " + oaFriendlyName);					
-							if (!providersinuse.containsKey(metadataurl)) {					
-								httpProvider = createNewMoaMetadataProvider(
-										metadataurl, 
-										buildMetadataFilterChain(oaParam, metadataurl, cert),
-										oaFriendlyName,
-										timer,
-										new BasicParserPool());
+					if (MiscUtil.isNotEmpty(metadataurl))
+						metadataURLs.add(metadataurl);
+					else
+						Logger.trace("OA: " + oaParam.getUniqueIdentifier() + " has NO PVP2 metadata URL");
 					
-								if (httpProvider != null)
-									providersinuse.put(metadataurl, httpProvider);
-						
-							} else {
-								Logger.info(metadataurl + " are already added.");
-							}
-					
-						} else {
-							Logger.info(oaFriendlyName
-									+ " is not a PVP2 Application skipping");
-						}
-					} catch (Throwable e) {
-						Logger.error(
-								"Failed to add Metadata (unhandled reason: "
-										+ e.getMessage(), e);
-				
-						if (httpProvider != null && httpProvider instanceof BaseMetadataProvider) {
-							Logger.debug("Destroy failed Metadata provider");
-							((BaseMetadataProvider)httpProvider).destroy();
-							
-						}
-					}			
-				}
+				} else
+					Logger.warn("Something is suspect! OA is in Set of OAs, but no specific OA configuration is found.");
 			}
 			
-		} else 
-			Logger.info("No Online-Application configuration found. PVP 2.1 metadata provider initialization failed!");
-				
-		try {
-			chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values()));
+		} else
+			Logger.debug("No OA configuration found.");
+														
+		return metadataURLs;
+	}
 			
-		} catch (MetadataProviderException e) {
-			Logger.error(
-					"Failed to add Metadata (unhandled reason: "
-							+ e.getMessage(), e);
+	private HttpClient createHttpClient(String metadataURL) {					
+		MOAHttpClient httpClient = new MOAHttpClient();		
+		HttpClientParams httpClientParams = new HttpClientParams();
+		httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+		httpClient.setParams(httpClientParams);
+		
+		if (metadataURL.startsWith("https:")) {
+			try {
+				//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
+				MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+						PVPConstants.SSLSOCKETFACTORYNAME, 
+						moaAuthConfig.getTrustedCACertificates(),
+						null,
+						AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
+						moaAuthConfig.isTrustmanagerrevoationchecking(),
+						moaAuthConfig.getRevocationMethodOrder(),
+						moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+								AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
+				
+				httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+
+			} catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) {
+				Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
+				
+			}
 		}
 		
-		internalProvider = chainProvider;
+		return httpClient;
 				
 	}
-		
-	private PVPMetadataFilterChain buildMetadataFilterChain(ISPConfiguration oaParam, String metadataURL, byte[] certificate) throws CertificateException, ConfigurationException {
-		PVPMetadataFilterChain filterChain = new PVPMetadataFilterChain(metadataURL, certificate);
-		filterChain.getFilters().add(new SchemaValidationFilter());
+	
+	private MetadataFilterChain buildMetadataFilterChain(ISPConfiguration oaParam, String metadataURL, byte[] certificate) throws CertificateException{
+		MetadataFilterChain filterChain = new MetadataFilterChain();		
+		filterChain.getFilters().add(new SchemaValidationFilter(moaAuthConfig.isPVPSchemaValidationActive()));
+		filterChain.getFilters().add(new MetadataSignatureFilter(metadataURL, certificate));
 		filterChain.getFilters().add(
 				new PVPEntityCategoryFilter(authConfig.getBasicMOAIDConfigurationBoolean(
 						AuthConfiguration.PROP_KEY_PROTOCOL_PVP_METADATA_ENTITYCATEGORY_RESOLVER, 
@@ -511,116 +186,4 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 		return filterChain;		
 	}
 		
-	public boolean requireValidMetadata() {
-		return internalProvider.requireValidMetadata();
-	}
-
-	public void setRequireValidMetadata(boolean requireValidMetadata) {
-		internalProvider.setRequireValidMetadata(requireValidMetadata);
-	}
-
-	public MetadataFilter getMetadataFilter() {
-		return internalProvider.getMetadataFilter();
-	}
-
-	public void setMetadataFilter(MetadataFilter newFilter)
-			throws MetadataProviderException {
-		internalProvider.setMetadataFilter(newFilter);
-	}
-
-	public XMLObject getMetadata() throws MetadataProviderException {
-		return internalProvider.getMetadata();
-	}
-
-	public EntitiesDescriptor getEntitiesDescriptor(String entitiesID)
-			throws MetadataProviderException {
-		EntitiesDescriptor entitiesDesc = null;
-		try {
-			entitiesDesc = internalProvider.getEntitiesDescriptor(entitiesID);
-		
-			if (entitiesDesc == null) {
-				Logger.debug("Can not find PVP metadata for entityID: " + entitiesID 
-						+ " Start refreshing process ...");
-				if (refreshMetadataProvider(entitiesID))
-					return internalProvider.getEntitiesDescriptor(entitiesID);
-									
-			}			
-			
-		} catch (MetadataProviderException e) {
-			Logger.debug("Can not find PVP metadata for entityID: " + entitiesID 
-					+ " Start refreshing process ...");
-			if (refreshMetadataProvider(entitiesID))
-				return internalProvider.getEntitiesDescriptor(entitiesID);
-			
-		}	
-		
-		return entitiesDesc;
-	}
-
-	public EntityDescriptor getEntityDescriptor(String entityID)
-			throws MetadataProviderException {
-		EntityDescriptor entityDesc = null;
-		try {
-			entityDesc = internalProvider.getEntityDescriptor(entityID);
-			if (entityDesc == null) {
-				Logger.debug("Can not find PVP metadata for entityID: " + entityID 
-						+ " Start refreshing process ...");
-				if (refreshMetadataProvider(entityID))
-					return internalProvider.getEntityDescriptor(entityID);
-									
-			}
-			
-		} catch (MetadataProviderException e) {
-			Logger.debug("Can not find PVP metadata for entityID: " + entityID 
-					+ " Start refreshing process ...");
-			if (refreshMetadataProvider(entityID))
-				return internalProvider.getEntityDescriptor(entityID);
-			
-		}
-		
-//		if (entityDesc != null)
-//			lastAccess.put(entityID, new Date());
-		
-		return entityDesc;
-	}
-
-	public List<RoleDescriptor> getRole(String entityID, QName roleName)
-			throws MetadataProviderException {		
-		List<RoleDescriptor> result = internalProvider.getRole(entityID, roleName);
-		
-//		if (result != null)
-//			lastAccess.put(entityID, new Date());
-		
-		return result; 
-	}
-
-	public RoleDescriptor getRole(String entityID, QName roleName,
-			String supportedProtocol) throws MetadataProviderException {
-		RoleDescriptor result = internalProvider.getRole(entityID, roleName, supportedProtocol);
-		
-//		if (result != null)
-//			lastAccess.put(entityID, new Date());
-		
-		return result; 
-	}
-
-	/* (non-Javadoc)
-	 * @see org.opensaml.saml2.metadata.provider.ObservableMetadataProvider#getObservers()
-	 */
-	@Override
-	public List<Observer> getObservers() {
-		return ((ChainingMetadataProvider) internalProvider).getObservers();
-	}
-
-	protected void emitChangeEvent() {
-		if ((getObservers() == null) || (getObservers().size() == 0)) {
-			return;
-		}
-
-		List<Observer> tempObserverList = new ArrayList<Observer>(getObservers());
-		for (ObservableMetadataProvider.Observer observer : tempObserverList)
-			if (observer != null)
-				observer.onEvent(this);
-	}
-	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
deleted file mode 100644
index c87b7515f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
+++ /dev/null
@@ -1,257 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
-
-import java.io.File;
-import java.net.MalformedURLException;
-import java.util.Timer;
-
-import javax.net.ssl.SSLHandshakeException;
-
-import org.apache.commons.httpclient.MOAHttpClient;
-import org.apache.commons.httpclient.params.HttpClientParams;
-import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
-import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.xml.parse.ParserPool;
-import org.springframework.beans.factory.annotation.Autowired;
-
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
-import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
-
-/**
- * @author tlenz
- *
- */
-public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
-	
-	private static final String URI_PREFIX_HTTP = "http:";
-	private static final String URI_PREFIX_HTTPS = "https:";
-	private static final String URI_PREFIX_FILE = "file:";
-	
-	
-	@Autowired 
-	//protected IConfiguration authConfig;
-	protected AuthConfiguration authConfig;
-	
-	/**
-	 * Create a single SAML2 MOA specific metadata provider
-	 * 
-	 * @param metadataLocation where the metadata should be loaded, but never null. If the location starts with http(s):, than a http
-	 *  based metadata provider is used. If the location starts with file:, than a filesystem based metadata provider is used
-	 * @param filter Filters, which should be used to validate the metadata
-	 * @param IdForLogging Id, which is used for Logging
-	 * @param timer {@link Timer} which is used to schedule metadata refresh operations
-	 * 
-	 * @return SAML2 Metadata Provider, or null if the metadata provider can not initialized
-	 */
-	protected MetadataProvider createNewMoaMetadataProvider(String metadataLocation, MetadataFilter filter, 
-			String IdForLogging, Timer timer, ParserPool pool) {
-		if (metadataLocation.startsWith(URI_PREFIX_HTTP) || metadataLocation.startsWith(URI_PREFIX_HTTPS)) 
-			return createNewHTTPMetaDataProvider(metadataLocation, filter, IdForLogging, timer, pool);
-		
-		else {
-			String absoluteMetadataLocation;
-			try {
-				absoluteMetadataLocation = FileUtils.makeAbsoluteURL(
-						metadataLocation,
-						authConfig.getConfigurationRootDirectory().toURL().toString());
-				
-				if (absoluteMetadataLocation.startsWith(URI_PREFIX_FILE)) {
-					File metadataFile = new File(absoluteMetadataLocation);
-					if (metadataFile.exists())
-						return createNewFileSystemMetaDataProvider(metadataFile, filter, IdForLogging, timer, pool);
-					
-					else {
-						Logger.warn("SAML2 metadata file: " + absoluteMetadataLocation + " not found or not exist");
-						return null;
-					}
-					
-				}	
-				
-				
-			} catch (MalformedURLException e) {
-				Logger.warn("SAML2 metadata URL is invalid: " + metadataLocation, e);
-				
-			}
-							
-		}
-		
-		Logger.warn("SAML2 metadata has an unsupported metadata location prefix: " + metadataLocation);		
-		return null;
-		
-	}
-	
-	
-	/**
-	 * Create a single SAML2 filesystem based metadata provider
-	 * 
-	 * @param metadataFile File, where the metadata should be loaded
-	 * @param filter Filters, which should be used to validate the metadata
-	 * @param IdForLogging Id, which is used for Logging
-	 * @param timer {@link Timer} which is used to schedule metadata refresh operations
-	 * @param pool 
-	 * 
-	 * @return SAML2 Metadata Provider
-	 */	
-	private MetadataProvider createNewFileSystemMetaDataProvider(File metadataFile, MetadataFilter filter, String IdForLogging, Timer timer, ParserPool pool) {
-		FilesystemMetadataProvider fileSystemProvider = null;
-		try {
-			fileSystemProvider = new FilesystemMetadataProvider(timer, metadataFile);
-			fileSystemProvider.setParserPool(pool);
-			fileSystemProvider.setRequireValidMetadata(true);
-			fileSystemProvider.setMinRefreshDelay(1000*60*15); //15 minutes
-			fileSystemProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
-			//httpProvider.setRefreshDelayFactor(0.1F);
-			
-			fileSystemProvider.setMetadataFilter(filter);
-			fileSystemProvider.initialize();
-			
-			fileSystemProvider.setRequireValidMetadata(true);
-			
-			return fileSystemProvider;
-						
-		} catch (Exception e) {
-			Logger.warn(
-					"Failed to load Metadata file for "
-							+ IdForLogging + "[ "
-							+ "File: " + metadataFile.getAbsolutePath()
-							+ " Msg: " + e.getMessage() + " ]", e);
-			
-			
-			Logger.warn("Can not initialize SAML2 metadata provider from filesystem: " + metadataFile.getAbsolutePath()
-					+ " Reason: " + e.getMessage(), e);
-			
-			if (fileSystemProvider != null)
-				fileSystemProvider.destroy();
-			
-		}
-				
-		return null;
-				
-	}
-	
-	
-	
-	/**
-	 * Create a single SAML2 HTTP metadata provider
-	 * 
-	 * @param metadataURL URL, where the metadata should be loaded
-	 * @param filter Filters, which should be used to validate the metadata
-	 * @param IdForLogging Id, which is used for Logging
-	 * @param timer {@link Timer} which is used to schedule metadata refresh operations
-	 * @param pool 
-	 * 
-	 * @return SAML2 Metadata Provider
-	 */
-	private MetadataProvider createNewHTTPMetaDataProvider(String metadataURL, MetadataFilter filter, String IdForLogging, Timer timer, ParserPool pool) {
-		HTTPMetadataProvider httpProvider = null;
-		//Timer timer= null;
-		MOAHttpClient httpClient = null;
-		try {			
-			httpClient = new MOAHttpClient();
-			
-			HttpClientParams httpClientParams = new HttpClientParams();
-			httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
-			httpClient.setParams(httpClientParams);
-			
-			if (metadataURL.startsWith("https:")) {
-				try {
-					//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
-					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
-							PVPConstants.SSLSOCKETFACTORYNAME, 
-							authConfig.getTrustedCACertificates(),
-							null,
-							AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
-							authConfig.isTrustmanagerrevoationchecking(),
-							authConfig.getRevocationMethodOrder(),
-							authConfig.getBasicMOAIDConfigurationBoolean(
-									AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
-					
-					httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
-
-				} catch (MOAHttpProtocolSocketFactoryException e) {
-					Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
-					
-				}
-			}
-			
-//			timer = new Timer(true);
-			httpProvider = new HTTPMetadataProvider(timer, httpClient, 
-					metadataURL);
-			httpProvider.setParserPool(pool);
-			httpProvider.setRequireValidMetadata(true);
-			httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
-			httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
-			//httpProvider.setRefreshDelayFactor(0.1F);
-			
-			httpProvider.setMetadataFilter(filter);
-			httpProvider.initialize();
-			
-			httpProvider.setRequireValidMetadata(true);
-			
-			return httpProvider;
-						
-		} catch (Throwable e) {			
-			if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
-				Logger.warn("SSL-Server certificate for metadata " 
-						+ metadataURL + " not trusted.", e);
-				
-			} if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {				
-				Logger.warn("Signature verification for metadata" 
-						+ metadataURL + " FAILED.", e);
-			
-			} if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
-				Logger.warn("Schema validation for metadata " 
-						+ metadataURL + " FAILED.", e);								
-			}
-			
-			Logger.warn(
-					"Failed to load Metadata file for "
-							+ IdForLogging + "[ "
-							+ e.getMessage() + " ]", e);
-						
-			if (httpProvider != null) {
-				Logger.debug("Destroy failed Metadata provider");
-				httpProvider.destroy();
-			}
-			
-//			if (timer != null) {
-//				Logger.debug("Destroy Timer.");
-//				timer.cancel();
-//			}
-
-			
-		}
-		
-		return null;	
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
deleted file mode 100644
index dd94e0093..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/AbstractCredentialProvider.java
+++ /dev/null
@@ -1,218 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
-
-import java.security.KeyStore;
-import java.security.PrivateKey;
-import java.security.interfaces.ECPrivateKey;
-import java.security.interfaces.RSAPrivateKey;
-
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.x509.X509Credential;
-import org.opensaml.xml.signature.Signature;
-import org.opensaml.xml.signature.SignatureConstants;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.opemsaml.MOAKeyStoreX509CredentialAdapter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public abstract class AbstractCredentialProvider {
-	
-	private KeyStore keyStore = null;
-	
-	/**
-	 * Get a friendlyName for this keyStore implementation
-	 * This friendlyName is used for logging
-	 * 
-	 * @return keyStore friendlyName
-	 */
-	public abstract String getFriendlyName();
-	
-	/**
-	 * Get KeyStore
-	 * 
-	 * @return URL to the keyStore
-	 * @throws ConfigurationException 
-	 */
-	public abstract String getKeyStoreFilePath() throws ConfigurationException;
-	
-	/**
-	 * Get keyStore password
-	 * 
-	 * @return Password of the keyStore
-	 */
-	public abstract String getKeyStorePassword();
-	
-	/**
-	 * Get alias of key for metadata signing
-	 * 
-	 * @return key alias
-	 */
-	public abstract String getMetadataKeyAlias();
-	
-	/**
-	 * Get password of key for metadata signing
-	 * 
-	 * @return key password
-	 */
-	public abstract String getMetadataKeyPassword();
-	
-	/**
-	 * Get alias of key for request/response signing
-	 * 
-	 * @return key alias
-	 */
-	public abstract String getSignatureKeyAlias();
-	
-	/**
-	 * Get password of key for request/response signing
-	 * 
-	 * @return key password
-	 */
-	public abstract String getSignatureKeyPassword();
-	
-	/**
-	 * Get alias of key for IDP response encryption
-	 * 
-	 * @return key alias
-	 */
-	public abstract String getEncryptionKeyAlias();
-	
-	/**
-	 * Get password of key for IDP response encryption
-	 * 
-	 * @return key password
-	 */
-	public abstract String getEncryptionKeyPassword();
-	
-	
-	public X509Credential getIDPMetaDataSigningCredential()
-			throws CredentialsNotAvailableException {
-		try {
-			
-			if (keyStore == null)
-				keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), 
-						getKeyStorePassword());
-
-			MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter(
-					keyStore, getMetadataKeyAlias(), getMetadataKeyPassword().toCharArray());
-
-			credentials.setUsageType(UsageType.SIGNING);
-			if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
-				Logger.error(getFriendlyName() + " Metadata Signing credentials is not found or contains no PrivateKey.");
-				throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: "
-						+ getMetadataKeyAlias() + ") is not found or contains no PrivateKey."});
-				
-			}
-			return credentials;
-		} catch (Exception e) {
-			Logger.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials");
-			e.printStackTrace();
-			throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
-		}
-	}
-
-	public X509Credential getIDPAssertionSigningCredential()
-			throws CredentialsNotAvailableException {
-		try {
-			if (keyStore == null)
-				keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), 
-						getKeyStorePassword());
-
-			MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter(
-					keyStore, getSignatureKeyAlias(), getSignatureKeyPassword().toCharArray());
-			
-			credentials.setUsageType(UsageType.SIGNING);
-			if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
-				Logger.error(getFriendlyName() + " Assertion Signing credentials is not found or contains no PrivateKey.");
-				throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Signing credentials (Alias: "
-						+ getSignatureKeyAlias() + ") is not found or contains no PrivateKey."});
-				
-			}
-			
-			return (X509Credential) credentials;
-		} catch (Exception e) {
-			Logger.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials");
-			e.printStackTrace();
-			throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
-		}
-	}
-	
-	public X509Credential getIDPAssertionEncryptionCredential()
-			throws CredentialsNotAvailableException {
-		try {
-			if (keyStore == null)
-				keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), 
-						getKeyStorePassword());
-
-			//if no encryption key is configured return null
-			if (MiscUtil.isEmpty(getEncryptionKeyAlias()))
-				return null;
-			
-			MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter(
-					keyStore, getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray());
-			
-			credentials.setUsageType(UsageType.ENCRYPTION);
-			
-			if (credentials.getPrivateKey() == null && credentials.getSecretKey() == null) {
-				Logger.error(getFriendlyName() + " Assertion Encryption credentials is not found or contains no PrivateKey.");
-				throw new CredentialsNotAvailableException("config.27", new Object[]{getFriendlyName() + " Assertion Encryption credentials (Alias: "
-						+ getEncryptionKeyAlias() + ") is not found or contains no PrivateKey."});
-				
-			}
-			
-			return (X509Credential) credentials;
-			
-		} catch (Exception e) {
-			Logger.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials");
-			e.printStackTrace();
-			throw new CredentialsNotAvailableException("config.27", new Object[]{e.getMessage()}, e);
-		}
-	}
-	
-	public static Signature getIDPSignature(Credential credentials) {		
-		PrivateKey privatekey = credentials.getPrivateKey();		
-		Signature signer = SAML2Utils.createSAMLObject(Signature.class);
-		
-		if (privatekey instanceof RSAPrivateKey) {
-			signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
-			
-		} else if (privatekey instanceof ECPrivateKey) {
-			signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256);
-
-		} else {
-			Logger.warn("Could NOT evaluate the Private-Key type from " + credentials.getEntityId() + " credential.");
-			
-			
-		}
-
-		signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);		
-		signer.setSigningCredential(credentials);
-		return signer;
-		
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
deleted file mode 100644
index 85de666c9..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-public class CredentialsNotAvailableException extends MOAIDException {
-
-	public CredentialsNotAvailableException(String messageId,
-			Object[] parameters) {
-		super(messageId, parameters);
-	}
-
-	public CredentialsNotAvailableException(String messageId,
-			Object[] parameters, Throwable e) {
-		super(messageId, parameters, e);
-	}
-	
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -2564476345552842599L;
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
index ebaef348c..389d97b18 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/IDPCredentialProvider.java
@@ -25,14 +25,14 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
 import java.util.Properties;
 
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
-@Service("IDPCredentialProvider")
+//@Service("PVPIDPCredentialProvider")
 public class IDPCredentialProvider extends AbstractCredentialProvider {	
 	public static final String IDP_JAVAKEYSTORE = "idp.ks.file";
 	public static final String IDP_KS_PASS = "idp.ks.kspassword";
@@ -54,7 +54,7 @@ public class IDPCredentialProvider extends AbstractCredentialProvider {
 	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath()
 	 */
 	@Override
-	public String getKeyStoreFilePath() throws ConfigurationException {
+	public String getKeyStoreFilePath() throws EAAFException {
 		if (props == null)
 			props = authConfig.getGeneralPVP2ProperiesConfig();
 		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java
deleted file mode 100644
index ef64efb56..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
-
-public class SAMLSigner {
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
deleted file mode 100644
index 9d585bc86..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ /dev/null
@@ -1,292 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeStatement;
-import org.opensaml.saml2.core.AuthnContextClassRef;
-import org.opensaml.saml2.core.AuthnStatement;
-import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.core.Subject;
-import org.opensaml.xml.XMLObject;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class AssertionAttributeExtractor {
-	
-	private Assertion assertion = null;
-	private Map<String, List<String>> attributs = new HashMap<String, List<String>>();
-	//private PersonalAttributeList storkAttributes = new PersonalAttributeList();
-		
-	private final List<String> minimalMDSAttributeNamesList = Arrays.asList(
-			PVPConstants.PRINCIPAL_NAME_NAME, 
-			PVPConstants.GIVEN_NAME_NAME,
-			PVPConstants.BIRTHDATE_NAME,
-			PVPConstants.BPK_NAME);
-
-	private final List<String> minimalIDLAttributeNamesList = Arrays.asList(
-			PVPConstants.EID_IDENTITY_LINK_NAME,			
-			PVPConstants.EID_SOURCE_PIN_NAME,
-			PVPConstants.EID_SOURCE_PIN_TYPE_NAME);
-	
-	/**
-	 * Parse the SAML2 Response element and extracts included information
-	 * <br><br>
-	 * <b>INFO:</b> Actually, only the first SAML2 Assertion of the SAML2 Response is used!
-	 * 
-	 * @param samlResponse SAML2 Response
-	 * @throws AssertionAttributeExtractorExeption
-	 */
-	public AssertionAttributeExtractor(StatusResponseType samlResponse) throws AssertionAttributeExtractorExeption {
-		if (samlResponse != null && samlResponse instanceof Response) {
-			List<Assertion> assertions = ((Response) samlResponse).getAssertions();			
-			if (assertions.size() == 0) 
-				throw new AssertionAttributeExtractorExeption("Assertion");
-				
-			else if (assertions.size() > 1)
-				Logger.warn("Found more then ONE PVP2.1 assertions. Only the First is used.");
-			
-			assertion = assertions.get(0);
-
-			if (assertion.getAttributeStatements() != null &&
-					assertion.getAttributeStatements().size() > 0) {
-				AttributeStatement attrStat = assertion.getAttributeStatements().get(0);
-				for (Attribute attr : attrStat.getAttributes()) {
-					if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) {							
-						List<String> storkAttrValues = new ArrayList<String>();
-						for (XMLObject el : attr.getAttributeValues())
-							storkAttrValues.add(el.getDOM().getTextContent());
-						
-//						PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(), 
-//								false, storkAttrValues , "Available");
-//						storkAttributes.put(attr.getName(), storkAttr );
-						
-					} else {
-						List<String> attrList = new ArrayList<String>();
-						for (XMLObject el : attr.getAttributeValues())
-							attrList.add(el.getDOM().getTextContent());
-
-						attributs.put(attr.getName(), attrList);
-												
-					}
-			}
-				
-			}
-						
-		} else 
-			throw new AssertionAttributeExtractorExeption();		
-	}
-
-	/**
-	 * Get all SAML2 attributes from first SAML2 AttributeStatement element
-	 * 
-	 * @return List of SAML2 Attributes
-	 */
-	public List<Attribute> getAllResponseAttributesFromFirstAttributeStatement() {
-		return assertion.getAttributeStatements().get(0).getAttributes();
-		
-	}
-	
-	/**
-	 * Get all SAML2 attributes of specific SAML2 AttributeStatement element
-	 * 
-	 * @param attrStatementID List ID of the AttributeStatement element
-	 * @return List of SAML2 Attributes
-	 */
-	public List<Attribute> getAllResponseAttributes(int attrStatementID) {
-		return assertion.getAttributeStatements().get(attrStatementID).getAttributes();
-		
-	}
-	
-	/**
-	 * check attributes from assertion with minimal required attribute list
-	 * @return
-	 */
-	public boolean containsAllRequiredAttributes() {
-		return containsAllRequiredAttributes(minimalMDSAttributeNamesList) 
-				|| containsAllRequiredAttributes(minimalIDLAttributeNamesList);
-		
-	}
-	
-	/**
-	 * check attributes from assertion with attributeNameList
-	 * bPK or enc_bPK are always needed
-	 * 
-	 * @param List of attributes which are required
-	 * 
-	 * @return
-	 */
-	public boolean containsAllRequiredAttributes(Collection<String> attributeNameList) {		
-		
-		//first check if a bPK or an encrypted bPK is available
-		boolean flag = true;
-		for (String attr : attributeNameList) {
-			if (!attributs.containsKey(attr)) {
-				flag = false;					
-				Logger.debug("Assertion contains no Attribute " + attr);
-									
-			}
-					
-		}
-		
-		if (flag)
-			return flag;
-		
-		else {			
-			Logger.debug("Assertion contains no all minimum attributes from: " + attributeNameList.toString());
-			return false;
-			
-		}		
-	}
-	
-	public boolean containsAttribute(String attributeName) {
-		return attributs.containsKey(attributeName);
-		
-	}
-	
-	public String getSingleAttributeValue(String attributeName) {
-		if (attributs.containsKey(attributeName) && attributs.get(attributeName).size() > 0)
-			return attributs.get(attributeName).get(0);
-		else
-			return null;
-		
-	}
-	
-	public List<String> getAttributeValues(String attributeName) {
-		return attributs.get(attributeName);
-		
-	}
-	
-	/**
-	 * Return all include PVP attribute names
-	 * 
-	 * @return
-	 */
-	public Set<String> getAllIncludeAttributeNames() {
-		return attributs.keySet();
-		
-	}
-	
-//	public PersonalAttributeList getSTORKAttributes() {
-//		return storkAttributes;
-//	}
-	
-	
-	public String getNameID() throws AssertionAttributeExtractorExeption {		
-		if (assertion.getSubject() != null) {
-			Subject subject = assertion.getSubject();
-			
-			if (subject.getNameID() != null) {
-				if (MiscUtil.isNotEmpty(subject.getNameID().getValue()))					
-					return subject.getNameID().getValue();			
-				
-				else
-					Logger.error("SAML2 NameID Element is empty.");
-			}
-		}
-			
-		throw new AssertionAttributeExtractorExeption("nameID");
-	}
-	
-	public String getSessionIndex() throws AssertionAttributeExtractorExeption {		
-		AuthnStatement authn = getAuthnStatement();
-		
-		if (MiscUtil.isNotEmpty(authn.getSessionIndex()))
-			return authn.getSessionIndex();
-		
-		else
-			throw new AssertionAttributeExtractorExeption("SessionIndex");		
-	}
-
-	/**
-	 * @return
-	 * @throws AssertionAttributeExtractorExeption 
-	 */
-	public String getQAALevel() throws AssertionAttributeExtractorExeption {
-		AuthnStatement authn = getAuthnStatement();
-		if (authn.getAuthnContext() != null && authn.getAuthnContext().getAuthnContextClassRef() != null) {
-			AuthnContextClassRef qaaClass = authn.getAuthnContext().getAuthnContextClassRef();
-			
-			if (MiscUtil.isNotEmpty(qaaClass.getAuthnContextClassRef()))
-				return qaaClass.getAuthnContextClassRef();
-			
-			else
-				throw new AssertionAttributeExtractorExeption("AuthnContextClassRef (QAALevel)");			
-		}
-		
-		throw new AssertionAttributeExtractorExeption("AuthnContextClassRef");		
-	}
-	
-	public Assertion getFullAssertion() {
-		return assertion;
-	}
-	
-	
-	/**
-	 * Get the Assertion validTo period
-	 * 
-	 * Primarily, the 'SessionNotOnOrAfter' attribute in the SAML2 'AuthnStatment' element is used.
-	 * If this is empty, this method returns value of  SAML 'Conditions' element. 
-	 * 
-	 * @return Date, until this SAML2 assertion is valid
-	 */
-	public Date getAssertionNotOnOrAfter() {
-		if (getFullAssertion().getAuthnStatements() != null 
-				&& getFullAssertion().getAuthnStatements().size() > 0) {
-			for (AuthnStatement el : getFullAssertion().getAuthnStatements()) {
-				if (el.getSessionNotOnOrAfter() != null)
-					return (el.getSessionNotOnOrAfter().toDate());
-			}
-			
-		} 
-		
-		return getFullAssertion().getConditions().getNotOnOrAfter().toDate();
-					
-	}
-	
-	private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption {
-		List<AuthnStatement> authnList = assertion.getAuthnStatements();
-		if (authnList.size() == 0)
-			throw new AssertionAttributeExtractorExeption("AuthnStatement");
-		
-		else if (authnList.size() > 1)
-			Logger.warn("Found more then ONE AuthnStatements in PVP2.1 assertions. Only the First is used.");
-		
-		return authnList.get(0);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
index e02ecb662..d7ada1f36 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
@@ -35,6 +35,7 @@ import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.parse.BasicParserPool;
 import org.opensaml.xml.security.SecurityException;
 
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
deleted file mode 100644
index 29dd70545..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
+++ /dev/null
@@ -1,145 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
-
-import java.io.IOException;
-import java.security.NoSuchAlgorithmException;
-import java.util.List;
-
-import javax.xml.namespace.QName;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.TransformerException;
-
-import org.opensaml.Configuration;
-import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
-import org.opensaml.saml2.core.Status;
-import org.opensaml.saml2.core.StatusCode;
-import org.opensaml.saml2.metadata.AssertionConsumerService;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.ws.soap.soap11.Body;
-import org.opensaml.ws.soap.soap11.Envelope;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.XMLObjectBuilderFactory;
-import org.opensaml.xml.io.Marshaller;
-import org.opensaml.xml.io.MarshallingException;
-import org.w3c.dom.Document;
-
-import at.gv.egiz.eaaf.core.impl.utils.Random;
-
-public class SAML2Utils {
-
-	public static <T> T createSAMLObject(final Class<T> clazz) {
-		try {
-			XMLObjectBuilderFactory builderFactory = Configuration
-					.getBuilderFactory();
-
-			QName defaultElementName = (QName) clazz.getDeclaredField(
-					"DEFAULT_ELEMENT_NAME").get(null);
-			@SuppressWarnings("unchecked")
-			T object = (T) builderFactory.getBuilder(defaultElementName)
-					.buildObject(defaultElementName);
-			return object;
-		} catch (Throwable e) {
-			e.printStackTrace();
-			return null;
-		}
-	}
-
-	public static String getSecureIdentifier() {
-		return "_".concat(Random.nextHexRandom16());
-		
-		/*Bug-Fix: There are open problems with RandomNumberGenerator via Java SPI and Java JDK 8.121 
-		*          Generation of a 16bit Random identifier FAILES with an  Caused by: java.lang.ArrayIndexOutOfBoundsException
-		*          Caused by: java.lang.ArrayIndexOutOfBoundsException
-							  at iaik.security.random.o.engineNextBytes(Unknown Source)
-							  at iaik.security.random.SecRandomSpi.engineNextBytes(Unknown Source)
-						      at java.security.SecureRandom.nextBytes(SecureRandom.java:468)
-						      at org.opensaml.common.impl.SecureRandomIdentifierGenerator.generateIdentifier(SecureRandomIdentifierGenerator.java:62)
-						      at org.opensaml.common.impl.SecureRandomIdentifierGenerator.generateIdentifier(SecureRandomIdentifierGenerator.java:56)
-						      at at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils.getSecureIdentifier(SAML2Utils.java:69)        
-		*/		
-		//return idGenerator.generateIdentifier();
-	}
-	
-	private static SecureRandomIdentifierGenerator idGenerator;
-	
-	private static DocumentBuilder builder;
-	static {
-		DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-		factory.setNamespaceAware(true);
-		try {
-			builder = factory.newDocumentBuilder();
-		} catch (ParserConfigurationException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-		}
-		try {
-			idGenerator = new SecureRandomIdentifierGenerator();
-		} catch(NoSuchAlgorithmException e) {
-			e.printStackTrace();
-		}
-	}
-
-	public static Document asDOMDocument(XMLObject object) throws IOException,
-			MarshallingException, TransformerException {
-		Document document = builder.newDocument();
-		Marshaller out = Configuration.getMarshallerFactory().getMarshaller(
-				object);
-		out.marshall(object, document);
-		return document;
-	}
-
-	public static Status getSuccessStatus() {
-		Status status = SAML2Utils.createSAMLObject(Status.class);
-		StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
-		statusCode.setValue(StatusCode.SUCCESS_URI);
-		status.setStatusCode(statusCode);
-		return status;
-	}
-	
-	public static int getDefaultAssertionConsumerServiceIndex(SPSSODescriptor spSSODescriptor) {
-		
-		List<AssertionConsumerService> assertionConsumerList = spSSODescriptor.getAssertionConsumerServices();
-		
-		for (AssertionConsumerService el : assertionConsumerList) {
-			if (el.isDefault())
-				return el.getIndex();
-			
-		}
-		
-		return 0;
-	}
-	
-    public static Envelope buildSOAP11Envelope(XMLObject payload) {
-        XMLObjectBuilderFactory bf = Configuration.getBuilderFactory();
-        Envelope envelope = (Envelope) bf.getBuilder(Envelope.DEFAULT_ELEMENT_NAME).buildObject(Envelope.DEFAULT_ELEMENT_NAME);
-        Body body = (Body) bf.getBuilder(Body.DEFAULT_ELEMENT_NAME).buildObject(Body.DEFAULT_ELEMENT_NAME);
-         
-        body.getUnknownXMLObjects().add(payload);
-        envelope.setBody(body);
-         
-        return envelope;
-    }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java
deleted file mode 100644
index 86ca591ee..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AbstractRequestSignedSecurityPolicyRule.java
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import javax.xml.namespace.QName;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.Validator;
-
-import org.opensaml.common.SignableSAMLObject;
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.common.xml.SAMLSchemaBuilder;
-import org.opensaml.security.MetadataCriteria;
-import org.opensaml.security.SAMLSignatureProfileValidator;
-import org.opensaml.ws.message.MessageContext;
-import org.opensaml.ws.security.SecurityPolicyException;
-import org.opensaml.ws.security.SecurityPolicyRule;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.security.CriteriaSet;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.criteria.EntityIDCriteria;
-import org.opensaml.xml.security.criteria.UsageCriteria;
-import org.opensaml.xml.signature.SignatureTrustEngine;
-import org.opensaml.xml.validation.ValidationException;
-import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-public abstract class AbstractRequestSignedSecurityPolicyRule implements SecurityPolicyRule {
-
-	private SignatureTrustEngine trustEngine = null;
-	private QName peerEntityRole = null;
-	/**
-	 * @param peerEntityRole 
-	 * 
-	 */
-	public AbstractRequestSignedSecurityPolicyRule(SignatureTrustEngine trustEngine, QName peerEntityRole) {
-		this.trustEngine = trustEngine;
-		this.peerEntityRole = peerEntityRole;
-		
-	}
-	
-	
-	/**
-	 * Reload the PVP metadata for a given entity
-	 * 
-	 * @param entityID for which the metadata should be refreshed.
-	 * @return true if the refresh was successful, otherwise false
-	 */
-	protected abstract boolean refreshMetadataProvider(String entityID);
-	
-	
-	protected abstract SignableSAMLObject getSignedSAMLObject(XMLObject inboundData);
-	
-	/* (non-Javadoc)
-	 * @see org.opensaml.ws.security.SecurityPolicyRule#evaluate(org.opensaml.ws.message.MessageContext)
-	 */
-	@Override
-	public void evaluate(MessageContext context) throws SecurityPolicyException {
-		try {
-			verifySignature(context);
-			
-		} catch (SecurityPolicyException e) {
-			if (MiscUtil.isEmpty(context.getInboundMessageIssuer())) {
-				throw e;
-			
-			}			
-			Logger.debug("PVP2X message validation FAILED. Reload metadata for entityID: " + context.getInboundMessageIssuer());
-			if (!refreshMetadataProvider(context.getInboundMessageIssuer()))
-				throw e;
-			
-			else {
-				Logger.trace("PVP2X metadata reload finished. Check validate message again.");					
-				verifySignature(context);
-										
-			}
-			Logger.trace("Second PVP2X message validation finished");
-			
-		}
-
-		
-	}
-
-	private void verifySignature(MessageContext context) throws SecurityPolicyException {
-		SignableSAMLObject samlObj = getSignedSAMLObject(context.getInboundMessage());			
-		if (samlObj != null && samlObj.getSignature() != null) {
-						
-			SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
-			try {
-				profileValidator.validate(samlObj.getSignature());		    
-				performSchemaValidation(samlObj.getDOM());
-		    
-			} catch (ValidationException e) {
-				Logger.warn("Signature is not conform to SAML signature profile", e);
-				throw new SecurityPolicyException("Signature is not conform to SAML signature profile");
-		    
-			} catch (SchemaValidationException e) {
-				Logger.warn("Signature is not conform to SAML signature profile", e);
-				throw new SecurityPolicyException("Signature is not conform to SAML signature profile");
-			
-			}
-			
-			
-			
-			CriteriaSet criteriaSet = new CriteriaSet();
-			criteriaSet.add( new EntityIDCriteria(context.getInboundMessageIssuer()) );
-			criteriaSet.add( new MetadataCriteria(peerEntityRole, SAMLConstants.SAML20P_NS) );
-			criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
-						
-			try {
-				if (!trustEngine.validate(samlObj.getSignature(), criteriaSet)) {
-					throw new SecurityPolicyException("Signature validation FAILED.");
-					
-				}
-				Logger.debug("PVP message signature valid.");
-				
-			} catch (org.opensaml.xml.security.SecurityException e) {
-				Logger.info("PVP2x message signature validation FAILED. Message:" + e.getMessage());
-				throw new SecurityPolicyException("Signature validation FAILED.");
-				
-			}
-			
-		} else {
-			throw new SecurityPolicyException("PVP Message is not signed.");
-			
-		}
-				
-	}
-	
-	private void performSchemaValidation(Element source) throws SchemaValidationException {
-			
-		String err = null;
-		try {
-			Schema test = SAMLSchemaBuilder.getSAML11Schema();
-			Validator val = test.newValidator();		
-			val.validate(new DOMSource(source));
-			Logger.debug("Schema validation check done OK");
-			return;
-			
-		} catch (SAXException e) {
-			err = e.getMessage();
-			if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
-				Logger.warn("Schema validation FAILED with exception:", e);
-			else
-				Logger.warn("Schema validation FAILED with message: "+ e.getMessage());
-							
-		} catch (Exception e) {
-			err = e.getMessage();
-			if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
-				Logger.warn("Schema validation FAILED with exception:", e);
-			else
-				Logger.warn("Schema validation FAILED with message: "+ e.getMessage());
-						
-		}
-			
-		throw new SchemaValidationException("pvp2.22", new Object[]{err});
-			
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
deleted file mode 100644
index 7b7ba6883..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/AuthnRequestValidator.java
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.core.NameID;
-import org.opensaml.saml2.core.NameIDPolicy;
-
-import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
-import at.gv.egovernment.moaspss.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class AuthnRequestValidator {
-
-	public static void validate(AuthnRequest req) throws AuthnRequestValidatorException{
-
-		//validate NameIDPolicy
-		NameIDPolicy nameIDPolicy = req.getNameIDPolicy();
-		if (nameIDPolicy != null) {
-			String nameIDFormat = nameIDPolicy.getFormat();
-			if (nameIDFormat != null) {
-				if ( !(NameID.TRANSIENT.equals(nameIDFormat) ||
-						NameID.PERSISTENT.equals(nameIDFormat) ||
-						NameID.UNSPECIFIED.equals(nameIDFormat)) ) {
-				
-					throw new NameIDFormatNotSupportedException(nameIDFormat);
-					
-				}
-				
-			} else
-				Logger.trace("Find NameIDPolicy, but NameIDFormat is 'null'");							
-		} else
-			Logger.trace("AuthnRequest includes no 'NameIDPolicy'");
-			
-		
-		
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
index a9f9b206e..91de943d5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
@@ -28,7 +28,8 @@ import java.util.List;
 
 import org.opensaml.saml2.core.RequestAbstractType;
 
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.ISAMLValidator;
 
 public class ChainSAMLValidator implements ISAMLValidator {
 
@@ -39,7 +40,7 @@ private List<ISAMLValidator> validator = new ArrayList<ISAMLValidator>();
 	}
 	
 	public void validateRequest(RequestAbstractType request)
-			throws MOAIDException {
+			throws EAAFException {
 		Iterator<ISAMLValidator> validatorIterator = validator.iterator();
 		while(validatorIterator.hasNext()) {
 			ISAMLValidator validator = validatorIterator.next();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java
deleted file mode 100644
index 4f697d986..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java
+++ /dev/null
@@ -1,31 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import org.opensaml.saml2.core.RequestAbstractType;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-
-public interface ISAMLValidator {
-	public void validateRequest(RequestAbstractType request) throws MOAIDException;
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java
deleted file mode 100644
index 7b3f890e9..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOAPVPSignedRequestPolicyRule.java
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import javax.xml.namespace.QName;
-
-import org.opensaml.common.SignableSAMLObject;
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.signature.SignatureTrustEngine;
-
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class MOAPVPSignedRequestPolicyRule extends
-		AbstractRequestSignedSecurityPolicyRule {
-
-	private IMOARefreshableMetadataProvider metadataProvider = null;
-	
-	/**
-	 * @param metadataProvider 
-	 * @param trustEngine
-	 * @param peerEntityRole
-	 */
-	public MOAPVPSignedRequestPolicyRule(MetadataProvider metadataProvider, SignatureTrustEngine trustEngine,
-			QName peerEntityRole) {
-		super(trustEngine, peerEntityRole);
-		if (metadataProvider instanceof IMOARefreshableMetadataProvider)
-			this.metadataProvider = (IMOARefreshableMetadataProvider) metadataProvider;
-				
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#refreshMetadataProvider(java.lang.String)
-	 */
-	@Override
-	protected boolean refreshMetadataProvider(String entityID) {
-		if (metadataProvider != null)
-			return metadataProvider.refreshMetadataProvider(entityID);
-		
-		return false;
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.validation.AbstractRequestSignedSecurityPolicyRule#getSignedSAMLObject(org.opensaml.xml.XMLObject)
-	 */
-	@Override
-	protected SignableSAMLObject getSignedSAMLObject(XMLObject inboundData) {
-		if (inboundData instanceof SignableSAMLObject)
-			return (SignableSAMLObject) inboundData;
-		
-		else
-			return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOASAML2AuthRequestSignedRole.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOASAML2AuthRequestSignedRole.java
deleted file mode 100644
index efcf21b50..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/MOASAML2AuthRequestSignedRole.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
-
-import org.opensaml.common.binding.SAMLMessageContext;
-import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule;
-import org.opensaml.ws.transport.http.HTTPInTransport;
-import org.opensaml.xml.util.DatatypeHelper;
-
-/**
- * @author tlenz
- *
- */
-public class MOASAML2AuthRequestSignedRole extends SAML2AuthnRequestsSignedRule {
-
-	@Override
-    protected boolean isMessageSigned(SAMLMessageContext messageContext) {        
-        // This handles HTTP-Redirect and HTTP-POST-SimpleSign bindings.
-        HTTPInTransport inTransport = (HTTPInTransport) messageContext.getInboundMessageTransport();
-        String sigParam = inTransport.getParameterValue("Signature");
-        boolean isSigned = !DatatypeHelper.isEmpty(sigParam);
-        
-        String sigAlgParam = inTransport.getParameterValue("SigAlg");
-        boolean isSigAlgExists = !DatatypeHelper.isEmpty(sigAlgParam);
-        
-        return isSigned && isSigAlgExists;
-               
-    }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
index 952a6024a..9abaf9330 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
@@ -27,13 +27,14 @@ import org.opensaml.saml2.core.RequestAbstractType;
 import org.opensaml.security.SAMLSignatureProfileValidator;
 import org.opensaml.xml.validation.ValidationException;
 
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.ISAMLValidator;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.SAMLRequestNotSignedException;
 
 public class SAMLSignatureValidator implements ISAMLValidator {
 
 	public void validateRequest(RequestAbstractType request)
-			throws MOAIDException {
+			throws EAAFException {
 		if (request.getSignature() == null) {
 			throw new SAMLRequestNotSignedException();
 		}
@@ -48,7 +49,7 @@ public class SAMLSignatureValidator implements ISAMLValidator {
 	}
 
 	public static void validateSignable(SignableSAMLObject signableObject)
-			throws MOAIDException {
+			throws EAAFException {
 		if (signableObject.getSignature() == null) {
 			throw new SAMLRequestNotSignedException();
 		}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
index d89d04664..e8aa93d43 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
@@ -23,7 +23,7 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
 
 import java.io.IOException;
-import java.util.List;
+import java.security.cert.CertificateException;
 
 import org.opensaml.saml2.metadata.EntitiesDescriptor;
 import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -36,79 +36,34 @@ import org.opensaml.xml.validation.ValidationException;
 
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.SAMLRequestNotSignedException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.x509.X509Certificate;
 
 public class EntityVerifier {
 
-	public static byte[] fetchSavedCredential(String entityID) {
-//		List<OnlineApplication> oaList = ConfigurationDBRead
-//				.getAllActiveOnlineApplications();
-		try { 
-			ISPConfiguration oa = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);
-		
-			if (oa == null) {
-				Logger.debug("No OnlineApplication with EntityID: " + entityID);
-				return null;
-				
-			}
-			
-			String certBase64 = oa.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);
-			if (MiscUtil.isNotEmpty(certBase64)) {
-				return Base64Utils.decode(certBase64, false);
-			
-			}
-			
-		} catch (ConfigurationException | EAAFConfigurationException e) {
-			Logger.error("Access MOA-ID configuration FAILED.", e);
-			
-		} catch (IOException e) {
-			Logger.warn("Decoding PVP2X metadata certificate FAILED.", e);
-			
-		}
-		
-		return null;
-	}
-
 	public static void verify(EntityDescriptor entityDescriptor)
-			throws MOAIDException {
-		if (entityDescriptor.getSignature() == null) {
-			throw new SAMLRequestNotSignedException();
-		}
-
-		try {
-			SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
-			sigValidator.validate(entityDescriptor.getSignature());
-		} catch (ValidationException e) {
-			Logger.error("Failed to validate Signature", e);
-			throw new SAMLRequestNotSignedException(e);
-		}
-
+			throws EAAFException {
+		
 		Credential credential = getSPTrustedCredential(entityDescriptor.getEntityID());
 		if (credential == null) {
 			throw new NoCredentialsException(entityDescriptor.getEntityID());
 		}
-
-		SignatureValidator sigValidator = new SignatureValidator(credential);
-		try {
-			sigValidator.validate(entityDescriptor.getSignature());
-		} catch (ValidationException e) {
-			Logger.error("Failed to verfiy Signature", e);
-			throw new SAMLRequestNotSignedException(e);
-		}
+		
+		verify(entityDescriptor, credential);
+	
 	}
 
 	public static void verify(EntityDescriptor entityDescriptor, Credential cred)
-			throws MOAIDException {
+			throws EAAFException {
 		if (entityDescriptor.getSignature() == null) {
 			throw new SAMLRequestNotSignedException();
 		}
@@ -131,7 +86,7 @@ public class EntityVerifier {
 	}
 
 	public static void verify(EntitiesDescriptor entityDescriptor,
-			Credential cred) throws MOAIDException {
+			Credential cred) throws EAAFException {
 		if (entityDescriptor.getSignature() == null) {
 			throw new SAMLRequestNotSignedException();
 		}
@@ -153,55 +108,11 @@ public class EntityVerifier {
 			throw new SAMLRequestNotSignedException(e);
 		}
 	}
-
-	public static void verify(EntitiesDescriptor entityDescriptor)
-			throws MOAIDException {
-		if (entityDescriptor.getSignature() == null) {
-			throw new SAMLRequestNotSignedException();
-		}
-
-		try {
-			SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
-			sigValidator.validate(entityDescriptor.getSignature());
-		} catch (ValidationException e) {
-			Logger.error("Failed to validate Signature", e);
-			throw new SAMLRequestNotSignedException(e);
-		}
-
-		List<EntityDescriptor> entities = entityDescriptor
-				.getEntityDescriptors();
-
-		if (entities.size() > 0) {
-
-			if (entities.size() > 1) {
-				Logger.warn("More then one EntityID in Metadatafile with Name "
-						+ entityDescriptor.getName()
-						+ " defined. Actually only the first"
-						+ " entryID is used to select the certificate to perform Metadata verification.");
-			}
-
-			Credential credential = getSPTrustedCredential(entities.get(0).getEntityID());
-
-			if (credential == null) {
-				throw new NoCredentialsException("moaID IDP");
-			}
-
-			SignatureValidator sigValidator = new SignatureValidator(credential);
-			try {
-				sigValidator.validate(entityDescriptor.getSignature());
-
-			} catch (ValidationException e) {
-				Logger.error("Failed to verfiy Signature", e);
-				throw new SAMLRequestNotSignedException(e);
-			}
-		}
-	}
-	
+		
 	public static Credential getSPTrustedCredential(String entityID)
 			throws CredentialsNotAvailableException {
 
-		iaik.x509.X509Certificate cert = PVPConfiguration.getInstance()
-				.getTrustEntityCertificate(entityID);
+		iaik.x509.X509Certificate cert = getTrustEntityCertificate(entityID);
 		
 		if (cert == null) {
 			throw new CredentialsNotAvailableException("ServiceProvider Certificate can not be loaded from Database", null);
@@ -214,5 +125,46 @@ public class EntityVerifier {
 
 		return credential;
 	}
+	
+	private static iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) {
+		
+		try {
+			Logger.trace("Load metadata signing certificate for online application " + entityID);
+			ISPConfiguration  oaParam = AuthConfigurationProviderFactory.getInstance().getServiceProviderConfiguration(entityID);		
+			if (oaParam == null) {
+				Logger.info("Online Application with ID " + entityID + " not found!");
+				return null;
+			}
+		
+			String pvp2MetadataCertificateString = 
+					oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE);		 
+			if (MiscUtil.isEmpty(pvp2MetadataCertificateString)) {
+				Logger.info("Online Application with ID " + entityID + " include not PVP2X metadata signing certificate!");
+				return null;
+				
+			}	
+			
+			X509Certificate cert = new X509Certificate(Base64Utils.decode(pvp2MetadataCertificateString, false));
+			Logger.debug("Metadata signing certificate is loaded for ("+entityID+") is loaded.");
+			return cert;
+			
+		} catch (CertificateException e) {
+			Logger.warn("Metadata signer certificate is not parsed.", e);
+			return null;
+			
+		} catch (ConfigurationException e) {
+			Logger.error("Configuration is not accessable.", e);
+			return null;
+			
+		} catch (IOException e) {
+			Logger.warn("Metadata signer certificate is not decodeable.", e);
+			return null;
+			
+		} catch (EAAFConfigurationException e) {
+			Logger.error("Configuration is not accessable.", e);
+			return null;
+			
+		}
+	}
 
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
deleted file mode 100644
index 50bc7fb68..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ /dev/null
@@ -1,197 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
-
-import javax.xml.namespace.QName;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.Validator;
-
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.common.xml.SAMLSchemaBuilder;
-import org.opensaml.saml2.core.RequestAbstractType;
-import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.security.MetadataCriteria;
-import org.opensaml.security.SAMLSignatureProfileValidator;
-import org.opensaml.xml.security.CriteriaSet;
-import org.opensaml.xml.security.credential.UsageType;
-import org.opensaml.xml.security.criteria.EntityIDCriteria;
-import org.opensaml.xml.security.criteria.UsageCriteria;
-import org.opensaml.xml.signature.SignatureTrustEngine;
-import org.opensaml.xml.validation.ValidationException;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
-
-import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-@Service("SAMLVerificationEngine")
-public class SAMLVerificationEngine {
-		
-	@Autowired(required=true) MOAMetadataProvider metadataProvider;
-	
-	public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
-		try {		
-			if (msg instanceof MOARequest &&  
-					((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType)
-				verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine);
-		
-			else
-				verifyIDPResponse(((MOAResponse)msg).getResponse(), sigTrustEngine);
-			
-		} catch (InvalidProtocolRequestException e) {
-			if (MiscUtil.isEmpty(msg.getEntityID())) {
-				throw e;
-			
-			}			
-			Logger.debug("PVP2X message validation FAILED. Relead metadata for entityID: " + msg.getEntityID());
-						
-			if (metadataProvider == null || !metadataProvider.refreshMetadataProvider(msg.getEntityID()))
-				throw e;
-			
-			else {
-				Logger.trace("PVP2X metadata reload finished. Check validate message again.");
-					
-				if (msg instanceof MOARequest && 
-						((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType)
-					verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine);
-				
-				else
-					verifyIDPResponse(((MOAResponse)msg).getResponse(), sigTrustEngine);
-										
-			}
-			Logger.trace("Second PVP2X message validation finished");
-		}		
-	}
-	
-	public void verifyIDPResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine) throws InvalidProtocolRequestException{
-		verifyResponse(samlObj, sigTrustEngine, IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-		
-	}
-	
-	public void verifySLOResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException {
-		verifyResponse(samlObj, sigTrustEngine, SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-		
-	}
-	
-	private void verifyResponse(StatusResponseType samlObj, SignatureTrustEngine sigTrustEngine, QName defaultElementName)  throws InvalidProtocolRequestException{
-		SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
-		try {
-		    profileValidator.validate(samlObj.getSignature());
-		    performSchemaValidation(samlObj.getDOM());
-		    
-		} catch (ValidationException e) {
-			 Logger.warn("Signature is not conform to SAML signature profile", e);
-			 throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature is not conform to SAML signature profile");
-		
-		} catch (SchemaValidationException e) {			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, "SAML response does not fit XML scheme");
-		
-		}
-
-		CriteriaSet criteriaSet = new CriteriaSet();
-		criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) );
-		criteriaSet.add( new MetadataCriteria(defaultElementName, SAMLConstants.SAML20P_NS) );
-		criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
-
-		try {
-		    if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
-		    	throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML response");
-		    }
-		} catch (org.opensaml.xml.security.SecurityException e) {
-		    Logger.warn("PVP2x message signature validation FAILED.", e);
-		    throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML response");
-		}
-	}
-	
-	public void verifyRequest(RequestAbstractType samlObj, SignatureTrustEngine sigTrustEngine ) throws InvalidProtocolRequestException {
-		SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
-		try {
-		    profileValidator.validate(samlObj.getSignature());		    
-		    performSchemaValidation(samlObj.getDOM());
-		    
-		} catch (ValidationException e) {
-		    Logger.warn("Signature is not conform to SAML signature profile", e);
-		    throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Scheme validation FAILED on SAML request");
-		    
-		} catch (SchemaValidationException e) {			
-			throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}, "Scheme verification FAILED on SAML request");
-			
-		}
-
-		CriteriaSet criteriaSet = new CriteriaSet();
-		criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) );
-		criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
-		criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
-
-		try {
-		    if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) {
-		        throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML request");
-		    }
-		} catch (org.opensaml.xml.security.SecurityException e) {
-			Logger.warn("PVP2x message signature validation FAILED.", e);
-			throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}, "Signature verification FAILED on SAML request");
-		}
-	}
-		
-	protected void performSchemaValidation(Element source) throws SchemaValidationException {
-		
-		String err = null;
-		try {
-			Schema test = SAMLSchemaBuilder.getSAML11Schema();
-			Validator val = test.newValidator();		
-			val.validate(new DOMSource(source));
-			Logger.debug("Schema validation check done OK");
-			return;
-		
-		} catch (SAXException e) {
-			err = e.getMessage();
-			if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
-				Logger.warn("Schema validation FAILED with exception:", e);
-			else
-				Logger.warn("Schema validation FAILED with message: "+ e.getMessage());
-						
-		} catch (Exception e) {
-			err = e.getMessage();
-			if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
-				Logger.warn("Schema validation FAILED with exception:", e);
-			else
-				Logger.warn("Schema validation FAILED with message: "+ e.getMessage());
-						
-		}
-		
-		throw new SchemaValidationException("pvp2.22", new Object[]{err});
-		
-	}
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
index 385fe90fb..d1d8c9368 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngineSP.java
@@ -47,11 +47,12 @@ import org.opensaml.xml.validation.ValidationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SAMLVerificationEngine;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
deleted file mode 100644
index 3ea124db6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
+++ /dev/null
@@ -1,87 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.opensaml.saml2.metadata.provider.MetadataProvider;
-import org.opensaml.security.MetadataCredentialResolver;
-import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
-import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
-import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
-import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
-import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;
-import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
-import org.opensaml.xml.signature.SignatureTrustEngine;
-import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
-//import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine;
-//import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver;
-
-public class TrustEngineFactory {
-
-//	public static SignatureTrustEngine getSignatureTrustEngine() {
-//		try {
-//			MetadataPKIXValidationInformationResolver mdResolver = new MetadataPKIXValidationInformationResolver(
-//					MOAMetadataProvider.getInstance());
-//
-//			List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
-//			keyInfoProvider.add(new DSAKeyValueProvider());
-//			keyInfoProvider.add(new RSAKeyValueProvider());
-//			keyInfoProvider.add(new InlineX509DataProvider());
-//
-//			KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
-//					keyInfoProvider);
-//
-//			PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine(
-//					mdResolver, keyInfoResolver);
-//
-//			return engine;
-//
-//		} catch (Exception e) {
-//			e.printStackTrace();
-//			return null;
-//		}
-//	}
-
-	public static SignatureTrustEngine getSignatureKnownKeysTrustEngine(MetadataProvider provider) {
-		MetadataCredentialResolver resolver;
-
-		resolver = new MetadataCredentialResolver(provider);
-
-		List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
-		keyInfoProvider.add(new DSAKeyValueProvider());
-		keyInfoProvider.add(new RSAKeyValueProvider());
-		keyInfoProvider.add(new InlineX509DataProvider());
-
-		KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
-				keyInfoProvider);
-
-		ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(
-				resolver, keyInfoResolver);
-
-		return engine;
-
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
index 589713c4b..57f1c2f9a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
@@ -23,23 +23,20 @@
 package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
 
 import java.security.cert.CertificateException;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
 
 import org.opensaml.saml2.metadata.EntitiesDescriptor;
 import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.security.credential.Credential;
 import org.opensaml.xml.security.x509.BasicX509Credential;
 
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.AbstractMetadataSignatureFilter;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
 import at.gv.egovernment.moa.logging.Logger;
 import iaik.x509.X509Certificate;
 
-public class MetadataSignatureFilter implements MetadataFilter {
+public class MetadataSignatureFilter extends AbstractMetadataSignatureFilter {
 	
 	private String metadataURL;
 	private BasicX509Credential savedCredential;
@@ -52,111 +49,52 @@ public class MetadataSignatureFilter implements MetadataFilter {
 		savedCredential.setEntityCertificate(cert);
 	}
 	
-	public void processEntityDescriptorr(EntityDescriptor desc) throws MOAIDException {
-		
-//		String entityID = desc.getEntityID();
-		
-		EntityVerifier.verify(desc);
-	}
-	
-	public void processEntitiesDescriptor(EntitiesDescriptor desc) throws MOAIDException {
-		Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator();
-		
-		if(desc.getSignature() != null) {
-			EntityVerifier.verify(desc, this.savedCredential);
+	@Override
+	protected void verify(EntityDescriptor desc) throws PVP2MetadataException {
+		try {
+			EntityVerifier.verify(desc);
+			
+		} catch (EAAFException e) {
+			Logger.info("PVP2 metadata verification FAILED for entity: " + desc.getEntityID()
+					+ " Reason: " + e.getMessage());
+			throw new PVP2MetadataException("PVP2 metadata verification FAILED for entity: " + desc.getEntityID(), null, e);
 		}
 		
-		while(entID.hasNext()) {
-			processEntitiesDescriptor(entID.next());
-		}
-				
-		Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator();
+	}
 
-		List<EntityDescriptor> verifiedEntIT = new ArrayList<EntityDescriptor>();
-		
-		//check every Entity
-		
-		while(entIT.hasNext()) {
-			
-			EntityDescriptor entity = entIT.next();
-			
-			String entityID = entity.getEntityID();
-			
-			//CHECK if Entity also match MetaData signature.
-			/*This check is necessary to prepend declaration of counterfeit OA metadata!!*/
-			Logger.debug("Validate metadata for entityID: " + entityID + " ..... ");
-			byte[] entityCert = EntityVerifier.fetchSavedCredential(entityID);
-						
-			if (entityCert != null) {
+	@Override
+	protected void verify(EntitiesDescriptor desc) throws PVP2MetadataException {
+		try {
+			EntityVerifier.verify(desc, this.savedCredential);
 			
-				X509Certificate cert;
-				try {
-					cert = new X509Certificate(entityCert);
-					BasicX509Credential entityCrendential = new BasicX509Credential();
-					entityCrendential.setEntityCertificate(cert);
-	
-					EntityVerifier.verify(desc, entityCrendential);
-					
-					//add entity to verified entity-list					
-					verifiedEntIT.add(entity);
-					Logger.debug("Metadata for entityID: " + entityID + " valid");
-					
-					
-				} catch (Exception e) {
-
-					//remove entity of signature can not be verified.
-					Logger.info("Entity " + entityID + " is removed from metadata " 
-							+ desc.getName() + ". Entity verification error: " + e.getMessage());
-//					throw new MOAIDException("The App", null, e);
-				}
-				
-			} else {
-				//remove entity if it is not registrated as OA
-				Logger.info("Entity " + entityID + " is removed from metadata " 
-						+ desc.getName() + ". Entity is not registrated or no certificate is found!");				
-//				throw new NoCredentialsException("NO Certificate found for OA " + entityID);
-			}
+		} catch (EAAFException e) {
+			Logger.info("PVP2 metadata verification FAILED for metadata from URL: " + metadataURL
+				+ " Reason: " + e.getMessage());
+			throw new PVP2MetadataException("PVP2 metadata verification FAILED for metadata from URL: " + metadataURL, null, e);
 			
-			//TODO: insert to support signed Entity-Elements
-			//processEntityDescriptorr(entIT.next());
-		}		
+		}
 		
-		//set only verified entity elements
-		desc.getEntityDescriptors().clear();
-		desc.getEntityDescriptors().addAll(verifiedEntIT);
 	}
-	
-	public void doFilter(XMLObject metadata) throws SignatureValidationException {
+
+	@Override
+	protected void verify(EntityDescriptor entity, EntitiesDescriptor entities) throws PVP2MetadataException {		
 		try {
-			if (metadata instanceof EntitiesDescriptor) {
-				EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
-				if(entitiesDescriptor.getSignature() == null) {
-					throw new MOAIDException("Root element of metadata file has to be signed", null);
-				}
-				processEntitiesDescriptor(entitiesDescriptor);
-				
-				
-				if (entitiesDescriptor.getEntityDescriptors().size() == 0) {
-					throw new MOAIDException("No valid entity in metadata "
-							+ entitiesDescriptor.getName() + ". Metadata is not loaded.", null);
-				}
-				
-				
-			} else if (metadata instanceof EntityDescriptor) {
-				EntityDescriptor entityDescriptor = (EntityDescriptor) metadata;
-				processEntityDescriptorr(entityDescriptor);
+			if (entity.isSigned()) {
+				Logger.debug("EntityDescriptor: " + entity.getEntityID() + " is signed. Starting signature verification ... ");
+				EntityVerifier.verify(entity);
 				
 			} else {
-				throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
+				Logger.debug("EntityDescriptor: " + entity.getEntityID() + " is not signed. Verify EntitiesDescriptor by using 'Entity' certificate ...  ");
+				Credential entityCredential = EntityVerifier.getSPTrustedCredential(entity.getEntityID());
+				EntityVerifier.verify(entities, entityCredential);
+				
 			}
 			
+		} catch (EAAFException e) {
+			Logger.info("PVP2 metadata verification FAILED for metadata from URL: " + metadataURL
+				+ " Reason: " + e.getMessage());
+			throw new PVP2MetadataException("PVP2 metadata verification FAILED for metadata from URL: " + metadataURL, null, e);
 			
-			
-			Logger.info("Metadata signature policy check done OK");
-		} catch (MOAIDException e) {
-			Logger.warn("Metadata signature policy check FAILED.", e);
-			throw new SignatureValidationException(e);
 		}
 	}
-
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
deleted file mode 100644
index caabfea30..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPEntityCategoryFilter.java
+++ /dev/null
@@ -1,230 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.opensaml.common.xml.SAMLConstants;
-import org.opensaml.saml2.common.Extensions;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.metadata.AttributeConsumingService;
-import org.opensaml.saml2.metadata.EntitiesDescriptor;
-import org.opensaml.saml2.metadata.EntityDescriptor;
-import org.opensaml.saml2.metadata.LocalizedString;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.saml2.metadata.ServiceName;
-import org.opensaml.saml2.metadata.provider.FilterException;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.samlext.saml2mdattr.EntityAttributes;
-import org.opensaml.xml.XMLObject;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.Trible;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moaspss.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class PVPEntityCategoryFilter implements MetadataFilter {
-
-
-	private boolean isUsed = false;
-	
-	/**
-	 * Filter to map PVP EntityCategories into a set of single PVP attributes 
-	 * 
-	 * @param isUsed if true PVP EntityCategories are mapped, otherwise they are ignored
-	 * 
-	 */
-	public PVPEntityCategoryFilter(boolean isUsed) {
-		this.isUsed = isUsed;
-	}
-	
-	
-	/* (non-Javadoc)
-	 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
-	 */
-	@Override
-	public void doFilter(XMLObject metadata) throws FilterException {
-		
-		if (isUsed) {
-			Logger.trace("Map PVP EntityCategory to single PVP Attributes ... ");
-			String entityId = null;
-			try {
-				if (metadata instanceof EntitiesDescriptor) {
-					Logger.trace("Find EnitiesDescriptor ... ");
-					EntitiesDescriptor entitiesDesc = (EntitiesDescriptor) metadata;
-					if (entitiesDesc.getEntityDescriptors() != null) {
-						for (EntityDescriptor el : entitiesDesc.getEntityDescriptors()) 
-							resolveEntityCategoriesToAttributes(el);
-						
-					}
-									
-				} else if (metadata instanceof EntityDescriptor) {
-					Logger.trace("Find EntityDescriptor");
-					resolveEntityCategoriesToAttributes((EntityDescriptor)metadata);
-					
-					
-				} else
-					throw new MOAIDException("Invalid Metadata file Root element is no Entities- or EntityDescriptor", null);
-				
-				
-				
-			} catch (Exception e) {
-				Logger.warn("SAML2 Metadata processing FAILED: Can not resolve EntityCategories for metadata: " + entityId, e);
-				
-			}
-			
-		} else
-			Logger.trace("Filter to map PVP EntityCategory to single PVP Attributes is deactivated");
-		
-	}
-
-	private void resolveEntityCategoriesToAttributes(EntityDescriptor metadata) {
-		Logger.debug("Resolving EntityCategorie for Entity: " + metadata.getEntityID() + " ...");
-		Extensions extensions = metadata.getExtensions();
-		if (extensions != null) {
-			List<XMLObject> listOfExt = extensions.getUnknownXMLObjects();
-			if (listOfExt != null && !listOfExt.isEmpty()) {
-				Logger.trace("Find #" + listOfExt.size() + " 'Extension' elements ");
-				for (XMLObject el : listOfExt) {
-					Logger.trace("Find ExtensionElement: " + el.getElementQName().toString());
-					if (el instanceof EntityAttributes) {
-						EntityAttributes entityAttrElem = (EntityAttributes)el;
-						if (entityAttrElem.getAttributes() != null) {
-							Logger.trace("Find EntityAttributes. Start attribute processing ...");
-							for (Attribute entityAttr : entityAttrElem.getAttributes()) {
-								if (entityAttr.getName().equals(PVPConstants.ENTITY_CATEGORY_ATTRIBITE)) {
-									if (!entityAttr.getAttributeValues().isEmpty()) {
-										String entityAttrValue = entityAttr.getAttributeValues().get(0).getDOM().getTextContent();
-										if (PVPConstants.EGOVTOKEN.equals(entityAttrValue)) {
-											Logger.debug("Find 'EGOVTOKEN' EntityAttribute. Adding single pvp attributes ... ");
-											addAttributesToEntityDescriptor(metadata, 
-													buildAttributeList(PVPConstants.EGOVTOKEN_PVP_ATTRIBUTES), 
-													entityAttrValue);
-											
-																													
-										} else if (PVPConstants.CITIZENTOKEN.equals(entityAttrValue)) {
-											Logger.debug("Find 'CITIZENTOKEN' EntityAttribute. Adding single pvp attributes ... ");
-											addAttributesToEntityDescriptor(metadata, 
-													buildAttributeList(PVPConstants.CITIZENTOKEN_PVP_ATTRIBUTES), 
-													entityAttrValue);
-											
-										} else
-											Logger.info("EntityAttributeValue: " + entityAttrValue + " is UNKNOWN!");
-																			
-									} else
-										Logger.info("EntityAttribute: No attribute value");
-																		
-								} else 
-									Logger.info("EntityAttribute: " + entityAttr.getName() + " is NOT supported");
-								
-							}
-										
-						} else
-							Logger.info("Can NOT resolve EntityAttributes! Reason: Only EntityAttributes are supported!");
-						
-					}					
-				}
-				
-			} else
-				Logger.trace("'Extension' element is 'null' or empty");
-			
-		} else
-			Logger.trace("No 'Extension' element found");
-				
-	}
-	
-	/**
-	 * @param metadata
-	 * @param attrList
-	 */
-	private void addAttributesToEntityDescriptor(EntityDescriptor metadata, List<RequestedAttribute> attrList, String entityAttr) {
-		SPSSODescriptor spSSODesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
-		if (spSSODesc != null) {
-			if (spSSODesc.getAttributeConsumingServices() == null || 
-					spSSODesc.getAttributeConsumingServices().isEmpty()) {
-				Logger.trace("No 'AttributeConsumingServices' found. Added it ...");
-				
-				AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class);						
-				attributeService.setIndex(0);
-				attributeService.setIsDefault(true);
-				ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class);
-				serviceName.setName(new LocalizedString("Default Service", "en"));
-				attributeService.getNames().add(serviceName);
-				
-				if (attrList != null && !attrList.isEmpty()) {
-					attributeService.getRequestAttributes().addAll(attrList);
-					Logger.info("Add  " + attrList.size() + " attributes for 'EntityAttribute': " + entityAttr);
-					
-				}
-				
-				spSSODesc.getAttributeConsumingServices().add(attributeService);
-				
-			} else {
-				Logger.debug("Find 'AttributeConsumingServices'. Starting updating process ... ");
-				for (AttributeConsumingService el : spSSODesc.getAttributeConsumingServices()) {
-					Logger.debug("Update 'AttributeConsumingService' with Index: " + el.getIndex());
-					
-					//load currently requested attributes
-					List<String> currentlyReqAttr = new ArrayList<String>();
-					for (RequestedAttribute reqAttr : el.getRequestAttributes())
-						currentlyReqAttr.add(reqAttr.getName());
-						
-
-					//check against EntityAttribute List
-					for (RequestedAttribute entityAttrListEl : attrList) {
-						if (!currentlyReqAttr.contains(entityAttrListEl.getName())) {
-							el.getRequestAttributes().add(entityAttrListEl);
-							
-						} else
-							Logger.debug("'AttributeConsumingService' already contains attr: " + entityAttrListEl.getName());
-						
-					}
-					
-				}
-				
-			}
-			
-		} else
-			Logger.info("Can ONLY add 'EntityAttributes' to 'SPSSODescriptor'");
-		
-	}
-
-	private List<RequestedAttribute> buildAttributeList(List<Trible<String, String, Boolean>> attrSet) {
-		List<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>();
-		for (Trible<String, String, Boolean> el : attrSet)
-			requestedAttributes.add(PVPAttributeBuilder.buildReqAttribute(el.getFirst(), el.getSecond(), el.getThird()));	
-					
-		return requestedAttributes;
-		
-		
-	}
-	 	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
deleted file mode 100644
index 4c1da747b..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/PVPMetadataFilterChain.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
-
-import java.security.cert.CertificateException;
-
-import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
-
-/**
- * @author tlenz
- *
- */
-public class PVPMetadataFilterChain extends MetadataFilterChain {
-
-		
-	/**
-	 * @throws CertificateException 
-	 * 
-	 */
-	public PVPMetadataFilterChain(String url, byte[] certificate) throws CertificateException {
-		addDefaultFilters(url, certificate);
-	}
-	
-	public void addDefaultFilters(String url, byte[] certificate) throws CertificateException {
-		addFilter(new MetadataSignatureFilter(url, certificate));
-		
-	}
-
-
-
-
-
-	
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
deleted file mode 100644
index 83a2b61d2..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
-
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.Validator;
-
-import org.opensaml.common.xml.SAMLSchemaBuilder;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.xml.XMLObject;
-import org.xml.sax.SAXException;
-
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class SchemaValidationFilter implements MetadataFilter {
-
-	private boolean isActive = true;
-	
-	public SchemaValidationFilter() {
-		try {
-			isActive = AuthConfigurationProviderFactory.getInstance().isPVPSchemaValidationActive();
-			
-		} catch (ConfigurationException e) {
-			e.printStackTrace();
-		}
-	}
-	
-	/**
-	 * 
-	 */
-	public SchemaValidationFilter(boolean useSchemaValidation) {
-		this.isActive = useSchemaValidation;
-	}
-	
-	
-	/* (non-Javadoc)
-	 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
-	 */
-	@Override
-	public void doFilter(XMLObject arg0) throws SchemaValidationException {
-		
-		String errString = null;
-		
-		if (isActive) {
-			try {
-				Schema test = SAMLSchemaBuilder.getSAML11Schema();
-				Validator val = test.newValidator();
-				DOMSource source = new DOMSource(arg0.getDOM());		
-				val.validate(source);
-				Logger.info("Metadata Schema validation check done OK");
-				return;
-			
-			} catch (SAXException e) {
-				if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
-					Logger.warn("Metadata Schema validation FAILED with exception:", e);
-				else
-					Logger.warn("Metadata Schema validation FAILED with message: "+ e.getMessage());
-
-				errString = e.getMessage();
-				
-			} catch (Exception e) {
-				if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
-					Logger.warn("Metadata Schema validation FAILED with exception:", e);
-				else
-					Logger.warn("Metadata Schema validation FAILED with message: "+ e.getMessage());
-				
-				errString = e.getMessage();
-				
-			}
-			
-			throw new SchemaValidationException("Metadata Schema validation FAILED with message: "+ errString);
-			
-		} else		
-			Logger.info("Metadata Schema validation check is DEACTIVATED!");
-		
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java
deleted file mode 100644
index e7412a0fc..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/saml2/MetadataFilterChain.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.saml2;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.opensaml.saml2.metadata.provider.FilterException;
-import org.opensaml.saml2.metadata.provider.MetadataFilter;
-import org.opensaml.xml.XMLObject;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class MetadataFilterChain implements MetadataFilter {
-
-	private List<MetadataFilter> filters = new ArrayList<MetadataFilter>();
-		
-	/**
-	 * Return all actually used Metadata filters
-	 * 
-	 * @return List of Metadata filters
-	 */
-	public List<MetadataFilter> getFilters() {
-		return filters;
-	}
-	
-	/**
-	 * Add a new Metadata filter to filterchain
-	 * 
-	 * @param filter 
-	 */
-	public void addFilter(MetadataFilter filter) {
-		filters.add(filter);
-	}
-	
-	
-	/* (non-Javadoc)
-	 * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
-	 */
-	@Override
-	public void doFilter(XMLObject arg0) throws FilterException {
-		for (MetadataFilter filter : filters) {
-			Logger.trace("Use MOAMetadataFilter " + filter.getClass().getName());
-			filter.doFilter(arg0);
-		}
-
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
index c5f02e7de..f303adfe5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
@@ -44,6 +44,8 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -60,8 +62,6 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.commons.utils.JsonMapper;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.data.EncryptedData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.util.SessionEncrytionUtil;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
index ff9c4e358..5f2ec046a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IAuthenticationSessionStoreage.java
@@ -28,6 +28,8 @@ import java.util.List;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -38,8 +40,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionSto
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 
 /**
  * @author tlenz
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
index 3e3d9dafc..10e22c806 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/LoALevelMapper.java
@@ -25,6 +25,9 @@ package at.gv.egovernment.moa.id.util;
 import java.io.IOException;
 import java.util.Properties;
 
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
 import at.gv.egovernment.moa.id.data.AuthenticationRole;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -33,7 +36,8 @@ import at.gv.egovernment.moa.util.MiscUtil;
  * @author tlenz
  *
  */
-public class LoALevelMapper {
+@Service("MOAIDLoALevelMapper")
+public class LoALevelMapper implements ILoALevelMapper{
 
 	private static final String PVP_SECCLASS_PREFIX = "http://www.ref.gv.at/ns/names/agiz/pvp/";
 	private static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/";
@@ -46,18 +50,8 @@ public class LoALevelMapper {
 	private static final String MAPPING_EIDAS_PREFIX = "eidas_";
 	
 	private Properties mapping = null;
-	
-	private static LoALevelMapper instance = null;
-	
-	public static LoALevelMapper getInstance() {
-		if (instance == null) {
-			instance = new LoALevelMapper();			
-		}
-		
-		return instance;
-	}
-	
-	private LoALevelMapper() {
+			
+	public LoALevelMapper() {
 		try {
 			mapping = new Properties();
 			mapping.load(this.getClass().getClassLoader().getResourceAsStream(MAPPING_RESOURCE));
@@ -72,6 +66,43 @@ public class LoALevelMapper {
 		
 	}
 
+	public String mapToeIDASLoA(String qaa) {
+		if (qaa.startsWith(STORK_QAA_PREFIX))
+			return mapSTORKQAAToeIDASQAA(qaa);
+		
+		else if (qaa.startsWith(PVP_SECCLASS_PREFIX))
+			return mapSTORKQAAToeIDASQAA(mapSecClassToQAALevel(qaa));
+					
+		else if (qaa.startsWith(MAPPING_EIDAS_PREFIX))
+			return qaa;
+		
+		else {
+			Logger.info("QAA: " + qaa + " is NOT supported by LoA level mapper");
+			return null;
+			
+		}
+		
+	}
+	
+	public String mapToSecClass(String qaa) {
+		if (qaa.startsWith(STORK_QAA_PREFIX))
+			return mapStorkQAAToSecClass(qaa);
+		
+		else if (qaa.startsWith(MAPPING_EIDAS_PREFIX))
+			return mapStorkQAAToSecClass(mapeIDASQAAToSTORKQAA(qaa));
+					
+		else if (qaa.startsWith(PVP_SECCLASS_PREFIX))
+			return qaa;
+		
+		else {
+			Logger.info("QAA: " + qaa + " is NOT supported by LoA level mapper");
+			return null;
+			
+		}
+		
+	}
+	
+	
 	/**
 	 * Map STORK QAA level to eIDAS QAA level
 	 * 
@@ -118,7 +149,7 @@ public class LoALevelMapper {
 	 * @param STORK-QAA level
 	 * @return PVP SecClass pvpQAALevel
 	 */	
-	public String mapToSecClass(String storkQAALevel) {
+	public String mapStorkQAAToSecClass(String storkQAALevel) {
 		if (mapping != null) {
 			String input = storkQAALevel.substring(STORK_QAA_PREFIX.length());			
 			String mappedQAA = mapping.getProperty(MAPPING_SECCLASS_PREFIX + input);
@@ -137,7 +168,7 @@ public class LoALevelMapper {
 	 * @param PVP SecClass pvpQAALevel
 	 * @return STORK-QAA level
 	 */	
-	public String mapToQAALevel(String pvpQAALevel) {
+	public String mapSecClassToQAALevel(String pvpQAALevel) {
 		if (mapping != null) {
 			String input = pvpQAALevel.substring(PVP_SECCLASS_PREFIX.length());			
 			String mappedQAA = mapping.getProperty(input);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
deleted file mode 100644
index ca71ad946..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/QAALevelVerifier.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.util;
-
-import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotAllowedException;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * @author tlenz
- *
- */
-public class QAALevelVerifier {
-
-	public static void verifyQAALevel(String qaaAuth, String qaaRequest) throws QAANotAllowedException {
-		
-		if (EAAFConstants.EIDAS_QAA_LOW.equals(qaaRequest) && 
-					(EAAFConstants.EIDAS_QAA_LOW.equals(qaaAuth) || 
-							EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaAuth) ||
-									EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth))
-				) 
-			Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
-		
-		else if (EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaRequest) && 
-					(EAAFConstants.EIDAS_QAA_SUBSTANTIAL.equals(qaaAuth) ||
-								EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth))
-				) 
-			Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
-		
-		else if (EAAFConstants.EIDAS_QAA_HIGH.equals(qaaRequest) && EAAFConstants.EIDAS_QAA_HIGH.equals(qaaAuth)) 
-			Logger.debug("Requesed LoA fits LoA from authentication. Continuingauth process ... ");
-		
-		else 
-			throw new QAANotAllowedException(qaaAuth, qaaRequest);
-		
-	}
-}
diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
index d8565112b..5ccacf350 100644
--- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
+++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml
@@ -22,6 +22,30 @@
 	<context:component-scan base-package="at.gv.egovernment.moa.id.auth.servlet" />
 	<context:component-scan base-package="at.gv.egovernment.moa.id.protocols" />
  
+ 	<bean id="PVPIDPCredentialProvider"
+ 				class="at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider" />
+ 
+ 	<bean id="PVP2XProtocol"
+ 				class="at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol">
+		<property name="pvpIDPCredentials">
+			<ref bean="PVPIDPCredentialProvider" />
+		</property>
+ 	</bean>
+ 
+  	<bean id="pvpMetadataService"
+ 				class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.MetadataAction">
+		<property name="pvpIDPCredentials">
+			<ref bean="PVPIDPCredentialProvider" />
+		</property>
+ 	</bean>
+ 
+   	<bean id="PVPAuthenticationRequestAction"
+ 				class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AuthenticationAction">
+		<property name="pvpIDPCredentials">
+			<ref bean="PVPIDPCredentialProvider" />
+		</property>
+ 	</bean>
+ 
 	<bean id="MOAID_AuthenticationManager" 
 				class="at.gv.egovernment.moa.id.moduls.AuthenticationManager"/>
 
@@ -50,6 +74,12 @@
 	<bean id="MOAGarbageCollector" 
 				class="at.gv.egovernment.moa.id.auth.MOAGarbageCollector"/>
 
+	<bean id="MOAIDLoALevelMapper" 
+				class="at.gv.egovernment.moa.id.util.LoALevelMapper"/>
+
+	<bean id="MOASAML2SubjectNameIDGenerator"
+				class="at.gv.egovernment.moa.id.auth.builder.MOAIDSubjectNameIdGenerator" />
+				
 <!-- 	<bean id="taskExecutor" class="org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor">
     <property name="corePoolSize" value="5" />
     <property name="maxPoolSize" value="10" />
@@ -64,11 +94,7 @@
 	<bean id="EvaluateBKUSelectionTask" 
 				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.EvaluateBKUSelectionTask"
 				scope="prototype"/>
-				
-	<bean id="RestartAuthProzessManagement" 
-				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.RestartAuthProzessManagement"
-				scope="prototype"/>				
-			
+										
 	<bean id="GenerateSSOConsentEvaluatorFrameTask" 
 				class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GenerateSSOConsentEvaluatorFrameTask"
 				scope="prototype"/>
diff --git a/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java b/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
index b3a9d367f..b0494534a 100644
--- a/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
+++ b/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
@@ -54,9 +54,9 @@ import javax.xml.transform.TransformerException;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.impl.utils.StreamUtils;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.StreamUtils;
 import at.gv.egovernment.moa.util.XPathUtils;
 import iaik.ixsil.algorithms.Transform;
 import iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXML;
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java
index 1cd54d61b..299bbee23 100644
--- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java
@@ -50,8 +50,8 @@ import java.security.KeyStore;
 import java.util.Enumeration;
 
 import test.at.gv.egovernment.moa.id.UnitTestCase;
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import at.gv.egovernment.moa.id.util.SSLUtils;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
 
 /**
  * @author Paul Ivancsics
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
index 3f6227402..663f712ef 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java
@@ -194,5 +194,9 @@ public class MOAIDAuthConstants extends MOAIDConstants{
   @Deprecated
   public static final String AUTHPROCESS_DATA_TARGETFRIENDLYNAME = "authProces_TargetFriendlyName";
   
+  public static final String DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP = "useMinimalFrontChannelResponse";
+  public static final String DATAID_INTERFEDERATION_NAMEID = "federatedNameID";
+  public static final String DATAID_INTERFEDERATION_QAALEVEL = "federatedQAALevel";		
+  public static final String DATAID_INTERFEDERATION_REQUESTID = "authnReqID";
 
 }
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java
index cb81fe79e..5fec08053 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/BPKDecryptionParameters.java
@@ -34,8 +34,8 @@ import java.security.UnrecoverableKeyException;
 
 import org.apache.commons.lang3.SerializationUtils;
 
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
 
 
 /**
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
index abf2d211c..e6efca4ea 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -58,8 +58,8 @@ import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManager;
 
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
 import at.gv.egovernment.moaspss.logging.LoggingContext;
 import at.gv.egovernment.moaspss.logging.LoggingContextManager;
 import iaik.pki.DefaultPKIConfiguration;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
deleted file mode 100644
index 8d6aea164..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
+++ /dev/null
@@ -1,146 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.io.BufferedInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.net.URL;
-
-/**
- * Utility for accessing files on the file system, and for reading from input streams.
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class FileUtils {
-  
-  /**
-   * Reads a file, given by URL, into a byte array.
-   * @param urlString file URL
-   * @return file content
-   * @throws IOException on any exception thrown
-   */
-  public static byte[] readURL(String urlString) throws IOException {	  
-    URL url = new URL(urlString);
-    InputStream in = new BufferedInputStream(url.openStream());
-    byte[] content = StreamUtils.readStream(in);
-    in.close();
-    return content;
-  }
-
-  /**
-   * Reads a file from a resource.
-   * @param name resource name
-   * @return file content as a byte array
-   * @throws IOException on any exception thrown
-   */
-  public static byte[] readResource(String name) throws IOException {
-    ClassLoader cl = FileUtils.class.getClassLoader();
-    BufferedInputStream in = new BufferedInputStream(cl.getResourceAsStream(name));
-    byte[] content = StreamUtils.readStream(in);
-    in.close();
-    return content;
-  }
-  /**
-   * Reads a file from a resource.
-   * @param name filename
-   * @param encoding character encoding
-   * @return file content
-   * @throws IOException on any exception thrown
-   */
-  public static String readResource(String name, String encoding) throws IOException {
-    byte[] content = readResource(name);
-    return new String(content, encoding);
-  }
-  
-	/**
-	 * Returns the absolute URL of a given url which is relative to the parameter root
-	 * @param url
-	 * @param root
-	 * @return String
-	 */
-	public static String makeAbsoluteURL(String url, String root) {
-		//if url is relative to rootConfigFileDirName make it absolute 					
-		
-    File keyFile;
-    String newURL = url;
-
-		if(null == url) return  null;
-    
-    if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("file:/") || url.startsWith("ftp:/")) {
-    	return url;
-    } else {
-      // check if absolute - if not make it absolute
-      keyFile = new File(url);
-      if (!keyFile.isAbsolute()) {
-        keyFile = new File(root, url);
-
-        if (keyFile.toString().startsWith("file:"))
-        	newURL = keyFile.toString();
-        
-        else
-        	newURL = keyFile.toURI().toString();
-        
-      }
-      return newURL;
-    }
-	}  
-	
-	
-	 private static void copy( InputStream fis, OutputStream fos )
-	  {
-	    try
-	    {
-	      byte[] buffer = new byte[ 0xFFFF ];
-	      for ( int len; (len = fis.read(buffer)) != -1; )
-	        fos.write( buffer, 0, len );
-	    }
-	    catch( IOException e ) {
-	      System.err.println( e );
-	    }
-	    finally {
-	      if ( fis != null )
-	        try { fis.close(); } catch ( IOException e ) { e.printStackTrace(); }
-	      if ( fos != null )
-	        try { fos.close(); } catch ( IOException e ) { e.printStackTrace(); }
-	    }
-	  }
-	 
-	 public static void copyFile(File src, File dest)
-	  {
-	    try
-	    {
-	      copy( new FileInputStream( src ), new FileOutputStream( dest ) );
-	    }
-	    catch( IOException e ) {
-	      e.printStackTrace();
-	    }
-	  }
-  
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java
deleted file mode 100644
index 38dcafcc0..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import iaik.x509.X509Certificate;
-
-import java.io.BufferedInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.cert.Certificate;
-
-/**
- * Utility for creating and loading key stores.
- * 
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class KeyStoreUtils {
-	
-	/**
-	 * JAVA KeyStore
-	 */
-	private static final String KEYSTORE_TYPE_JKS = "JKS";
-	
-	/**
-	 * PKCS12 KeyStore
-	 */
-	private static final String KEYSTORE_TYPE_PKCS12 = "PKCS12";
-	
-	
-
-  /**
-   * Loads a key store from file.
-   * 
-   * @param keystoreType key store type
-   * @param urlString URL of key store
-   * @param password password protecting the key store
-   * @return key store loaded
-   * @throws IOException thrown while reading the key store from file
-   * @throws GeneralSecurityException thrown while creating the key store
-   */
-  public static KeyStore loadKeyStore(
-    String keystoreType,
-    String urlString,
-    String password)
-    throws IOException, GeneralSecurityException {
-
-    URL keystoreURL = new URL(urlString);
-    InputStream in = keystoreURL.openStream();
-    return loadKeyStore(keystoreType, in, password);
-  }
-  /**
-   * Loads a key store from an <code>InputStream</code>, and
-   * closes the <code>InputStream</code>.
-   * 
-   * @param keystoreType key store type
-   * @param in input stream
-   * @param password password protecting the key store
-   * @return key store loaded
-   * @throws IOException thrown while reading the key store from the stream
-   * @throws GeneralSecurityException thrown while creating the key store
-   */
-  public static KeyStore loadKeyStore(
-    String keystoreType,
-    InputStream in,
-    String password)
-    throws IOException, GeneralSecurityException {
-
-    char[] chPassword = null;
-    if (password != null)
-      chPassword = password.toCharArray();
-    KeyStore ks = KeyStore.getInstance(keystoreType);
-    ks.load(in, chPassword);
-    in.close();
-    return ks;
-  }
-  /**
-   * Creates a key store from X509 certificate files, aliasing them with
-   * the index in the <code>String[]</code>, starting with <code>"0"</code>.
-   * 
-   * @param keyStoreType key store type
-   * @param certFilenames certificate filenames
-   * @return key store created
-   * @throws IOException thrown while reading the certificates from file
-   * @throws GeneralSecurityException thrown while creating the key store
-   */
-  public static KeyStore createKeyStore(
-    String keyStoreType,
-    String[] certFilenames)
-    throws IOException, GeneralSecurityException {
-
-    KeyStore ks = KeyStore.getInstance(keyStoreType);
-    ks.load(null, null);
-    for (int i = 0; i < certFilenames.length; i++) {
-      Certificate cert = loadCertificate(certFilenames[i]);
-      ks.setCertificateEntry("" + i, cert);
-    }
-    return ks;
-  }
-//  /**
-//   * Creates a key store from a directory containg X509 certificate files, 
-//   * aliasing them with the index in the <code>String[]</code>, starting with <code>"0"</code>.
-//   * All the files in the directory are considered to be certificates.
-//   * 
-//   * @param keyStoreType key store type
-//   * @param certDirURLString file URL of directory containing certificate filenames
-//   * @return key store created
-//   * @throws IOException thrown while reading the certificates from file
-//   * @throws GeneralSecurityException thrown while creating the key store
-//   */
-//  public static KeyStore createKeyStoreFromCertificateDirectory(
-//    String keyStoreType,
-//    String certDirURLString)
-//    throws IOException, GeneralSecurityException {
-//
-//    URL certDirURL = new URL(certDirURLString);
-//    String certDirname = certDirURL.getFile();
-//    File certDir = new File(certDirname);
-//    String[] certFilenames = certDir.list();
-//    String separator =
-//      (certDirname.endsWith(File.separator) ? "" : File.separator);
-//    for (int i = 0; i < certFilenames.length; i++) {
-//      certFilenames[i] = certDirname + separator + certFilenames[i];
-//    }
-//    return createKeyStore(keyStoreType, certFilenames);
-//  }
-
-  /**
-   * Loads an X509 certificate from file.
-   * @param certFilename filename
-   * @return the certificate loaded
-   * @throws IOException thrown while reading the certificate from file
-   * @throws GeneralSecurityException thrown while creating the certificate
-   */
-  private static Certificate loadCertificate(String certFilename)
-    throws IOException, GeneralSecurityException {
-
-    FileInputStream in = new FileInputStream(certFilename);
-    Certificate cert = new X509Certificate(in);
-    in.close();
-    return cert;
-  }
-  
- 
-	/**
-	 * Loads a keyStore without knowing the keyStore type
-	 * @param keyStorePath URL to the keyStore
-	 * @param password Password protecting the keyStore
-	 * @return keyStore loaded
-	 * @throws KeyStoreException thrown if keyStore cannot be loaded
-	 * @throws FileNotFoundException 
-	 * @throws IOException 
-	 */
-  public static KeyStore loadKeyStore(String keyStorePath, String password) throws KeyStoreException, IOException{
-		
-		//InputStream is = new FileInputStream(keyStorePath);
-	  	URL keystoreURL = new URL(keyStorePath);
-	    InputStream in = keystoreURL.openStream();
-		InputStream isBuffered = new BufferedInputStream(in);				
-		return loadKeyStore(isBuffered, password);
-		
-	}
-	
-	/**
-	 * Loads a keyStore without knowing the keyStore type
-	 * @param in input stream
-	 * @param password Password protecting the keyStore
-	 * @return keyStore loaded
-	 * @throws KeyStoreException thrown if keyStore cannot be loaded
-	 * @throws FileNotFoundException 
-	 * @throws IOException 
-	 */
-public static KeyStore loadKeyStore(InputStream is, String password) throws KeyStoreException, IOException{		
-		is.mark(1024*1024);
-		KeyStore ks = null;
-		try {
-			try {				
-				ks = loadKeyStore(KEYSTORE_TYPE_PKCS12, is, password);
-			} catch (IOException e2) {
-				is.reset();				
-				ks = loadKeyStore(KEYSTORE_TYPE_JKS, is, password);
-			}
-		} catch(Exception e) {			
-			e.printStackTrace();
-			//throw new KeyStoreException(e);
-		}
-		return ks;	
-						
-	}
-  
-	
-
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java
deleted file mode 100644
index e4ccd127f..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/StreamUtils.java
+++ /dev/null
@@ -1,197 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.PrintStream;
-
-/**
- * Utility methods for streams.
- * 
- * @author Patrick Peck
- * @version $Id$
- */
-public class StreamUtils {
-  
-  /**
-   * Compare the contents of two <code>InputStream</code>s.
-   * 
-   * @param is1 The 1st <code>InputStream</code> to compare.
-   * @param is2 The 2nd <code>InputStream</code> to compare.
-   * @return boolean <code>true</code>, if both streams contain the exactly the
-   * same content, <code>false</code> otherwise.
-   * @throws IOException An error occurred reading one of the streams.
-   */
-  public static boolean compareStreams(InputStream is1, InputStream is2) 
-    throws IOException {
-      
-    byte[] buf1 = new byte[256];
-    byte[] buf2 = new byte[256];
-    int length1;
-    int length2;
-  
-    try {
-      while (true) {
-        length1 = is1.read(buf1);
-        length2 = is2.read(buf2);
-        
-        if (length1 != length2) {
-          return false;
-        }
-        if (length1 <= 0) {
-          return true;
-        }
-        if (!compareBytes(buf1, buf2, length1)) {
-          return false;
-        }
-      }
-    } catch (IOException e) {
-      throw e;
-    } finally {
-      // close both streams
-      try {
-        is1.close();
-        is2.close();
-      } catch (IOException e) {
-        // ignore this
-      }
-    }
-  }
-  
-  /**
-   * Compare two byte arrays, up to a given maximum length.
-   * 
-   * @param b1 1st byte array to compare.
-   * @param b2 2nd byte array to compare.
-   * @param length The maximum number of bytes to compare.
-   * @return <code>true</code>, if the byte arrays are equal, <code>false</code>
-   * otherwise.
-   */
-  private static boolean compareBytes(byte[] b1, byte[] b2, int length) {
-    if (b1.length != b2.length) {
-      return false;
-    }
-  
-    for (int i = 0; i < b1.length && i < length; i++) {
-      if (b1[i] != b2[i]) {
-        return false;
-      }
-    }
-  
-    return true;
-  }
-
-  /**
-   * Reads a byte array from a stream.
-   * @param in The <code>InputStream</code> to read.
-   * @return The bytes contained in the given <code>InputStream</code>.
-   * @throws IOException on any exception thrown
-   */
-  public static byte[] readStream(InputStream in) throws IOException {
-
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    copyStream(in, out, null);
-		  
-		/*  
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    int b;
-    while ((b = in.read()) >= 0)
-      out.write(b);
-    
-    */
-    in.close();
-    return out.toByteArray();
-  }
-
-  /**
-   * Reads a <code>String</code> from a stream, using given encoding.
-   * @param in The <code>InputStream</code> to read.
-   * @param encoding The character encoding to use for converting the bytes
-   * of the <code>InputStream</code> into a <code>String</code>.
-   * @return The content of the given <code>InputStream</code> converted into
-   * a <code>String</code>.
-   * @throws IOException on any exception thrown
-   */
-  public static String readStream(InputStream in, String encoding) throws IOException {
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    copyStream(in, out, null);
-
-    /*
-    ByteArrayOutputStream out = new ByteArrayOutputStream();
-    int b;
-    while ((b = in.read()) >= 0)
-      out.write(b);
-      */
-    in.close();
-    return out.toString(encoding);
-  }
-  
-  /**
-   * Reads all data (until EOF is reached) from the given source to the 
-   * destination stream. If the destination stream is null, all data is dropped.
-   * It uses the given buffer to read data and forward it. If the buffer is 
-   * null, this method allocates a buffer.
-   *
-   * @param source The stream providing the data.
-   * @param destination The stream that takes the data. If this is null, all
-   *                    data from source will be read and discarded.
-   * @param buffer The buffer to use for forwarding. If it is null, the method
-   *               allocates a buffer.
-   * @exception IOException If reading from the source or writing to the 
-   *                        destination fails.
-   */
-  private static void copyStream(InputStream source, OutputStream destination, byte[] buffer) throws IOException {
-    if (source == null) {
-      throw new NullPointerException("Argument \"source\" must not be null.");
-    }
-    if (buffer == null) {
-      buffer = new byte[8192];
-    }
-    
-    if (destination != null) {
-      int bytesRead;
-      while ((bytesRead = source.read(buffer)) >= 0) {
-        destination.write(buffer, 0, bytesRead);
-      }
-    } else {
-      while (source.read(buffer) >= 0);
-    }    
-  }
-  
-  /**
-   * Gets the stack trace of the <code>Throwable</code> passed in as a string.
-   * @param t The <code>Throwable</code>.
-   * @return a String representing the stack trace of the <code>Throwable</code>.
-   */
-  public static String getStackTraceAsString(Throwable t)
-  {
-    ByteArrayOutputStream stackTraceBIS = new ByteArrayOutputStream();
-    t.printStackTrace(new PrintStream(stackTraceBIS));
-    return new String(stackTraceBIS.toByteArray());
-  }
-}
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/FileUtils.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/FileUtils.java
index 8941ab4cf..c52f52fa8 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/FileUtils.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/FileUtils.java
@@ -26,13 +26,13 @@ import java.io.BufferedInputStream;
 import java.io.FileInputStream;
 import java.io.IOException;
 
-import at.gv.egovernment.moa.util.StreamUtils;
+import at.gv.egiz.eaaf.core.impl.utils.StreamUtils;
 
 /**
  * @author tlenz
  *
  */
-public class FileUtils extends at.gv.egovernment.moa.util.FileUtils {
+public class FileUtils extends at.gv.egiz.eaaf.core.impl.utils.FileUtils {
 
   /**
   * Reads a file, given by URL, into a String.
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
index be5581139..6d341b88b 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
@@ -34,8 +34,7 @@ import java.security.Security;
 import java.security.cert.X509Certificate;
 import java.util.Enumeration;
 
-import at.gv.egovernment.moa.util.KeyStoreUtils;
-
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import junit.framework.TestCase;
 
 /**
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java
index 98f7fccf5..f32b90eb0 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/MOAIDGuiBilderConfigurationFactory.java
@@ -1,8 +1,14 @@
 package at.gv.egovernment.moa.id.auth.frontend;
 
+import java.net.MalformedURLException;
+import java.net.URI;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
 import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfigurationFactory;
 import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 
 public class MOAIDGuiBilderConfigurationFactory implements IGUIBuilderConfigurationFactory {
 
@@ -13,5 +19,15 @@ public class MOAIDGuiBilderConfigurationFactory implements IGUIBuilderConfigurat
 
 	}
 
-	
+	@Override
+	public IGUIBuilderConfiguration getSPSpecificSAML2PostConfiguration(IRequest pendingReq, String viewName, URI configRootDir) 
+			throws MalformedURLException {
+		return new SPSpecificGUIBuilderConfigurationWithFileSystemLoad(
+				pendingReq, 
+				viewName, 
+				MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_SAML2POSTBINDING_URL, 
+				null, 
+				configRootDir.toURL().toString());
+		
+	}	
 }
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
index 2ce4488a8..1bacc93c7 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
@@ -44,7 +44,7 @@ import org.springframework.stereotype.Service;
 import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
 import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
 import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
index 6092c8d5d..3e2bdda10 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/SPSpecificGUIBuilderConfigurationWithFileSystemLoad.java
@@ -32,8 +32,8 @@ import java.net.URISyntaxException;
 import java.net.URL;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java
deleted file mode 100644
index 3d5c5ed2f..000000000
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityLogAdapter.java
+++ /dev/null
@@ -1,99 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.auth.frontend.velocity;
-
-import org.apache.velocity.app.Velocity;
-import org.apache.velocity.runtime.RuntimeServices;
-import org.apache.velocity.runtime.log.LogChute;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-public class VelocityLogAdapter implements LogChute {
-
-	public VelocityLogAdapter() {
-		try
-	    {
-	      /*
-	       *  register this class as a logger with the Velocity singleton
-	       *  (NOTE: this would not work for the non-singleton method.)
-	       */
-	      Velocity.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, this );
-	      Velocity.init();
-	    }
-	    catch (Exception e)
-	    {
-	      Logger.error("Failed to register Velocity logger");
-	    }
-	}
-	
-	public void init(RuntimeServices arg0) throws Exception {
-	}
-
-	public boolean isLevelEnabled(int arg0) {
-		switch(arg0) {
-		case LogChute.DEBUG_ID:
-			return Logger.isDebugEnabled();
-		case LogChute.TRACE_ID:
-			return Logger.isTraceEnabled();
-		default:
-			return true;
-		}
-	}
-
-	public void log(int arg0, String arg1) {
-		switch(arg0) {
-		case LogChute.DEBUG_ID:
-			Logger.debug(arg1);
-			break;
-		case LogChute.TRACE_ID:
-			Logger.trace(arg1);
-			break;
-		case LogChute.INFO_ID:
-			Logger.info(arg1);
-			break;
-		case LogChute.WARN_ID:
-			Logger.warn(arg1);
-			break;
-		case LogChute.ERROR_ID:
-		default:
-			Logger.error(arg1);
-			break;
-		}
-	}
-
-	public void log(int arg0, String arg1, Throwable arg2) {
-		switch(arg0) {
-		case LogChute.DEBUG_ID:
-		case LogChute.TRACE_ID:
-		case LogChute.INFO_ID:
-		case LogChute.WARN_ID:
-			Logger.warn(arg1, arg2);
-			break;
-		case LogChute.ERROR_ID:
-		default:
-			Logger.error(arg1, arg2);
-			break;
-		}
-	}
-	
-}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java
deleted file mode 100644
index 015d8e321..000000000
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/velocity/VelocityProvider.java
+++ /dev/null
@@ -1,121 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-/**
- * 
- */
-package at.gv.egovernment.moa.id.auth.frontend.velocity;
-
-import org.apache.velocity.app.Velocity;
-import org.apache.velocity.app.VelocityEngine;
-import org.apache.velocity.runtime.RuntimeConstants;
-
-/**
- * Gets a Velocity Engine
- * 
- * @author bzwattendorfer
- *
- */
-public class VelocityProvider {
-
-	private static VelocityEngine velocityEngine = null;
-	
-	/**
-	 * Gets velocityEngine from Classpath
-	 * @return VelocityEngine
-	 * @throws Exception
-	 */
-	public static VelocityEngine getClassPathVelocityEngine() throws Exception {
-		if (velocityEngine == null) {
-			velocityEngine = getBaseVelocityEngine();
-			velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
-			velocityEngine.setProperty("classpath.resource.loader.class",
-					"org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");                
-			velocityEngine.init();
-			
-		}
-		
-		return velocityEngine;
-	}
-	
-	/**
-	 * Gets VelocityEngine from File
-	 * @param rootPath File Path to template file
-	 * @return VelocityEngine
-	 * @throws Exception
-	 */
-	public static VelocityEngine getFileVelocityEngine(String rootPath) throws Exception {
-		if (velocityEngine == null) {
-			velocityEngine = getBaseVelocityEngine();
-			velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "file");
-			velocityEngine.setProperty("file.resource.loader.class",
-					"org.apache.velocity.runtime.resource.loader.FileResourceLoader");
-			velocityEngine.setProperty("file.resource.loader.path", rootPath);
-        
-			velocityEngine.init();
-			
-		}
-		
-		return velocityEngine;
-	}
-	
-	/**
-	 * Gets a basic VelocityEngine
-	 * @return VelocityEngine
-	 */
-	private static VelocityEngine getBaseVelocityEngine() {
-		VelocityEngine velocityEngine = new VelocityEngine();
-        velocityEngine.setProperty(RuntimeConstants.INPUT_ENCODING, "UTF-8");
-        velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
-//        velocityEngine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
-//				"org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
-        velocityEngine.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, new VelocityLogAdapter() );
-        
-        return velocityEngine;
-	}
-	
-}
diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java
index f99013082..59779060f 100644
--- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java
+++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAContextCloseHandler.java
@@ -37,6 +37,7 @@ import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
 import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.IDestroyableObject;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
index d32ce972a..1eb354778 100644
--- a/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
+++ b/id/server/moa-id-spring-initializer/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthSpringInitializer.java
@@ -23,6 +23,7 @@ import org.springframework.web.context.support.ServletContextResource;
 import org.springframework.web.servlet.DispatcherServlet;
 
 import at.gv.egiz.components.spring.api.SpringLoader;
+import at.gv.egiz.eaaf.core.api.IPostStartupInitializable;
 import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 2b2a8cab6..ef3e71874 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -26,7 +26,9 @@ import org.w3c.dom.NodeList;
 import org.xml.sax.SAXException;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
@@ -65,14 +67,12 @@ import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.logging.SpecificTraceLogger;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.DateTimeUtils;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 import at.gv.egovernment.moaspss.logging.LogMsg;
@@ -1033,7 +1033,8 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 		session.setForeigner(false);
 
 		//set QAA Level four in case of card authentifcation
-		session.setQAALevel(PVPConstants.STORK_QAA_1_4);
+		session.setQAALevel(PVPConstants.EIDAS_QAA_HIGH);
+		
 		
 		revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED);
 		
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
index a904242e1..8e80fbbbb 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
@@ -49,9 +49,9 @@ package at.gv.egovernment.moa.id.auth.builder;
 import java.io.IOException;
 import java.text.MessageFormat;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.FileUtils;
 
 /**
  * Builder for the <code>&lt;VerifyXMLSignatureRequest&gt;</code> structure
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
index ec1de6155..37f24ea72 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
@@ -138,7 +138,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
 				moasession.setIdentityLink(identitylink);
 
 				// set QAA Level four in case of card authentifcation
-				moasession.setQAALevel(PVPConstants.STORK_QAA_1_4);
+				moasession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH);
 
 				authServer.getForeignAuthenticationData(moasession);
 				
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
index b170d9e89..ab53671f2 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
@@ -34,6 +34,7 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -44,7 +45,6 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 44c3992d0..96be0279a 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -57,6 +57,7 @@ import org.jaxen.SimpleNamespaceContext;
 import org.w3c.dom.Element;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
@@ -71,7 +72,6 @@ import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.logging.SpecificTraceLogger;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
index 7bb07df74..b3327a3d5 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
@@ -63,13 +63,13 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.BoolUtils;
 import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
index 9ce987956..90810a7f4 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
@@ -38,6 +38,7 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
@@ -47,7 +48,6 @@ import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 
 /**
  * @author tlenz
@@ -94,7 +94,7 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
 		moaSession.setForeigner(false);
 		
 		moaSession.setBkuURL("http://egiz.gv.at/BKA_MobileAuthTest");			
-		moaSession.setQAALevel(PVPConstants.STORK_QAA_1_4);
+		moaSession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH);
 			
 		try {
 			String idlurl = FileUtils.makeAbsoluteURL(moaAuthConfig.getMonitoringTestIdentityLinkURL(), moaAuthConfig.getRootConfigFileDir());				
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
index 74cf665ca..bad1f4e41 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java
@@ -31,7 +31,7 @@ import org.apache.xml.security.signature.XMLSignature;
 import org.opensaml.xml.encryption.EncryptionConstants;
 import org.opensaml.xml.signature.SignatureConstants;
 
-import at.gv.egovernment.moa.id.data.Trible;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
 
 /**
  * @author tlenz
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
index d743b57e3..5e4745f7c 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java
@@ -35,12 +35,12 @@ import java.util.List;
 import java.util.Map;
 import java.util.Properties;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.samlengineconfig.BinaryParameter;
 import eu.eidas.samlengineconfig.EngineInstance;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
index 384d6be0b..f7a6ff495 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java
@@ -34,10 +34,10 @@ import java.util.List;
 import java.util.Map.Entry;
 import java.util.Properties;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import eu.eidas.samlengineconfig.ConfigurationParameter;
 import eu.eidas.samlengineconfig.InstanceConfiguration;
 import eu.eidas.samlengineconfig.StringParameter;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index 94cd04ca7..aca818532 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -1,5 +1,6 @@
 package at.gv.egovernment.moa.id.auth.modules.eidas.engine;
 
+import java.net.MalformedURLException;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.HashMap;
@@ -11,6 +12,9 @@ import java.util.Timer;
 
 import javax.xml.namespace.QName;
 
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
 import org.opensaml.saml2.metadata.EntitiesDescriptor;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.RoleDescriptor;
@@ -22,45 +26,39 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider;
 import org.opensaml.xml.XMLObject;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.IDestroyableObject;
-import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing;
-import at.gv.egovernment.moa.id.auth.IPostStartupInitializable;
+import at.gv.egiz.eaaf.core.api.IDestroyableObject;
+import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing;
+import at.gv.egiz.eaaf.core.api.IPostStartupInitializable;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
-import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.engine.AbstractProtocolEngine;
 
 @Service("eIDASMetadataProvider")
-public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider implements ObservableMetadataProvider, 
-	IGarbageCollectorProcessing, IDestroyableObject, IMOARefreshableMetadataProvider, IPostStartupInitializable{
+public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider implements ObservableMetadataProvider, 
+	IGarbageCollectorProcessing, IDestroyableObject, IRefreshableMetadataProvider, IPostStartupInitializable{
 
-	private Timer timer = null;
+	@Autowired(required=true) IConfiguration basicConfig;
+	
+	private Timer timer = null; 
 	
 	private MetadataProvider internalProvider;
 	private Map<String, Date> lastAccess = null;
 	
-	
-//	public static MOAeIDASChainingMetadataProvider getInstance() {
-//		if (instance == null) {
-//			synchronized (mutex) {
-//				if (instance == null) {
-//					instance = new MOAeIDASChainingMetadataProvider();
-//					MOAGarbageCollector.addModulForGarbageCollection(instance);
-//				}
-//			}
-//		}
-//		return instance;
-//	}
-	
-	
 	public MOAeIDASChainingMetadataProvider() {
 		internalProvider = new ChainingMetadataProvider();
 		lastAccess = new HashMap<String, Date>();
@@ -83,18 +81,25 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
 	}
 	
 	protected void initializeEidasMetadataFromFileSystem() throws ConfigurationException {
-		Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX);
-		if (!metadataToLoad.isEmpty()) {
-			Logger.info("Load static configurated eIDAS metadata ... ");			
-			for (String metaatalocation : metadataToLoad.values()) {
-				String absMetadataLocation = FileUtils.makeAbsoluteURL(metaatalocation, authConfig.getRootConfigFileDir());				
-				Logger.info("  Load eIDAS metadata from: " + absMetadataLocation);
-				refreshMetadataProvider(absMetadataLocation);
+		try {
+			Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX);
+			if (!metadataToLoad.isEmpty()) {
+				Logger.info("Load static configurated eIDAS metadata ... ");			
+				for (String metaatalocation : metadataToLoad.values()) {
+					String absMetadataLocation = FileUtils.makeAbsoluteURL(metaatalocation, authConfig.getConfigurationRootDirectory());				
+					Logger.info("  Load eIDAS metadata from: " + absMetadataLocation);
+					refreshMetadataProvider(absMetadataLocation);
 				
+				}
+			
+				Logger.info("Load static configurated eIDAS metadata finished ");
 			}
 			
-			Logger.info("Load static configurated eIDAS metadata finished ");
-		}		
+		} catch (MalformedURLException e) {
+			Logger.warn("MOA-ID configuration error." , e);
+			throw new ConfigurationException("MOA-ID configuration error.", null, e);
+			
+		}
 	}
 	
 	
@@ -238,9 +243,10 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
 		filter.addFilter(new MOASPMetadataSignatureFilter(
 				authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE)));
 		
-		return createNewMoaMetadataProvider(metadataURL, filter, 
+		return createNewSimpleMetadataProvider(metadataURL, filter, 
 					"eIDAS metadata-provider", 
-					timer, AbstractProtocolEngine.getSecuredParserPool());
+					timer, AbstractProtocolEngine.getSecuredParserPool(),
+					createHttpClient(metadataURL));
 			
 	}
 
@@ -421,5 +427,40 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
 			if (observer != null)
 				observer.onEvent(this);
 	}
+	
+	private HttpClient createHttpClient(String metadataURL) {					
+		MOAHttpClient httpClient = new MOAHttpClient();		
+		HttpClientParams httpClientParams = new HttpClientParams();
+		httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+		httpClient.setParams(httpClientParams);
+		
+		if (metadataURL.startsWith("https:")) {
+			try {
+				if (basicConfig instanceof AuthConfiguration) {
+					AuthConfiguration moaAuthConfig = (AuthConfiguration) basicConfig;
+					//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
+					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+							PVPConstants.SSLSOCKETFACTORYNAME, 
+							moaAuthConfig.getTrustedCACertificates(),
+							null,
+							AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
+							moaAuthConfig.isTrustmanagerrevoationchecking(),
+							moaAuthConfig.getRevocationMethodOrder(),
+							moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+									AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
+				
+					httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+					
+				}
+
+			} catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) {
+				Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
+				
+			}
+		}
+		
+		return httpClient;
+				
+	}
 
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
index 9adc221e5..3851ead2d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java
@@ -31,7 +31,7 @@ import org.opensaml.saml2.metadata.SPSSODescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider;
 import eu.eidas.auth.engine.ProtocolEngineI;
 import eu.eidas.auth.engine.metadata.MetadataFetcherI;
 import eu.eidas.auth.engine.metadata.MetadataSignerI;
@@ -65,8 +65,8 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataFetcherI {
 	 * @return true if refresh was successful, otherwise false
 	 */
 	public boolean refreshMetadata(String entityId) {
-		if (this.metadataprovider instanceof IMOARefreshableMetadataProvider )
-			return ((IMOARefreshableMetadataProvider)this.metadataprovider).refreshMetadataProvider(entityId);		
+		if (this.metadataprovider instanceof IRefreshableMetadataProvider )
+			return ((IRefreshableMetadataProvider)this.metadataprovider).refreshMetadataProvider(entityId);		
 		else
 			return false;
 		
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
index a87d971d8..0e8bf2a5a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java
@@ -47,10 +47,11 @@ import com.google.common.net.MediaType;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
@@ -61,7 +62,6 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
 import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.EidasStringUtil;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
index 8e840e2c1..6d20caa4b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java
@@ -32,6 +32,7 @@ import org.opensaml.common.xml.SAMLSchemaBuilder;
 import org.opensaml.xml.ConfigurationException;
 import org.opensaml.xml.XMLConfigurator;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAExtendedSWSigner;
 import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl;
@@ -41,7 +42,6 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProvid
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
 import eu.eidas.auth.commons.attribute.AttributeRegistries;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
index 8add8e206..1b1b15567 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
@@ -35,10 +35,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java
index 30e1e4505..3075ab9cf 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java
@@ -25,8 +25,8 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.utils;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import at.gv.egiz.eaaf.core.impl.data.Trible;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
-import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index ce5f4dc6b..42ca6e507 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -47,10 +47,10 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IModulInfo;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator;
@@ -87,7 +87,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
 	public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE";
 	
     public static final String NAME = EIDASProtocol.class.getName();
-    public static final String PATH = "eidas";	
+    public static final String PATH = "id_eidas";	
 
     @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
     
@@ -105,9 +105,10 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
         return NAME;
     }
 
-    public String getPath() {
-        return PATH;
-    }
+	@Override
+	public String getAuthProtocolIdentifier() {
+		return PATH;
+	}
 
 	//eIDAS metadata end-point
 	@RequestMapping(value = "/eidas/metadata", method = {RequestMethod.GET})
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
index bbd132a3b..bfdb46a11 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java
@@ -32,6 +32,8 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IAction;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
@@ -39,9 +41,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.utils.NewMoaEidasMetadata;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.engine.ProtocolEngineI;
 import eu.eidas.auth.engine.metadata.ContactData;
@@ -59,6 +59,7 @@ public class EidasMetaDataRequest implements IAction {
      
 	@Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider;
 	@Autowired(required=true) AuthConfiguration authConfig;
+	@Autowired(required=true) IPVP2BasicConfiguration pvpConfiguration;
 	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData)
@@ -150,10 +151,10 @@ public class EidasMetaDataRequest implements IAction {
         //add organisation information from PVP metadata information        
         Organization pvpOrganisation = null;
 		try {
-			pvpOrganisation = PVPConfiguration.getInstance().getIDPOrganisation();			
+			pvpOrganisation = pvpConfiguration.getIDPOrganisation();			
 			eu.eidas.auth.engine.metadata.ContactData.Builder technicalContact = ContactData.builder();
 			
-			List<ContactPerson> contacts = PVPConfiguration.getInstance().getIDPContacts();
+			List<ContactPerson> contacts = pvpConfiguration.getIDPContacts();
 			if (contacts != null && contacts.size() >= 1) {
 				ContactPerson contact = contacts.get(0);
 				technicalContact.givenName(contact.getGivenName().getName());
@@ -187,7 +188,7 @@ public class EidasMetaDataRequest implements IAction {
 			metadataConfigBuilder.supportContact(ContactData.builder(technicalContact.build()).build());
 			
 									
-		} catch (ConfigurationException | NullPointerException e) {
+		} catch (NullPointerException | EAAFException e) {
 			Logger.warn("Can not load Organisation or Contact from Configuration", e);
 			
 		}
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java
index 14b1d06b6..5a8fcb846 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java
@@ -28,9 +28,9 @@ import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils;
-import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
index 6c3bfc569..1176ba251 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
@@ -28,10 +28,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.eidas.EIDASData;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
index 82d0facd4..f6a67db9d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java
@@ -41,15 +41,15 @@ import at.gv.egiz.eaaf.core.api.idp.IAction;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeBuilder;
 import at.gv.egovernment.moa.id.commons.MOAIDConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.eidas.auth.commons.EidasStringUtil;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java
index 24d24db2c..5dcd9499e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java
@@ -23,12 +23,12 @@
 package at.gv.egovernment.moa.id.protocols.eidas.validator;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.protocol.IAuthenticationResponse;
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
index 7ca4590bb..72c95d9c7 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
@@ -26,7 +26,7 @@ import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 
-import at.gv.egovernment.moa.id.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 
 /**
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
index 5743590f9..482d8ef85 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java
@@ -33,14 +33,14 @@ import org.opensaml.saml2.metadata.Organization;
 import org.opensaml.saml2.metadata.RequestedAttribute;
 import org.opensaml.xml.security.credential.Credential;
 
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -51,11 +51,12 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon
 	
 	private String authURL;
 	private ELGAMandatesCredentialProvider credentialProvider;
+	private IPVP2BasicConfiguration pvpConfiguration;
 	
-	public ELGAMandatesMetadataConfiguration(String authURL, ELGAMandatesCredentialProvider credentialProvider) {
+	public ELGAMandatesMetadataConfiguration(String authURL, ELGAMandatesCredentialProvider credentialProvider, IPVP2BasicConfiguration pvpConfiguration) {
 		this.authURL = authURL;
 		this.credentialProvider = credentialProvider;
-				
+		this.pvpConfiguration = pvpConfiguration;
 	}
 	
 	
@@ -118,9 +119,9 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon
 	@Override
 	public List<ContactPerson> getContactPersonInformation() {
 		try {
-			return PVPConfiguration.getInstance().getIDPContacts();
+			return pvpConfiguration.getIDPContacts();
 			
-		} catch (ConfigurationException e) {
+		} catch (EAAFException e) {
 			Logger.warn("Can not load Metadata entry: Contect Person", e);
 			return null;
 			
@@ -134,9 +135,9 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon
 	@Override
 	public Organization getOrgansiationInformation() {
 		try {
-			return PVPConfiguration.getInstance().getIDPOrganisation();
+			return pvpConfiguration.getIDPOrganisation();
 			
-		} catch (ConfigurationException e) {
+		} catch (EAAFException e) {
 			Logger.warn("Can not load Metadata entry: Organisation", e);
 			return null;
 			
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
index b67d263fc..6954b9feb 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
@@ -38,9 +38,9 @@ import org.opensaml.xml.security.credential.Credential;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
index aaed6655b..d52cd750a 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java
@@ -36,12 +36,13 @@ import com.google.common.net.MediaType;
 
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesMetadataConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -54,6 +55,7 @@ public class ELGAMandateMetadataController extends AbstractController {
 	@Autowired PVPMetadataBuilder metadatabuilder;
 	@Autowired AuthConfiguration authConfig;
 	@Autowired ELGAMandatesCredentialProvider credentialProvider; 
+	@Autowired IPVP2BasicConfiguration pvpConfiguration;
 	
 	public ELGAMandateMetadataController() {
 		super();
@@ -76,7 +78,7 @@ public class ELGAMandateMetadataController extends AbstractController {
 			} else {
 				//initialize metadata builder configuration
 				IPVPMetadataBuilderConfiguration metadataConfig = 
-						new ELGAMandatesMetadataConfiguration(authURL, credentialProvider);
+						new ELGAMandatesMetadataConfiguration(authURL, credentialProvider, pvpConfiguration);
 				
 				//build metadata
 				String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
index 12f2bde60..ce5f654da 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
@@ -41,26 +41,26 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnResponseValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -70,7 +70,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
  */
 @Component("ReceiveElgaMandateResponseTask")
 public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
-
+  
 	@Autowired SAMLVerificationEngineSP samlVerificationEngine;
 	@Autowired ELGAMandatesCredentialProvider credentialProvider;
 	@Autowired ELGAMandateServiceMetadataProvider metadataProvider;
@@ -85,17 +85,17 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 		
 		try {						
 			IDecoder decoder = null;
-			MOAURICompare comperator = null;
+			EAAFURICompare comperator = null;
 			//select Response Binding
 			if (request.getMethod().equalsIgnoreCase("POST")) {
 				decoder = new PostBinding();
-				comperator = new MOAURICompare(pendingReq.getAuthURL() 
+				comperator = new EAAFURICompare(pendingReq.getAuthURL() 
 						+ ELGAMandatesAuthConstants.ENDPOINT_POST);
 				Logger.debug("Receive PVP Response from ELGA mandate-service, by using POST-Binding.");
 				
 			}  else if (request.getMethod().equalsIgnoreCase("GET")) {
 				decoder = new RedirectBinding();
-				comperator = new MOAURICompare(pendingReq.getAuthURL()
+				comperator = new EAAFURICompare(pendingReq.getAuthURL()
 						+ ELGAMandatesAuthConstants.ENDPOINT_REDIRECT);
 				Logger.debug("Receive PVP Response from ELGA mandate-service, by using Redirect-Binding.");
 				
@@ -131,7 +131,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 			
 			
 			//validate assertion
-			MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);			
+			PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg);			
 			
 			//write ELGA mandate information into MOASession
 			AssertionAttributeExtractor extractor = 
@@ -217,7 +217,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 
 		} catch (AssertionValidationExeption | AuthnResponseValidationException e) {
 			Logger.info("ELGA mandate-service: PVP response validation FAILED. Msg:" + e.getMessage());
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getMessageId());
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getErrorId());
 			throw new TaskExecutionException(pendingReq, "ELGA mandate-service: PVP response validation FAILED.", e);
 		
 		} catch (Exception e) {
@@ -239,13 +239,13 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 	 * @throws AssertionValidationExeption 
 	 * @throws AuthnResponseValidationException 
 	 */
-	private MOAResponse preProcessAuthResponse(MOAResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException {
+	private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException {
 		Logger.debug("Start PVP-2.1 assertion processing... ");
 		Response samlResp = (Response) msg.getResponse();
 
 		//validate 'inResponseTo' attribute
 		String authnReqID = pendingReq.getGenericData(
-				PVPTargetConfiguration.DATAID_INTERFEDERATION_REQUESTID, String.class);
+				MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID, String.class);
 		String inResponseTo = samlResp.getInResponseTo();
 		
 		if (MiscUtil.isEmpty(authnReqID) || MiscUtil.isEmpty(inResponseTo) || 
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
index 70dc87df9..0b0c74777 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
@@ -37,8 +37,10 @@ import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -47,12 +49,10 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesReq
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.exceptions.ELGAMetadataException;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -193,7 +193,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
 			//set MandateReferenceValue as RequestID
 			authnReqConfig.setRequestID(moasession.getMandateReferenceValue());
 			pendingReq.setGenericDataToSession(
-					PVPTargetConfiguration.DATAID_INTERFEDERATION_REQUESTID,
+					MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID,
 					authnReqConfig.getRequestID());
 			
 			//set SubjectConformationDate
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
index 07f618c10..e8cfae10a 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java
@@ -22,11 +22,15 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils;
 
+import java.net.MalformedURLException;
 import java.util.List;
 import java.util.Timer;
 
 import javax.xml.namespace.QName;
 
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
 import org.opensaml.saml2.metadata.EntitiesDescriptor;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.RoleDescriptor;
@@ -37,14 +41,19 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.parse.BasicParserPool;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import at.gv.egovernment.moa.id.auth.IDestroyableObject;
+import at.gv.egiz.eaaf.core.api.IDestroyableObject;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
-import at.gv.egovernment.moa.id.saml2.MetadataFilterChain;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -54,9 +63,10 @@ import at.gv.egovernment.moa.util.MiscUtil;
  */
 
 @Service("ELGAMandate_MetadataProvider")
-public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvider
+public class ELGAMandateServiceMetadataProvider extends SimpleMetadataProvider
 	implements IDestroyableObject {
-	
+	@Autowired(required=true) AuthConfiguration moaAuthConfig;
+		
 	private ChainingMetadataProvider metadataProvider = new ChainingMetadataProvider();
 	private Timer timer = null;
 	
@@ -253,11 +263,12 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
 			filter.addFilter(new SchemaValidationFilter(true));
 			filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID));
 		
-			MetadataProvider idpMetadataProvider = createNewMoaMetadataProvider(metdataURL, 
+			MetadataProvider idpMetadataProvider = createNewSimpleMetadataProvider(metdataURL, 
 					filter, 
 					ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING,					
 					timer,
-					new BasicParserPool());
+					new BasicParserPool(),
+					createHttpClient(metdataURL));
 			
 			if (idpMetadataProvider == null) {
 				Logger.error("Create ELGA Mandate-Service Client FAILED.");
@@ -300,4 +311,35 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide
 			timer.cancel();
 		
 	}
+	
+	private HttpClient createHttpClient(String metadataURL) {					
+		MOAHttpClient httpClient = new MOAHttpClient();		
+		HttpClientParams httpClientParams = new HttpClientParams();
+		httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+		httpClient.setParams(httpClientParams);
+		
+		if (metadataURL.startsWith("https:")) {
+			try {
+				//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
+				MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+						PVPConstants.SSLSOCKETFACTORYNAME, 
+						moaAuthConfig.getTrustedCACertificates(),
+						null,
+						AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
+						moaAuthConfig.isTrustmanagerrevoationchecking(),
+						moaAuthConfig.getRevocationMethodOrder(),
+						moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+								AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
+				
+				httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+
+			} catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) {
+				Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
+				
+			}
+		}
+		
+		return httpClient;
+				
+	}
 }
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
index c8fe55e51..dd4e5d340 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java
@@ -25,11 +25,11 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
-import at.gv.egovernment.moa.util.FileUtils;
 
 /**
  * @author tlenz
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
index 9060f35c5..76e7f0901 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
@@ -24,9 +24,9 @@ package at.gv.egovernment.moa.id.protocols.oauth20;
 
 import java.util.Properties;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.util.FileUtils;
 
 public class OAuth20Configuration {
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index d97c8f7cf..190ef9e9d 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -35,17 +35,18 @@ import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
-import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIssuingNationAttributeBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
@@ -62,7 +63,6 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepOIDAt
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder;
 import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.logging.Logger;
 
 public final class OAuth20AttributeBuilder {
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java
index cd7b8312d..17ed6b40d 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java
@@ -34,11 +34,11 @@ import java.security.interfaces.RSAPublicKey;
 import org.apache.commons.lang.StringUtils;
 import org.opensaml.xml.security.x509.BasicX509Credential;
 
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Configuration;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20CertificateErrorException;
 import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
 
 public final class OAuth20SignatureUtil {
 	
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
index 5d461afc8..b00675e7c 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -40,11 +40,11 @@ import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
 import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
 import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index e04d719d9..98f6f2d5c 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -51,8 +51,9 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 	public String getName() { 
 		return NAME;
 	}
-	
-	public String getPath() {
+
+	@Override
+	public String getAuthProtocolIdentifier() {
 		return PATH;
 	}
 	
diff --git a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java
index 35bbac6e7..824d64171 100644
--- a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java
+++ b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java
@@ -30,10 +30,9 @@ import org.opensaml.xml.security.x509.BasicX509Credential;
 import org.testng.Assert;
 import org.testng.annotations.Test;
 
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Signer;
 import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Verifier;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
-
 import net.oauth.jsontoken.crypto.Signer;
 import net.oauth.jsontoken.crypto.Verifier;
 
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
index 2766eab05..92a08e411 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
@@ -22,6 +22,8 @@ import com.google.gson.JsonElement;
 import com.google.gson.JsonParser;
 import com.google.gson.JsonSyntaxException;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult;
 import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception;
@@ -32,8 +34,6 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.utils.X509Utils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
 
 @Service
 public class JsonSecurityUtils implements IJOSETools{
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
index 9f910d598..04ac1fd57 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
@@ -75,8 +75,10 @@ import com.google.gson.JsonParser;
 import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
@@ -94,12 +96,10 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageExcepti
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import net.glxn.qrgen.QRCode;
 import net.glxn.qrgen.image.ImageType;
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
index f1075f060..c7e42c8ab 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
@@ -49,6 +49,7 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
@@ -59,7 +60,6 @@ import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.MiscUtil;
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
index 189fcd2f6..4a5511df4 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
@@ -99,7 +99,18 @@ import com.google.gson.JsonObject;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.exception.SAMLRequestNotSignedException;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.PVP2AssertionBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair;
@@ -116,17 +127,8 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
@@ -141,6 +143,9 @@ import iaik.x509.X509Certificate;
 @Service("SSOContainerUtils")
 public class SSOContainerUtils {
 	
+	@Autowired(required=true) private IPVP2BasicConfiguration pvpConfiguration;
+	@Autowired(required=true) private PVP2AssertionBuilder assertionBuilder;
+	
 	private static final String PVP_HOLDEROFKEY_NAME = PVPConstants.URN_OID_PREFIX + 
 			"1.2.40.0.10.2.1.1.261.xx.xx";
 	
@@ -272,7 +277,7 @@ public class SSOContainerUtils {
 		
 	}
 	
-	public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException  {	
+	public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException, SAMLRequestNotSignedException, NoCredentialsException, CredentialsNotAvailableException, AssertionValidationExeption  {	
 		final BasicParserPool ppMgr = new BasicParserPool();
 		final HashMap<String, Boolean> features = new HashMap<String, Boolean>();
 		features.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
@@ -296,7 +301,7 @@ public class SSOContainerUtils {
 			} catch (ValidationException e) {
 				Logger.error("Failed to validate Signature", e);
 				throw new SAMLRequestNotSignedException(e);
-			}
+			} 
 			
 			Credential credential = credentials.getIDPAssertionSigningCredential();
 			if (credential == null) {
@@ -340,7 +345,7 @@ public class SSOContainerUtils {
 	public String generateSignedAndEncryptedSSOContainer(String authURL,
 			IAuthenticationSession authSession, Date date, byte[] hashedSecret) {		
 		try {
-			String entityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL);
+			String entityID = pvpConfiguration.getIDPEntityId(authURL);
 			AuthnContextClassRef authnContextClassRef = SAML2Utils
 					.createSAMLObject(AuthnContextClassRef.class);
 			authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel());			
@@ -369,7 +374,7 @@ public class SSOContainerUtils {
 
 			IMOAAuthData authData = new SSOTransferAuthenticationData(authConfig, authSession);
 			
-			Assertion assertion = PVP2AssertionBuilder.buildGenericAssertion(
+			Assertion assertion = assertionBuilder.buildGenericAssertion(
 					entityID,
 					entityID, 
 					new DateTime(date.getTime()), 
@@ -405,7 +410,7 @@ public class SSOContainerUtils {
 						
 			return container.toString();
 												
-		} catch (ConfigurationException | EncryptionException | CredentialsNotAvailableException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | NoSuchPaddingException e) {
+		} catch (EncryptionException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | NoSuchPaddingException | EAAFException e) {
 			Logger.warn("SSO container generation FAILED.", e);
 		}
 		
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java
index 8ca087e1d..a2441bc1f 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java
@@ -39,7 +39,7 @@ import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
 import org.bouncycastle.math.ec.ECPoint;
 import org.bouncycastle.util.BigIntegers;
 
-import at.gv.egovernment.moa.id.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egovernment.moa.util.Base64Utils;
 import iaik.security.random.SeedGenerator;
 
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
index 1fff56f8d..a1b8631dc 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java
@@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.config;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
-import java.util.Iterator;
 import java.util.List;
 
 import org.opensaml.saml2.core.Attribute;
@@ -35,16 +34,15 @@ import org.opensaml.saml2.metadata.Organization;
 import org.opensaml.saml2.metadata.RequestedAttribute;
 import org.opensaml.xml.security.credential.Credential;
 
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.data.Pair;
-import at.gv.egovernment.moa.id.data.Trible;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -58,11 +56,14 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo
 	
 	private String authURL;
 	private FederatedAuthCredentialProvider credentialProvider;
+	private IPVP2BasicConfiguration pvpConfiguration;
 	
-	public FederatedAuthMetadataConfiguration(String authURL, FederatedAuthCredentialProvider credentialProvider) {
+	public FederatedAuthMetadataConfiguration(String authURL, 
+			FederatedAuthCredentialProvider credentialProvider,
+			IPVP2BasicConfiguration pvpConfiguration) {
 		this.authURL = authURL;
 		this.credentialProvider = credentialProvider;
-				
+		this.pvpConfiguration = pvpConfiguration;
 	}
 	
 	
@@ -125,9 +126,9 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo
 	@Override
 	public List<ContactPerson> getContactPersonInformation() {
 		try {
-			return PVPConfiguration.getInstance().getIDPContacts();
+			return pvpConfiguration.getIDPContacts();
 			
-		} catch (ConfigurationException e) {
+		} catch (EAAFException e) {
 			Logger.warn("Can not load Metadata entry: Contect Person", e);
 			return null;
 			
@@ -141,9 +142,9 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo
 	@Override
 	public Organization getOrgansiationInformation() {
 		try {
-			return PVPConfiguration.getInstance().getIDPOrganisation();
+			return pvpConfiguration.getIDPOrganisation();
 			
-		} catch (ConfigurationException e) {
+		} catch (EAAFException e) {
 			Logger.warn("Can not load Metadata entry: Organisation", e);
 			return null;
 			
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
index 000590923..6cbe558e7 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
@@ -28,8 +28,8 @@ import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.xml.security.credential.Credential;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation;
 
 /**
  * @author tlenz
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
index 399845643..6a733adb8 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java
@@ -36,12 +36,13 @@ import com.google.common.net.MediaType;
 
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthMetadataConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
 
 /**
@@ -54,6 +55,7 @@ public class FederatedAuthMetadataController extends AbstractController {
 	@Autowired PVPMetadataBuilder metadatabuilder;
 	@Autowired AuthConfiguration authConfig;
 	@Autowired FederatedAuthCredentialProvider credentialProvider; 
+	@Autowired IPVP2BasicConfiguration pvpConfiguration;
 	
 	public FederatedAuthMetadataController() {
 		super();
@@ -76,7 +78,7 @@ public class FederatedAuthMetadataController extends AbstractController {
 			} else {
 				//initialize metadata builder configuration
 				IPVPMetadataBuilderConfiguration metadataConfig = 
-						new FederatedAuthMetadataConfiguration(authURL, credentialProvider);
+						new FederatedAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration);
 				
 				//build metadata
 				String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
index 717099a8d..20fd5ebc4 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
@@ -35,9 +35,12 @@ import org.opensaml.xml.security.SecurityException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthnRequestBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider;
@@ -46,10 +49,7 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -63,6 +63,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 	@Autowired PVPAuthnRequestBuilder authnReqBuilder;
 	@Autowired FederatedAuthCredentialProvider credential;
 	@Autowired(required=true) MOAMetadataProvider metadataProvider;
+	@Autowired(required=true) ILoALevelMapper loaMapper; 
 	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
@@ -117,7 +118,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			//build and transmit AuthnRequest
 			authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response);
 			
-		} catch (MOAIDException | MetadataProviderException e) {
+		} catch (MetadataProviderException e) {
 			throw new TaskExecutionException(pendingReq, "Build PVP2.1 AuthnRequest for SSO inderfederation FAILED.", e);
 
 		} catch (MessageEncodingException | NoSuchAlgorithmException  | SecurityException e) {
@@ -182,7 +183,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 					pendingReq.getClass().isInstance(storkRequst)) {
 				
 				try {									
-					secClass = LoALevelMapper.getInstance().mapToSecClass(
+					secClass = loaMapper.mapToSecClass(
 							PVPConstants.STORK_QAA_PREFIX + String.valueOf(storkSecClass));
 				
 				} catch (Exception e) {
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
index c20342a11..bb7f735aa 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
@@ -48,6 +48,18 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
@@ -60,22 +72,9 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnResponseValidationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
-import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
-import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -106,17 +105,17 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 		
 		try {
 			
-			IDecoder decoder = null;
-			MOAURICompare comperator = null;
+			IDecoder decoder = null; 
+			EAAFURICompare comperator = null;
 			//select Response Binding
 			if (request.getMethod().equalsIgnoreCase("POST")) {
 				decoder = new PostBinding();
-				comperator = new MOAURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_POST);
+				comperator = new EAAFURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_POST);
 				Logger.trace("Receive PVP Response from federated IDP, by using POST-Binding.");
 				
 			}  else if (request.getMethod().equalsIgnoreCase("GET")) {
 				decoder = new RedirectBinding();
-				comperator = new MOAURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_REDIRECT);
+				comperator = new EAAFURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_REDIRECT);
 				Logger.trace("Receive PVP Response from federated IDP, by using Redirect-Binding.");
 				
 			} else {
@@ -148,7 +147,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE);
 			
 			//validate assertion
-			MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg);
+			PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg);
 			
 			//load IDP and SP configuration
 			IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class);
@@ -171,11 +170,11 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			if (spConfig.isInderfederationIDP()) {
 				//SP is a federated IDP  --> answer only with nameID and wait for attribute-Query
 				pendingReq.setGenericDataToSession(
-						PVPTargetConfiguration.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true);				
+						MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true);				
 				pendingReq.setGenericDataToSession(
-						PVPTargetConfiguration.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID());
+						MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID());
 				pendingReq.setGenericDataToSession(
-						PVPTargetConfiguration.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel());
+						MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel());
 
 				authenticatedSessionStorage.
 					addFederatedSessionInformation(pendingReq, 
@@ -369,7 +368,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 	 * @throws AssertionValidationExeption 
 	 * @throws AuthnResponseValidationException 
 	 */
-	private MOAResponse preProcessAuthResponse(MOAResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException {
+	private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException {
 		Logger.debug("Start PVP21 assertion processing... ");
 		Response samlResp = (Response) msg.getResponse();
 
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
index 9ef02935b..38568cdd8 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java
@@ -25,11 +25,11 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.utils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider;
-import at.gv.egovernment.moa.util.FileUtils;
 
 /**
  * @author tlenz
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 3452da003..92bcce24b 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -32,11 +32,11 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IAction;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface;
+import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.data.SLOInformationImpl;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.URLEncoder;
@@ -121,7 +121,7 @@ public class GetArtifactAction implements IAction {
 					new SLOInformationImpl(req.getAuthURL(), oaParam.getPublicURLPrefix(), authData.getAssertionID(), null, null, req.requestedModule());
 			
 			return sloInformation;
-			
+			 
 		} catch (Exception ex) {
 			Logger.error("SAML1 Assertion build error", ex);
 			throw new AuthenticationException("SAML1 Assertion build error.", new Object[]{}, ex);
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index 85e2107c6..73d99d93b 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -72,12 +72,12 @@ import org.xml.sax.SAXException;
 
 import com.google.common.net.MediaType;
 
+import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
@@ -338,7 +338,7 @@ public class GetAuthenticationDataService extends AbstractController implements
 			is = Thread.currentThread()
 					.getContextClassLoader()
 					.getResourceAsStream(templateURL);	
-		
+		 
 			VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();		
 			BufferedReader reader = new BufferedReader(new InputStreamReader(is ));				
 			StringWriter writer = new StringWriter();						
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
index c53d1c98d..51d722dc4 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java
@@ -52,6 +52,7 @@ import java.util.List;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
+import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DateTimeUtils;
 
@@ -88,7 +89,8 @@ public class SAML1AuthenticationData extends MOAAuthenticationData {
   private List<ExtendedSAMLAttribute> extendedSAMLAttributesOA;
   
 
-  public SAML1AuthenticationData() {	  	
+  public SAML1AuthenticationData(LoALevelMapper loaMapper) {
+	  	super(loaMapper);
 		this.setMajorVersion(1);
 		this.setMinorVersion(0);
 		this.setAssertionID(Random.nextRandom());	  
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 1be3e3daa..73afec4e0 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -47,6 +47,7 @@ import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
@@ -66,7 +67,6 @@ import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
-import at.gv.egovernment.moa.id.data.Pair;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
@@ -490,7 +490,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 						&& Constants.URN_PREFIX_BASEID
 								.equals(identificationType)) {
 					// now we calculate the wbPK and do so if we got it from the
-					// BKU
+					// BKU 
 					
 					//load IdentityLinkDomainType from OAParam 					
 					Pair<String, String> targedId = new BPKBuilder().generateAreaSpecificPersonIdentifier(
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 54b137ce1..aa3fce249 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -94,10 +94,11 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
 		return NAME;
 	}
 
-	public String getPath() {
+	@Override
+	public String getAuthProtocolIdentifier() {
 		return PATH;
+		
 	}
-
 	
 	@RequestMapping(value = "/StartAuthentication", method = {RequestMethod.POST, RequestMethod.GET})
 	public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException {		
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
index 60d64a3ac..9ba1c4dd3 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
@@ -31,10 +31,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 
 import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
 
 public class TestManager{
 	
diff --git a/pom.xml b/pom.xml
index 6e5ee2fb8..2faf73b09 100644
--- a/pom.xml
+++ b/pom.xml
@@ -35,7 +35,7 @@
 			<moa-id-module-elga_mandate_client>1.3.1</moa-id-module-elga_mandate_client>
 
 			<!-- =================================================================================== -->
-			<eaaf-core.version>1.0.0-snapshot</eaaf-core.version>							
+			<egiz.eaaf.version>1.0.0-snapshot</egiz.eaaf.version>							
 			<org.springframework.version>4.3.13.RELEASE</org.springframework.version>
 			<org.springframework.data.spring-data-jpa>1.11.9.RELEASE</org.springframework.data.spring-data-jpa>
 			<surefire.version>2.20.1</surefire.version>		
@@ -442,9 +442,25 @@
 						<dependency>
 	    					<groupId>at.gv.egiz.eaaf</groupId>
 	  						<artifactId>eaaf-core</artifactId>
-	  						<version>${eaaf-core.version}</version>
-	  					</dependency> 
-
+	  						<version>${egiz.eaaf.version}</version>
+	  					</dependency>
+	  					<dependency>
+	  						<groupId>at.gv.egiz.eaaf</groupId>
+  							<artifactId>eaaf_module_pvp2_idp</artifactId>
+  							<version>${egiz.eaaf.version}</version>
+  						</dependency>
+  						<dependency> 
+							<groupId>at.gv.egiz.eaaf</groupId>
+  							<artifactId>eaaf_module_pvp2_sp</artifactId>
+  							<version>${egiz.eaaf.version}</version>
+						</dependency>  							
+						<dependency>
+        					<groupId>at.gv.egiz.eaaf</groupId>
+        					<artifactId>eaaf_module_pvp2_core</artifactId>
+        					<version>${egiz.eaaf.version}</version>
+        				</dependency>  							
+  							
+  							
       					<dependency>
 							<groupId>MOA.id.server</groupId>
 							<artifactId>moa-id-spring-initializer</artifactId>
-- 
cgit v1.2.3


From d1d206293ea012fd37c891673a8b5e74ad40a0cf Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 22 Jun 2018 15:20:53 +0200
Subject: some more pvp2 updates

---
 .../id/demoOA/servlet/pvp2/DemoApplication.java    |    2 +-
 .../moa/id/demoOA/servlet/pvp2/Index.java          |    2 +-
 .../moa/id/advancedlogging/MOAReversionLogger.java |    2 +-
 .../id/auth/builder/AuthenticationDataBuilder.java |  657 +++-------
 .../moa/id/auth/builder/BPKBuilder.java            |  359 ------
 .../auth/builder/MOAIDSubjectNameIdGenerator.java  |    5 +-
 .../moa/id/auth/data/AuthenticationSession.java    |   10 +-
 .../id/auth/data/AuthenticationSessionWrapper.java |  231 +---
 .../egovernment/moa/id/auth/data/IdentityLink.java |  312 -----
 .../auth/parser/IdentityLinkAssertionParser.java   |   10 +-
 .../parser/VerifyXMLSignatureResponseParser.java   |    4 +-
 .../id/config/auth/OAAuthParameterDecorator.java   |   43 +-
 .../config/auth/data/DynamicOAAuthParameters.java  |   18 +
 .../gv/egovernment/moa/id/data/IMOAAuthData.java   |    4 +-
 .../at/gv/egovernment/moa/id/data/MISMandate.java  |    2 +-
 .../moa/id/data/MOAAuthenticationData.java         |   47 +-
 .../builder/attributes/EIDIdentityLinkBuilder.java |   76 --
 .../MandateFullMandateAttributeBuilder.java        |    2 +-
 .../MandateNaturalPersonBPKAttributeBuilder.java   |    7 +-
 .../metadata/MOASPMetadataSignatureFilter.java     |    2 +-
 .../moa/id/util/IdentityLinkReSigner.java          |    2 +-
 .../moa/id/util/ParamValidatorUtils.java           |    2 +-
 .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder |    1 -
 .../src/test/java/test/MOAIDTestCase.java          |    4 +-
 .../commons/api/data/AuthProzessDataConstants.java |   22 +-
 .../commons/api/data/IAuthenticationSession.java   |  106 +-
 .../moa/id/commons/api/data/IIdentityLink.java     |  175 ---
 .../java/at/gv/egovernment/moa/util/DOMUtils.java  | 1263 --------------------
 .../gv/egovernment/moa/util/MOADefaultHandler.java |    6 +-
 .../egovernment/moa/util/NodeIteratorAdapter.java  |  111 --
 .../gv/egovernment/moa/util/NodeListAdapter.java   |   68 --
 .../at/gv/egovernment/moa/util/XPathException.java |   86 --
 .../at/gv/egovernment/moa/util/XPathUtils.java     |  557 ---------
 .../test/at/gv/egovernment/moa/MOATestCase.java    |    2 +-
 .../at/gv/egovernment/moa/util/DOMUtilsTest.java   |    2 +-
 .../at/gv/egovernment/moa/util/XPathUtilsTest.java |    3 +-
 .../AbstractGUIFormBuilderConfiguration.java       |  111 --
 ...roviderSpecificGUIFormBuilderConfiguration.java |    1 +
 .../DefaultGUIFormBuilderConfiguration.java        |    1 +
 .../auth/frontend/builder/GUIFormBuilderImpl.java  |  165 +--
 .../moa/id/auth/AuthenticationServer.java          |   15 +-
 .../builder/AuthenticationAssertionBuilder.java    |    2 +-
 .../AuthenticationBlockAssertionBuilder.java       |    2 +-
 .../moa/id/auth/builder/PersonDataBuilder.java     |    6 +-
 .../moa/id/auth/builder/SAMLResponseBuilder.java   |    2 +-
 .../builder/VerifyXMLSignatureRequestBuilder.java  |    2 +-
 .../modules/internal/tasks/GetForeignIDTask.java   |    6 +-
 .../internal/tasks/GetMISSessionIDTask.java        |    2 +-
 .../internal/tasks/PrepareGetMISMandateTask.java   |    2 +-
 .../parser/CreateXMLSignatureResponseParser.java   |    4 +-
 .../parser/ExtendedInfoboxReadResponseParser.java  |    2 +-
 .../id/auth/parser/InfoboxReadResponseParser.java  |    6 +-
 .../CreateXMLSignatureResponseValidator.java       |    9 +-
 .../id/auth/validator/IdentityLinkValidator.java   |    6 +-
 .../VerifyXMLSignatureResponseValidator.java       |    2 +-
 .../moa/id/auth/validator/parep/ParepUtils.java    |    4 +-
 .../id/util/client/mis/simple/MISSimpleClient.java |    2 +-
 .../builder/InfoboxReadRequestBuilderTest.java     |    3 +-
 .../moa/id/auth/builder/PersonDataBuilderTest.java |    2 +-
 .../parser/IdentityLinkAssertionParserTest.java    |    9 +-
 .../auth/parser/InfoboxReadResponseParserTest.java |    6 +-
 .../tasks/FirstBKAMobileAuthTask.java              |    4 +-
 .../tasks/SecondBKAMobileAuthTask.java             |    4 +-
 .../eidas/tasks/CreateIdentityLinkTask.java        |    8 +-
 .../elgamandates/tasks/RequestELGAMandateTask.java |    2 +-
 .../attributes/OAuth20AttributeBuilder.java        |    2 +-
 .../sl20_auth/tasks/ReceiveQualeIDTask.java        |    2 +-
 .../data/SSOTransferAuthenticationData.java        |    2 +-
 .../data/SSOTransferOnlineApplication.java         |   18 +
 .../ssotransfer/servlet/SSOTransferServlet.java    |    5 +-
 .../ssotransfer/utils/SSOContainerUtils.java       |    2 +-
 .../saml1/GetAuthenticationDataService.java        |    6 +-
 .../protocols/saml1/SAML1AuthenticationServer.java |    9 +-
 .../moa/id/monitoring/IdentityLinkTestModule.java  |    4 +-
 74 files changed, 398 insertions(+), 4247 deletions(-)
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeIteratorAdapter.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeListAdapter.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathException.java
 delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java
 delete mode 100644 id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java

(limited to 'id/server/moa-id-frontend-resources/src')

diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
index 93622f828..aeb4d8eac 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
@@ -78,12 +78,12 @@ import org.opensaml.xml.security.x509.X509Credential;
 import org.opensaml.xml.signature.Signature;
 import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.demoOA.Configuration;
 import at.gv.egovernment.moa.id.demoOA.Constants;
 import at.gv.egovernment.moa.id.demoOA.PVPConstants;
 import at.gv.egovernment.moa.id.demoOA.utils.ApplicationBean;
 import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils;
-import at.gv.egovernment.moa.util.DOMUtils;
 
 public class DemoApplication extends HttpServlet {
 	Logger log = Logger.getLogger(DemoApplication.class);
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java
index 28003528b..bac3e1949 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java
@@ -83,11 +83,11 @@ import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.demoOA.Configuration;
 import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException;
 import at.gv.egovernment.moa.id.demoOA.utils.ApplicationBean;
 import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
index 8298b082b..9894ffbe9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/MOAReversionLogger.java
@@ -33,11 +33,11 @@ import org.springframework.stereotype.Service;
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
 import at.gv.egiz.eaaf.modules.pvp2.PVPEventConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 998817b19..b6f78119c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -23,19 +23,14 @@
 package at.gv.egovernment.moa.id.auth.builder;
 
 import java.io.IOException;
-import java.io.InputStream;
 import java.lang.reflect.InvocationTargetException;
 import java.security.PrivateKey;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Collection;
 import java.util.Date;
 import java.util.Iterator;
 import java.util.List;
 
-import javax.naming.ldap.LdapName;
-import javax.naming.ldap.Rdn;
-
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.w3c.dom.DOMException;
@@ -46,17 +41,24 @@ import org.w3c.dom.NodeList;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IAuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFParserException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.exceptions.XPathException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException;
-import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
@@ -64,7 +66,6 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -82,24 +83,21 @@ import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.MiscUtil;
-import at.gv.egovernment.moa.util.XPathException;
-import at.gv.egovernment.moa.util.XPathUtils;
 import at.gv.util.client.szr.SZRClient;
 import at.gv.util.config.EgovUtilPropertiesConfiguration;
 import at.gv.util.wsdl.szr.SZRException;
 import at.gv.util.xsd.szr.PersonInfoType;
-import iaik.x509.X509Certificate;
 
 /**
  * @author tlenz
  *
  */
 @Service("AuthenticationDataBuilder")
-public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAuthenticationDataBuilder{
+public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder {
 
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
 	@Autowired protected AuthConfiguration authConfig;
-	@Autowired private LoALevelMapper loaLevelMapper; 
+	@Autowired protected LoALevelMapper loaLevelMapper; 
 	
 	@Override
 	public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
@@ -108,16 +106,17 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 					new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()),
 					pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class));
 			
-		} catch (ConfigurationException | BuildException | WrongParametersException | DynamicOABuildException e) {
+		} catch (ConfigurationException | BuildException | WrongParametersException | DynamicOABuildException | EAAFBuilderException e) {
 			Logger.warn("Can not build authentication data from session information");
 			throw new EAAFAuthenticationException("TODO", new Object[]{},					
 					"Can not build authentication data from session information", e);
+			
 		}
 		
 	}
 		
 	private IAuthData buildAuthenticationData(IRequest pendingReq, 
-            IAuthenticationSession session,  IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException {		
+            IAuthenticationSession session,  IOAAuthParameters oaParam) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException, EAAFBuilderException {		
 		MOAAuthenticationData authdata = null;		
 		
 		//only needed for SAML1 legacy support
@@ -181,96 +180,13 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 	}
 			
 	private void buildAuthDataFormMOASession(MOAAuthenticationData authData, IAuthenticationSession session, 
-			IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException {
-
-		Collection<String> includedToGenericAuthData = null;
-		if (session.getGenericSessionDataStorage() != null &&  
-				!session.getGenericSessionDataStorage().isEmpty())
-			includedToGenericAuthData = session.getGenericSessionDataStorage().keySet();
-		else
-			includedToGenericAuthData = new ArrayList<String>();
-		
-		try {		
-			//####################################################
-			//set general authData info's
-			authData.setAuthenticationIssuer(protocolRequest.getAuthURL());
-			authData.setSsoSession(protocolRequest.needSingleSignOnFunctionality());			
-			authData.setBaseIDTransferRestrication(oaParam.hasBaseIdTransferRestriction());
-			
-		
-			//####################################################
-			//parse user info's from identityLink
-			IIdentityLink idlFromPVPAttr = null;
-			IIdentityLink identityLink = session.getIdentityLink();		
-			if (identityLink != null) {
-				parseBasicUserInfosFromIDL(authData, identityLink, includedToGenericAuthData);
-			
-			} else {
-				// identityLink is not direct in MOASession
-				String pvpAttrIDL = session.getGenericDataFromSession(PVPConstants.EID_IDENTITY_LINK_NAME, String.class);
-					//find PVP-Attr. which contains the IdentityLink
-				if (MiscUtil.isNotEmpty(pvpAttrIDL)) {
-					Logger.debug("Find PVP-Attr: " + PVPConstants.EID_IDENTITY_LINK_FRIENDLY_NAME
-							+ " --> Parse basic user info's from that attribute.");
-					InputStream idlStream = null;
-					try {
-						idlStream = Base64Utils.decodeToStream(pvpAttrIDL, false);				
-						idlFromPVPAttr = new IdentityLinkAssertionParser(idlStream).parseIdentityLink();
-						parseBasicUserInfosFromIDL(authData, idlFromPVPAttr, includedToGenericAuthData);
-															
-					} catch (ParseException e) {
-						Logger.error("Received IdentityLink is not valid", e);
-						
-					} catch (Exception e) {
-						Logger.error("Received IdentityLink is not valid", e);
-						
-					} finally {
-						try {
-							includedToGenericAuthData.remove(PVPConstants.EID_IDENTITY_LINK_NAME);
-							if (idlStream != null)						
-								idlStream.close();
-							
-						} catch (IOException e) {
-							Logger.fatal("Close InputStream FAILED.", e);
-							
-						}
-						
-					}
-					
-				}
-				
-				//if no basic user info's are set yet, parse info's single PVP-Attributes
-				if (MiscUtil.isEmpty(authData.getFamilyName())) {
-					Logger.debug("No IdentityLink found or not parseable --> Parse basic user info's from single PVP-Attributes.");
-					authData.setFamilyName(session.getGenericDataFromSession(PVPConstants.PRINCIPAL_NAME_NAME, String.class));		
-					authData.setGivenName(session.getGenericDataFromSession(PVPConstants.GIVEN_NAME_NAME, String.class));		
-					authData.setDateOfBirth(session.getGenericDataFromSession(PVPConstants.BIRTHDATE_NAME, String.class));
-					authData.setIdentificationValue(session.getGenericDataFromSession(PVPConstants.EID_SOURCE_PIN_NAME, String.class));		
-					authData.setIdentificationType(session.getGenericDataFromSession(PVPConstants.EID_SOURCE_PIN_TYPE_NAME, String.class));
-					
-					//remove corresponding keys from genericSessionData if exists
-					includedToGenericAuthData.remove(PVPConstants.PRINCIPAL_NAME_NAME);
-					includedToGenericAuthData.remove(PVPConstants.GIVEN_NAME_NAME);
-					includedToGenericAuthData.remove(PVPConstants.BIRTHDATE_NAME);
-					includedToGenericAuthData.remove(PVPConstants.EID_SOURCE_PIN_NAME);
-					includedToGenericAuthData.remove(PVPConstants.EID_SOURCE_PIN_TYPE_NAME);
-				}
-								
-			}
-			
-			if (authData.getIdentificationType() != null && 
-					!authData.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
-				Logger.trace("IdentificationType is not a baseID --> clear it. ");
-				authData.setBPK(authData.getIdentificationValue());
-				authData.setBPKType(authData.getIdentificationType());
-				
-				authData.setIdentificationValue(null);
-				authData.setIdentificationType(null);
-								
-			}
+			IOAAuthParameters oaParam, IRequest protocolRequest) throws BuildException, ConfigurationException, EAAFBuilderException {
+		try {
+			//generate basic authentication data
+			generateBasicAuthData(authData, protocolRequest, session);
 			
 			
-			//####################################################
+			// #### generate MOA-ID specific authentication data ######
 			//set BKU URL
 			includedToGenericAuthData.remove(PVPConstants.EID_CCS_URL_NAME);
 			if (MiscUtil.isNotEmpty(session.getBkuURL()))
@@ -282,41 +198,50 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 			//TODO: fully switch from STORK QAA to eIDAS LoA
 			//####################################################
 			//set QAA level
-			includedToGenericAuthData.remove(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME);
-			String currentLoA = null;
-			if (MiscUtil.isNotEmpty(session.getQAALevel()))
-				currentLoA = session.getQAALevel();			
-			else {
-				currentLoA = session.getGenericDataFromSession(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, String.class);
-				if (MiscUtil.isNotEmpty(currentLoA)) {
-					Logger.debug("Find PVP-Attr '" + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA
-							+ " --> Parse QAA-Level from that attribute.");
+			if (MiscUtil.isNotEmpty(authData.getEIDASQAALevel())) {
+				Logger.debug("Find eIDAS LoA. Map it to STORK QAA");
+				authData.setQAALevel(loaLevelMapper.mapeIDASQAAToSTORKQAA(authData.getEIDASQAALevel()));
+				
+			} else {
+				Logger.info("Find NO eIDAS Loa. Starting STORK QAA processing as backup ... ");
+			
+							
+				includedToGenericAuthData.remove(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME);
+				String currentLoA = null;
+				if (MiscUtil.isNotEmpty(session.getQAALevel()))
+					currentLoA = session.getQAALevel();			
+				else {
+					currentLoA = session.getGenericDataFromSession(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, String.class);
+					if (MiscUtil.isNotEmpty(currentLoA)) {
+						Logger.debug("Find PVP-Attr '" + PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME + "':" + currentLoA
+								+ " --> Parse QAA-Level from that attribute.");
 					
+					}
 				}
-			}
 				
-			if (MiscUtil.isNotEmpty(currentLoA)) {					
-				if (currentLoA.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
-					authData.setQAALevel(currentLoA);
-					authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(currentLoA));
+				if (MiscUtil.isNotEmpty(currentLoA)) {					
+					if (currentLoA.startsWith(PVPConstants.STORK_QAA_PREFIX)) {
+						authData.setQAALevel(currentLoA);
+						authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(currentLoA));
 
-				} else if (currentLoA.startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) {
-					authData.setQAALevel(loaLevelMapper.mapeIDASQAAToSTORKQAA(currentLoA));
-					authData.seteIDASLoA(currentLoA);
+					} else if (currentLoA.startsWith(EAAFConstants.EIDAS_QAA_PREFIX)) {
+						authData.setQAALevel(loaLevelMapper.mapeIDASQAAToSTORKQAA(currentLoA));
+						authData.seteIDASLoA(currentLoA);
 										
-				} else { 
-					Logger.debug("Found PVP SecClass. QAA mapping process starts ... ");				
-					String mappedStorkQAA = loaLevelMapper.mapSecClassToQAALevel(currentLoA);
-					if (MiscUtil.isNotEmpty(mappedStorkQAA)) {
-						authData.setQAALevel(mappedStorkQAA);
-						authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(mappedStorkQAA));
+					} else { 
+						Logger.debug("Found PVP SecClass. QAA mapping process starts ... ");				
+						String mappedStorkQAA = loaLevelMapper.mapSecClassToQAALevel(currentLoA);
+						if (MiscUtil.isNotEmpty(mappedStorkQAA)) {
+							authData.setQAALevel(mappedStorkQAA);
+							authData.seteIDASLoA(loaLevelMapper.mapSTORKQAAToeIDASQAA(mappedStorkQAA));
 						
-					}										
-				}
-			}		
+						}										
+					}
+				}		
+			}
 			
 			//if no QAA level is set in MOASession then set default QAA level  
-			if (MiscUtil.isEmpty(authData.getQAALevel())) {														
+			if (MiscUtil.isEmpty(authData.getEIDASQAALevel())) {														
 				Logger.info("No QAA level found. Set to default level " + EAAFConstants.EIDAS_QAA_LOW);
 				authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + "1");
 				authData.seteIDASLoA(EAAFConstants.EIDAS_QAA_LOW);
@@ -371,65 +296,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 				
 			}
 			
-			
-			//####################################################
-			//set isForeigner flag
-			//TODO: change to new eIDAS-token attribute identifier
-			if (session.getGenericDataFromSession(PVPConstants.EID_STORK_TOKEN_NAME) != null) {
-				Logger.debug("Find PVP-Attr: " + PVPConstants.EID_STORK_TOKEN_FRIENDLY_NAME
-						+ " --> Set 'isForeigner' flag to TRUE");
-				authData.setForeigner(true);
-				
-			} else {		
-				authData.setForeigner(session.isForeigner());
-				
-			}
-					
-			
-			//####################################################
-			//set citizen country-code
-			includedToGenericAuthData.remove(PVPConstants.EID_ISSUING_NATION_NAME);
-			String pvpCCCAttr = session.getGenericDataFromSession(PVPConstants.EID_ISSUING_NATION_NAME, String.class);
-			if (MiscUtil.isNotEmpty(pvpCCCAttr)) {
-				authData.setCiticenCountryCode(pvpCCCAttr);
-				Logger.debug("Find PVP-Attr: " + PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME);
-				
-			} else {
-				if (authData.isForeigner()) {
-					try {
-						if (authData.getSignerCertificate() != null) {					
-							//TODO: replace with TSL lookup when TSL is ready!
-							X509Certificate certificate = new X509Certificate(authData.getSignerCertificate());
-							if (certificate != null) {
-								LdapName ln = new LdapName(certificate.getIssuerDN()
-										.getName());
-								for (Rdn rdn : ln.getRdns()) {
-									if (rdn.getType().equalsIgnoreCase("C")) {
-										Logger.info("C is: " + rdn.getValue());
-										authData.setCiticenCountryCode(rdn.getValue().toString());
-										break;
-									}
-								}
-							}
-							
-						} else
-							Logger.warn("NO PVP-Attr: " + PVPConstants.EID_ISSUING_NATION_NAME 
-									+ " and NO SignerCertificate in MOASession -->"
-									+ " Can NOT extract citizen-country of foreign person.");
-						
-						
-					} catch (Exception e) {
-						Logger.error("Failed to extract country code from certificate with message: " + e.getMessage());
-						
-					}
-									
-				} else {
-					authData.setCiticenCountryCode(COUNTRYCODE_AUSTRIA);
-					
-				}			
-			}
-			
-			
+											
 			//####################################################
 			//set max. SSO session time
 			includedToGenericAuthData.remove(AuthenticationSessionStorageConstants.FEDERATION_RESPONSE_VALIDE_TO);
@@ -558,11 +425,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 					includedToGenericAuthData.remove(PVPConstants.MANDATE_PROF_REP_OID_NAME);
 				}
 			}
-		
-		
-		
-		
-						
+					
 			//####################################################
 			// set bPK and IdentityLink for Organwalter --> 
 			//        Organwalter has a special bPK is received from MIS 
@@ -572,111 +435,14 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 				authData.setBPK(misMandate.getOWbPK());
 				authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");
 				Logger.trace("Authenticated User is OW: " + misMandate.getOWbPK());
-				
-				
-				//TODO: check in case of mandates for business services
-				if (identityLink != null)
-					authData.setIdentityLink(identityLink);
-			
-				else if (idlFromPVPAttr != null){
-					authData.setIdentityLink(idlFromPVPAttr);
-					Logger.debug("Set IdentityLink received from federated IDP for Organwalter");
-										
-				} else
-					Logger.info("Can NOT set Organwalter IdentityLink. Msg: No IdentityLink found");				
-
-				
+											
 				//set bPK and IdenityLink for all other
-			} else {
-				//build bPK
-				String pvpbPKValue = getbPKValueFromPVPAttribute(session);
-				String pvpbPKTypeAttr = getbPKTypeFromPVPAttribute(session);				
-				Pair<String, String> pvpEncbPKAttr = getEncryptedbPKFromPVPAttribute(session, authData, oaParam);
-
-				//check if a unique ID for this citizen exists
-				if (MiscUtil.isEmpty(authData.getIdentificationValue()) && 
-						MiscUtil.isEmpty(pvpbPKValue) && MiscUtil.isEmpty(authData.getBPK()) &&
-						pvpEncbPKAttr == null) {
-					Logger.info("Can not build authData, because moaSession include no bPK, encrypted bPK or baseID");
-					throw new MOAIDException("builder.08", new Object[]{"No " + PVPConstants.BPK_FRIENDLY_NAME
-							+ " or " + PVPConstants.EID_SOURCE_PIN_FRIENDLY_NAME 
-							+ " or " + PVPConstants.ENC_BPK_LIST_FRIENDLY_NAME});
-					
-				}
-								
-				// baseID is in MOASesson --> calculate bPK directly
-				if (MiscUtil.isNotEmpty(authData.getIdentificationValue())) {
-					Logger.debug("Citizen baseID is in MOASession --> calculate bPK from this.");
-					Pair<String, String> result = buildOAspecificbPK(protocolRequest, oaParam, authData);
-					authData.setBPK(result.getFirst());
-					authData.setBPKType(result.getSecond());
-					
-					//check if bPK already added to AuthData matches OA					
-				} else if (MiscUtil.isNotEmpty(authData.getBPK()) 
-						&& matchsReceivedbPKToOnlineApplication(oaParam, authData.getBPKType()) ) { 
-					Logger.debug("Correct bPK is already included in AuthData.");
-
-					//check if bPK received by PVP-Attribute matches OA
-				} else if (MiscUtil.isNotEmpty(pvpbPKValue) && 
-						matchsReceivedbPKToOnlineApplication(oaParam, pvpbPKTypeAttr)) {
-					Logger.debug("Receive correct bPK from PVP-Attribute");
-					authData.setBPK(pvpbPKValue);
-					authData.setBPKType(pvpbPKTypeAttr);
-					
-					//check if decrypted bPK exists
-				} else if (pvpEncbPKAttr != null) {
-					Logger.debug("Receive bPK as encrypted bPK and decryption was possible.");
-					authData.setBPK(pvpEncbPKAttr.getFirst());
-					authData.setBPKType(pvpEncbPKAttr.getSecond());
+				Logger.debug("User is an OW. Set original IDL into authdata ... ");
+				authData.setIdentityLink(session.getIdentityLink());
 				
-					//ask SZR to get bPK
-				} else {
-					String notValidbPK = authData.getBPK();  
-					String notValidbPKType = authData.getBPKType();					
-					if (MiscUtil.isEmpty(notValidbPK) && 
-							MiscUtil.isEmpty(notValidbPKType)) {
-						notValidbPK = pvpbPKValue;
-						notValidbPKType = pvpbPKTypeAttr;
-						
-						if (MiscUtil.isEmpty(notValidbPK) && 
-								MiscUtil.isEmpty(notValidbPKType)) {
-							Logger.fatal("No bPK in MOASession. THIS error should not occur any more.");
-							throw new NullPointerException("No bPK in MOASession. THIS error should not occur any more.");							
-						}						
-					}	
-										
-					Pair<String, String> baseIDFromSZR = getbaseIDFromSZR(authData, notValidbPK, notValidbPKType);
-					if (baseIDFromSZR != null) {
-						Logger.info("Receive citizen baseID from SRZ. Authentication can be completed");
-						authData.setIdentificationValue(baseIDFromSZR.getFirst());
-						authData.setIdentificationType(baseIDFromSZR.getSecond());
-						Pair<String, String> result = buildOAspecificbPK(protocolRequest, oaParam, authData);
-						authData.setBPK(result.getFirst());
-						authData.setBPKType(result.getSecond());
-						
-					} else {
-						Logger.warn("Can not build authData, because moaSession include no valid bPK, encrypted bPK or baseID");
-						throw new MOAIDException("builder.08", new Object[]{"No valid " + PVPConstants.BPK_FRIENDLY_NAME
-								+ " or " + PVPConstants.EID_SOURCE_PIN_FRIENDLY_NAME 
-								+ " or " + PVPConstants.ENC_BPK_LIST_FRIENDLY_NAME});
-						
-					}					
-				}
-								
-				//build IdentityLink
-				if (identityLink != null)
-					authData.setIdentityLink(buildOAspecificIdentityLink(oaParam, identityLink, authData.getBPK(), authData.getBPKType()));
 				
-				else if (idlFromPVPAttr != null) {					
-					authData.setIdentityLink(buildOAspecificIdentityLink(oaParam, idlFromPVPAttr, authData.getBPK(), authData.getBPKType()));
-					Logger.debug("Set IdentityLink received from federated IDP");
 				
-				} else {
-					Logger.info("Can NOT set IdentityLink. Msg: No IdentityLink found");
-					
-				}            	                        
-			}
-			
+			}			
 			
 			//###################################################################
 			//set PVP role attribute (implemented for ISA 1.18 action)
@@ -738,7 +504,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 				}				
 			}
 			
-		} catch (BuildException e) {
+		} catch (EAAFBuilderException e) {
 			throw e;
 			
         } catch (Throwable ex) {
@@ -747,38 +513,6 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
         }
 		
 	}
-
-	/**
-	 * Check a bPK-Type against a Service-Provider configuration <br>
-	 * If bPK-Type is <code>null</code> the result is <code>false</code>.
-	 * 
-	 * @param oaParam Service-Provider configuration, never null
-	 * @param bPKType bPK-Type to check
-	 * @return true, if bPK-Type matchs to Service-Provider configuration, otherwise false
-	 * @throws ConfigurationException 
-	 */
-	private boolean matchsReceivedbPKToOnlineApplication(IOAAuthParameters oaParam, String bPKType) throws ConfigurationException {						
-		return oaParam.getAreaSpecificTargetIdentifier().equals(bPKType);
-
-	}
-
-	private void parseBasicUserInfosFromIDL(AuthenticationData authData, IIdentityLink identityLink, Collection<String> includedGenericSessionData) {
-		//baseID or wbpk in case of BusinessService without SSO or BusinessService SSO
-		authData.setIdentificationValue(identityLink.getIdentificationValue());
-		authData.setIdentificationType(identityLink.getIdentificationType());
-
-		authData.setGivenName(identityLink.getGivenName());
-		authData.setFamilyName(identityLink.getFamilyName());
-		authData.setDateOfBirth(identityLink.getDateOfBirth());
-		
-		//remove corresponding keys from genericSessionData if exists
-		includedGenericSessionData.remove(PVPConstants.PRINCIPAL_NAME_NAME);
-		includedGenericSessionData.remove(PVPConstants.GIVEN_NAME_NAME);
-		includedGenericSessionData.remove(PVPConstants.BIRTHDATE_NAME);
-		includedGenericSessionData.remove(PVPConstants.EID_SOURCE_PIN_NAME);
-		includedGenericSessionData.remove(PVPConstants.EID_SOURCE_PIN_TYPE_NAME);
-		
-	}
 	
 	/**
 	 * @param authData
@@ -786,7 +520,8 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 	 * @param notValidbPKType
 	 * @return
 	 */
-	private Pair<String, String> getbaseIDFromSZR(AuthenticationData authData, String notValidbPK,
+	@Override
+	protected Pair<String, String> getbaseIDFromSZR(AuthenticationData authData, String notValidbPK,
 			String notValidbPKType) {
 		try {
 			EgovUtilPropertiesConfiguration eGovClientsConfig = authConfig.geteGovUtilsConfig();
@@ -841,7 +576,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 	 * MOASession as 'GenericData' <br> <pre><code>session.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class)</code></pre>
 	 * to <code>authData</code>
 	 *  
-	 * @param session MOASession, but never null
+	 * @param authProcessDataContainer MOASession, but never null
 	 * @param authData AuthenticationData DAO
 	 * @param spConfig Service-Provider configuration
 	 * 
@@ -849,194 +584,124 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants implements IAu
 	 *         or <code>null</code> if no attribute exists or can not decrypted
 	 * @throws ConfigurationException 
 	 */
-	private Pair<String, String> getEncryptedbPKFromPVPAttribute(IAuthenticationSession session,
-			MOAAuthenticationData authData, IOAAuthParameters spConfig) throws ConfigurationException {
-		//set List of encrypted bPKs to authData DAO		
-		String pvpEncbPKListAttr = session.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class);
-		if (MiscUtil.isNotEmpty(pvpEncbPKListAttr)) {
-			List<String> encbPKList = Arrays.asList(pvpEncbPKListAttr.split(";"));							
-			authData.setEncbPKList(encbPKList);			
-			
-			//check if one of this encrypted bPK could be decrypt for this Service-Provider
-			for (String fullEncbPK : encbPKList) {
-				int index = fullEncbPK.indexOf("|");								 
-				if (index >= 0) {
-					String encbPK = fullEncbPK.substring(index+1);
-					String second = fullEncbPK.substring(0, index);					
-					int secIndex = second.indexOf("+");
-					if (secIndex >= 0) {
-						String oaTargetId = spConfig.getAreaSpecificTargetIdentifier();
-						if (oaTargetId.startsWith(MOAIDAuthConstants.PREFIX_CDID)) {						
-							String publicServiceShortTarget = oaTargetId.substring(MOAIDAuthConstants.PREFIX_CDID.length());						
-							if (publicServiceShortTarget.equals(second.substring(secIndex+1))) {
-								Logger.debug("Found encrypted bPK for online-application " 
-										+ spConfig.getPublicURLPrefix()
-										+ " Start decryption process ...");
-								PrivateKey privKey = spConfig.getBPKDecBpkDecryptionKey();
-								if (privKey != null) {
-									try {
-										String bPK = BPKBuilder.decryptBPK(encbPK, publicServiceShortTarget, privKey);
-										if (MiscUtil.isNotEmpty(bPK)) {
-											Logger.info("bPK decryption process finished successfully.");
-											return Pair.newInstance(bPK, oaTargetId);
-																															
-										} else {
-											Logger.error("bPK decryption FAILED.");
-										
+	@Override
+	protected Pair<String, String> getEncryptedbPKFromPVPAttribute(IAuthProcessDataContainer authProcessDataContainer,
+			AuthenticationData authData, ISPConfiguration spConfig) throws EAAFBuilderException {
+		//set List of encrypted bPKs to authData DAO
+		if (authData instanceof MOAAuthenticationData && 
+				spConfig instanceof IOAAuthParameters) {
+		
+			String pvpEncbPKListAttr = authProcessDataContainer.getGenericDataFromSession(PVPConstants.ENC_BPK_LIST_NAME, String.class);
+			if (MiscUtil.isNotEmpty(pvpEncbPKListAttr)) {
+				List<String> encbPKList = Arrays.asList(pvpEncbPKListAttr.split(";"));							
+				((MOAAuthenticationData) authData).setEncbPKList(encbPKList);			
+				
+				//check if one of this encrypted bPK could be decrypt for this Service-Provider
+				for (String fullEncbPK : encbPKList) {
+					int index = fullEncbPK.indexOf("|");								 
+					if (index >= 0) {
+						String encbPK = fullEncbPK.substring(index+1);
+						String second = fullEncbPK.substring(0, index);					
+						int secIndex = second.indexOf("+");
+						if (secIndex >= 0) {
+							String oaTargetId = spConfig.getAreaSpecificTargetIdentifier();
+							if (oaTargetId.startsWith(MOAIDAuthConstants.PREFIX_CDID)) {						
+								String publicServiceShortTarget = oaTargetId.substring(MOAIDAuthConstants.PREFIX_CDID.length());						
+								if (publicServiceShortTarget.equals(second.substring(secIndex+1))) {
+									Logger.debug("Found encrypted bPK for online-application " 
+											+ spConfig.getUniqueIdentifier()
+											+ " Start decryption process ...");
+									PrivateKey privKey = ((IOAAuthParameters) spConfig).getBPKDecBpkDecryptionKey();
+									if (privKey != null) {
+										try {
+											String bPK = BPKBuilder.decryptBPK(encbPK, publicServiceShortTarget, privKey);
+											if (MiscUtil.isNotEmpty(bPK)) {
+												Logger.info("bPK decryption process finished successfully.");
+												return Pair.newInstance(bPK, oaTargetId);
+																																
+											} else {
+												Logger.error("bPK decryption FAILED.");
+											
+											}
+										} catch (EAAFBuilderException e) {
+											Logger.error("bPK decryption FAILED.", e);
+											
 										}
-									} catch (BuildException e) {
-										Logger.error("bPK decryption FAILED.", e);
 										
-									}
+									} else {
+										Logger.info("bPK decryption FAILED, because no valid decryption key is found.");
+										
+									}							
 									
 								} else {
-									Logger.info("bPK decryption FAILED, because no valid decryption key is found.");
+									Logger.info("Found encrypted bPK but " +
+											"encrypted bPK target does not match to online-application target"); 
 									
-								}							
+								}
 								
 							} else {
-								Logger.info("Found encrypted bPK but " +
-										"encrypted bPK target does not match to online-application target"); 
+								Logger.info("Encrypted bPKs are only allowed for public services with prefix: " + MOAIDAuthConstants.PREFIX_CDID 
+										+ " BUT oaTarget is " + oaTargetId);
 								
 							}
-							
-						} else {
-							Logger.info("Encrypted bPKs are only allowed for public services with prefix: " + MOAIDAuthConstants.PREFIX_CDID 
-									+ " BUT oaTarget is " + oaTargetId);
-							
-						}
-					}					
-				}							
-			}
-		}
-		
-		return null;
-	}
-
-	/**
-	 * Get bPK from PVP Attribute 'BPK_NAME', which could be exist in
-	 * MOASession as 'GenericData' <br> <pre><code>session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class)</code></pre>
-	 * 
-	 * @param session MOASession, but never null
-	 * @return bPK, which was received by PVP-Attribute, or <code>null</code> if no attribute exists
-	 */
-	private String getbPKValueFromPVPAttribute(IAuthenticationSession session) {
-		String pvpbPKValueAttr = session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class);
-		if (MiscUtil.isNotEmpty(pvpbPKValueAttr)) {
-			
-			//fix a wrong bPK-value prefix, which was used in some PVP Standardportal implementations
-			if (pvpbPKValueAttr.startsWith("bPK:")) {
-				Logger.warn("Attribute " + PVPConstants.BPK_NAME 
-					+ " contains a not standardize prefix! Staring attribute value correction process ...");
-				pvpbPKValueAttr = pvpbPKValueAttr.substring("bPK:".length());
-				
-			}
-			
-			String[] spitted = pvpbPKValueAttr.split(":");
-			if (spitted.length != 2) {
-				Logger.warn("Attribute " + PVPConstants.BPK_NAME + " has a wrong encoding and can NOT be USED!"
-						+ " Value:" + pvpbPKValueAttr);
-				return null;
-				
+						}					
+					}							
+				}
 			}
-			Logger.debug("Find PVP-Attr: " + PVPConstants.BPK_FRIENDLY_NAME);
-			return spitted[1];
 			
-		}
+		} else
+			Logger.warn("AuthData: " + authData.getClass().getName() + " or spConfig: " + spConfig.getClass().getName() 
+					+ " are not MOAID data-objects");
 		
 		return null;
 	}
 
-	/**
-	 * Get bPK-Type from PVP Attribute 'EID_SECTOR_FOR_IDENTIFIER_NAME', which could be exist in
-	 * MOASession as 'GenericData' <br> <pre><code>session.getGenericDataFromSession(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class)</code></pre>
-	 * 
-	 * @param session MOASession, but never null
-	 * @return bPKType, which was received by PVP-Attribute, or <code>null</code> if no attribute exists
-	 */
-	private String getbPKTypeFromPVPAttribute(IAuthenticationSession session) {
-		String pvpbPKTypeAttr = session.getGenericDataFromSession(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class); 
-		if (MiscUtil.isNotEmpty(pvpbPKTypeAttr)) {
-			
-			//fix a wrong bPK-Type encoding, which was used in some PVP Standardportal implementations
-			if (pvpbPKTypeAttr.startsWith(Constants.URN_PREFIX_CDID) && 
-					!pvpbPKTypeAttr.substring(Constants.URN_PREFIX_CDID.length(), 
-							Constants.URN_PREFIX_CDID.length() + 1).equals("+")) {				
-				Logger.warn("Receive uncorrect encoded bBKType attribute " + pvpbPKTypeAttr + " Starting attribute value correction ... ");
-				pvpbPKTypeAttr = Constants.URN_PREFIX_CDID + "+" + pvpbPKTypeAttr.substring(Constants.URN_PREFIX_CDID.length() + 1); 
-				
-			}
-			Logger.debug("Find PVP-Attr: " + PVPConstants.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME);
-			return pvpbPKTypeAttr;
-		}
-		
-		return null;
-
-
-		/*
-		 * INFO: This code could be used to extract the bPKType from 'PVPConstants.BPK_NAME',
-		 *       because the prefix of BPK_NAME attribute contains the postfix of the bPKType
-		 *       
-		 *       Now, all PVP Standardportals should be able to send 'EID_SECTOR_FOR_IDENTIFIER'
-		 *       PVP attributes  
-		 */
-//		String pvpbPKValueAttr = session.getGenericDataFromSession(PVPConstants.BPK_NAME, String.class);
-//		String[] spitted = pvpbPKValueAttr.split(":");
-//		if (MiscUtil.isEmpty(authData.getBPKType())) {
-//			Logger.debug("PVP assertion contains NO bPK/wbPK target attribute. " +
-//					"Starting target extraction from bPK/wbPK prefix ...");
-//			//exract bPK/wbPK type from bpk attribute value prefix if type is 
-//			//not transmitted as single attribute
-//		    Pattern pattern = Pattern.compile("[a-zA-Z]{2}(-[a-zA-Z]+)?");
-//		    Matcher matcher = pattern.matcher(spitted[0]);
-//		    if (matcher.matches()) {
-//		    	//find public service bPK
-//		    	authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + spitted[0]);
-//		    	Logger.debug("Found bPK prefix. Set target to " + authData.getBPKType());
-//		    	   
-//		    } else {
-//		    	//find business service wbPK
-//		    	authData.setBPKType(Constants.URN_PREFIX_WBPK+ "+" + spitted[0]);
-//		    	Logger.debug("Found wbPK prefix. Set target to " + authData.getBPKType());
-//		    	   
-//		    }			    	  				
-//		}
-		
-	}
+	@Override
+	protected IIdentityLink buildOAspecificIdentityLink(ISPConfiguration spConfig, IIdentityLink idl, String bPK, String bPKType) throws EAAFConfigurationException, XPathException, DOMException, EAAFParserException {
+		if (spConfig.hasBaseIdTransferRestriction()) {
+			try {
+				Element idlassertion = idl.getSamlAssertion();
+            
+				//set bpk/wpbk;
+				Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+				prIdentification.getFirstChild().setNodeValue(bPK);
 
-	private IIdentityLink buildOAspecificIdentityLink(IOAAuthParameters oaParam, IIdentityLink idl, String bPK, String bPKType) throws MOAIDException, EAAFConfigurationException, XPathException, DOMException {
-		if (oaParam.hasBaseIdTransferRestriction()) {
-            Element idlassertion = idl.getSamlAssertion();
-            //set bpk/wpbk;
-	        Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
-	        prIdentification.getFirstChild().setNodeValue(bPK);
-            //set bkp/wpbk type
-            Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
-            prIdentificationType.getFirstChild().setNodeValue(bPKType);
+				//set bkp/wpbk type
+				Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH);
+				prIdentificationType.getFirstChild().setNodeValue(bPKType);
 
-            IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
-            IIdentityLink businessServiceIdl = idlparser.parseIdentityLink();
+				IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion);
+				IIdentityLink businessServiceIdl = idlparser.parseIdentityLink();
                                 
-            //resign IDL
-			IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();					
-			Element resignedilAssertion;
-
-			if (authConfig.isIdentityLinkResigning()) {
-				resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), authConfig.getIdentityLinkResigningKey());
-			} else {
-				resignedilAssertion = businessServiceIdl.getSamlAssertion();
+				//resign IDL
+				IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();					
+				Element resignedilAssertion;
+ 
+				if (authConfig.isIdentityLinkResigning()) {
+					resignedilAssertion = identitylinkresigner.resignIdentityLink(businessServiceIdl.getSamlAssertion(), authConfig.getIdentityLinkResigningKey());				
+				} else {
+					resignedilAssertion = businessServiceIdl.getSamlAssertion();
+				}
+				
+				IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion);
+				return resignedIDLParser.parseIdentityLink();
+				
+			} catch (MOAIDException e) {
+				Logger.warn("Can not build OA specific IDL. Reason: " + e.getMessage(), e);
+				throw new EAAFParserException("TODO", null, 
+						"Can not build OA specific IDL. Reason: " + e.getMessage(), e);
+				
 			}
-			IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion);
-			return resignedIDLParser.parseIdentityLink();
 			
         } else
         	return idl;
-        	
-		
-	}		
-
-
-	private Pair<String, String> buildOAspecificbPK(IRequest pendingReq, IOAAuthParameters oaParam, AuthenticationData authData) throws BuildException, ConfigurationException  {
+        			
+	}
+	
+	
+	@Override
+	protected Pair<String, String> buildOAspecificbPK(IRequest pendingReq, AuthenticationData authData) throws EAAFBuilderException {
+		ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
 		
 		String baseID = authData.getIdentificationValue();
 		String baseIDType = authData.getIdentificationType();		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
deleted file mode 100644
index 4bc4a7e81..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ /dev/null
@@ -1,359 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.security.InvalidKeyException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.text.SimpleDateFormat;
-import java.util.Date;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * Builder for the bPK, as defined in
- * <code>&quot;Ableitung f&uml;r die bereichsspezifische Personenkennzeichnung&quot;</code>
- * version <code>1.0.1</code> from <code>&quot;reference.e-government.gv.at&quot;</code>.
- *
- * @author Paul Schamberger
- * @version $Id$
- */
-public class BPKBuilder {
-
-	/**
-	 * Calculates an area specific unique person-identifier from a baseID
-	 * 
-	 * @param baseID baseId from user but never null
-	 * @param targetIdentifier target identifier for area specific identifier calculation but never null
-	 * @return Pair<unique person identifier for this target, targetArea> but never null
-	 * @throws BuildException if some input data are not valid 
-	 */
-	public Pair<String, String> generateAreaSpecificPersonIdentifier(String baseID, String targetIdentifier) throws BuildException{
-		return generateAreaSpecificPersonIdentifier(baseID, Constants.URN_PREFIX_BASEID, targetIdentifier);
-		
-	}
-	
-	/**
-	 * Calculates an area specific unique person-identifier from an unique identifier with a specific type
-	 * 
-	 * @param baseID baseId from user but never null
-	 * @param baseIdType Type of the baseID but never null
-	 * @param targetIdentifier target identifier for area specific identifier calculation but never null
-	 * @return Pair<unique person identifier for this target, targetArea> but never null
-	 * @throws BuildException if some input data are not valid 
-	 */
-	public Pair<String, String> generateAreaSpecificPersonIdentifier(String baseID, String baseIdType, String targetIdentifier) throws BuildException{
-		if (MiscUtil.isEmpty(baseID))
-			throw new BuildException("builder.00", new Object[]{"baseID is empty or null"});
-
-		if (MiscUtil.isEmpty(baseIdType))
-			throw new BuildException("builder.00", new Object[]{"the type of baseID is empty or null"});
-		
-		if (MiscUtil.isEmpty(targetIdentifier)) 
-			throw new BuildException("builder.00", new Object[]{"OA specific target identifier is empty or null"});
-
-		if (baseIdType.equals(Constants.URN_PREFIX_BASEID)) {
-			Logger.trace("Find baseID. Starting unique identifier caluclation for this target");
-			
-			if (targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_CDID) || 
-					targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_WPBK) || 
-					targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_STORK)) {
-				Logger.trace("Calculate bPK, wbPK, or STORK identifier for target: " + targetIdentifier);
-				return Pair.newInstance(calculatebPKwbPK(baseID + "+" + targetIdentifier), targetIdentifier);
-													
-			} else if (targetIdentifier.startsWith(MOAIDAuthConstants.PREFIX_EIDAS)) {
-				Logger.trace("Calculate eIDAS identifier for target: " + targetIdentifier);
-				String[] splittedTarget = targetIdentifier.split("\\+");
-				String cititzenCountryCode = splittedTarget[1];
-				String eIDASOutboundCountry = splittedTarget[2];				 
-				 
-				if (cititzenCountryCode.equalsIgnoreCase(eIDASOutboundCountry)) {
-					Logger.warn("Suspect configuration FOUND!!! CitizenCountry equals DestinationCountry");
-					 
-				}
-				return buildeIDASIdentifer(baseID, baseIdType, cititzenCountryCode, eIDASOutboundCountry);
-				
-				
-			} else
-				throw new BuildException("builder.00", 
-						new Object[]{"Target identifier: " + targetIdentifier + " is NOT allowed or unknown"});
-		
-		} else {
-			Logger.trace("BaseID is not of type " + Constants.URN_PREFIX_BASEID + ". Check type against requested target ...");
-			if (baseIdType.equals(targetIdentifier)) {
-				Logger.debug("Unique identifier is already area specific. Is nothing todo");
-				return Pair.newInstance(baseID, targetIdentifier);
-				
-			} else {
-				Logger.warn("Get unique identifier for target: " + baseIdType + " but target: " + targetIdentifier + " is required!");
-				throw new BuildException("builder.00", 
-						new Object[]{"Get unique identifier for target: " + baseIdType + " but target: " + targetIdentifier + " is required"});
-				
-			}			
-		}						
-	}
-	
-	
-    /**
-     * Builds the storkeid from the given parameters.
-     *
-     * @param baseID baseID of the citizen
-     * @param baseIDType Type of the baseID
-     * @param sourceCountry CountryCode of that country, which build the eIDAs ID
-     * @param destinationCountry CountryCode of that country, which receives the eIDAs ID
-     * 
-     * @return Pair<eIDAs, bPKType> in a BASE64 encoding
-     * @throws BuildException if an error occurs on building the wbPK
-     */
-    private Pair<String, String> buildeIDASIdentifer(String baseID, String baseIDType, String sourceCountry, String destinationCountry)
-            throws BuildException {        
-        String bPK = null;
-        String bPKType = null;
-        
-        // check if we have been called by public sector application
-        if (baseIDType.startsWith(Constants.URN_PREFIX_BASEID)) {
-        	bPKType = Constants.URN_PREFIX_EIDAS + "+" + sourceCountry + "+" + destinationCountry;
-            Logger.debug("Building eIDAS identification from: [identValue]+" + bPKType);         
-            bPK = calculatebPKwbPK(baseID + "+"  + bPKType);
-            
-        } else { // if not, sector identification value is already calculated by BKU
-            Logger.debug("eIDAS eIdentifier already provided by BKU");
-            bPK = baseID;
-        }
-
-        if ((MiscUtil.isEmpty(bPK) ||
-                MiscUtil.isEmpty(sourceCountry) ||
-                	MiscUtil.isEmpty(destinationCountry))) {
-            throw new BuildException("builder.00",
-                    new Object[]{"eIDAS-ID", "Unvollständige Parameterangaben: identificationValue=" +
-                            bPK + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry});
-        }
-        
-        Logger.debug("Building eIDAS identification from: " + sourceCountry+"/"+destinationCountry+"/" + "[identValue]");
-        String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bPK;
-        
-        return Pair.newInstance(eIdentifier, bPKType);
-    }
-	
-//    /**
-//     * Builds the bPK from the given parameters.
-//     *
-//     * @param identificationValue Base64 encoded "Stammzahl"
-//     * @param target              "Bereich lt. Verordnung des BKA"
-//     * @return bPK in a BASE64 encoding
-//     * @throws BuildException if an error occurs on building the bPK
-//     */
-//    private String buildBPK(String identificationValue, String target)
-//            throws BuildException {
-//
-//        if ((identificationValue == null ||
-//                identificationValue.length() == 0 ||
-//                target == null ||
-//                target.length() == 0)) {
-//            throw new BuildException("builder.00",
-//                    new Object[]{"BPK", "Unvollständige Parameterangaben: identificationValue=" +
-//                            identificationValue + ",target=" + target});
-//        }
-//        String basisbegriff;
-//        if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
-//            basisbegriff = identificationValue + "+" + target;
-//        else
-//            basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target;
-//
-//        return calculatebPKwbPK(basisbegriff);
-//    }
-//
-//    /**
-//     * Builds the wbPK from the given parameters.
-//     *
-//     * @param identificationValue Base64 encoded "Stammzahl"
-//     * @param registerAndOrdNr    type of register + "+" + number in register.
-//     * @return wbPK in a BASE64 encoding
-//     * @throws BuildException if an error occurs on building the wbPK
-//     */
-//    private String buildWBPK(String identificationValue, String registerAndOrdNr)
-//            throws BuildException {
-//
-//        if ((identificationValue == null ||
-//                identificationValue.length() == 0 ||
-//                registerAndOrdNr == null ||
-//                registerAndOrdNr.length() == 0)) {
-//            throw new BuildException("builder.00",
-//                    new Object[]{"wbPK", "Unvollständige Parameterangaben: identificationValue=" +
-//                            identificationValue + ",Register+Registernummer=" + registerAndOrdNr});
-//        }
-//
-//        String basisbegriff;
-//        if (registerAndOrdNr.startsWith(Constants.URN_PREFIX_WBPK + "+"))
-//            basisbegriff = identificationValue + "+" + registerAndOrdNr;
-//        else
-//            basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr;
-//
-//        return calculatebPKwbPK(basisbegriff);
-//    }
-//
-//    private String buildbPKorwbPK(String baseID, String bPKorwbPKTarget) throws BuildException {
-//    	if (MiscUtil.isEmpty(baseID) || 
-//    			!(bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_CDID + "+") || 
-//    					bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_WBPK + "+") || 
-//    					bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_STORK + "+")) ) {
-//    		throw new BuildException("builder.00",
-//                    new Object[]{"bPK/wbPK", "bPK or wbPK target " + bPKorwbPKTarget 
-//    					+ " has an unkown prefix."});
-//    		
-//    	}
-//    	
-//    	return calculatebPKwbPK(baseID + "+" + bPKorwbPKTarget);
-//    	
-//    }
-    
-	public static String encryptBPK(String bpk, String target, PublicKey publicKey) throws BuildException {
-		MiscUtil.assertNotNull(bpk, "BPK");
-		MiscUtil.assertNotNull(publicKey, "publicKey");
-		
-		SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
-		if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
-			target = target.substring((Constants.URN_PREFIX_CDID + "+").length());
-		
-		String input = "V1::urn:publicid:gv.at:cdid+" + target + "::"
-		    + bpk + "::"
-		    + sdf.format(new Date());
-		System.out.println(input);
-		byte[] result;
-		try {
-			byte[] inputBytes = input.getBytes("ISO-8859-1");
-			result = encrypt(inputBytes, publicKey);
-			return new String(Base64Utils.encode(result, "ISO-8859-1")).replaceAll("\r\n", "");
-			
-		} catch (Exception e) {
-			throw new BuildException("bPK encryption FAILED", null, e);
-		}		
-	}
-
-	public static String decryptBPK(String encryptedBpk, String target, PrivateKey privateKey) throws BuildException {
-		MiscUtil.assertNotEmpty(encryptedBpk, "Encrypted BPK");
-		MiscUtil.assertNotNull(privateKey, "Private key");
-		String decryptedString;
-		try {
-			byte[] encryptedBytes = Base64Utils.decode(encryptedBpk, false, "ISO-8859-1");
-			byte[] decryptedBytes = decrypt(encryptedBytes, privateKey);
-			decryptedString = new String(decryptedBytes, "ISO-8859-1");
-			
-		} catch (Exception e) {
-			throw new BuildException("bPK decryption FAILED", null, e);
-		}
-		String tmp = decryptedString.substring(decryptedString.indexOf('+') + 1);
-		String sector = tmp.substring(0, tmp.indexOf("::"));
-		tmp = tmp.substring(tmp.indexOf("::") + 2);
-		String bPK = tmp.substring(0, tmp.indexOf("::"));
-
-		if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
-			target = target.substring((Constants.URN_PREFIX_CDID + "+").length());
-		
-		if (target.equals(sector))
-			return bPK;
-		
-		else {
-			Logger.error("Decrypted bPK does not match to request bPK target.");
-			return null;
-		}		
-	}
-        
-    private String calculatebPKwbPK(String basisbegriff) throws BuildException {
-    	try {
-            MessageDigest md = MessageDigest.getInstance("SHA-1");
-            byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1"));
-            String hashBase64 = Base64Utils.encode(hash);
-            return hashBase64;
-            
-        } catch (Exception ex) {
-            throw new BuildException("builder.00", new Object[]{"bPK/wbPK", ex.toString()}, ex);
-        }
-    	
-    }
-    
-	private static byte[] encrypt(byte[] inputBytes, PublicKey publicKey) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
-		byte[] result;
-		Cipher cipher = null;
-		try {
-			cipher = Cipher.getInstance("RSA/ECB/OAEPPadding"); // try with bouncycastle
-		} catch(NoSuchAlgorithmException e) {
-			cipher = Cipher.getInstance("RSA/ECB/OAEP"); // try with iaik provider
-		}
-		cipher.init(Cipher.ENCRYPT_MODE, publicKey);
-		result = cipher.doFinal(inputBytes);
-		
-		return result;
-	}
-
-	private static byte[] decrypt(byte[] encryptedBytes, PrivateKey privateKey) 
-			throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException{
-		byte[] result;
-		Cipher cipher = null;
-		try {
-			cipher = Cipher.getInstance("RSA/ECB/OAEPPadding"); // try with bouncycastle
-		} catch(NoSuchAlgorithmException e) {
-			cipher = Cipher.getInstance("RSA/ECB/OAEP"); // try with iaik provider
-		}
-		cipher.init(Cipher.DECRYPT_MODE, privateKey);
-		result = cipher.doFinal(encryptedBytes);
-		return result;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
index aa462c480..3dfba9cca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/MOAIDSubjectNameIdGenerator.java
@@ -10,12 +10,13 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.Identificati
 import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
 import at.gv.egiz.eaaf.modules.pvp2.PVPConstants;
 import at.gv.egiz.eaaf.modules.pvp2.exception.PVP2Exception;
 import at.gv.egiz.eaaf.modules.pvp2.idp.api.builder.ISubjectNameIdGenerator;
 import at.gv.egiz.eaaf.modules.pvp2.idp.exception.ResponderErrorException;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
@@ -97,7 +98,7 @@ public class MOAIDSubjectNameIdGenerator implements ISubjectNameIdGenerator {
 				try {
 					return new BPKBuilder().generateAreaSpecificPersonIdentifier(bpk, spConfig.getAreaSpecificTargetIdentifier());
 										
-				} catch (BuildException e) {
+				} catch (EAAFBuilderException e) {
 					Logger.warn("Can NOT generate SubjectNameId." , e);
 					throw new ResponderErrorException("pvp2.01", null);
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index d23e32c81..926bfe242 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -48,13 +48,13 @@ import java.util.Map;
 
 import org.apache.commons.collections4.map.HashedMap;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -618,17 +618,17 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi
 	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang.String, java.lang.Object)
 	 */
 	@Override
-	public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException {
+	public void setGenericDataToSession(String key, Object object) throws EAAFStorageException {
 		if (MiscUtil.isEmpty(key)) {
 			Logger.warn("Generic session-data can not be stored with a 'null' key");
-			throw new SessionDataStorageException("Generic session-data can not be stored with a 'null' key", null);
+			throw new EAAFStorageException("Generic session-data can not be stored with a 'null' key");
 			
 		}
 		
 		if (object != null) {
 			if (!Serializable.class.isInstance(object)) {
 				Logger.warn("Generic session-data can only store objects which implements the 'Seralizable' interface");
-				throw new SessionDataStorageException("Generic session-data can only store objects which implements the 'Seralizable' interface", null);
+				throw new EAAFStorageException("Generic session-data can only store objects which implements the 'Seralizable' interface");
 				
 			}						
 		}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java
index fb584047e..aea6f26fb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSessionWrapper.java
@@ -26,79 +26,35 @@ import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.Collections;
-import java.util.Date;
-import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
-import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
 import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
 import iaik.x509.X509Certificate;
 
 /**
  * @author tlenz
  * 
  */
-public class AuthenticationSessionWrapper implements IAuthenticationSession, AuthProzessDataConstants {
+public class AuthenticationSessionWrapper extends AuthProcessDataWrapper implements IAuthenticationSession, AuthProzessDataConstants {
 
-		
-	private Map<String, Object> sessionData;
 	
 	/**
 	 * @param genericDataStorage
 	 */
 	public AuthenticationSessionWrapper(Map<String, Object> genericDataStorage) {
-		this.sessionData = genericDataStorage;
-	}
-	
-	private <T> T wrapStringObject(String key, Object defaultValue, Class<T> clazz) {		
-		if (MiscUtil.isNotEmpty(key)) {
-			Object obj = sessionData.get(key);
-			if (obj != null && clazz.isInstance(obj))
-				return (T) obj;
-		}
+		super(genericDataStorage);
 		
-		if (defaultValue == null)
-			return null;
-		
-		else if (clazz.isInstance(defaultValue))
-			return (T)defaultValue;
-			
-		else {
-			Logger.error("DefaultValue: " + defaultValue.getClass().getName() + " is not of Type:" + clazz.getName());
-			throw new IllegalStateException("DefaultValue: " + defaultValue.getClass().getName() + " is not of Type:" + clazz.getName());
-				
-		}		
 	}
+		
 	
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isAuthenticated()
-	 */
-	@Override
-	public boolean isAuthenticated() {
-		return wrapStringObject(FLAG_IS_AUTHENTICATED, false, Boolean.class);
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setAuthenticated(boolean)
-	 */
-	@Override
-	public void setAuthenticated(boolean authenticated) {
-		sessionData.put(FLAG_IS_AUTHENTICATED, authenticated);
-
-	}
-
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSignerCertificate()
 	 */
@@ -133,7 +89,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	@Override
 	public void setSignerCertificate(X509Certificate signerCertificate) {
 		try {
-			sessionData.put(VALUE_SIGNER_CERT, signerCertificate.getEncoded());
+			authProcessData.put(VALUE_SIGNER_CERT, signerCertificate.getEncoded());
 			
 		}catch (CertificateEncodingException e) {
 			Logger.warn("Signer certificate can not be stored to session database!", e);
@@ -141,15 +97,6 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIdentityLink()
-	 */
-	@Override
-	public IIdentityLink getIdentityLink() {
-		return wrapStringObject(VALUE_IDENTITYLINK, null, IIdentityLink.class);
-		
-	}
-
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionID()
 	 */
@@ -159,21 +106,12 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 				
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIdentityLink(at.gv.egovernment.moa.id.auth.data.IdentityLink)
-	 */
-	@Override
-	public void setIdentityLink(IIdentityLink identityLink) {
-		sessionData.put(VALUE_IDENTITYLINK, identityLink);
-
-	}
-
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setSessionID(java.lang.String)
 	 */
 	@Override
 	public void setSSOSessionID(String sessionId) {
-		sessionData.put(ISSOManager.AUTH_DATA_SSO_SESSIONID, sessionId);
+		authProcessData.put(ISSOManager.AUTH_DATA_SSO_SESSIONID, sessionId);
 
 	}
 
@@ -190,7 +128,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setBkuURL(String bkuURL) {
-		sessionData.put(VALUE_BKUURL, bkuURL);
+		authProcessData.put(VALUE_BKUURL, bkuURL);
 
 	}
 
@@ -207,7 +145,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setAuthBlock(String authBlock) {
-		sessionData.put(VALUE_AUTHBLOCK, authBlock);
+		authProcessData.put(VALUE_AUTHBLOCK, authBlock);
 
 	}
 
@@ -224,7 +162,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setExtendedSAMLAttributesAUTH(List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH) {
-		sessionData.put(VALUE_EXTENTEDSAMLATTRAUTH, extendedSAMLAttributesAUTH);
+		authProcessData.put(VALUE_EXTENTEDSAMLATTRAUTH, extendedSAMLAttributesAUTH);
 
 	}
 
@@ -241,7 +179,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setExtendedSAMLAttributesOA(List<ExtendedSAMLAttribute> extendedSAMLAttributesOA) {
-		sessionData.put(VALUE_EXTENTEDSAMLATTROA, extendedSAMLAttributesOA);
+		authProcessData.put(VALUE_EXTENTEDSAMLATTROA, extendedSAMLAttributesOA);
 
 	}
 
@@ -258,24 +196,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) {
-		sessionData.put(FLAG_SAMLATTRIBUTEGEBEORWBPK, samlAttributeGebeORwbpk);
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getIssueInstant()
-	 */
-	@Override
-	public String getIssueInstant() {
-		return wrapStringObject(VALUE_ISSUEINSTANT, null, String.class);
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setIssueInstant(java.lang.String)
-	 */
-	@Override
-	public void setIssueInstant(String issueInstant) {
-		sessionData.put(VALUE_ISSUEINSTANT, issueInstant);
+		authProcessData.put(FLAG_SAMLATTRIBUTEGEBEORWBPK, samlAttributeGebeORwbpk);
 
 	}
 
@@ -291,29 +212,12 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 
 	}
 
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setUseMandates(boolean)
-	 */
-	@Override
-	public void setUseMandates(boolean useMandates) {
-		sessionData.put(FLAG_USE_MANDATE, useMandates);
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isMandateUsed()
-	 */
-	@Override
-	public boolean isMandateUsed() {
-		return wrapStringObject(FLAG_USE_MANDATE, false, Boolean.class);
-	}
-
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setMISSessionID(java.lang.String)
 	 */
 	@Override
 	public void setMISSessionID(String misSessionID) {
-		sessionData.put(VALUE_MISSESSIONID, misSessionID);
+		authProcessData.put(VALUE_MISSESSIONID, misSessionID);
 
 	}
 
@@ -338,24 +242,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setMandateReferenceValue(String mandateReferenceValue) {
-		sessionData.put(VALUE_MISREFVALUE, mandateReferenceValue);
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isForeigner()
-	 */
-	@Override
-	public boolean isForeigner() {
-		return wrapStringObject(FLAG_IS_FOREIGNER, false, Boolean.class);
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setForeigner(boolean)
-	 */
-	@Override
-	public void setForeigner(boolean isForeigner) {
-		sessionData.put(FLAG_IS_FOREIGNER, isForeigner);
+		authProcessData.put(VALUE_MISREFVALUE, mandateReferenceValue);
 
 	}
 
@@ -372,7 +259,7 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setXMLVerifySignatureResponse(IVerifiyXMLSignatureResponse xMLVerifySignatureResponse) {
-		sessionData.put(VALUE_VERIFYSIGRESP, xMLVerifySignatureResponse);
+		authProcessData.put(VALUE_VERIFYSIGRESP, xMLVerifySignatureResponse);
 
 	}
 
@@ -389,27 +276,10 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setMISMandate(IMISMandate mandate) {
-		sessionData.put(VALUE_MISMANDATE, mandate);
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#isOW()
-	 */
-	@Override
-	public boolean isOW() {
-		return wrapStringObject(FLAG_IS_ORGANWALTER, false, Boolean.class);
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setOW(boolean)
-	 */
-	@Override
-	public void setOW(boolean isOW) {
-		sessionData.put(FLAG_IS_ORGANWALTER, isOW);
+		authProcessData.put(VALUE_MISMANDATE, mandate);
 
 	}
-
+	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getAuthBlockTokken()
 	 */
@@ -423,78 +293,13 @@ public class AuthenticationSessionWrapper implements IAuthenticationSession, Aut
 	 */
 	@Override
 	public void setAuthBlockTokken(String authBlockTokken) {
-		sessionData.put(VALUE_AUTNBLOCKTOKKEN, authBlockTokken);
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getQAALevel()
-	 */
-	@Override
-	public String getQAALevel() {
-		return wrapStringObject(VALUE_QAALEVEL, null, String.class);
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setQAALevel(java.lang.String)
-	 */
-	@Override
-	public void setQAALevel(String qAALevel) {
-		sessionData.put(VALUE_QAALEVEL, qAALevel);
-
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getSessionCreated()
-	 */
-	@Override
-	public Date getSessionCreated() {
-		return wrapStringObject(EAAFConstants.AUTH_DATA_CREATED, null, Date.class);
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericSessionDataStorage()
-	 */
-	@Override
-	public Map<String, Object> getGenericSessionDataStorage() {
-		Map<String, Object> result = new HashMap<String, Object>();		
-		for (String el : sessionData.keySet()) {
-			if (el.startsWith(GENERIC_PREFIX))
-				result.put(el.substring(GENERIC_PREFIX.length()), sessionData.get(el));
-			
-		}
-		
-		return result;
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String)
-	 */
-	@Override
-	public Object getGenericDataFromSession(String key) {
-		return sessionData.get(GENERIC_PREFIX + key); 
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#getGenericDataFromSession(java.lang.String, java.lang.Class)
-	 */
-	@Override
-	public <T> T getGenericDataFromSession(String key, Class<T> clazz) {
-		return wrapStringObject(GENERIC_PREFIX + key, null, clazz);
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IAuthenticationSession#setGenericDataToSession(java.lang.String, java.lang.Object)
-	 */
-	@Override
-	public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException {
-		sessionData.put(GENERIC_PREFIX + key, object);
+		authProcessData.put(VALUE_AUTNBLOCKTOKKEN, authBlockTokken);
 
 	}
 
 	@Override
 	public Map<String, Object> getKeyValueRepresentationFromAuthSession() {
-		return Collections.unmodifiableMap(sessionData);
+		return Collections.unmodifiableMap(authProcessData);
 		
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
deleted file mode 100644
index 2690bc2cc..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
+++ /dev/null
@@ -1,312 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.data;
-
-import java.io.IOException;
-import java.io.Serializable;
-import java.security.PublicKey;
-
-import javax.xml.transform.TransformerException;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
-import at.gv.egovernment.moa.util.DOMUtils;
-
-
-/**
- * Data contained in an identity link issued by BMI, relevant to the MOA ID component.
- * <br><code>"IdentityLink"</code> is the translation of <code>"Personenbindung"</code>.
- * 
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class IdentityLink implements Serializable, IIdentityLink{
-
-	private static final long serialVersionUID = 1L;
-	
-	/**
-	 * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
-	 */
-	private String identificationValue;
-	/**
-	* <code>"identificationType"</code> type of the identificationValue in the IdentityLink.
-	*/
-	private String identificationType;
-	/**
-	 * first name
-	 */
-	private String givenName;
-	/**
-	 * family name
-	 */
-	private String familyName;
-  
-  /**
-   * The name as (givenName + familyName)
-   */
-  private String name;
-	/**
-	 * date of birth
-	 */
-	private String dateOfBirth;
-  /**
-   * the original saml:Assertion-Element
-   */
-	private Element samlAssertion;
-  /**
-   * the serializes saml:Assertion
-   */
-  private String serializedSamlAssertion;
-	/**
-	 * Element /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person
-	 */
-	private Element prPerson;
-  /**
-   * we need for each dsig:Reference Element all
-   * transformation elements
-   */
-  private Element[] dsigReferenceTransforms;
-  
-  /**
-   * The issuing time of the identity link SAML assertion.
-   */
-  private String issueInstant;
-
-  /**
-   * we need all public keys stored in 
-   * the identity link
-   */
-  private PublicKey[] publicKey;
-
-	/**
-	 * Constructor for IdentityLink
-	 */
-	public IdentityLink() {
-	}
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDateOfBirth()
- */
-  @Override
-public String getDateOfBirth() {
-    return dateOfBirth;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getFamilyName()
- */
-  @Override
-public String getFamilyName() {
-    return familyName;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getGivenName()
- */
-  @Override
-public String getGivenName() {
-    return givenName;
-  }
-  
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getName()
- */
-  @Override
-public String getName() {
-    if (name == null) {
-      name = givenName + " " + familyName;
-    }
-    return name;
-  }
-  
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationValue()
- */
-  @Override
-public String getIdentificationValue() {
-    return identificationValue;
-  }
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIdentificationType()
-	 */
-	@Override
-	public String getIdentificationType() {
-		return identificationType;
-	}
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDateOfBirth(java.lang.String)
- */
-  @Override
-public void setDateOfBirth(String dateOfBirth) {
-    this.dateOfBirth = dateOfBirth;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setFamilyName(java.lang.String)
- */
-  @Override
-public void setFamilyName(String familyName) {
-    this.familyName = familyName;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setGivenName(java.lang.String)
- */
-  @Override
-public void setGivenName(String givenName) {
-    this.givenName = givenName;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationValue(java.lang.String)
- */
-  @Override
-public void setIdentificationValue(String identificationValue) {
-    this.identificationValue = identificationValue;
-  }
-  
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIdentificationType(java.lang.String)
-	 */
-	@Override
-	public void setIdentificationType(String identificationType) {
-		this.identificationType = identificationType;
-	}
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSamlAssertion()
- */
-  @Override
-public Element getSamlAssertion() {
-    return samlAssertion;
-  }
-  
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getSerializedSamlAssertion()
- */
-  @Override
-public String getSerializedSamlAssertion() {
-    return serializedSamlAssertion;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setSamlAssertion(org.w3c.dom.Element)
- */
-  @Override
-public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException {
-    this.samlAssertion = samlAssertion;
-    this.serializedSamlAssertion = DOMUtils.serializeNode(samlAssertion);    
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getDsigReferenceTransforms()
- */
-  @Override
-public Element[] getDsigReferenceTransforms() {
-    return dsigReferenceTransforms;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setDsigReferenceTransforms(org.w3c.dom.Element[])
- */
-  @Override
-public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) {
-    this.dsigReferenceTransforms = dsigReferenceTransforms;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPublicKey()
- */
-  @Override
-public PublicKey[] getPublicKey() {
-    return publicKey;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPublicKey(java.security.PublicKey[])
- */
-  @Override
-public void setPublicKey(PublicKey[] publicKey) {
-    this.publicKey = publicKey;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getPrPerson()
- */
-  @Override
-public Element getPrPerson() {
-    return prPerson;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setPrPerson(org.w3c.dom.Element)
- */
-  @Override
-public void setPrPerson(Element prPerson) {
-    this.prPerson = prPerson;
-  }
-  
-   /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#getIssueInstant()
- */
-  @Override
-public String getIssueInstant() {
-    return issueInstant;
-  }
-
-  /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.auth.data.IIdentityLink#setIssueInstant(java.lang.String)
- */
-  @Override
-public void setIssueInstant(String issueInstant) {
-    this.issueInstant = issueInstant;
-  }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
index 8f7364f62..3ff22b84d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
@@ -58,15 +58,15 @@ import java.util.List;
 import org.w3c.dom.Element;
 import org.w3c.dom.traversal.NodeIterator;
 
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.IdentityLink;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.exception.ECDSAConverterException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 
 /**
  * Parses an identity link <code>&lt;saml:Assertion&gt;</code>
@@ -259,7 +259,7 @@ public class IdentityLinkAssertionParser {
 
   public IIdentityLink parseIdentityLink() throws ParseException {
     IIdentityLink identityLink;
-    try {
+    try { 
       identityLink = new IdentityLink();
       identityLink.setSamlAssertion(assertionElem);
       identityLink.setIssueInstant(assertionElem.getAttribute(ISSUE_INSTANT_ATTR));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
index b54a43fff..e6b4e9bb8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
@@ -54,12 +54,12 @@ import java.io.InputStream;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 
 /**
  * Parses a <code>&lt;VerifyXMLSignatureResponse&gt;</code> returned by
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
index 89e543209..97d1e7132 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameterDecorator.java
@@ -909,12 +909,6 @@ public boolean containsConfigurationKey(String arg0) {
 }
 
 
-@Override
-public String getConfigurationValue(String arg0) {
-	return spConfiguration.getConfigurationValue(arg0);
-}
-
-
 @Override
 public Map<String, String> getFullConfiguration() {
 	return spConfiguration.getFullConfiguration();
@@ -951,4 +945,41 @@ public String getMinimumLevelOfAssurence() {
 }
 
 
+@Override
+public String getConfigurationValue(String key) {
+	return spConfiguration.getConfigurationValue(key);
+}
+
+@Override
+public String getConfigurationValue(String key, String defaultValue) {
+	String value = getConfigurationValue(key);
+	if (value == null)
+		return defaultValue;
+	else
+		return value;
+}
+
+
+@Override
+public Boolean isConfigurationValue(String key) {
+	String value = getConfigurationValue(key);
+	if (value == null)
+		return Boolean.parseBoolean(value);
+
+	return null;
+	
+}
+
+
+@Override
+public boolean isConfigurationValue(String key, boolean defaultValue) {
+	String value = getConfigurationValue(key);
+	if (value == null)
+		return Boolean.parseBoolean(value);
+	else
+		return defaultValue;
+	
+}
+
+
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index 11932f52a..76a53ee40 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -559,5 +559,23 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{
 		return getQaaLevel();
 	}
 
+	@Override
+	public String getConfigurationValue(String arg0, String arg1) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Boolean isConfigurationValue(String arg0) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isConfigurationValue(String arg0, boolean arg1) {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
index b8dccfa65..ff4b96aab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IMOAAuthData.java
@@ -5,7 +5,6 @@ import java.util.List;
 import org.w3c.dom.Element;
 
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 
 public interface IMOAAuthData extends IAuthData{
@@ -18,8 +17,7 @@ public interface IMOAAuthData extends IAuthData{
 	  */
 	 String getQAALevel();
 	 
-	 List<String> getEncbPKList();	 
-	 IIdentityLink getIdentityLink();	 
+	 List<String> getEncbPKList();	 	 
      byte[] getSignerCertificate();
 	 String getAuthBlock();	 
 	 boolean isPublicAuthority();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java
index 25d50f57a..d1e1e5c60 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MISMandate.java
@@ -51,10 +51,10 @@ import java.io.Serializable;
 import org.w3c.dom.Element;
 
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.util.MandateBuilder;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class MISMandate implements Serializable, IMISMandate{
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
index e0dd30db3..b5d46fea3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/MOAAuthenticationData.java
@@ -28,14 +28,14 @@ import java.util.List;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
 import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.util.LoALevelMapper;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 
@@ -47,7 +47,6 @@ import at.gv.egovernment.moa.util.MiscUtil;
 public class MOAAuthenticationData extends AuthenticationData implements IMOAAuthData, Serializable {
 
 	private static final long serialVersionUID = 1L;
-	private IIdentityLink identityLink;
 	private boolean qualifiedCertificate;
 	private boolean publicAuthority;
 	private String publicAuthorityCode;
@@ -70,8 +69,9 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 
 	private LoALevelMapper loaMapper;
 	
-	public MOAAuthenticationData(LoALevelMapper loaMapper) {	
-		this.loaMapper = loaMapper;
+	public MOAAuthenticationData(ILoALevelMapper loaMapper) {
+		if (loaMapper instanceof LoALevelMapper)
+			this.loaMapper = (LoALevelMapper) loaMapper;
 		
 	}
 	
@@ -82,19 +82,22 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 	public String getQAALevel() {
 		if (this.QAALevel != null && 
 				this.QAALevel.startsWith(PVPConstants.EIDAS_QAA_PREFIX)) {
-			String mappedQAA = loaMapper.mapeIDASQAAToSTORKQAA(this.QAALevel);
-			if (MiscUtil.isNotEmpty(mappedQAA))
-				return mappedQAA;
-			
-			else {
-				Logger.error("eIDAS QAA-level:" + this.QAALevel 
-						+ " can not be mapped to STORK QAA-level! Use "
+			if (loaMapper != null) {
+				String mappedQAA = loaMapper.mapeIDASQAAToSTORKQAA(this.QAALevel);
+				if (MiscUtil.isNotEmpty(mappedQAA))
+					return mappedQAA;
+				else {
+					Logger.error("eIDAS QAA-level:" + this.QAALevel 
+							+ " can not be mapped to STORK QAA-level! Use "
+							+ PVPConstants.STORK_QAA_1_1 + " as default value.");					
+				}
+							
+			} else
+				Logger.error("NO LoALevelMapper found. Use "
 						+ PVPConstants.STORK_QAA_1_1 + " as default value.");
-				return PVPConstants.STORK_QAA_1_1;
-				
-			}
-			
 			
+			return PVPConstants.STORK_QAA_1_1;
+										
 		} else
 			return this.QAALevel;
 		
@@ -106,18 +109,6 @@ public class MOAAuthenticationData extends AuthenticationData implements IMOAAut
 	}
 
 	
-	@Override
-	public IIdentityLink getIdentityLink() {
-		return identityLink;
-	}
-
-	/**
-	 * @param identityLink the identityLink to set
-	 */
-	public void setIdentityLink(IIdentityLink identityLink) {
-		this.identityLink = identityLink;
-	}
-
 	@Override
 	public byte[] getSignerCertificate() {
 		return signerCertificate;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java
deleted file mode 100644
index 2c0a9fe74..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EIDIdentityLinkBuilder.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.builder.attributes;
-
-import java.io.IOException;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.util.Base64Utils;
-
-import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egovernment.moa.id.data.IMOAAuthData;
-
-
-
-public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder {
-	private static final Logger log = LoggerFactory.getLogger(EIDIdentityLinkBuilder.class);
-	
-	
-	public String getName() {
-		return EID_IDENTITY_LINK_NAME;
-	}
-
-	public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
-			IAttributeGenerator<ATT> g) throws AttributeBuilderException {
-		try {
-			String ilAssertion = null;			
-			if (authData instanceof IMOAAuthData 
-					&&  ((IMOAAuthData)authData).getIdentityLink() == null)
-				throw new UnavailableAttributeException(EID_IDENTITY_LINK_NAME);
-			
-			ilAssertion = ((IMOAAuthData)authData).getIdentityLink().getSerializedSamlAssertion();
-			
-			return g.buildStringAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
-					EID_IDENTITY_LINK_NAME, Base64Utils.encodeToString(ilAssertion.getBytes("UTF-8")));
-			
-			
-		} catch (IOException e) {
-			log.warn("IdentityLink serialization error.", e);
-			return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
-					EID_IDENTITY_LINK_NAME);
-		}
-		
-	}
-
-	public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
-		return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
-				EID_IDENTITY_LINK_NAME);
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
index 171dfe2d9..af96a9459 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -33,10 +33,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 
 public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder {
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index b2a2aad88..af64ffe64 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -32,9 +32,10 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -91,7 +92,7 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
 			}
 			
 		}
-		catch (BuildException | ConfigurationException e) {
+		catch (BuildException | ConfigurationException | EAAFBuilderException e) {
 			Logger.error("Failed to generate IdentificationType");
 			throw new NoMandateDataAttributeException();
 			
@@ -105,7 +106,7 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui
 		return g.buildEmptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, MANDATE_NAT_PER_BPK_NAME);
 	}
 	
-	protected Pair<String, String> internalBPKGenerator(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException {		
+	protected Pair<String, String> internalBPKGenerator(ISPConfiguration oaParam, IAuthData authData) throws NoMandateDataAttributeException, BuildException, ConfigurationException, EAAFBuilderException {		
 		//get PVP attribute directly, if exists 
 		Pair<String, String> calcResult = null;
 		if (authData instanceof IMOAAuthData) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
index 16b179d89..75ca2ccdf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
@@ -33,11 +33,11 @@ import org.opensaml.saml2.metadata.provider.FilterException;
 import org.opensaml.saml2.metadata.provider.MetadataFilter;
 import org.opensaml.xml.XMLObject;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
index 81041260c..d8114f19d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
@@ -35,6 +35,7 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -57,7 +58,6 @@ import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
 import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse;
 import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 
 public class IdentityLinkReSigner {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index 885d03fd8..397e28bc2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -62,13 +62,13 @@ import javax.xml.parsers.ParserConfigurationException;
 
 import org.xml.sax.SAXException;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
index a1fd81eb2..14d4d9fb6 100644
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -1,4 +1,3 @@
-at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL
 at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder
diff --git a/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java b/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
index b0494534a..b1f8fe593 100644
--- a/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
+++ b/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
@@ -54,10 +54,10 @@ import javax.xml.transform.TransformerException;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.core.impl.utils.StreamUtils;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 import iaik.ixsil.algorithms.Transform;
 import iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXML;
 import iaik.ixsil.exceptions.AlgorithmException;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java
index 439138645..31a0573b6 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/AuthProzessDataConstants.java
@@ -22,39 +22,25 @@
  */
 package at.gv.egovernment.moa.id.commons.api.data;
 
+import at.gv.egiz.eaaf.core.api.idp.EAAFAuthProcessDataConstants;
+
 /**
  * @author tlenz
  *
  */
-public interface AuthProzessDataConstants {
-	
-	public static final String GENERIC_PREFIX 					= "generic_";
-	
+public interface AuthProzessDataConstants extends EAAFAuthProcessDataConstants { 
 	
-	public static final String FLAG_IS_FOREIGNER 				= "direct_flagIsForeigner";
-	public static final String FLAG_USE_MANDATE 				= "direct_flagUseMandate";
-	public static final String FLAG_IS_ORGANWALTER 				= "direct_flagOrganwalter";
-	public static final String FLAG_IS_AUTHENTICATED 			= "direct_flagIsAuth";
 	public static final String FLAG_SAMLATTRIBUTEGEBEORWBPK 	= "direct_SAMLAttributeGebeORwbpk";
 	
-
-	public static final String VALUE_ISSUEINSTANT 				= "direct_issueInstant";
-	
 	public static final String VALUE_SIGNER_CERT 				= "direct_signerCert";
 	public static final String VALUE_IDENTITYLINK 				= "direct_idl";	
 	public static final String VALUE_BKUURL 					= "direct_bkuUrl";
 	public static final String VALUE_AUTHBLOCK 					= "direct_authBlock";
 	
 	public static final String VALUE_AUTNBLOCKTOKKEN 			= "direct_authblocktokken";
-	public static final String VALUE_QAALEVEL 					= "direct_qaaLevel";
-	public static final String VALUE_VERIFYSIGRESP 				= "direct_verifySigResp";
-	
+	public static final String VALUE_VERIFYSIGRESP 				= "direct_verifySigResp";	
 	public static final String VALUE_MISSESSIONID 				= "direct_MIS_SessionId";
 	public static final String VALUE_MISREFVALUE 				= "direct_MIS_RefValue";
-	public static final String VALUE_MISMANDATE 				= "direct_MIS_Mandate";
-	
-	
-
 	
 	@Deprecated
 	public static final String VALUE_EXTENTEDSAMLATTRAUTH 		= "direct_extSamlAttrAuth";
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java
index 8cb2b31bc..1d54af7c8 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IAuthenticationSession.java
@@ -22,22 +22,17 @@
  */
 package at.gv.egovernment.moa.id.commons.api.data;
 
-import java.util.Date;
 import java.util.List;
 import java.util.Map;
 
-import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
 import iaik.x509.X509Certificate;
 
 /**
  * @author tlenz
  *
  */
-public interface IAuthenticationSession {
-
-	boolean isAuthenticated();
-
-	void setAuthenticated(boolean authenticated);
+public interface IAuthenticationSession extends IAuthProcessDataContainer {
 
 	X509Certificate getSignerCertificate();
 
@@ -45,13 +40,6 @@ public interface IAuthenticationSession {
 
 	void setSignerCertificate(X509Certificate signerCertificate);
 
-	/**
-	 * Returns the identityLink.
-	 * 
-	 * @return IdentityLink
-	 */
-	IIdentityLink getIdentityLink();
-
 	/**
 	 * Returns the sessionID.
 	 * 
@@ -59,14 +47,7 @@ public interface IAuthenticationSession {
 	 */
 	String getSSOSessionID();
 
-	/**
-	 * Sets the identityLink.
-	 * 
-	 * @param identityLink
-	 *            The identityLink to set
-	 */
-	void setIdentityLink(IIdentityLink identityLink);
-
+	
 	/**
 	 * Sets the sessionID.
 	 * 
@@ -158,20 +139,6 @@ public interface IAuthenticationSession {
 	 */
 	void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk);
 
-	/**
-	 * Returns the issuing time of the AUTH-Block SAML assertion.
-	 * 
-	 * @return The issuing time of the AUTH-Block SAML assertion.
-	 */
-	String getIssueInstant();
-
-	/**
-	 * Sets the issuing time of the AUTH-Block SAML assertion.
-	 * 
-	 * @param issueInstant
-	 *            The issueInstant to set.
-	 */
-	void setIssueInstant(String issueInstant);
 
 	/**
 	 * 
@@ -180,13 +147,6 @@ public interface IAuthenticationSession {
 	 */
 	void setUseMandate(String useMandate);
 
-	void setUseMandates(boolean useMandates);
-
-	/**
-	 * @return
-	 */
-	boolean isMandateUsed();
-
 	/**
 	 * 
 	 * @param misSessionID
@@ -212,9 +172,6 @@ public interface IAuthenticationSession {
 	 */
 	void setMandateReferenceValue(String mandateReferenceValue);
 
-	boolean isForeigner();
-
-	void setForeigner(boolean isForeigner);
 
 	IVerifiyXMLSignatureResponse getXMLVerifySignatureResponse();
 
@@ -224,17 +181,6 @@ public interface IAuthenticationSession {
 
 	void setMISMandate(IMISMandate mandate);
 
-	/**
-	 * @return the isOW
-	 */
-	boolean isOW();
-
-	/**
-	 * @param isOW
-	 *            the isOW to set
-	 */
-	void setOW(boolean isOW);
-
 	/**
 	 * @return the authBlockTokken
 	 */
@@ -246,52 +192,6 @@ public interface IAuthenticationSession {
 	 */
 	void setAuthBlockTokken(String authBlockTokken);
 
-	/**
-	 * eIDAS QAA level
-	 * 
-	 * @return the qAALevel
-	 */
-	String getQAALevel();
-
-	/**
-	 * set QAA level in eIDAS form
-	 * 
-	 * @param qAALevel the qAALevel to set
-	 */
-	void setQAALevel(String qAALevel);
-
-	/**
-	 * @return the sessionCreated
-	 */
-	Date getSessionCreated();
-
-	Map<String, Object> getGenericSessionDataStorage();
-
-	/**
-	 * Returns a generic session-data object with is stored with a specific identifier 
-	 * 
-	 * @param key The specific identifier of the session-data object
-	 * @return The session-data object or null if no data is found with this key
-	 */
-	Object getGenericDataFromSession(String key);
-
-	/**
-	 * Returns a generic session-data object with is stored with a specific identifier 
-	 * 
-	 * @param key The specific identifier of the session-data object
-	 * @param clazz The class type which is stored with this key
-	 * @return The session-data object or null if no data is found with this key
-	 */
-	<T> T getGenericDataFromSession(String key, Class<T> clazz);
-
-	/**
-	 * Store a generic data-object to session with a specific identifier
-	 * 
-	 * @param key Identifier for this data-object
-	 * @param object Generic data-object which should be stored. This data-object had to be implement the 'java.io.Serializable' interface
-	 * @throws SessionDataStorageException Error message if the data-object can not stored to generic session-data storage
-	 */
-	void setGenericDataToSession(String key, Object object) throws SessionDataStorageException;
 	
 	/**
 	 * Generates a Key / Value representation from Authenticated session
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java
deleted file mode 100644
index 3a0ccd7c9..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/data/IIdentityLink.java
+++ /dev/null
@@ -1,175 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.commons.api.data;
-
-import java.io.IOException;
-import java.security.PublicKey;
-
-import javax.xml.transform.TransformerException;
-
-import org.w3c.dom.Element;
-
-/**
- * @author tlenz
- *
- */
-public interface IIdentityLink {
-
-	/**
-	   * Returns the dateOfBirth.
-	   * @return Calendar
-	   */
-	String getDateOfBirth();
-
-	/**
-	   * Returns the familyName.
-	   * @return String
-	   */
-	String getFamilyName();
-
-	/**
-	   * Returns the givenName.
-	   * @return String
-	   */
-	String getGivenName();
-
-	/**
-	   * Returns the name.
-	   * @return The name.
-	   */
-	String getName();
-
-	/**
-	   * Returns the identificationValue.
-		 * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
-	   * @return String
-	   */
-	String getIdentificationValue();
-
-	/**
-	 * Returns the identificationType.
-	 * <code>"identificationType"</code> type of the identificationValue in the IdentityLink.
-	 * @return String
-	 */
-	String getIdentificationType();
-
-	/**
-	   * Sets the dateOfBirth.
-	   * @param dateOfBirth The dateOfBirth to set
-	   */
-	void setDateOfBirth(String dateOfBirth);
-
-	/**
-	   * Sets the familyName.
-	   * @param familyName The familyName to set
-	   */
-	void setFamilyName(String familyName);
-
-	/**
-	   * Sets the givenName.
-	   * @param givenName The givenName to set
-	   */
-	void setGivenName(String givenName);
-
-	/**
-	   * Sets the identificationValue.
-		 * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
-	   * @param identificationValue The identificationValue to set
-	   */
-	void setIdentificationValue(String identificationValue);
-
-	/**
-	 * Sets the Type of the identificationValue.
-	 * @param identificationType The type of identificationValue to set
-	 */
-	void setIdentificationType(String identificationType);
-
-	/**
-	   * Returns the samlAssertion.
-	   * @return Element
-	   */
-	Element getSamlAssertion();
-
-	/**
-	   * Returns the samlAssertion.
-	   * @return Element
-	   */
-	String getSerializedSamlAssertion();
-
-	/**
-	   * Sets the samlAssertion and the serializedSamlAssertion.
-	   * @param samlAssertion The samlAssertion to set
-	   */
-	void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException;
-
-	/**
-	   * Returns the dsigReferenceTransforms.
-	   * @return Element[]
-	   */
-	Element[] getDsigReferenceTransforms();
-
-	/**
-	   * Sets the dsigReferenceTransforms.
-	   * @param dsigReferenceTransforms The dsigReferenceTransforms to set
-	   */
-	void setDsigReferenceTransforms(Element[] dsigReferenceTransforms);
-
-	/**
-	   * Returns the publicKey.
-	   * @return PublicKey[]
-	   */
-	PublicKey[] getPublicKey();
-
-	/**
-	   * Sets the publicKey.
-	   * @param publicKey The publicKey to set
-	   */
-	void setPublicKey(PublicKey[] publicKey);
-
-	/**
-	   * Returns the prPerson.
-	   * @return Element
-	   */
-	Element getPrPerson();
-
-	/**
-	   * Sets the prPerson.
-	   * @param prPerson The prPerson to set
-	   */
-	void setPrPerson(Element prPerson);
-
-	/**
-	   * Returns the issuing time of the identity link SAML assertion.
-	   *
-	   * @return The issuing time of the identity link SAML assertion.
-	   */
-	String getIssueInstant();
-
-	/**
-	   * Sets the issuing time of the identity link SAML assertion.
-	   *
-	   * @param issueInstant The issueInstant to set.
-	   */
-	void setIssueInstant(String issueInstant);
-
-}
\ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
deleted file mode 100644
index 62a168ac8..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
+++ /dev/null
@@ -1,1263 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Set;
-import java.util.Vector;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.OutputKeys;
-import javax.xml.transform.Result;
-import javax.xml.transform.Source;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
-
-import org.apache.commons.io.IOUtils;
-import org.apache.xerces.parsers.DOMParser;
-import org.apache.xerces.parsers.SAXParser;
-import org.apache.xerces.parsers.XMLGrammarPreparser;
-import org.apache.xerces.util.SymbolTable;
-import org.apache.xerces.util.XMLGrammarPoolImpl;
-import org.apache.xerces.xni.grammars.XMLGrammarDescription;
-import org.apache.xerces.xni.grammars.XMLGrammarPool;
-import org.apache.xerces.xni.parser.XMLInputSource;
-import org.w3c.dom.Attr;
-import org.w3c.dom.Document;
-import org.w3c.dom.DocumentFragment;
-import org.w3c.dom.Element;
-import org.w3c.dom.NamedNodeMap;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.xml.sax.EntityResolver;
-import org.xml.sax.ErrorHandler;
-import org.xml.sax.InputSource;
-import org.xml.sax.SAXException;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Various utility functions for handling XML DOM trees.
- * 
- * The parsing methods in this class make use of some features internal to the
- * Xerces DOM parser, mainly for performance reasons. As soon as JAXP
- * (currently at version 1.2) is better at schema handling, it should be used as
- * the parser interface.
- * 
- * @author Patrick Peck
- * @version $Id$
- */
-public class DOMUtils {
-
-  /** Feature URI for namespace aware parsing. */
-  private static final String NAMESPACES_FEATURE =
-    "http://xml.org/sax/features/namespaces";
-  /** Feature URI for validating parsing. */
-  private static final String VALIDATION_FEATURE =
-    "http://xml.org/sax/features/validation";
-  /** Feature URI for schema validating parsing. */
-  private static final String SCHEMA_VALIDATION_FEATURE =
-    "http://apache.org/xml/features/validation/schema";
-  /** Feature URI for normalization of element/attribute values. */
-  private static final String NORMALIZED_VALUE_FEATURE =
-    "http://apache.org/xml/features/validation/schema/normalized-value";
-  /** Feature URI for parsing ignorable whitespace. */
-  private static final String INCLUDE_IGNORABLE_WHITESPACE_FEATURE =
-    "http://apache.org/xml/features/dom/include-ignorable-whitespace";
-  /** Feature URI for creating EntityReference nodes in the DOM tree. */
-  private static final String CREATE_ENTITY_REF_NODES_FEATURE =
-    "http://apache.org/xml/features/dom/create-entity-ref-nodes";
-  /** Property URI for providing external schema locations. */
-  private static final String EXTERNAL_SCHEMA_LOCATION_PROPERTY =
-    "http://apache.org/xml/properties/schema/external-schemaLocation";
-  /** Property URI for providing the external schema location for elements 
-   * without a namespace. */
-  private static final String EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY =
-    "http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation";
-  
-  private static final String EXTERNAL_GENERAL_ENTITIES_FEATURE =
-  	"http://xml.org/sax/features/external-general-entities";
-  
-  private static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE =
-	  "http://xml.org/sax/features/external-parameter-entities";
-  
-  public static final String DISALLOW_DOCTYPE_FEATURE =
-		  "http://apache.org/xml/features/disallow-doctype-decl";
-  
-  
-  
-  /** Property URI for the Xerces grammar pool. */
-  private static final String GRAMMAR_POOL =
-    org.apache.xerces.impl.Constants.XERCES_PROPERTY_PREFIX
-      + org.apache.xerces.impl.Constants.XMLGRAMMAR_POOL_PROPERTY;
-  /** A prime number for initializing the symbol table. */
-  private static final int BIG_PRIME = 2039;
-  /** Symbol table for the grammar pool. */
-  private static SymbolTable symbolTable = new SymbolTable(BIG_PRIME);
-  /** Xerces schema grammar pool. */
-  private static XMLGrammarPool grammarPool = new XMLGrammarPoolImpl();
-  /** Set holding the NamespaceURIs of the grammarPool, to prevent multiple
-    * entries of same grammars to the pool */
-  private static Set grammarNamespaces; 
-
-  static {
-    grammarPool.lockPool();
-    grammarNamespaces = new HashSet();
-  }
-
-  /**
-   * Preparse a schema and add it to the schema pool.
-   * The method only adds the schema to the pool if a schema having the same
-   * <code>systemId</code> (namespace URI) is not already present in the pool.
-   * 
-   * @param inputStream An <code>InputStream</code> providing the contents of
-   * the schema.
-   * @param systemId The systemId (namespace URI) to use for the schema.
-   * @throws IOException An error occurred reading the schema.
-   */
-  public static void addSchemaToPool(InputStream inputStream, String systemId)
-    throws IOException {
-    XMLGrammarPreparser preparser;
-
-    if (!grammarNamespaces.contains(systemId)) { 
-
-      grammarNamespaces.add(systemId);
-    
-      // unlock the pool so that we can add another grammar
-      grammarPool.unlockPool();
-	
-      // prepare the preparser
-      preparser = new XMLGrammarPreparser(symbolTable);
-      preparser.registerPreparser(XMLGrammarDescription.XML_SCHEMA, null);
-      preparser.setProperty(GRAMMAR_POOL, grammarPool);
-      preparser.setFeature(NAMESPACES_FEATURE, true);
-      preparser.setFeature(VALIDATION_FEATURE, true);
-	
-      // add the grammar to the pool
-      preparser.preparseGrammar(
-      XMLGrammarDescription.XML_SCHEMA,
-        new XMLInputSource(null, systemId, null, inputStream, null));
-	
-      // lock the pool again so that schemas are not added automatically
-      grammarPool.lockPool();
-    }
-  }
-
-  /**
-   * Parse an XML document from an <code>InputStream</code>.
-   * 
-   * @param inputStream The <code>InputStream</code> containing the XML
-   * document.
-   * @param validating If <code>true</code>, parse validating.
-   * @param externalSchemaLocations A <code>String</code> containing namespace
-   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
-   * schemaLocation</code> attribute. 
-   * @param externalNoNamespaceSchemaLocation The schema location of the
-   * schema for elements without a namespace, the same way it is accepted by the
-   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
-   * @param entityResolver An <code>EntityResolver</code> to resolve external
-   * entities (schemas and DTDs). If <code>null</code>, it will not be set.
-   * @param errorHandler An <code>ErrorHandler</code> to decide what to do
-   * with parsing errors. If <code>null</code>, it will not be set.
-   * @return The parsed XML document as a DOM tree.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Document parseDocument(
-    InputStream inputStream,
-    boolean validating,
-    String externalSchemaLocations,
-    String externalNoNamespaceSchemaLocation,
-    EntityResolver entityResolver,
-    ErrorHandler errorHandler,
-    Map<String, Object> parserFeatures)
-    throws  SAXException, IOException, ParserConfigurationException {
-
-    DOMParser parser;
-
-//    class MyEntityResolver implements EntityResolver {
-//
-//		public InputSource resolveEntity(String publicId, String systemId)
-//				throws SAXException, IOException {
-//		    return new InputSource(new ByteArrayInputStream(new byte[0]));
-//		}
-//    }
-
-
-		//if Debug is enabled make a copy of inputStream to enable debug output in case of SAXException
-		byte buffer [] = null;
-		ByteArrayInputStream baStream = null;
-		if(true == Logger.isDebugEnabled()) {
-			buffer = IOUtils.toByteArray(inputStream);
-			baStream = new ByteArrayInputStream(buffer);
-			
-		}	
-		
-		
-		
-    // create the DOM parser
-    if (symbolTable != null) {
-      parser = new DOMParser(symbolTable, grammarPool);
-    } else {
-      parser = new DOMParser();
-    }
-    
-    // set parser features and properties
-    try {
-	    parser.setFeature(NAMESPACES_FEATURE, true);
-	    parser.setFeature(VALIDATION_FEATURE, validating);
-	    parser.setFeature(SCHEMA_VALIDATION_FEATURE, validating);
-	    parser.setFeature(NORMALIZED_VALUE_FEATURE, false);
-	    parser.setFeature(INCLUDE_IGNORABLE_WHITESPACE_FEATURE, true);
-	    parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false);
-	    parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
-	    parser.setFeature(EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
-	    
-	    //set external added parser features
-	    if (parserFeatures != null) {
-	    	for (Entry<String, Object> el : parserFeatures.entrySet()) {
-	    		String key = el.getKey();
-	    		if (MiscUtil.isNotEmpty(key)) {
-	    			Object value = el.getValue();
-	    			if (value != null && value instanceof Boolean)	    		
-	    				parser.setFeature(key, (boolean)value);
-	    			
-	    			else
-	    				Logger.warn("This XML parser only allows features with 'boolean' values");
-	    			
-	    		} else 
-	    			Logger.warn("Can not set 'null' feature to XML parser");
-	    	}
-	    }
-	    
-	    //fix XXE problem
-	    //parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
-	    
-	
-	    if (validating) {
-	      if (externalSchemaLocations != null) {
-	        parser.setProperty(
-	          EXTERNAL_SCHEMA_LOCATION_PROPERTY,
-	          externalSchemaLocations);
-	      }
-	      if (externalNoNamespaceSchemaLocation != null) {
-	        parser.setProperty(
-	          EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY,
-	          externalNoNamespaceSchemaLocation);
-	      }
-	    }
-	
-	    // set entity resolver and error handler
-	    if (entityResolver != null) {
-	      parser.setEntityResolver(entityResolver);
-	    }
-	    if (errorHandler != null) {
-	      parser.setErrorHandler(errorHandler);
-	    }
-	
-	    // parse the document and return it
-	    // if debug is enabled: use copy of strem (baStream) else use orig stream
-	    if(null != baStream)
-	    	parser.parse(new InputSource(baStream));
-	    else 
-			parser.parse(new InputSource(inputStream));
-    } catch(SAXException e) {
-			if(true == Logger.isDebugEnabled() && null != buffer) {				
-				String xmlContent = new String(buffer);
-				Logger.debug("SAXException in:\n" + xmlContent);				 
-			} 
-		  throw(e);
-    }
-
-    return parser.getDocument();
-  }
-
-  /**
-   * Parse an XML document from an <code>InputStream</code>.
-   * 
-   * @param inputStream The <code>InputStream</code> containing the XML
-   * document.
-   * @param validating If <code>true</code>, parse validating.
-   * @param externalSchemaLocations A <code>String</code> containing namespace
-   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
-   * schemaLocation</code> attribute. 
-   * @param externalNoNamespaceSchemaLocation The schema location of the
-   * schema for elements without a namespace, the same way it is accepted by the
-   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
-   * @param entityResolver An <code>EntityResolver</code> to resolve external
-   * entities (schemas and DTDs). If <code>null</code>, it will not be set.
-   * @param errorHandler An <code>ErrorHandler</code> to decide what to do
-   * with parsing errors. If <code>null</code>, it will not be set.
-   * @return The parsed XML document as a DOM tree.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Document parseDocumentSimple(InputStream inputStream)
-    throws  SAXException, IOException, ParserConfigurationException {
-
-    DOMParser parser;
-			
-    parser = new DOMParser();
-    // set parser features and properties
-    parser.setFeature(NAMESPACES_FEATURE, true);
-    parser.setFeature(VALIDATION_FEATURE, false);
-    parser.setFeature(SCHEMA_VALIDATION_FEATURE, false);
-    parser.setFeature(NORMALIZED_VALUE_FEATURE, false);
-    parser.setFeature(INCLUDE_IGNORABLE_WHITESPACE_FEATURE, true);
-    parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false);
-		
-    parser.parse(new InputSource(inputStream));
-    
-    return parser.getDocument();
-  }
-
-  
-  /**
-   * Parse an XML document from an <code>InputStream</code>.
-   * 
-   * It uses a <code>MOAEntityResolver</code> as the <code>EntityResolver</code>
-   * and a <code>MOAErrorHandler</code> as the <code>ErrorHandler</code>.
-   * 
-   * @param inputStream The <code>InputStream</code> containing the XML
-   * document.
-   * @param validating If <code>true</code>, parse validating.
-   * @param externalSchemaLocations A <code>String</code> containing namespace
-   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
-   * schemaLocation</code> attribute. 
-   * @param externalNoNamespaceSchemaLocation The schema location of the
-   * schema for elements without a namespace, the same way it is accepted by the
-   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
- * @param parserFeatures 
-   * @return The parsed XML document as a DOM tree.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Document parseDocument(
-    InputStream inputStream,
-    boolean validating,
-    String externalSchemaLocations,
-    String externalNoNamespaceSchemaLocation, Map<String, Object> parserFeatures)
-    throws SAXException, IOException, ParserConfigurationException {
-
-  
-	  
-    return parseDocument(
-      inputStream,
-      validating,
-      externalSchemaLocations,
-      externalNoNamespaceSchemaLocation,
-      new MOAEntityResolver(),
-      new MOAErrorHandler(),
-      parserFeatures);
-  }
-
-  /**
-   * Parse an XML document from a <code>String</code>.
-   * 
-   * It uses a <code>MOAEntityResolver</code> as the <code>EntityResolver</code>
-   * and a <code>MOAErrorHandler</code> as the <code>ErrorHandler</code>.
-   * 
-   * @param xmlString The <code>String</code> containing the XML document.
-   * @param encoding The encoding of the XML document.
-   * @param validating If <code>true</code>, parse validating.
-   * @param externalSchemaLocations A <code>String</code> containing namespace
-   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
-   * schemaLocation</code> attribute. 
-   * @param externalNoNamespaceSchemaLocation The schema location of the
-   * schema for elements without a namespace, the same way it is accepted by the
-   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
-   * @return The parsed XML document as a DOM tree.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Document parseDocument(
-    String xmlString,
-    String encoding,
-    boolean validating,
-    String externalSchemaLocations,
-    String externalNoNamespaceSchemaLocation,
-    Map<String, Object> parserFeatures)
-    throws SAXException, IOException, ParserConfigurationException {
-
-    InputStream in = new ByteArrayInputStream(xmlString.getBytes(encoding));
-    return parseDocument(
-      in,
-      validating,
-      externalSchemaLocations,
-      externalNoNamespaceSchemaLocation,
-      parserFeatures);
-  }
-  
-  
-  /**
-   * Parse an XML document from a <code>String</code>.
-   * 
-   * It uses a <code>MOAEntityResolver</code> as the <code>EntityResolver</code>
-   * and a <code>MOAErrorHandler</code> as the <code>ErrorHandler</code>.
-   * 
-   * @param xmlString The <code>String</code> containing the XML document.
-   * @param encoding The encoding of the XML document.
-   * @param validating If <code>true</code>, parse validating.
-   * @param externalSchemaLocations A <code>String</code> containing namespace
-   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
-   * schemaLocation</code> attribute. 
-   * @param externalNoNamespaceSchemaLocation The schema location of the
-   * schema for elements without a namespace, the same way it is accepted by the
-   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
-   * @return The parsed XML document as a DOM tree.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Document parseDocument(
-    String xmlString,
-    String encoding,
-    boolean validating,
-    String externalSchemaLocations,
-    String externalNoNamespaceSchemaLocation)
-    throws SAXException, IOException, ParserConfigurationException {
-
-    InputStream in = new ByteArrayInputStream(xmlString.getBytes(encoding));
-    return parseDocument(
-      in,
-      validating,
-      externalSchemaLocations,
-      externalNoNamespaceSchemaLocation,
-      null);
-  }
-
-  /**
-   * Parse an UTF-8 encoded XML document from a <code>String</code>.
-   * 
-   * @param xmlString The <code>String</code> containing the XML document.
-   * @param validating If <code>true</code>, parse validating.
-   * @param externalSchemaLocations A <code>String</code> containing namespace
-   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
-   * schemaLocation</code> attribute. 
-   * @param externalNoNamespaceSchemaLocation The schema location of the
-   * schema for elements without a namespace, the same way it is accepted by the
-   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
-   * @return The parsed XML document as a DOM tree.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Document parseDocument(
-    String xmlString,
-    boolean validating,
-    String externalSchemaLocations,
-    String externalNoNamespaceSchemaLocation)
-    throws SAXException, IOException, ParserConfigurationException {
-
-    return parseDocument(
-      xmlString,
-      "UTF-8",
-      validating,
-      externalSchemaLocations,
-      externalNoNamespaceSchemaLocation);
-  }
-
-  /**
-   * A convenience method to parse an XML document validating.
-   * 
-   * @param inputStream The <code>InputStream</code> containing the XML
-   * document.
-   * @return The root element of the parsed XML document.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Element parseXmlValidating(InputStream inputStream)
-    throws ParserConfigurationException, SAXException, IOException {
-    return DOMUtils
-      .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, null)
-      .getDocumentElement();
-  }
-  
-  /**
-   * A convenience method to parse an XML document validating.
-   * 
-   * @param inputStream The <code>InputStream</code> containing the XML
-   * document.
-   * @param parserFeatures Set additional features to XML parser
-   * @return The root element of the parsed XML document.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Element parseXmlValidating(InputStream inputStream, Map<String, Object> parserFeatures)
-    throws ParserConfigurationException, SAXException, IOException {
-    return DOMUtils
-      .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, parserFeatures)
-      .getDocumentElement();
-  }
-  
-  /**
-   * A convenience method to parse an XML document non validating.
-   * This method disallow DocType declarations 
-   * 
-   * @param inputStream The <code>InputStream</code> containing the XML
-   * document.
-   * @return The root element of the parsed XML document.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * parser.
-   */
-  public static Element parseXmlNonValidating(InputStream inputStream)
-    throws ParserConfigurationException, SAXException, IOException {	  
-    return DOMUtils
-      .parseDocument(inputStream, false, Constants.ALL_SCHEMA_LOCATIONS, null, 
-    		  Collections.unmodifiableMap(new HashMap<String, Object>() {
-    			  private static final long serialVersionUID = 1L;
-    			  {	
-    				  put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
-				
-    			  }
-    		  })).getDocumentElement();
-  }
-
-  /**
-   * Schema validate a given DOM element.
-   * 
-   * @param element The element to validate.
-   * @param externalSchemaLocations A <code>String</code> containing namespace
-   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
-   * schemaLocation</code> attribute. 
-   * @param externalNoNamespaceSchemaLocation The schema location of the
-   * schema for elements without a namespace, the same way it is accepted by the
-   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
-   * @return <code>true</code>, if the <code>element</code> validates against
-   * the schemas declared in it.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document from its
-   * serialized representation.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * @throws TransformerException An error occurred serializing the element.
-   */
-  public static boolean validateElement(
-    Element element,
-    String externalSchemaLocations,
-    String externalNoNamespaceSchemaLocation)
-    throws
-      ParserConfigurationException,
-      IOException,
-      SAXException,
-      TransformerException {
-
-    byte[] docBytes;
-    SAXParser parser;
-
-    // create the SAX parser
-    if (symbolTable != null) {
-      parser = new SAXParser(symbolTable, grammarPool);
-    } else {
-      parser = new SAXParser();
-    }
-
-    // serialize the document
-    docBytes = serializeNode(element, "UTF-8");
-
-    // set up parser features and attributes
-    parser.setFeature(NAMESPACES_FEATURE, true);
-    parser.setFeature(VALIDATION_FEATURE, true);
-    parser.setFeature(SCHEMA_VALIDATION_FEATURE, true);
-    parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
-    parser.setFeature(DISALLOW_DOCTYPE_FEATURE, true);
-    
-    
-    if (externalSchemaLocations != null) {
-      parser.setProperty(
-        EXTERNAL_SCHEMA_LOCATION_PROPERTY,
-        externalSchemaLocations);
-    }
-    if (externalNoNamespaceSchemaLocation != null) {
-      parser.setProperty(
-        EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY,
-        "externalNoNamespaceSchemaLocation");
-    }
-
-    // set up entity resolver and error handler
-    parser.setEntityResolver(new MOAEntityResolver());
-    parser.setErrorHandler(new MOAErrorHandler());
-
-    // parse validating
-    parser.parse(new InputSource(new ByteArrayInputStream(docBytes)));
-    return true;
-  }
-
-  
-  /**
-   * Schema validate a given DOM element.
-   * 
-   * @param element The element to validate.
-   * @param externalSchemaLocations A <code>String</code> containing namespace
-   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
-   * schemaLocation</code> attribute. 
-   * @param externalNoNamespaceSchemaLocation The schema location of the
-   * schema for elements without a namespace, the same way it is accepted by the
-   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
-   * @return <code>true</code>, if the <code>element</code> validates against
-   * the schemas declared in it.
-   * @throws SAXException An error occurred parsing the document.
-   * @throws IOException An error occurred reading the document from its
-   * serialized representation.
-   * @throws ParserConfigurationException An error occurred configuring the XML
-   * @throws TransformerException An error occurred serializing the element.
-   */
-  public static boolean validateElement(
-    Element element,
-    String externalSchemaLocations,
-    String externalNoNamespaceSchemaLocation,
-    EntityResolver entityResolver)
-    throws
-      ParserConfigurationException,
-      IOException,
-      SAXException,
-      TransformerException {
-
-    byte[] docBytes;
-    SAXParser parser;
-
-    // create the SAX parser
-    if (symbolTable != null) {
-      parser = new SAXParser(symbolTable, grammarPool);
-    } else {
-      parser = new SAXParser();
-    }
-
-    // serialize the document
-    docBytes = serializeNode(element, "UTF-8");
-
-    // set up parser features and attributes
-    parser.setFeature(NAMESPACES_FEATURE, true);
-    parser.setFeature(VALIDATION_FEATURE, true);
-    parser.setFeature(SCHEMA_VALIDATION_FEATURE, true);
-    
-    if (externalSchemaLocations != null) {
-      parser.setProperty(
-        EXTERNAL_SCHEMA_LOCATION_PROPERTY,
-        externalSchemaLocations);
-    }
-    if (externalNoNamespaceSchemaLocation != null) {
-      parser.setProperty(
-        EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY,
-        "externalNoNamespaceSchemaLocation");
-    }
-
-    // set up entity resolver and error handler
-    parser.setEntityResolver(entityResolver);
-    parser.setErrorHandler(new MOAErrorHandler());
-
-    // parse validating
-    parser.parse(new InputSource(new ByteArrayInputStream(docBytes)));
-    return true;
-  }
-  
-  /**
-   * Serialize the given DOM node.
-   * 
-   * The node will be serialized using the UTF-8 encoding.
-   * 
-   * @param node The node to serialize.
-   * @return String The <code>String</code> representation of the given DOM
-   * node.
-   * @throws TransformerException An error occurred transforming the
-   * node to a <code>String</code>.
-   * @throws IOException An IO error occurred writing the node to a byte array.
-   */
-  public static String serializeNode(Node node)
-    throws TransformerException, IOException {
-    return new String(serializeNode(node, "UTF-8", false), "UTF-8");
-  }
-
-
-  /**
-   * Serialize the given DOM node.
-   * 
-   * The node will be serialized using the UTF-8 encoding.
-   * 
-   * @param node The node to serialize.
-   * @param omitXmlDeclaration The boolean value for omitting the XML Declaration.
-   * @return String The <code>String</code> representation of the given DOM
-   * node.
-   * @throws TransformerException An error occurred transforming the
-   * node to a <code>String</code>.
-   * @throws IOException An IO error occurred writing the node to a byte array.
-   */
-  public static String serializeNode(Node node, boolean omitXmlDeclaration)
-    throws TransformerException, IOException {
-    return new String(serializeNode(node, "UTF-8", omitXmlDeclaration), "UTF-8");
-  }
-
-  /**
-   * Serialize the given DOM node.
-   * 
-   * The node will be serialized using the UTF-8 encoding.
-   * 
-   * @param node The node to serialize.
-   * @param omitXmlDeclaration The boolean value for omitting the XML Declaration.
-   * @param lineSeperator Sets the line seperator String of the parser
-   * @return String The <code>String</code> representation of the given DOM
-   * node.
-   * @throws TransformerException An error occurred transforming the
-   * node to a <code>String</code>.
-   * @throws IOException An IO error occurred writing the node to a byte array.
-   */
-  public static String serializeNode(Node node, boolean omitXmlDeclaration, String lineSeperator)
-    throws TransformerException, IOException {
-    return new String(serializeNode(node, "UTF-8", omitXmlDeclaration, lineSeperator), "UTF-8");
-  }
-  
-  /**
-   * Serialize the given DOM node to a byte array.
-   * 
-   * @param node The node to serialize.
-   * @param xmlEncoding The XML encoding to use.
-   * @return The serialized node, as a byte array. Using a compatible encoding
-   * this can easily be converted into a <code>String</code>.
-   * @throws TransformerException An error occurred transforming the node to a 
-   * byte array.
-   * @throws IOException An IO error occurred writing the node to a byte array.
-   */
-  public static byte[] serializeNode(Node node, String xmlEncoding)
-  throws TransformerException, IOException {
-    return serializeNode(node, xmlEncoding, false);
-  }
-  
-  /**
-   * Serialize the given DOM node to a byte array.
-   * 
-   * @param node The node to serialize.
-   * @param xmlEncoding The XML encoding to use.
-   * @param omitDeclaration The boolean value for omitting the XML Declaration.
-   * @return The serialized node, as a byte array. Using a compatible encoding
-   * this can easily be converted into a <code>String</code>.
-   * @throws TransformerException An error occurred transforming the node to a 
-   * byte array.
-   * @throws IOException An IO error occurred writing the node to a byte array.
-   */
-  public static byte[] serializeNode(Node node, String xmlEncoding, boolean omitDeclaration)
-    throws TransformerException, IOException {
-    return serializeNode(node, xmlEncoding, omitDeclaration, null);
-  }
-
-
-  /**
-   * Serialize the given DOM node to a byte array.
-   * 
-   * @param node The node to serialize.
-   * @param xmlEncoding The XML encoding to use.
-   * @param omitDeclaration The boolean value for omitting the XML Declaration.
-   * @param lineSeperator Sets the line seperator String of the parser
-   * @return The serialized node, as a byte array. Using a compatible encoding
-   * this can easily be converted into a <code>String</code>.
-   * @throws TransformerException An error occurred transforming the node to a 
-   * byte array.
-   * @throws IOException An IO error occurred writing the node to a byte array.
-   */
-  public static byte[] serializeNode(Node node, String xmlEncoding, boolean omitDeclaration, String lineSeperator)
-    throws TransformerException, IOException {
-
-    TransformerFactory transformerFactory = TransformerFactory.newInstance();
-    Transformer transformer = transformerFactory.newTransformer();
-    ByteArrayOutputStream bos = new ByteArrayOutputStream(16384);
-
-    transformer.setOutputProperty(OutputKeys.METHOD, "xml");
-    transformer.setOutputProperty(OutputKeys.ENCODING, xmlEncoding);
-    String omit = omitDeclaration ? "yes" : "no";
-    transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, omit);
-    if (null!=lineSeperator) {
-      transformer.setOutputProperty("{http://xml.apache.org/xalan}line-separator", lineSeperator);//does not work for xalan <= 2.5.1
-    }
-    transformer.transform(new DOMSource(node), new StreamResult(bos));
-
-    bos.flush();
-    bos.close();
-
-    return bos.toByteArray();
-  }
-
-  /**
-    * Return the text that a node contains. 
-    * 
-    * This routine:
-    * <ul>
-    * <li>Ignores comments and processing instructions.</li>
-    * <li>Concatenates TEXT nodes, CDATA nodes, and the results recursively
-    * processing EntityRef nodes.</li>
-    * <li>Ignores any element nodes in the sublist. (Other possible options are
-    * to recurse into element sublists or throw an exception.)</li>
-    * </ul>
-    * 
-    * @param node A DOM node from which to extract text.
-    * @return A String representing its contents.
-    */
-  public static String getText(Node node) {
-    if (!node.hasChildNodes()) {
-      return "";
-    }
-
-    StringBuffer result = new StringBuffer();
-    NodeList list = node.getChildNodes();
-
-    for (int i = 0; i < list.getLength(); i++) {
-      Node subnode = list.item(i);
-      if (subnode.getNodeType() == Node.TEXT_NODE) {
-        result.append(subnode.getNodeValue());
-      } else if (subnode.getNodeType() == Node.CDATA_SECTION_NODE) {
-        result.append(subnode.getNodeValue());
-      } else if (subnode.getNodeType() == Node.ENTITY_REFERENCE_NODE) {
-        // Recurse into the subtree for text
-        // (and ignore comments)
-        result.append(getText(subnode));
-      }
-    }
-    return result.toString();
-  }
-
-  /**
-   * Build the namespace prefix to namespace URL mapping in effect for a given
-   * node.
-   * 
-   * @param node The context node for which build the map.
-   * @return The namespace prefix to namespace URL mapping (
-   * a <code>String</code> value to <code>String</code> value mapping).
-   */
-  public static Map getNamespaceDeclarations(Node node) {
-    Map nsDecls = new HashMap();
-    int i;
-
-    do {
-      if (node.hasAttributes()) {
-        NamedNodeMap attrs = node.getAttributes();
-
-        for (i = 0; i < attrs.getLength(); i++) {
-          Attr attr = (Attr) attrs.item(i);
-
-          // add prefix mapping if none exists
-          if ("xmlns".equals(attr.getPrefix())
-            || "xmlns".equals(attr.getName())) {
-
-            String nsPrefix =
-              attr.getPrefix() != null ? attr.getLocalName() : "";
-
-            if (nsDecls.get(nsPrefix) == null) {
-              nsDecls.put(nsPrefix, attr.getValue());
-            }
-          }
-        }
-      }
-    } while ((node = node.getParentNode()) != null);
-
-    return nsDecls;
-  }
-
-  /**
-   * Add all namespace declarations declared in the parent(s) of a given
-   * element and used in the subtree of the given element to the given element.  
-   * 
-   * @param context The element to which to add the namespaces.
-   */
-  public static void localizeNamespaceDeclarations(Element context) {
-    Node parent = context.getParentNode();
-
-    if (parent != null) {
-      Map namespaces = getNamespaceDeclarations(context.getParentNode());
-      Set nsUris = collectNamespaceURIs(context);
-      Iterator iter;
-
-      for (iter = namespaces.entrySet().iterator(); iter.hasNext();) {
-        Map.Entry e = (Map.Entry) iter.next();
-
-        if (nsUris.contains(e.getValue())) {
-          String prefix = (String) e.getKey();
-          String nsUri = (String) e.getValue();
-          String nsAttrName = "".equals(prefix) ? "xmlns" : "xmlns:" + prefix;
-
-          context.setAttributeNS(Constants.XMLNS_NS_URI, nsAttrName, nsUri);
-        }
-      }
-    }
-  }
-
-  /**
-   * Collect all the namespace URIs used in the subtree of a given element.
-   * 
-   * @param context The element that should be searched for namespace URIs.
-   * @return All namespace URIs used in the subtree of <code>context</code>,
-   * including the ones used in <code>context</code> itself.
-   */
-  public static Set collectNamespaceURIs(Element context) {
-    Set result = new HashSet();
-
-    collectNamespaceURIsImpl(context, result);
-    return result;
-  }
-
-  /**
-   * A recursive method to do the work of <code>collectNamespaceURIs</code>.
-   * 
-   * @param context The context element to evaluate.
-   * @param result The result, passed as a parameter to avoid unnecessary
-   * instantiations of <code>Set</code>.
-   */
-  private static void collectNamespaceURIsImpl(Element context, Set result) {
-    NamedNodeMap attrs = context.getAttributes();
-    NodeList childNodes = context.getChildNodes();
-    String nsUri;
-    int i;
-
-    // add the namespace of the context element
-    nsUri = context.getNamespaceURI();
-    if (nsUri != null && nsUri != Constants.XMLNS_NS_URI) {
-      result.add(nsUri);
-    }
-
-    // add all namespace URIs from attributes
-    for (i = 0; i < attrs.getLength(); i++) {
-      nsUri = attrs.item(i).getNamespaceURI();
-      if (nsUri != null && nsUri != Constants.XMLNS_NS_URI) {
-        result.add(nsUri);
-      }
-    }
-
-    // add all namespaces from subelements
-    for (i = 0; i < childNodes.getLength(); i++) {
-      Node node = childNodes.item(i);
-
-      if (node.getNodeType() == Node.ELEMENT_NODE) {
-        collectNamespaceURIsImpl((Element) node, result);
-      }
-    }
-  }
-
-  /**
-   * Check, that each attribute node in the given <code>NodeList</code> has its
-   * parent in the <code>NodeList</code> as well.
-   * 
-   * @param nodes The <code>NodeList</code> to check.
-   * @return <code>true</code>, if each attribute node in <code>nodes</code>
-   * has its parent in <code>nodes</code> as well.
-   */
-  public static boolean checkAttributeParentsInNodeList(NodeList nodes) {
-    Set nodeSet = new HashSet();
-    int i;
-
-    // put the nodes into the nodeSet
-    for (i = 0; i < nodes.getLength(); i++) {
-      nodeSet.add(nodes.item(i));
-    }
-
-    // check that each attribute node's parent is in the node list
-    for (i = 0; i < nodes.getLength(); i++) {
-      Node n = nodes.item(i);
-
-      if (n.getNodeType() == Node.ATTRIBUTE_NODE) {
-        Attr attr = (Attr) n;
-        Element owner = attr.getOwnerElement();
-
-        if (owner == null) {
-          if (!isNamespaceDeclaration(attr)) {
-            return false;
-          }
-        }
-
-        if (!nodeSet.contains(owner) && !isNamespaceDeclaration(attr)) {
-          return false;
-        }
-      }
-    }
-
-    return true;
-  }
-
-  /**
-   * Convert an unstructured <code>NodeList</code> into a 
-   * <code>DocumentFragment</code>.
-   *
-   * @param nodeList Contains the node list to be converted into a DOM 
-   * DocumentFragment.
-   * @return the resulting DocumentFragment. The DocumentFragment will be 
-   * backed by a new DOM Document, i.e. all noded of the node list will be 
-   * cloned.
-   * @throws ParserConfigurationException An error occurred creating the
-   * DocumentFragment.
-   * @precondition The nodes in the node list appear in document order
-   * @precondition for each Attr node in the node list, the owning Element is 
-   * in the node list as well.
-   * @precondition each Element or Attr node in the node list is namespace 
-   * aware.
-   */
-  public static DocumentFragment nodeList2DocumentFragment(NodeList nodeList)
-    throws ParserConfigurationException {
-
-    DocumentBuilder builder =
-      DocumentBuilderFactory.newInstance().newDocumentBuilder();
-    Document doc = builder.newDocument();
-    DocumentFragment result = doc.createDocumentFragment();
-
-    if (null == nodeList || nodeList.getLength() == 0) {
-      return result;
-    }
-
-    int currPos = 0;
-    currPos =
-      nodeList2DocumentFragment(nodeList, currPos, result, null, null) + 1;
-
-    while (currPos < nodeList.getLength()) {
-      currPos =
-        nodeList2DocumentFragment(nodeList, currPos, result, null, null) + 1;
-    }
-    return result;
-  }
-
-  /**
-   * Helper method for the <code>nodeList2DocumentFragment</code>.
-   * 
-   * @param nodeList The <code>NodeList</code> to convert.
-   * @param currPos The current position in the <code>nodeList</code>.
-   * @param result The resulting <code>DocumentFragment</code>.
-   * @param currOrgElem The current original element.
-   * @param currClonedElem The current cloned element.
-   * @return The current position.
-   */
-  private static int nodeList2DocumentFragment(
-    NodeList nodeList,
-    int currPos,
-    DocumentFragment result,
-    Element currOrgElem,
-    Element currClonedElem) {
-
-    while (currPos < nodeList.getLength()) {
-      Node currentNode = nodeList.item(currPos);
-      switch (currentNode.getNodeType()) {
-        case Node.COMMENT_NODE :
-        case Node.PROCESSING_INSTRUCTION_NODE :
-        case Node.TEXT_NODE :
-          {
-            // Append current node either to resulting DocumentFragment or to 
-            // current cloned Element
-            if (null == currClonedElem) {
-              result.appendChild(
-                result.getOwnerDocument().importNode(currentNode, false));
-            } else {
-              // Stop processing if current Node is not a descendant of 
-              // current Element
-              if (!isAncestor(currOrgElem, currentNode)) {
-                return --currPos;
-              }
-
-              currClonedElem.appendChild(
-                result.getOwnerDocument().importNode(currentNode, false));
-            }
-            break;
-          }
-
-        case Node.ELEMENT_NODE :
-          {
-            Element nextCurrOrgElem = (Element) currentNode;
-            Element nextCurrClonedElem =
-              result.getOwnerDocument().createElementNS(
-                nextCurrOrgElem.getNamespaceURI(),
-                nextCurrOrgElem.getNodeName());
-
-            // Append current Node either to resulting DocumentFragment or to 
-            // current cloned Element
-            if (null == currClonedElem) {
-              result.appendChild(nextCurrClonedElem);
-              currOrgElem = nextCurrOrgElem;
-              currClonedElem = nextCurrClonedElem;
-            } else {
-              // Stop processing if current Node is not a descendant of
-              // current Element
-              if (!isAncestor(currOrgElem, currentNode)) {
-                return --currPos;
-              }
-
-              currClonedElem.appendChild(nextCurrClonedElem);
-            }
-
-            // Process current Node (of type Element) recursively
-            currPos =
-              nodeList2DocumentFragment(
-                nodeList,
-                ++currPos,
-                result,
-                nextCurrOrgElem,
-                nextCurrClonedElem);
-
-            break;
-          }
-
-        case Node.ATTRIBUTE_NODE :
-          {
-            Attr currAttr = (Attr) currentNode;
-
-            // GK 20030411: Hack to overcome problems with IAIK IXSIL
-            if (currAttr.getOwnerElement() == null)
-              break;
-            if (currClonedElem == null)
-              break;
-
-            // currClonedElem must be the owner Element of currAttr if 
-            // preconditions are met
-            currClonedElem.setAttributeNS(
-              currAttr.getNamespaceURI(),
-              currAttr.getNodeName(),
-              currAttr.getValue());
-            break;
-          }
-
-        default :
-          {
-            // All other nodes will be ignored
-          }
-      }
-
-      currPos++;
-    }
-
-    return currPos;
-  }
-
-  /**
-   * Check, if the given attribute is a namespace declaration.
-   * 
-   * @param attr The attribute to check.
-   * @return <code>true</code>, if the attribute is a namespace declaration,
-   * <code>false</code> otherwise.
-   */
-  private static boolean isNamespaceDeclaration(Attr attr) {
-    return Constants.XMLNS_NS_URI.equals(attr.getNamespaceURI());
-  }
-
-  /**
-   * Check, if a given DOM element is an ancestor of a given node.
-   * 
-   * @param candAnc The DOM element to check for being the ancestor.
-   * @param cand The node to check for being the child.
-   * @return <code>true</code>, if <code>candAnc</code> is an (indirect) 
-   * ancestor of <code>cand</code>; <code>false</code> otherwise.
-   */
-  public static boolean isAncestor(Element candAnc, Node cand) {
-    Node currPar = cand.getParentNode();
-
-    while (currPar != null) {
-      if (candAnc == currPar)
-        return true;
-      currPar = currPar.getParentNode();
-    }
-    return false;
-  }
-  
-  /**
-   * Selects the (first) element from a node list and returns it.
-   * 
-   * @param nl  The NodeList to get the element from.
-   * @return    The (first) element included in the node list or <code>null</code>
-   *            if the node list is <code>null</code> or empty or no element is
-   *            included in the list.
-   */
-  public static Element getElementFromNodeList (NodeList nl) {
-    if ((nl == null) || (nl.getLength() == 0)) {
-      return null;
-    }
-    for (int i=0; i<nl.getLength(); i++) {
-      Node node = nl.item(i);
-      if (node.getNodeType() == Node.ELEMENT_NODE)  {
-        return  (Element)node;
-      }
-    }
-    return null;
-  }
-  
-  /**
-   * Returns all child elements of the given element.
-   * 
-   * @param parent  The element to get the child elements from.
-   * 
-   * @return A list including all child elements of the given element.
-   *         Maybe empty if the parent element has no child elements.
-   */
-  public static List getChildElements (Element parent) {
-    Vector v = new Vector();
-    NodeList nl = parent.getChildNodes();
-    int length = nl.getLength();
-    for (int i=0; i < length; i++) {
-      Node node = nl.item(i);
-      if (node.getNodeType() == Node.ELEMENT_NODE) {
-        v.add((Element)node);
-      }
-    }
-    return v;
-  }
-  
-  /**
-   * Returns a byte array from given node.
-   * @param node
-   * @return
-   * @throws TransformerException
-   */
-  public static byte[] nodeToByteArray(Node node) throws TransformerException {
-	  Source source = new DOMSource(node);
-	  ByteArrayOutputStream out = new ByteArrayOutputStream();
-	  //StringWriter stringWriter = new StringWriter();
-	  Result result = new StreamResult(out);
-	  TransformerFactory factory = TransformerFactory.newInstance();
-	  Transformer transformer = factory.newTransformer();
-	  transformer.transform(source, result);
-	  return out.toByteArray();
-  }
-
- 
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOADefaultHandler.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOADefaultHandler.java
index 7a79bd9e5..c0b530ed0 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOADefaultHandler.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOADefaultHandler.java
@@ -33,6 +33,8 @@ import org.xml.sax.SAXException;
 import org.xml.sax.SAXParseException;
 import org.xml.sax.helpers.DefaultHandler;
 
+import at.gv.egiz.eaaf.core.impl.utils.EAAFDomEntityResolver;
+
 /**
  * A <code>DefaultHandler</code> that uses a <code>MOAEntityResolver</code> and
  * a <code>MOAErrorHandler</code>.
@@ -48,9 +50,9 @@ public class MOADefaultHandler extends DefaultHandler {
 
   /**
    * Create a new <code>MOADefaultHandler</code>.
-   */
+   */ 
   public MOADefaultHandler() {
-    entityResolver = new MOAEntityResolver();
+    entityResolver = new EAAFDomEntityResolver();
     errorHandler = new MOAErrorHandler();
   }
 
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeIteratorAdapter.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeIteratorAdapter.java
deleted file mode 100644
index fdc823229..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeIteratorAdapter.java
+++ /dev/null
@@ -1,111 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.util.ListIterator;
-
-import org.w3c.dom.DOMException;
-import org.w3c.dom.Node;
-import org.w3c.dom.traversal.NodeFilter;
-import org.w3c.dom.traversal.NodeIterator;
-
-/**
- * A <code>NodeIterator</code> implementation based on a
- * <code>ListIterator</code>.
- * 
- * @see java.util.ListIterator
- * @see org.w3c.dom.traversal.NodeIterator
- * 
- * @author Patrick Peck
- * @version $Id$
- */
-public class NodeIteratorAdapter implements NodeIterator {
-
-  /** The <code>ListIterator</code> to wrap. */
-  private ListIterator nodeIterator;
-
-  /**
-   * Create a new <code>NodeIteratorAdapter</code>.
-   * @param nodeIterator The <code>ListIterator</code> to iterate over.
-   */
-  public NodeIteratorAdapter(ListIterator nodeIterator) {
-    this.nodeIterator = nodeIterator;
-  }
-
-  /**
-   * @see org.w3c.dom.traversal.NodeIterator#getRoot()
-   */
-  public Node getRoot() {
-    return null;
-  }
-
-  /**
-   * @see org.w3c.dom.traversal.NodeIterator#getWhatToShow()
-   */
-  public int getWhatToShow() {
-    return NodeFilter.SHOW_ALL;
-  }
-
-  /**
-   * @see org.w3c.dom.traversal.NodeIterator#getFilter()
-   */
-  public NodeFilter getFilter() {
-    return null;
-  }
-
-  /**
-   * @see org.w3c.dom.traversal.NodeIterator#getExpandEntityReferences()
-   */
-  public boolean getExpandEntityReferences() {
-    return false;
-  }
-
-  /**
-   * @see org.w3c.dom.traversal.NodeIterator#nextNode()
-   */
-  public Node nextNode() throws DOMException {
-    if (nodeIterator.hasNext()) {
-      return (Node) nodeIterator.next();
-    }
-    return null;
-  }
-
-  /**
-   * @see org.w3c.dom.traversal.NodeIterator#previousNode()
-   */
-  public Node previousNode() throws DOMException {
-    if (nodeIterator.hasPrevious()) {
-      return (Node) nodeIterator.previous();
-    }
-    return null;
-  }
-
-  /**
-   * @see org.w3c.dom.traversal.NodeIterator#detach()
-   */
-  public void detach() {
-  }
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeListAdapter.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeListAdapter.java
deleted file mode 100644
index e39cc0291..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/NodeListAdapter.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.util.List;
-
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * A <code>NodeList</code> implementation based on a <code>List</code>.
- * 
- * @see java.util.List
- * @see org.w3c.dom.NodeList
- * 
- * @author Patrick Peck
- * @version $Id$
- */
-public class NodeListAdapter implements NodeList {
-  /** The <code>List</code> to wrap. */
-  private List nodeList;
-  
-  /**
-   * Create a new <code>NodeListAdapter</code>.
-   * 
-   * @param nodeList The <code>List</code> containing the nodes. 
-   */
-  public NodeListAdapter(List nodeList) {
-    this.nodeList = nodeList;
-  }
-
-  /**
-   * @see org.w3c.dom.NodeList#item(int)
-   */
-  public Node item(int index) {
-    return (Node) nodeList.get(index);
-  }
-
-  /**
-   * @see org.w3c.dom.NodeList#getLength()
-   */
-  public int getLength() {
-    return nodeList.size();
-  }
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathException.java
deleted file mode 100644
index 206245a68..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathException.java
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.io.PrintStream;
-import java.io.PrintWriter;
-
-/**
- * An exception occurred evaluating an XPath.
- * 
- * @author Patrick Peck
- * @version $Id$
- */
-public class XPathException extends RuntimeException {
-  /**
-	 * 
-	 */
-	private static final long serialVersionUID = 1736311265333034392L;
-/** The wrapped exception. */
-  private Throwable wrapped;
-  
-  /**
-   * Create a <code>XPathException</code>.
-   * 
-   * @param message The exception message.
-   * @param wrapped The exception being the likely cause of this exception.
-   */
-  public XPathException(String message, Throwable wrapped) {
-    super(message);
-    this.wrapped = wrapped; 
-  }
-  
-  /**
-   * Return the wrapped exception.
-   * 
-   * @return The wrapped exception being the likely cause of this exception.
-   */
-  public Throwable getWrapped() {
-    return wrapped;
-  }
-
-  /**
-   * @see java.lang.Throwable#printStackTrace(java.io.PrintStream)
-   */
-  public void printStackTrace(PrintStream s) {
-    super.printStackTrace(s);
-    if (getWrapped() != null) {
-      s.print("Caused by: ");
-      getWrapped().printStackTrace(s);
-    }
-  }
-
-  /**
-   * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter)
-   */
-  public void printStackTrace(PrintWriter s) {
-    super.printStackTrace(s);
-    if (getWrapped() != null) {
-      s.print("Caused by: ");
-      getWrapped().printStackTrace(s);
-    }
-  }
- 
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java
deleted file mode 100644
index 89aeaf3d1..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java
+++ /dev/null
@@ -1,557 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.util.List;
-import java.util.Map;
-
-import org.w3c.dom.Attr;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.w3c.dom.traversal.NodeIterator;
-
-import org.jaxen.JaxenException;
-import org.jaxen.NamespaceContext;
-import org.jaxen.Navigator;
-import org.jaxen.SimpleNamespaceContext;
-import org.jaxen.dom.DOMXPath;
-import org.jaxen.dom.DocumentNavigator;
-
-/**
- * Utility methods to evaluate XPath expressions on DOM nodes.
- * 
- * @author Patrick Peck
- * @version $Id$
- */
-public class XPathUtils {
-
-  /**
-   * The XPath expression selecting all nodes under a given root (including the
-   * root node itself).
-   */
-  public static final String ALL_NODES_XPATH =
-    "(.//. | .//@* | .//namespace::*)";
-
-  /** The <code>DocumentNavigator</code> to use for navigating the document. */
-  private static Navigator documentNavigator =
-    DocumentNavigator.getInstance();
-  /** The default namespace prefix to namespace URI mappings. */
-  private static NamespaceContext NS_CONTEXT;
-
-  static {
-    SimpleNamespaceContext ctx = new SimpleNamespaceContext();
-    ctx.addNamespace(Constants.MOA_PREFIX, Constants.MOA_NS_URI);
-    ctx.addNamespace(Constants.MOA_CONFIG_PREFIX, Constants.MOA_CONFIG_NS_URI);
-    ctx.addNamespace(Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
-    ctx.addNamespace(Constants.SL10_PREFIX, Constants.SL10_NS_URI);
-    ctx.addNamespace(Constants.SL11_PREFIX, Constants.SL11_NS_URI);
-    ctx.addNamespace(Constants.SL12_PREFIX, Constants.SL12_NS_URI);
-    ctx.addNamespace(Constants.ECDSA_PREFIX, Constants.ECDSA_NS_URI);
-    ctx.addNamespace(Constants.PD_PREFIX, Constants.PD_NS_URI);
-    ctx.addNamespace(Constants.SAML_PREFIX, Constants.SAML_NS_URI);
-    ctx.addNamespace(Constants.SAMLP_PREFIX, Constants.SAMLP_NS_URI);
-    ctx.addNamespace(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
-    ctx.addNamespace(Constants.XSLT_PREFIX, Constants.XSLT_NS_URI);
-    ctx.addNamespace(Constants.XSI_PREFIX, Constants.XSI_NS_URI);
-    ctx.addNamespace(Constants.DSIG_FILTER2_PREFIX, Constants.DSIG_FILTER2_NS_URI);
-    ctx.addNamespace(Constants.DSIG_EC_PREFIX, Constants.DSIG_EC_NS_URI);
-    ctx.addNamespace(Constants.MD_PREFIX, Constants.MD_NS_URI);
-    ctx.addNamespace(Constants.MDP_PREFIX, Constants.MDP_NS_URI);
-    ctx.addNamespace(Constants.MVV_PREFIX, Constants.MVV_NS_URI);
-    ctx.addNamespace(Constants.STB_PREFIX, Constants.STB_NS_URI);
-    ctx.addNamespace(Constants.WRR_PREFIX, Constants.WRR_NS_URI);
-    ctx.addNamespace(Constants.STORK_PREFIX, Constants.STORK_NS_URI);
-    ctx.addNamespace(Constants.STORKP_PREFIX, Constants.STORKP_NS_URI);
-    ctx.addNamespace(Constants.SAML2_PREFIX, Constants.SAML2_NS_URI);
-    ctx.addNamespace(Constants.SAML2P_PREFIX, Constants.SAML2P_NS_URI);
-    ctx.addNamespace(Constants.XENC_PREFIX, Constants.XENC_NS_URI);
-    ctx.addNamespace(Constants.XADES_1_1_1_NS_PREFIX, Constants.XADES_1_1_1_NS_URI);
-    NS_CONTEXT = ctx;
-  }
-
-  /**
-   * Return a <code>NodeIterator</code> over the nodes matching the XPath
-   * expression.
-   * 
-   * All namespace URIs and prefixes declared in the <code>Constants</code>
-   * interface are used for resolving namespaces.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param exp The XPath expression to evaluate.
-   * @return An iterator over the resulting nodes.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static NodeIterator selectNodeIterator(Node contextNode, String exp)
-    throws XPathException {
-
-    return selectNodeIterator(contextNode, NS_CONTEXT, exp);
-  }
-
-  /**
-   * Return a <code>NodeIterator</code> over the nodes matching the XPath
-   * expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param namespaceElement An element from which to build the
-   * namespace mapping for evaluating the XPath expression
-   * @param exp The XPath expression to evaluate.
-   * @return An iterator over the resulting nodes.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static NodeIterator selectNodeIterator(
-    Node contextNode,
-    Element namespaceElement,
-    String exp)
-    throws XPathException {
-
-    try {
-      SimpleNamespaceContext ctx = new SimpleNamespaceContext();
-      ctx.addElementNamespaces(documentNavigator, namespaceElement);
-      return selectNodeIterator(contextNode, ctx, exp);
-    } catch (JaxenException e) {
-      MessageProvider msg = MessageProvider.getInstance();
-      String message = msg.getMessage("xpath.00", new Object[] { exp });
-      throw new XPathException(message, e);
-    }
-  }
-
-  /**
-   * Return a <code>NodeIterator</code> over the nodes matching the XPath
-   * expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param namespaceMapping A namespace prefix to namespace URI mapping
-   * (<code>String</code> to <code>String</code>) for evaluating the XPath 
-   * expression.
-   * @param exp The XPath expression to evaluate.
-   * @return An iterator over the resulting nodes.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static NodeIterator selectNodeIterator(
-    Node contextNode,
-    Map namespaceMapping,
-    String exp)
-    throws XPathException {
-
-    SimpleNamespaceContext ctx = new SimpleNamespaceContext(namespaceMapping);
-
-    return selectNodeIterator(contextNode, ctx, exp);
-  }
-
-  /**
-   * Return a <code>NodeIterator</code> over the nodes matching the XPath
-   * expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param nsContext The <code>NamespaceContext</code> for resolving namespace
-   * prefixes to namespace URIs for evaluating the XPath expression.
-   * @param exp The XPath expression to evaluate.
-   * @return An iterator over the resulting nodes.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  private static NodeIterator selectNodeIterator(
-    Node contextNode,
-    NamespaceContext nsContext,
-    String exp)
-    throws XPathException {
-
-    try {
-      DOMXPath xpath = new DOMXPath(exp);
-      List nodes;
-
-      xpath.setNamespaceContext(nsContext);
-      nodes = xpath.selectNodes(contextNode);
-      return new NodeIteratorAdapter(nodes.listIterator());
-    } catch (JaxenException e) {
-      MessageProvider msg = MessageProvider.getInstance();
-      String message = msg.getMessage("xpath.00", new Object[] { exp });
-      throw new XPathException(message, e);
-    }
-  }
-
-  /**
-   * Return a <code>NodeList</code> of all the nodes matching the XPath
-   * expression.
-   * 
-   * All namespace URIs and prefixes declared in the <code>Constants</code>
-   * interface are used for resolving namespaces.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param exp The XPath expression to evaluate.
-   * @return A <code>NodeList</code> containing the matching nodes.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static NodeList selectNodeList(Node contextNode, String exp)
-    throws XPathException {
-
-    return selectNodeList(contextNode, NS_CONTEXT, exp);
-  }
-
-  /**
-   * Return a <code>NodeList</code> of all the nodes matching the XPath
-   * expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param namespaceElement An element from which to build the
-   * namespace mapping for evaluating the XPath expression
-   * @param exp The XPath expression to evaluate.
-   * @return A <code>NodeList</code> containing the matching nodes.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static NodeList selectNodeList(
-    Node contextNode,
-    Element namespaceElement,
-    String exp)
-    throws XPathException {
-
-    try {
-      SimpleNamespaceContext ctx = new SimpleNamespaceContext();
-
-      ctx.addElementNamespaces(documentNavigator, namespaceElement);
-      return selectNodeList(contextNode, ctx, exp);
-    } catch (JaxenException e) {
-      MessageProvider msg = MessageProvider.getInstance();
-      String message = msg.getMessage("xpath.00", new Object[] { exp });
-      throw new XPathException(message, e);
-    }
-  }
-
-  /**
-   * Return a <code>NodeList</code> of all the nodes matching the XPath
-   * expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param namespaceMapping A namespace prefix to namespace URI mapping
-   * (<code>String</code> to <code>String</code>) for evaluating the XPath 
-   * expression.
-   * @param exp The XPath expression to evaluate.
-   * @return A <code>NodeList</code> containing the matching nodes.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static NodeList selectNodeList(
-    Node contextNode,
-    Map namespaceMapping,
-    String exp)
-    throws XPathException {
-
-    SimpleNamespaceContext ctx = new SimpleNamespaceContext(namespaceMapping);
-
-    return selectNodeList(contextNode, ctx, exp);
-  }
-
-  /**
-   * Return a <code>NodeList</code> of all the nodes matching the XPath
-   * expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param nsContext The <code>NamespaceContext</code> for resolving namespace
-   * prefixes to namespace URIs for evaluating the XPath expression.
-   * @param exp The XPath expression to evaluate.
-   * @return A <code>NodeList</code> containing the matching nodes.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  private static NodeList selectNodeList(
-    Node contextNode,
-    NamespaceContext nsContext,
-    String exp)
-    throws XPathException {
-
-    try {
-      DOMXPath xpath = new DOMXPath(exp);
-      List nodes;
-
-      xpath.setNamespaceContext(nsContext);
-      nodes = xpath.selectNodes(contextNode);
-      return new NodeListAdapter(nodes);
-    } catch (JaxenException e) {
-      MessageProvider msg = MessageProvider.getInstance();
-      String message = msg.getMessage("xpath.00", new Object[] { exp });
-      throw new XPathException(message, e);
-    }
-  }
-
-  /**
-   * Select the first node matching an XPath expression.
-   * 
-   * All namespace URIs and prefixes declared in the <code>Constants</code>
-   * interface are used for resolving namespaces.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param exp The XPath expression to evaluate.
-   * @return Node The first node matching the XPath expression, or
-   * <code>null</code>, if no node matched.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static Node selectSingleNode(Node contextNode, String exp)
-    throws XPathException {
-
-    return selectSingleNode(contextNode, NS_CONTEXT, exp);
-  }
-
-  /**
-   * Select the first node matching an XPath expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param namespaceElement An element from which to build the
-   * namespace mapping for evaluating the XPath expression
-   * @param exp The XPath expression to evaluate.
-   * @return Node The first node matching the XPath expression, or
-   * <code>null</code>, if no node matched.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static Node selectSingleNode(
-    Node contextNode,
-    Element namespaceElement,
-    String exp)
-    throws XPathException {
-
-    try {
-      SimpleNamespaceContext ctx = new SimpleNamespaceContext();
-      ctx.addElementNamespaces(documentNavigator, namespaceElement);
-
-      return selectSingleNode(contextNode, ctx, exp);
-    } catch (JaxenException e) {
-      MessageProvider msg = MessageProvider.getInstance();
-      String message = msg.getMessage("xpath.00", new Object[] { exp });
-      throw new XPathException(message, e);
-    }
-  }
-
-  /**
-   * Select the first node matching an XPath expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param namespaceMapping A namespace prefix to namespace URI mapping
-   * (<code>String</code> to <code>String</code>) for evaluating the XPath 
-   * expression.
-   * @param exp The XPath expression to evaluate.
-   * @return Node The first node matching the XPath expression, or
-   * <code>null</code>, if no node matched.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static Node selectSingleNode(
-    Node contextNode,
-    Map namespaceMapping,
-    String exp)
-    throws XPathException {
-
-    SimpleNamespaceContext ctx = new SimpleNamespaceContext(namespaceMapping);
-
-    return selectSingleNode(contextNode, ctx, exp);
-  }
-
-  /**
-   * Select the first node matching an XPath expression.
-   * 
-   * @param contextNode The root node from which to evaluate the XPath
-   * expression.
-   * @param nsContext The <code>NamespaceContext</code> for resolving namespace
-   * prefixes to namespace URIs for evaluating the XPath expression.
-   * @param exp The XPath expression to evaluate.
-   * @return Node The first node matching the XPath expression, or
-   * <code>null</code>, if no node matched.
-   * @throws XPathException An error occurred evaluating the XPath expression.
-   */
-  public static Node selectSingleNode(
-    Node contextNode,
-    NamespaceContext nsContext,
-    String exp)
-    throws XPathException {
-
-    try {
-      DOMXPath xpath = new DOMXPath(exp);
-      xpath.setNamespaceContext(nsContext);
-      return (Node) xpath.selectSingleNode(contextNode);
-    } catch (JaxenException e) {
-      MessageProvider msg = MessageProvider.getInstance();
-      String message = msg.getMessage("xpath.00", new Object[] { exp });
-      throw new XPathException(message, e);
-    }
-  }
-
-  /**
-   * Return the value of a DOM element whose location is given by an XPath
-   * expression.
-   * 
-   * @param root The root element from which to evaluate the XPath.
-   * @param xpath The XPath expression pointing to the element whose value
-   * to return.
-   * @param def The default value to return, if no element can be found using
-   * the given <code>xpath</code>.
-   * @return The element value, if it can be located using the
-   * <code>xpath</code>. Otherwise, <code>def</code> is returned.
-   */
-  public static String getElementValue(
-    Element root,
-    String xpath,
-    String def) {
-
-    Element elem = (Element) XPathUtils.selectSingleNode(root, xpath);
-    return elem != null ? DOMUtils.getText(elem) : def;
-  }
-
-  /**
-   * Return the value of a DOM attribute whose location is given by an XPath
-   * expression.
-   * 
-   * @param root The root element from which to evaluate the XPath.
-   * @param xpath The XPath expression pointing to the attribute whose value to
-   * return.
-   * @param def The default value to return, if no attribute can be found using
-   * the given <code>xpath</code>.
-   * @return The element value, if it can be located using the
-   * <code>xpath</code>. Otherwise, <code>def</code> is returned.
-   */
-  public static String getAttributeValue(
-    Element root,
-    String xpath,
-    String def) {
-
-    Attr attr = (Attr) XPathUtils.selectSingleNode(root, xpath);
-    return attr != null ? attr.getValue() : def;
-  }
-  
-  /**
-   * Returns the namespace prefix used within <code>XPathUtils</code> for referring to
-   * the namespace of the specified (Security Layer command) element.
-   * 
-   * This namespace prefix can be used in various XPath expression evaluation methods 
-   * within <code> XPathUtils</code> without explicitely binding it to the particular
-   * namespace.
-   * 
-   * @param contextElement The (Security Layer command) element. 
-   *            
-   * @return  the namespace prefix used within <code>XPathUtils</code> for referring to
-   *          the namespace of the specified (Security Layer command) element.
-   * 
-   * throws XpathException If the specified element has a namespace other than the ones
-   *        known by this implementation as valid Security Layer namespaces (cf. 
-   *        @link Constants#SL10_NS_URI, @link Constants#SL11_NS_URI, @link Constants#SL12_NS_URI).
-   */
-  public static String getSlPrefix (Element contextElement) throws XPathException 
-  {
-    String sLNamespace = contextElement.getNamespaceURI();
-    String sLPrefix = null;
-
-    if (sLNamespace.equals(Constants.SL10_NS_URI)) 
-    {
-      sLPrefix = Constants.SL10_PREFIX;
-    }  
-    else if (sLNamespace.equals(Constants.SL12_NS_URI)) 
-    {
-      sLPrefix = Constants.SL12_PREFIX;
-    }
-    else if (sLNamespace.equals(Constants.SL11_NS_URI)) 
-    {
-      sLPrefix = Constants.SL11_PREFIX;
-    } 
-    else 
-    {
-      MessageProvider msg = MessageProvider.getInstance();
-      String message = msg.getMessage("xpath.00", new Object[] { "Ung�ltiger Security Layer Namespace: \"" + sLNamespace + "\"."});
-      throw new XPathException(message, null);
-    }
-    
-    return sLPrefix;
-  }
-  
-  
-  /**
-   * Return the SecurityLayer namespace prefix of the context element.
-   * If the context element is not the element that lies within the 
-   * SecurityLayer namespace. The Securitylayer namespace is derived from
-   * the <code>xmlns:sl10</code>, <code>sl11</code> or <code>sl</code> 
-   * attribute of the context element.
-   * 
-   * The returned prefix is needed for evaluating XPATH expressions.
-   * 
-   * @param contextElement The element to get a prefix for the Securitylayer namespace,
-   *                       that is used within the corresponding document. 
-   *            
-   * @return  The string <code>sl10</code>, <code>sl11</code> or <code>sl</code>,
-   *          depending on the SecurityLayer namespace of the contextElement.
-   * 
-   * throws XPathException If no (vlalid) SecurityLayer namespace prefix or namespace
-   *                       is defined.
-   */
-  public static String getSlPrefixFromNoRoot (Element contextElement) throws XPathException {
-    
-    String slPrefix = checkSLnsDeclaration(contextElement, Constants.SL10_PREFIX, Constants.SL10_NS_URI);
-    if (slPrefix == null) {
-      slPrefix = checkSLnsDeclaration(contextElement, Constants.SL11_PREFIX, Constants.SL11_NS_URI);
-    }
-    if (slPrefix == null) {
-      slPrefix = checkSLnsDeclaration(contextElement, Constants.SL12_PREFIX, Constants.SL12_NS_URI);
-    }       
-     
-    return slPrefix;
-       
-  }
-  
-  /**
-   * Checks if the context element has an attribute <code>xmlns:slPrefix</code> and
-   * if the prefix of that attribute corresponds with a valid SecurityLayer namespace.
-   * 
-   * @param contextElement  The element to be checked.
-   * @param slPrefix        The prefix which should be checked. Must be a valid SecurityLayer
-   *                        namespace prefix.
-   * @param slNameSpace     The SecurityLayer namespace that corresponds to the specified prefix.
-   *  
-   * @return                The valid SecurityLayer prefix or <code>null</code> if this prefix is
-   *                        not used.
-   * @throws XPathException
-   */
-  private static String checkSLnsDeclaration(Element contextElement, String slPrefix, String slNameSpace)
-      throws XPathException 
-  {
-    String nsAtt = "xmlns:" + slPrefix;
-    String nameSpace = contextElement.getAttribute(nsAtt);
-    if (nameSpace == "") {
-      return null;
-    } else {
-      // check if namespace is correct
-      if (nameSpace.equals(slNameSpace)) {
-        return slPrefix;
-      } else {
-        MessageProvider msg = MessageProvider.getInstance();
-        String message = msg.getMessage("xpath.00", new Object[] { "Ung�ltiger SecurityLayer Namespace: \"" + nameSpace + "\"."});
-        throw new XPathException(message, null);
-      }
-    }
-  }
-
-}
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
index 66bf1faff..51297fce3 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
@@ -36,8 +36,8 @@ import javax.xml.parsers.DocumentBuilderFactory;
 import org.w3c.dom.Document;
 import org.xml.sax.InputSource;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import junit.framework.TestCase;
 
 /**
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
index 7b1c0cb67..ac121a0b2 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
@@ -31,8 +31,8 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import test.at.gv.egovernment.moa.MOATestCase;
 
 /**
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java
index 15e6a62f3..4837caa2b 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/XPathUtilsTest.java
@@ -26,10 +26,9 @@ package test.at.gv.egovernment.moa.util;
 import org.w3c.dom.Document;
 import org.w3c.dom.NodeList;
 
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import test.at.gv.egovernment.moa.MOATestCase;
 
-import at.gv.egovernment.moa.util.XPathUtils;
-
 
 /**
  * @author Patrick Peck
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java
deleted file mode 100644
index 999552891..000000000
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractGUIFormBuilderConfiguration.java
+++ /dev/null
@@ -1,111 +0,0 @@
-/*
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.frontend.builder;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * @author tlenz
- *
- */
-public abstract class AbstractGUIFormBuilderConfiguration implements IGUIBuilderConfiguration {
-
-	public static final String PARAM_AUTHCONTEXT = "contextPath";
-	public static final String PARAM_FORMSUBMITENDPOINT = "submitEndpoint";
-	
-	public static final String PARAM_PENDINGREQUESTID = "pendingReqID";
-	
-	private String authURL = null;
-	private String viewName = null;
-	private String formSubmitEndpoint = null;
-	
-	/**
-	 * @param authURL IDP PublicURL-Prefix which should be used, but never null
-	 * @param viewName Name of the template (with suffix) but never null
-	 * @param formSubmitEndpoint EndPoint on which the form should be submitted, 
-	 * or null if the form must not submitted
-	 * 
-	 */
-	public AbstractGUIFormBuilderConfiguration(String authURL, String viewName, String formSubmitEndpoint) {
-		if (viewName.startsWith("/"))
-			this.viewName = viewName.substring(1);
-		else
-			this.viewName = viewName;
-		
-		if (authURL.endsWith("/"))
-			this.authURL = authURL.substring(0, authURL.length() - 1);
-		else
-			this.authURL = authURL;
-		
-		if (MiscUtil.isNotEmpty(formSubmitEndpoint)) {
-			if (formSubmitEndpoint.startsWith("/"))
-				this.formSubmitEndpoint = formSubmitEndpoint;
-			else		
-				this.formSubmitEndpoint = "/" + formSubmitEndpoint;
-		}
-	}
-	
-	
-	/**
-	 * Define the parameters, which should be evaluated in the template <br>
-	 * <b>IMPORTANT:</b> external HTML escapetion is required, because it is NOT done internally during the building process
-	 * 
-	 * @return Map of parameters, which should be added to template
-	 */
-	abstract protected Map<String, Object> getSpecificViewParameters();
-	
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewName()
-	 */
-	@Override
-	public final String getViewName() {
-		return this.viewName;
-		
-	}
-	
-
-	/* (non-Javadoc)
-	 * @see at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration#getViewParameters()
-	 */
-	@Override
-	public final Map<String, Object> getViewParameters() {
-		//get parameters from detail implementation
-		Map<String, Object> specParams = getSpecificViewParameters();
-		if (specParams == null)
-			specParams = new HashMap<String, Object>();
-		
-		//add generic parameters
-		specParams.put(PARAM_AUTHCONTEXT, this.authURL);		
-		if (this.formSubmitEndpoint != null)
-			specParams.put(PARAM_FORMSUBMITENDPOINT, this.formSubmitEndpoint);
-		
-		return specParams;
-		
-	}
-
-}
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
index e1f995e82..2fcec92c5 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
@@ -30,6 +30,7 @@ import java.util.Map;
 import org.apache.commons.lang.StringEscapeUtils;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.gui.AbstractGUIFormBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
index 5283089ed..e59c19219 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
@@ -30,6 +30,7 @@ import org.apache.commons.lang.StringEscapeUtils;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.impl.gui.AbstractGUIFormBuilderConfiguration;
 	
 /**
  * This class builds MOA-ID GUI forms from default resource paths
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
index 1bacc93c7..43d499589 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/GUIFormBuilderImpl.java
@@ -22,154 +22,40 @@
  */
 package at.gv.egovernment.moa.id.auth.frontend.builder;
 
-import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileInputStream;
-import java.io.IOException;
 import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.StringWriter;
 import java.net.URI;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Map.Entry;
 
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration;
-import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
 import at.gv.egiz.eaaf.core.exceptions.GUIBuildException;
-import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
-import at.gv.egovernment.moa.id.commons.MOAIDConstants;
+import at.gv.egiz.eaaf.core.impl.gui.AbstractGUIFormBuilderImpl;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
 
 /**
  * @author tlenz 
  *
  */
 @Service("guiFormBuilder")
-public class GUIFormBuilderImpl implements IGUIFormBuilder {
+public class GUIFormBuilderImpl extends AbstractGUIFormBuilderImpl {
 	
-	private static final String DEFAULT_CONTENT_TYPE = MOAIDConstants.DEFAULT_CONTENT_TYPE_HTML_UTF8;
+
 	private static final String CONFIG_HTMLTEMPLATES_DIR = "htmlTemplates/";
 	private static final String CLASSPATH_HTMLTEMPLATES_DIR = "templates/";
 			
 	@Autowired private AuthConfiguration authConfig;
-	private VelocityEngine engine;
-		
+
 	public GUIFormBuilderImpl() throws GUIBuildException {
-		try {
-			engine = VelocityProvider.getClassPathVelocityEngine();
-			
-		} catch (Exception e) {
-			Logger.fatal("Initialization of Velocity-Engine to render GUI components FAILED.", e);
-			throw new GUIBuildException("Initialization of Velocity-Engine to render GUI components FAILED.", e);
-			
-		}
+		super();
 		
 	}
-		
-	public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, String loggerName) throws GUIBuildException {
-		build(httpResp, config, getInternalContentType(config), loggerName);
-		
-	}
-		
-	@Override
-	public void build(HttpServletResponse httpResp, IGUIBuilderConfiguration config, 
-			String contentType, String loggerName) throws GUIBuildException {
-		
-		InputStream is = null;
-		try {
-			String viewName = config.getViewName();			
-			is = getTemplateInputStream(config);
-			
-			//build Velocity Context from input paramters
-			VelocityContext context = buildContextFromViewParams(config.getViewParameters());
-
-			//evaluate template
-			StringWriter writer = new StringWriter();
-			engine.evaluate(context, writer, loggerName, new BufferedReader(new InputStreamReader(is)));
-							
-			//write template to response
-			final byte[] content = writer.toString().getBytes("UTF-8");
-			httpResp.setStatus(HttpServletResponse.SC_OK);
-			httpResp.setContentLength(content.length);
-			httpResp.setContentType(contentType);						
-			httpResp.getOutputStream().write(content);
-			
-			if (Logger.isTraceEnabled()) {
-				Logger.trace("Write Content for viewName:" + viewName 
-						+ ". Contentsize:" + String.valueOf(content.length)
-						+ " BufferSize:" + httpResp.getBufferSize()
-						+ " ContentType:" + contentType);
-				for (String el : httpResp.getHeaderNames())
-					Logger.trace(" * Headername:" + el + " Value:" + httpResp.getHeader(el));
 				
-			}
-			
-		} catch (IOException e) {
-			Logger.error("GUI form-builder has an internal error.", e);
-			throw new GUIBuildException("GUI form-builder has an internal error.", e);
-						
-		} finally {
-			if (is != null)
-				try {
-					is.close();
-					
-				} catch (IOException e) {
-					Logger.error("Can NOT close GUI-Template InputStream.", e);
-					
-				}
-		}
-		
-	}
-
-	/**
-	 * Generate a new {@link VelocityContext} and populate it with MOA-ID GUI parameters
-	 * 
-	 * @param config
-	 * @return
-	 */
-	public VelocityContext generateVelocityContextFromConfiguration(IGUIBuilderConfiguration config) {
-		return buildContextFromViewParams(config.getViewParameters());
-		
-	}
-	
-	/**
-	 * Load the template from different resources
-	 * 
-	 * @param config
-	 * @return An {@link InputStream} but never null. The {@link InputStream} had to be closed be the invoking method
-	 * @throws GUIBuildException
-	 */
-	public InputStream getTemplateInputStream(IGUIBuilderConfiguration config) throws GUIBuildException {			
-		InputStream is = getInternalTemplate(config);
-		if (is == null) {
-			Logger.warn("No GUI with viewName:" + config.getViewName() + " FOUND.");
-			throw new GUIBuildException("No GUI with viewName:" + config.getViewName() + " FOUND.");
-		
-		}		
-		return is;
-		
-	}
-	
-	private String getInternalContentType(IGUIBuilderConfiguration config) {
-		if (MiscUtil.isEmpty(config.getDefaultContentType()))
-			return DEFAULT_CONTENT_TYPE;
-		
-		else
-			return config.getDefaultContentType();
-		
-	}
-	
-	private InputStream getInternalTemplate(IGUIBuilderConfiguration config) throws GUIBuildException {
+	@Override
+	protected InputStream getInternalTemplate(IGUIBuilderConfiguration config) throws GUIBuildException {
 		String viewName = config.getViewName();
 		
 		//load specific template
@@ -193,7 +79,7 @@ public class GUIFormBuilderImpl implements IGUIFormBuilder {
 					Logger.debug("GUI template:" + viewName + " is not found in configuration directory. "
 							+ " Load template from project library ... ");					
 					try  {
-						pathLocation = getInternalClasspathTemplateDir(config) + viewName;
+						pathLocation = super.getInternalClasspathTemplateDir(config, CLASSPATH_HTMLTEMPLATES_DIR) + viewName;
 						is = Thread.currentThread()
 								.getContextClassLoader()
 								.getResourceAsStream(pathLocation);				
@@ -219,39 +105,4 @@ public class GUIFormBuilderImpl implements IGUIFormBuilder {
 		
 	}
 	
-	
-	/**
-	 * @return
-	 */
-	private String getInternalClasspathTemplateDir(IGUIBuilderConfiguration config) {
-		String dir = config.getClasspathTemplateDir();
-		if (dir != null) {
-			if (!dir.endsWith("/"))
-				dir += "/";
-			
-			return dir;			
-			
-		} else
-			return CLASSPATH_HTMLTEMPLATES_DIR;
-	}
-	
-	/**
-	 * @param viewParams
-	 * @return
-	 */
-	private VelocityContext buildContextFromViewParams(Map<String, Object> viewParams) {
-		VelocityContext context = new VelocityContext();
-				
-		if (viewParams != null) {
-			Iterator<Entry<String, Object>> interator = viewParams.entrySet().iterator();
-			while (interator.hasNext()) {
-				Entry<String, Object> el = interator.next();
-				context.put(el.getKey(), el.getValue());
-			}
-			
-		} 
-		
-		return context;
-	}
-	
 }
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index ef3e71874..6156ba6b4 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -26,13 +26,16 @@ import org.w3c.dom.NodeList;
 import org.xml.sax.SAXException;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
 import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
 import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
@@ -61,7 +64,6 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException;
@@ -71,7 +73,6 @@ import at.gv.egovernment.moa.id.logging.SpecificTraceLogger;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.DateTimeUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
@@ -432,7 +433,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 	 */
 	public String getCreateXMLSignatureRequestAuthBlockOrRedirect(
 			IAuthenticationSession session, IRequest pendingReq) throws ConfigurationException,
-			BuildException, ValidateException {
+			BuildException, ValidateException, EAAFBuilderException {
 
 		IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
 
@@ -531,7 +532,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 	 * @throws ConfigurationException 
 	 */
 	private String buildAuthenticationBlock(IAuthenticationSession session,
-			IOAAuthParameters oaParam, IRequest pendingReq) throws BuildException, ConfigurationException {
+			IOAAuthParameters oaParam, IRequest pendingReq) throws BuildException, ConfigurationException, EAAFBuilderException {
 
 		IIdentityLink identityLink = session.getIdentityLink();
 		String issuer = identityLink.getName();
@@ -930,7 +931,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 	public void verifyAuthenticationBlock(IRequest pendingReq, IAuthenticationSession session,
 			String xmlCreateXMLSignatureReadResponse)
 					throws AuthenticationException, BuildException, ParseException,
-					ConfigurationException, ServiceException, ValidateException, BKUException {
+					ConfigurationException, ServiceException, ValidateException, BKUException, EAAFBuilderException {
 
 		if (session == null)
 			throw new AuthenticationException("auth.10", new Object[]{
@@ -1068,7 +1069,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 	 */
 
 	protected Element createIdentificationBPK(Element mandatePerson,
-			String baseid, String target) throws BuildException {
+			String baseid, String target) throws BuildException, EAAFBuilderException {
 		Element identificationBpK = mandatePerson.getOwnerDocument()
 				.createElementNS(Constants.PD_NS_URI, "Identification");
 		Element valueBpK = mandatePerson.getOwnerDocument().createElementNS(
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
index 9a807ca00..a2a38c9dd 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
@@ -31,10 +31,10 @@ import javax.xml.transform.TransformerException;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.StringUtils;
 
 /**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index bbd90fdaa..a46c81d06 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -48,6 +48,7 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
@@ -61,7 +62,6 @@ import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
index 9dcc93e9f..fb65bac04 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
@@ -49,10 +49,10 @@ package at.gv.egovernment.moa.id.auth.builder;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 
 /**
  * Builder for the <code>lt;pr:Person&gt;</code> element to be inserted
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java
index 306c871fc..ee58b7fa1 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java
@@ -50,9 +50,9 @@ import java.text.MessageFormat;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.StringUtils;
 
 /**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
index e6adcf159..2c8127e2d 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -55,10 +55,10 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
 
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
index 37f24ea72..d345aa208 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
@@ -18,9 +18,11 @@ import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -31,12 +33,10 @@ import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.client.SZRGWClientException;
 import at.gv.egovernment.moa.id.client.utils.SZRGWClientUtils;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
 
 /**
@@ -135,7 +135,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
 				IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(
 						response.getIdentityLink()));
 				IIdentityLink identitylink = ilParser.parseIdentityLink();
-				moasession.setIdentityLink(identitylink);
+				moasession.setIdentityLink(identitylink); 
 
 				// set QAA Level four in case of card authentifcation
 				moasession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
index d81afee7b..af4abe813 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
@@ -18,6 +18,7 @@ import org.xml.sax.SAXException;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -31,7 +32,6 @@ import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 import iaik.pki.PKIException;
 
 /**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
index 4db814246..7c9702b8b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
@@ -37,6 +37,7 @@ import org.w3c.dom.Element;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -49,7 +50,6 @@ import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
 import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 
 /**
  * @author tlenz
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
index fb3cf3713..0b5db368f 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
@@ -58,14 +58,14 @@ import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 import org.w3c.dom.traversal.NodeIterator;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 
 /**
  * Parses an <code>&lt;InfoboxReadResponse&gt;</code> returned from
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java
index 390467bf8..4c9c15e99 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java
@@ -53,12 +53,12 @@ import java.util.Vector;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.auth.data.InfoboxToken;
 import at.gv.egovernment.moa.id.auth.data.InfoboxTokenImpl;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 
 /**
  * Parses and unmarshales <code>InfoboxReadResponse<code>.
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
index dba26f1db..8458bce01 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
@@ -63,14 +63,14 @@ import org.apache.xpath.XPathAPI;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 import iaik.x509.X509Certificate;
 
 /**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 96be0279a..01ef4ee26 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -57,9 +57,12 @@ import org.jaxen.SimpleNamespaceContext;
 import org.w3c.dom.Element;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
@@ -68,7 +71,6 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
@@ -77,7 +79,6 @@ import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 
 /**
  * 
@@ -136,7 +137,7 @@ public class CreateXMLSignatureResponseValidator {
  * @throws ConfigurationException 
    */
   public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, IAuthenticationSession session, IRequest pendingReq)
-   throws ValidateException, BuildException, ConfigurationException {
+   throws ValidateException, BuildException, ConfigurationException, EAAFBuilderException {
       // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
     IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class);
     String oaURL = oaParam.getPublicURLPrefix(); 
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
index f3ce6888b..604d224eb 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
@@ -49,11 +49,11 @@ package at.gv.egovernment.moa.id.auth.validator;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.IdentityLink;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.exception.ValidateException;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.XPathUtils;
 
 /**
  * This class is used to validate an {@link IdentityLink} 
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index 17a3fe7ab..17d487e79 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -54,11 +54,11 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Set;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.auth.exception.ValidateException;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
index b3327a3d5..e023a6507 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
@@ -64,7 +64,8 @@ import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
 import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
@@ -73,7 +74,6 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.BoolUtils;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.StringUtils;
 
 /**
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
index a1e16a7f0..fe0e659c7 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
@@ -70,12 +70,12 @@ import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 import org.xml.sax.SAXException;
 
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MISSimpleClientException;
 import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport;
 import at.gv.egovernment.moa.id.data.MISMandate;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.StringUtils;
 
 
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java
index ec15a209c..9d59b60f3 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java
@@ -48,10 +48,9 @@ package test.at.gv.egovernment.moa.id.auth.builder;
 
 import org.w3c.dom.Document;
 import test.at.gv.egovernment.moa.id.UnitTestCase;
-
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 
 /**
  * @author Paul Ivancsics
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java
index f2fde6322..f83f57144 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java
@@ -46,9 +46,9 @@
 
 package test.at.gv.egovernment.moa.id.auth.builder;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
 import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.util.Constants;
 
 import test.at.gv.egovernment.moa.id.UnitTestCase;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java
index 977764878..88b973457 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java
@@ -46,20 +46,19 @@
 
 package test.at.gv.egovernment.moa.id.auth.parser;
 
-import iaik.security.rsa.RSAPublicKey;
-
 import java.io.FileOutputStream;
 import java.io.RandomAccessFile;
 import java.security.PublicKey;
 
 import org.w3c.dom.Document;
 
-import test.at.gv.egovernment.moa.id.UnitTestCase;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
 import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
+import iaik.security.rsa.RSAPublicKey;
+import test.at.gv.egovernment.moa.id.UnitTestCase;
 
 /**
  * @author Paul Ivancsics
@@ -74,7 +73,7 @@ public class IdentityLinkAssertionParserTest extends UnitTestCase {
   }
 
   public void setUp() {
-    try {
+    try { 
       RandomAccessFile s =
         new RandomAccessFile(
           "data/test/xmldata/testperson1/InfoboxReadResponse.xml",
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java
index 38bf1cab6..58c6b66d0 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java
@@ -48,10 +48,10 @@ package test.at.gv.egovernment.moa.id.auth.parser;
 
 import java.io.RandomAccessFile;
 
-import test.at.gv.egovernment.moa.id.UnitTestCase;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
+import test.at.gv.egovernment.moa.id.UnitTestCase;
 
 /**
  * @author Paul Ivancsics
@@ -64,7 +64,7 @@ public class InfoboxReadResponseParserTest extends UnitTestCase {
   public InfoboxReadResponseParserTest(String name) {
     super(name);
   }
-
+ 
   public void setUp() {
   }
 
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
index 76563c8ca..ec43adccc 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
@@ -55,6 +55,7 @@ import com.google.gson.JsonParseException;
 import com.google.gson.JsonParser;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
@@ -64,7 +65,6 @@ import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
@@ -91,7 +91,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 	private static final String EIDCONTAINER_KEY_SALT = "salt";
 	private static final String EIDCONTAINER_KEY_IV = "iv";
 	private static final String EIDCONTAINER_EID = "eid";
-	private static final String EIDCONTAINER_KEY_IDL = "idl";
+	private static final String EIDCONTAINER_KEY_IDL = "idl"; 
 	private static final String EIDCONTAINER_KEY_BINDINGCERT = "cert";
 	 
 	public static final String REQ_PARAM_eID_BLOW = "eidToken";
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
index 90810a7f4..5e79aee8e 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
@@ -34,6 +34,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
@@ -44,7 +45,6 @@ import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
@@ -64,7 +64,7 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
 			throws TaskExecutionException {
-		
+		 
 		try {
 			Logger.info("Add user credentials for BKA MobileAuth SAML2 test and finalize authentication");	
 			parseDemoValuesIntoMOASession(pendingReq);
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
index 45033562f..103781470 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -35,9 +35,12 @@ import org.springframework.stereotype.Component;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
@@ -46,13 +49,10 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeExce
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
 
 /**
@@ -70,7 +70,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 	@Override
 	public void execute(ExecutionContext executionContext,
 			HttpServletRequest request, HttpServletResponse response)
-			throws TaskExecutionException {
+			throws TaskExecutionException { 
 		try{												
 			//get eIDAS attributes from MOA-Session
 			ImmutableAttributeMap eIDASAttributes = pendingReq.getGenericData(
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
index 0b0c74777..658502d2c 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
@@ -38,11 +38,11 @@ import org.springframework.stereotype.Component;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesRequestBuilderConfiguration;
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 190ef9e9d..19fdb3fee 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -37,6 +37,7 @@ import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIssuingNationAttributeBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder;
 import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN;
@@ -46,7 +47,6 @@ import at.gv.egovernment.moa.id.auth.stork.STORKConstants;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder;
-import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate;
 import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
index 325e1906d..8791da429 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -127,7 +127,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				
 				//TODO: validate results
 				
-				
+				 
 				//add into session
 				AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
 				moasession.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink());
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
index 5a17d6123..044366eb6 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java
@@ -28,10 +28,10 @@ import java.util.List;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IMISMandate;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.data.AuthenticationRole;
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
index a866f3939..8c024e79c 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
@@ -447,4 +447,22 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters {
 		return false;
 	}
 
+	@Override
+	public String getConfigurationValue(String arg0, String arg1) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Boolean isConfigurationValue(String arg0) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isConfigurationValue(String arg0, boolean arg1) {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
 }
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
index 04ac1fd57..dc2baab7d 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java
@@ -75,6 +75,7 @@ import com.google.gson.JsonParser;
 import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
@@ -202,7 +203,7 @@ public class SSOTransferServlet{
 					InputStream idlstream = idlURL.openStream();
 					moaSession.setIdentityLink(new IdentityLinkAssertionParser(idlstream).parseIdentityLink());
 					internalTransferPersonalInformation(req, resp, container, moaSession, true);
-					
+					 
 				} else {
 					Logger.info("Servlet " + getClass().getName() + " receive a token:" +
 							token + ", which references an empty data object.");
@@ -451,7 +452,7 @@ public class SSOTransferServlet{
 	}
 	
 	private void internalTransferPersonalInformation(HttpServletRequest req, HttpServletResponse resp,
-			SSOTransferContainer container, IAuthenticationSession moaSession, boolean developmentMode) throws IOException, InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, OperatorCreationException, CredentialsNotAvailableException, PKCSException, CertificateException, SessionDataStorageException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException {
+			SSOTransferContainer container, IAuthenticationSession moaSession, boolean developmentMode) throws IOException, InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, OperatorCreationException, CredentialsNotAvailableException, PKCSException, CertificateException, SessionDataStorageException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException, EAAFStorageException {
 		Logger.debug("");
 		JsonObject receivedData = getJSONObjectFromPostMessage(req, developmentMode);
 		
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
index 4a5511df4..cf7723c70 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java
@@ -213,7 +213,7 @@ public class SSOContainerUtils {
 			Logger.error("SignerCertificate is not parseable.", e);
 			
 		}
-		
+		 
 		String idlStr = attributeExtractor.getSingleAttributeValue(PVPConstants.EID_IDENTITY_LINK_NAME);
 		try {
 			if (MiscUtil.isNotEmpty(idlStr)) {
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index 73d99d93b..dcb7cb7ee 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -74,17 +74,17 @@ import com.google.common.net.MediaType;
 
 import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
 import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.DateTimeUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
 
 /**
  * Web service for picking up authentication data created in the MOA-ID Auth component.
@@ -256,7 +256,7 @@ public class GetAuthenticationDataService extends AbstractController implements
 				// no SAML artifact given in request
 				statusCode = "samlp:Requester";
 				statusMessageCode = "1202";
-				
+				 
 			} else if (samlArtifactList.getLength() > 1) {
 				// too many SAML artifacts given in request
 				statusCode = "samlp:Requester";
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 73afec4e0..78dc80815 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -46,12 +46,14 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.core.impl.utils.Random;
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
 import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
 import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -71,7 +73,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.StringUtils;
 import at.gv.util.xsd.persondata.IdentificationType;
@@ -445,7 +446,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 	private String generateMandateDate(IOAAuthParameters oaParam, MOAAuthenticationData authData
 			) throws AuthenticationException, BuildException,
 			ParseException, ConfigurationException, ServiceException,
-			ValidateException {
+			ValidateException, EAAFBuilderException {
 
 		if (authData == null)
 			throw new AuthenticationException("auth.10", new Object[] {
@@ -547,7 +548,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 				
 			} else {
 				;
-			}
+			} 
 			
 			return DOMUtils.serializeNode(prPerson);
 
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
index e6dbcd89d..33976704f 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
@@ -28,6 +28,7 @@ import java.util.List;
 
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
 import at.gv.egovernment.moa.id.auth.exception.ValidateException;
 import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
@@ -36,7 +37,6 @@ import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
 import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
 import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink;
 import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters;
@@ -56,7 +56,7 @@ public class IdentityLinkTestModule implements TestModuleInterface {
 			identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink();
 		}
 		
-	} 
+	}  
 	
 	public List<String> performTests()  throws Exception{
 		Logger.trace("Start MOA-ID IdentityLink Test");
-- 
cgit v1.2.3


From f3f91359f4af6d12ba52a22c4f1b9500112a9522 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 12 Jul 2018 16:18:02 +0200
Subject: update BKU selection template to add eIDAS button

---
 .../src/main/resources/mainGUI/img/eIDAS.png       | Bin 0 -> 202234 bytes
 .../src/main/resources/mainGUI/img/eIDAS_small.png | Bin 0 -> 36713 bytes
 .../src/main/resources/templates/css_template.css  |  84 +++++++++++++--------
 .../main/resources/templates/loginFormFull.html    |  55 +++++++++-----
 4 files changed, 86 insertions(+), 53 deletions(-)
 create mode 100644 id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS.png
 create mode 100644 id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS_small.png

(limited to 'id/server/moa-id-frontend-resources/src')

diff --git a/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS.png b/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS.png
new file mode 100644
index 000000000..8958cf2e6
Binary files /dev/null and b/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS.png differ
diff --git a/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS_small.png b/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS_small.png
new file mode 100644
index 000000000..6c785bf06
Binary files /dev/null and b/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS_small.png differ
diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css b/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css
index c8de82c50..f95106c5a 100644
--- a/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css
+++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css
@@ -87,7 +87,7 @@
 			  }
 			
 			  #leftcontent {
-				 width: 300px;
+				 width: 400px;
 				 /*margin-top: 30px;*/
          margin: auto;
 			  }
@@ -99,9 +99,9 @@
         }
       
         #bkulogin {
-				  overflow:hidden;	
-          min-width: 190px;
-          min-height: 180px;
+            overflow:hidden;	
+            min-width: 190px;
+            min-height: 180px;
           /*height: 260px;*/	
 			  }
       
@@ -130,11 +130,16 @@
 				 float:left; 
 				 margin-left: 40px;
 			  }
+            #centerbutton {
+                width: 30%
+                float: middle; 
+            }
+			
 			
 			  #rightbutton {
 				 width: 30%; 
 				 float:right; 
-				 margin-right: 45px; 
+				 margin-right: 40px; 
 				 text-align: right;
 			  }
         
@@ -266,7 +271,7 @@
         } 
       }
 
-      @media screen and (max-width: 399px) and (min-width: 300px) {
+      @media screen and (max-width: 399px) and (min-width: 400px) {
         #localBKU p {
           font-size: 0.9em;
         } 
@@ -381,15 +386,14 @@
           visibility: hidden;
         }
         
-			  #leftcontent {
-			    visibility: visible;
-			    margin-bottom: 0px;
-			    text-align: left;
-			    border:none;
-          vertical-align: middle;
-          min-height: 173px;
-          min-width: 204px;
-          
+                #leftcontent {
+			     visibility: visible;
+			     margin-bottom: 0px;
+			     text-align: left;
+			     border:none;
+                vertical-align: middle;
+                min-height: 173px;
+                min-width: 204px;
 			  }
 			  
         #bku_header {
@@ -452,13 +456,14 @@
 			}
 			
 			#leftbutton  {
-				width: 35%; 
+				width: 30%; 
 				float:left; 
 				margin-left: 15px;
 			}
+
 			
 			#rightbutton {
-				width: 35%; 
+				width: 30%; 
 				float:right; 
 				margin-right: 25px; 
 				text-align: right;
@@ -479,12 +484,17 @@
         padding-top: 4%;
         height: 10%;
         position: relative;
-        text-align: center;
+        text-align: left;
 			}
       
       .verticalcenter {
         vertical-align: middle;
       }
+
+    .mandate{
+        float: left;
+        margin-left: 4%;
+    }
       
       #mandateLogin div {
         clear: both;
@@ -509,29 +519,37 @@
 			#bkukarte {
 				float:left;
 				text-align:center;
-				width:40%;
-        min-height: 70px;
-        padding-left: 5%;
-        padding-top: 2%;
+				width:33%;
+                min-height: 90px;
+
+                padding-top: 2%;
 			}
 			
 			#bkuhandy {
-				float:right;
+				float:left;
 				text-align:center;
-				width:40%;
-        min-height: 90px;
-        padding-right: 5%;
-        padding-top: 2%;
+				width:33%;
+                min-height: 90px;
+
+                padding-top: 2%;
 			}
+            #bkueulogin {
+            float:left;
+            text-align:center;
+            width:33%;
+            min-height: 90px;
+            padding-top: 2%;
+         
+        }
 			
-      .bkuimage {
-        width: 60%;
-        height: auto;
-        margin-bottom: 10%;
-      }
+            .bkuimage {
+            width: 55%;
+            height: auto;
+            margin-bottom: 10%;
+            }
       
 			#mandate{
-				text-align:center;
+				text-align:left;
 				padding : 5px 5px 5px 5px;
 			}
       
diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/loginFormFull.html b/id/server/moa-id-frontend-resources/src/main/resources/templates/loginFormFull.html
index fe9bc2166..1a78ffd1a 100644
--- a/id/server/moa-id-frontend-resources/src/main/resources/templates/loginFormFull.html
+++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/loginFormFull.html
@@ -4,10 +4,10 @@
 <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
 
    <!-- MOA-ID 2.x BKUSelection Layout CSS -->               
-   <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=$pendingReqID" />
+   <link rel="stylesheet" href="/css_template.css"/>
    
    <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
-   <script src="$contextPath/js/buildJS?pendingid=$pendingReqID"></script>
+   <script src="/javascript_tempalte.js"></script>
    
 
 <title>Anmeldung mittels Bürgerkarte oder Handy-Signatur</title>
@@ -26,8 +26,8 @@
 						<div id="mandateLogin" class="$MANDATEVISIBLE">
 							<div>
 								<input tabindex="1" type="checkbox" name="Mandate"
-									id="mandateCheckBox" class="verticalcenter" role="checkbox" $MANDATECHECKED>
-								<label for="mandateCheckBox" class="verticalcenter">in
+									id="mandateCheckBox" class="mandate" role="checkbox" $MANDATECHECKED>
+								<label for="mandateCheckBox" class="mandate">in
 									Vertretung anmelden</label>
 								<!--a      href="info_mandates.html" 
                         target="_blank"
@@ -37,31 +37,42 @@
 						</div>
 						<div id="bkuselectionarea">
 							<div id="bkukarte">
-								<img id="bkuimage" class="bkuimage" src="$contextPath/img/karte.png" alt="OnlineBKU" /> 
+								<img id="bkuimage" class="bkuimage" src="/img/karte.png" alt="OnlineBKU"/> 
                 
                 <!-- Remove support for Online BKU and swith the card button to local BKU-->
                 <!--input name="bkuButtonOnline" type="button" onClick="bkuOnlineClicked();" tabindex="2" role="button" value="Karte" /-->                
                 
-                <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent">
+                                <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent">
 								  <input type="hidden" name="bkuURI" value="$bkuLocal" />
 								  <input type="hidden" name="useMandate" id="useMandate" /> 
 								  <input type="hidden" name="SSO" id="useSSO" /> 
 								  <input type="hidden" name="ccc" id="ccc" /> 
 								  <input type="hidden" name="pendingid" value="$pendingReqID" /> 
-                  <input type="submit" value=" Karte " tabindex="4" role="button">
-                </form>
+                                    <input type="submit" value=" Karte " tabindex="5" role="button">
+                                </form>
                 
-                <iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/feature/bkuDetection?pendingid=$pendingReqID"></iframe>
+                            <iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/feature/bkuDetection?pendingid=$pendingReqID"></iframe>
                 
-                <!-- BKU detection with static template-->
-                <!--iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/iframeLBKUdetect.html"></iframe-->
+                                <!-- BKU detection with static template-->
+                                <!--iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/iframeLBKUdetect.html"></iframe-->
                                                             
-							</div>
-							<div id="bkuhandy">
-								<img class="bkuimage" src="$contextPath/img/handysign.png" alt="HandyBKU" />         
-                <input name="bkuButtonHandy" type="button" tabindex="3" role="button" value="HANDY" />
-							</div>
-						</div>
+				        </div>
+                            
+				        <div id="bkuhandy">
+				            <img class="bkuimage" src="/img/handysign.png" alt="HandyBKU" />         
+                            <input name="bkuButtonHandy" type="button" tabindex="3" role="button" value="HANDY" />
+				        </div>
+                
+            
+				        <div id="bkueulogin">
+				            <img class="bkuimage" src="/img/eIDAS_small.png" alt="EULogin" />                                                        
+                              <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent">
+								  <input type="hidden" name="useeIDAS" value="true" />
+								  <input type="hidden" name="useMandate" id="useMandate" />  
+								  <input type="hidden" name="pendingid" value="$pendingReqID" /> 
+                                  <input name="bkuButtonEULogin" onclick="setMandateSelection();" type="button" role="button" value="EULogin" />
+                                </form>
+				        </div>
 						<!--div id="localBKU">
 							<form method="get" id="moaidform" action="$contextPath$submitEndpoint"
 								class="verticalcenter" target="_parent">
@@ -80,7 +91,11 @@
               <!--div id="ssoSessionTransferBlock">
                 <a href="$contextPath$submitEndpoint?pendingid=$pendingReqID&restoreSSOSession=true">>Restore SSO Session from Smartphone</a>
               </div-->
-              
+            
+                  
+                        
+            
+            <!-- 
               <div id="stork" align="center" class="$STORKVISIBLE">
                 <h2 id="tabheader" class="dunkel">Home Country Selection</h2>
                 <p>
@@ -88,9 +103,9 @@
                     $countryList
                   </select>
                   <button id="eIDASButton" name="bkuButton" type="button">Proceed</button>
-                  <!--a href="info_stork.html" target="_blank" class="infobutton">i</a-->
+                  a href="info_stork.html" target="_blank" class="infobutton">i</a
                 </p>
-              </div>
+              </div>-->
 
 						<div id="metroDetected" class="unvisible">
 							<p>Anscheinend verwenden Sie Internet Explorer im
-- 
cgit v1.2.3


From 158d41705d0f8c67a858e84bda8d2c16377cf288 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 13 Jul 2018 15:48:17 +0200
Subject: some bug fixes

---
 .../src/main/webapp/jsp/snippets/OA/stork.jsp      |   3 +-
 .../conf/moa-id/htmlTemplates/css_template.css     |  84 +++++++++++++--------
 .../conf/moa-id/htmlTemplates/loginFormFull.html   |  68 ++++++++++-------
 id/server/idserverlib/pom.xml                      |   4 +-
 .../moa/id/advancedlogging/StatisticLogger.java    |  80 +++++++++++---------
 .../id/auth/builder/AuthenticationDataBuilder.java |  10 +--
 .../builder/CreateXMLSignatureRequestBuilder.java  |   2 +-
 .../moa/id/auth/data/AuthenticationSession.java    |  22 ++++--
 .../tasks/EvaluateSSOConsentsTaskImpl.java         |  16 ++--
 .../internal/tasks/UserRestrictionTask.java        |   2 +-
 .../StartAuthentificationParameterParser.java      |   8 +-
 .../moa/id/moduls/AuthenticationManager.java       |  11 +--
 .../gv/egovernment/moa/id/moduls/SSOManager.java   |  32 +++++---
 .../storage/DBAuthenticationSessionStoreage.java   |   3 +-
 .../resources/properties/id_messages_de.properties |   6 +-
 .../protocol_response_statuscodes_de.properties    |   2 +
 .../auth/data/AuthenticationDataBuilderTest.java   |   2 +-
 ...roviderSpecificGUIFormBuilderConfiguration.java |  12 ++-
 .../moa/id/auth/frontend/utils/FormBuildUtils.java |  18 ++---
 .../moa/id/auth/AuthenticationServer.java          |  10 +--
 .../AuthenticationBlockAssertionBuilder.java       |   2 +-
 .../internal/tasks/CertificateReadRequestTask.java |   4 +-
 .../internal/tasks/CreateIdentityLinkFormTask.java |   2 +-
 .../internal/tasks/GetMISSessionIDTask.java        |   3 +-
 .../tasks/InitializeBKUAuthenticationTask.java     |   9 ++-
 .../tasks/PrepareAuthBlockSignatureTask.java       |   3 +-
 .../internal/tasks/PrepareGetMISMandateTask.java   |   3 +-
 .../tasks/VerifyAuthenticationBlockTask.java       |   3 +-
 .../internal/tasks/VerifyCertificateTask.java      |   3 +-
 .../internal/tasks/VerifyIdentityLinkTask.java     |   3 +-
 .../CreateXMLSignatureResponseValidator.java       |   4 +-
 .../tasks/CreateAuthnRequestTask.java              |  50 +++---------
 .../tasks/ReceiveAuthnResponseTask.java            |  34 +++++++--
 .../auth/modules/eIDAScentralAuth/utils/Utils.java |  45 +++++++++++
 .../tasks/FirstBKAMobileAuthTask.java              |  19 +----
 .../tasks/SecondBKAMobileAuthTask.java             |  13 +---
 .../eidas/tasks/CreateIdentityLinkTask.java        |  18 ++---
 .../eidas/tasks/ReceiveAuthnResponseTask.java      |  19 +++--
 .../moa/id/protocols/eidas/EIDASProtocol.java      |   6 +-
 .../tasks/ReceiveElgaMandateResponseTask.java      |   8 +-
 .../elgamandates/tasks/RequestELGAMandateTask.java |   4 +-
 .../oauth20/protocol/OAuth20AuthRequest.java       |   3 +-
 .../oauth20/protocol/OAuth20BaseRequest.java       |  11 +--
 .../oauth20/protocol/OAuth20Protocol.java          |   4 +-
 .../oauth20/protocol/OAuth20TokenRequest.java      |   3 +-
 .../sl20_auth/tasks/CreateQualeIDRequestTask.java  |   2 +-
 .../sl20_auth/tasks/ReceiveQualeIDTask.java        |  19 +++--
 .../sl20_auth/tasks/VerifyQualifiedeIDTask.java    |  14 ++--
 .../task/InitializeRestoreSSOSessionTask.java      |   4 +-
 .../ssotransfer/task/RestoreSSOSessionTask.java    |  14 ++--
 .../tasks/CreateAuthnRequestTask.java              |   2 +-
 .../tasks/ReceiveAuthnResponseTask.java            |  16 ++--
 .../moa/id/protocols/saml1/GetArtifactAction.java  |   6 +-
 .../moa/id/protocols/saml1/SAML1Protocol.java      |   4 +-
 .../eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0-tests.jar | Bin 53076 -> 53645 bytes
 .../egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0.jar  | Bin 360335 -> 360662 bytes
 .../1.0.0/eaaf_module_pvp2_core-1.0.0.jar          | Bin 110449 -> 110555 bytes
 .../1.0.0/eaaf_module_pvp2_idp-1.0.0.jar           | Bin 35302 -> 35407 bytes
 .../1.0.0/eaaf_module_pvp2_sp-1.0.0.jar            | Bin 15649 -> 15649 bytes
 59 files changed, 411 insertions(+), 341 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java

(limited to 'id/server/moa-id-frontend-resources/src')

diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp
index 76c8d069b..129b32508 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp
@@ -22,7 +22,7 @@
 								labelposition="left" 
 								cssClass="textfield_long"/>
 								
-								
+							<!-- 	
 							<h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.enabledcpeps", request) %></h4>
 							<s:checkboxlist name="storkOA.enabledCitizenCountries" list="storkOA.availableCitizenCountries" value="storkOA.enabledCitizenCountries" />
 							<h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.header", request) %></h4>
@@ -39,6 +39,7 @@
 									</tr>
 								</s:iterator>
 							</table>
+							 -->
 						</div>
 					</div>
 				
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css b/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css
index c8de82c50..f95106c5a 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css
@@ -87,7 +87,7 @@
 			  }
 			
 			  #leftcontent {
-				 width: 300px;
+				 width: 400px;
 				 /*margin-top: 30px;*/
          margin: auto;
 			  }
@@ -99,9 +99,9 @@
         }
       
         #bkulogin {
-				  overflow:hidden;	
-          min-width: 190px;
-          min-height: 180px;
+            overflow:hidden;	
+            min-width: 190px;
+            min-height: 180px;
           /*height: 260px;*/	
 			  }
       
@@ -130,11 +130,16 @@
 				 float:left; 
 				 margin-left: 40px;
 			  }
+            #centerbutton {
+                width: 30%
+                float: middle; 
+            }
+			
 			
 			  #rightbutton {
 				 width: 30%; 
 				 float:right; 
-				 margin-right: 45px; 
+				 margin-right: 40px; 
 				 text-align: right;
 			  }
         
@@ -266,7 +271,7 @@
         } 
       }
 
-      @media screen and (max-width: 399px) and (min-width: 300px) {
+      @media screen and (max-width: 399px) and (min-width: 400px) {
         #localBKU p {
           font-size: 0.9em;
         } 
@@ -381,15 +386,14 @@
           visibility: hidden;
         }
         
-			  #leftcontent {
-			    visibility: visible;
-			    margin-bottom: 0px;
-			    text-align: left;
-			    border:none;
-          vertical-align: middle;
-          min-height: 173px;
-          min-width: 204px;
-          
+                #leftcontent {
+			     visibility: visible;
+			     margin-bottom: 0px;
+			     text-align: left;
+			     border:none;
+                vertical-align: middle;
+                min-height: 173px;
+                min-width: 204px;
 			  }
 			  
         #bku_header {
@@ -452,13 +456,14 @@
 			}
 			
 			#leftbutton  {
-				width: 35%; 
+				width: 30%; 
 				float:left; 
 				margin-left: 15px;
 			}
+
 			
 			#rightbutton {
-				width: 35%; 
+				width: 30%; 
 				float:right; 
 				margin-right: 25px; 
 				text-align: right;
@@ -479,12 +484,17 @@
         padding-top: 4%;
         height: 10%;
         position: relative;
-        text-align: center;
+        text-align: left;
 			}
       
       .verticalcenter {
         vertical-align: middle;
       }
+
+    .mandate{
+        float: left;
+        margin-left: 4%;
+    }
       
       #mandateLogin div {
         clear: both;
@@ -509,29 +519,37 @@
 			#bkukarte {
 				float:left;
 				text-align:center;
-				width:40%;
-        min-height: 70px;
-        padding-left: 5%;
-        padding-top: 2%;
+				width:33%;
+                min-height: 90px;
+
+                padding-top: 2%;
 			}
 			
 			#bkuhandy {
-				float:right;
+				float:left;
 				text-align:center;
-				width:40%;
-        min-height: 90px;
-        padding-right: 5%;
-        padding-top: 2%;
+				width:33%;
+                min-height: 90px;
+
+                padding-top: 2%;
 			}
+            #bkueulogin {
+            float:left;
+            text-align:center;
+            width:33%;
+            min-height: 90px;
+            padding-top: 2%;
+         
+        }
 			
-      .bkuimage {
-        width: 60%;
-        height: auto;
-        margin-bottom: 10%;
-      }
+            .bkuimage {
+            width: 55%;
+            height: auto;
+            margin-bottom: 10%;
+            }
       
 			#mandate{
-				text-align:center;
+				text-align:left;
 				padding : 5px 5px 5px 5px;
 			}
       
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
index fe9bc2166..01249537f 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
@@ -4,7 +4,7 @@
 <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
 
    <!-- MOA-ID 2.x BKUSelection Layout CSS -->               
-   <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=$pendingReqID" />
+   <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=$pendingReqID"/>
    
    <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
    <script src="$contextPath/js/buildJS?pendingid=$pendingReqID"></script>
@@ -26,8 +26,8 @@
 						<div id="mandateLogin" class="$MANDATEVISIBLE">
 							<div>
 								<input tabindex="1" type="checkbox" name="Mandate"
-									id="mandateCheckBox" class="verticalcenter" role="checkbox" $MANDATECHECKED>
-								<label for="mandateCheckBox" class="verticalcenter">in
+									id="mandateCheckBox" class="mandate" role="checkbox" $MANDATECHECKED>
+								<label for="mandateCheckBox" class="mandate">in
 									Vertretung anmelden</label>
 								<!--a      href="info_mandates.html" 
                         target="_blank"
@@ -37,31 +37,41 @@
 						</div>
 						<div id="bkuselectionarea">
 							<div id="bkukarte">
-								<img id="bkuimage" class="bkuimage" src="$contextPath/img/karte.png" alt="OnlineBKU" /> 
+								<img id="bkuimage" class="bkuimage" src="$contextPath/img/karte.png" alt="OnlineBKU"/> 
                 
-                <!-- Remove support for Online BKU and swith the card button to local BKU-->
-                <!--input name="bkuButtonOnline" type="button" onClick="bkuOnlineClicked();" tabindex="2" role="button" value="Karte" /-->                
+                  <!-- Remove support for Online BKU and swith the card button to local BKU-->
+                  <!--input name="bkuButtonOnline" type="button" onClick="bkuOnlineClicked();" tabindex="2" role="button" value="Karte" /-->                
                 
-                <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent">
-								  <input type="hidden" name="bkuURI" value="$bkuLocal" />
-								  <input type="hidden" name="useMandate" id="useMandate" /> 
-								  <input type="hidden" name="SSO" id="useSSO" /> 
-								  <input type="hidden" name="ccc" id="ccc" /> 
-								  <input type="hidden" name="pendingid" value="$pendingReqID" /> 
-                  <input type="submit" value=" Karte " tabindex="4" role="button">
-                </form>
+                  <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent">
+								    <input type="hidden" name="bkuURI" value="$bkuLocal" />
+								    <input type="hidden" name="useMandate" id="useMandate" /> 
+								    <input type="hidden" name="SSO" id="useSSO" /> 
+								    <input type="hidden" name="ccc" id="ccc" /> 
+								    <input type="hidden" name="pendingid" value="$pendingReqID" /> 
+                    <input type="submit" value=" Karte " tabindex="5" role="button" onclick="setMandateSelection();" />
+                  </form>
                 
-                <iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/feature/bkuDetection?pendingid=$pendingReqID"></iframe>
+                  <iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/feature/bkuDetection?pendingid=$pendingReqID"></iframe>
                 
-                <!-- BKU detection with static template-->
-                <!--iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/iframeLBKUdetect.html"></iframe-->
-                                                            
-							</div>
-							<div id="bkuhandy">
-								<img class="bkuimage" src="$contextPath/img/handysign.png" alt="HandyBKU" />         
-                <input name="bkuButtonHandy" type="button" tabindex="3" role="button" value="HANDY" />
-							</div>
-						</div>
+                  <!-- BKU detection with static template-->
+                  <!--iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/iframeLBKUdetect.html"></iframe-->                                                            
+				        </div>
+                            
+				        <div id="bkuhandy">
+				            <img class="bkuimage" src="$contextPath/img/handysign.png" alt="HandyBKU" />         
+                            <input name="bkuButtonHandy" type="button" tabindex="3" role="button" value="HANDY" />
+				        </div>
+                
+            
+				        <div id="bkueulogin" style="$STORKVISIBLE">
+				            <img class="bkuimage" src="$contextPath/img/eIDAS_small.png" alt="EULogin" />                                                        
+                    <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent">
+								      <input type="hidden" name="useeIDAS" value="true" />
+								      <input type="hidden" name="useMandate" id="useMandate" />  
+								      <input type="hidden" name="pendingid" value="$pendingReqID" /> 
+                      <input name="bkuButtonEULogin" onclick="setMandateSelection();" type="submit" role="button" value="EULogin" />
+                    </form>
+				        </div>
 						<!--div id="localBKU">
 							<form method="get" id="moaidform" action="$contextPath$submitEndpoint"
 								class="verticalcenter" target="_parent">
@@ -80,7 +90,11 @@
               <!--div id="ssoSessionTransferBlock">
                 <a href="$contextPath$submitEndpoint?pendingid=$pendingReqID&restoreSSOSession=true">>Restore SSO Session from Smartphone</a>
               </div-->
-              
+            
+                  
+                        
+            
+            <!-- 
               <div id="stork" align="center" class="$STORKVISIBLE">
                 <h2 id="tabheader" class="dunkel">Home Country Selection</h2>
                 <p>
@@ -88,9 +102,9 @@
                     $countryList
                   </select>
                   <button id="eIDASButton" name="bkuButton" type="button">Proceed</button>
-                  <!--a href="info_stork.html" target="_blank" class="infobutton">i</a-->
+                  a href="info_stork.html" target="_blank" class="infobutton">i</a
                 </p>
-              </div>
+              </div>-->
 
 						<div id="metroDetected" class="unvisible">
 							<p>Anscheinend verwenden Sie Internet Explorer im
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 9b9b13d8b..0e8b996ba 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -319,8 +319,8 @@
   			<artifactId>eaaf-core</artifactId>
   			<type>test-jar</type>
   			<classifier>tests</classifier>
-  			<version>1.0.0-snapshot</version>
-  			<scope>test</scope> 
+  			<version>1.0.0</version>
+  			<scope>test</scope>  
 		</dependency>						
 <!-- 		<dependency>
   			<groupId>org.opensaml</groupId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
index e92c3377a..f642cddc7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
@@ -61,7 +61,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameterDecorator;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
@@ -142,12 +142,15 @@ public class StatisticLogger implements IStatisticLogger{
 				IMOAAuthData moaAuthData = (IMOAAuthData) authData;
 				dblog.setOatarget(moaAuthData.getBPKType());	
 
-				boolean isFederatedAuthentication = protocolRequest.getGenericData(AuthenticationManager.DATAID_INTERFEDERATIOIDP_RESPONSE) != null;
+				boolean isFederatedAuthentication = protocolRequest.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE) != null;
 				dblog.setInterfederatedSSOSession(isFederatedAuthentication);
 				
 				if (isFederatedAuthentication) {
 					dblog.setBkutype(IOAAuthParameters.INDERFEDERATEDIDP);
-					dblog.setBkuurl(protocolRequest.getGenericData(AuthenticationManager.DATAID_INTERFEDERATIOIDP_ENTITYID, String.class));
+					dblog.setBkuurl(protocolRequest.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, String.class));
+					
+				} else if (moaAuthData.isForeigner()) {
+					dblog.setBkutype(IOAAuthParameters.EIDAS);
 					
 				} else {
 					dblog.setBkuurl(moaAuthData.getBkuURL());
@@ -299,7 +302,8 @@ public class StatisticLogger implements IStatisticLogger{
 										
 				} else {
 					Logger.debug("Use MOA session information from pending-req for ErrorLogging");
-					moasession = new AuthenticationSessionWrapper(errorRequest.genericFullDataStorage()); 
+					moasession = (IAuthenticationSession) errorRequest.getSessionData(AuthenticationSessionWrapper.class);
+					
 
 					
 				}
@@ -393,45 +397,47 @@ public class StatisticLogger implements IStatisticLogger{
 	
 	private String findBKUType(String bkuURL, IOAAuthParameters dbOA) {
 		
-		if (dbOA != null) {
-			if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.HANDYBKU)))
-				return IOAAuthParameters.HANDYBKU;
-					
-			if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.LOCALBKU)))
-				return IOAAuthParameters.LOCALBKU;
-					
-			if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.THIRDBKU)))
-				return IOAAuthParameters.THIRDBKU;	
-		}
-		
-		Logger.trace("Staticic Log search BKUType from DefaultBKUs");
-		
-		try {
-			if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.THIRDBKU)))
-				return IOAAuthParameters.THIRDBKU;
+		if (bkuURL != null) {
+			if (dbOA != null) {
+				if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.HANDYBKU)))
+					return IOAAuthParameters.HANDYBKU;
+						
+				if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.LOCALBKU)))
+					return IOAAuthParameters.LOCALBKU;
+						
+				if (bkuURL.equals(dbOA.getBKUURL(OAAuthParameterDecorator.THIRDBKU)))
+					return IOAAuthParameters.THIRDBKU;	
+			}
+			
+			Logger.trace("Staticic Log search BKUType from DefaultBKUs");
 			
-			if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU)))
+			try {
+				if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.THIRDBKU)))
+					return IOAAuthParameters.THIRDBKU;
+				
+				if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU)))
+					return IOAAuthParameters.LOCALBKU;
+				
+				if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU)))
+					return IOAAuthParameters.HANDYBKU;
+				
+			} catch (ConfigurationException e) {
+				Logger.info("Advanced Logging: Default BKUs read failed");
+			}
+			
+			Logger.debug("Staticic Log search BKUType from generneric Parameters");
+			
+			if (bkuURL.endsWith(GENERIC_LOCALBKU)) {
+				Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.LOCALBKU);
 				return IOAAuthParameters.LOCALBKU;
+			}
 			
-			if (bkuURL.equals(authConfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU)))
+			if (bkuURL.startsWith(GENERIC_HANDYBKU)) {
+				Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.HANDYBKU);
 				return IOAAuthParameters.HANDYBKU;
-			
-		} catch (ConfigurationException e) {
-			Logger.info("Advanced Logging: Default BKUs read failed");
-		}
-		
-		Logger.debug("Staticic Log search BKUType from generneric Parameters");
-		
-		if (bkuURL.endsWith(GENERIC_LOCALBKU)) {
-			Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.LOCALBKU);
-			return IOAAuthParameters.LOCALBKU;
+			}
 		}
 		
-		if (bkuURL.startsWith(GENERIC_HANDYBKU)) {
-			Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.HANDYBKU);
-			return IOAAuthParameters.HANDYBKU;
-		}
-				
 		Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.AUTHTYPE_OTHERS);
 		return IOAAuthParameters.AUTHTYPE_OTHERS;
 	}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index a13455972..2c14af463 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -129,12 +129,12 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 	public IAuthData buildAuthenticationData(IRequest pendingReq) throws EAAFAuthenticationException {
 		try {
 			return buildAuthenticationData(pendingReq, 
-					new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()),
+					pendingReq.getSessionData(AuthenticationSessionWrapper.class),
 					pendingReq.getServiceProviderConfiguration(OAAuthParameterDecorator.class));
 			
 		} catch (ConfigurationException | BuildException | WrongParametersException | DynamicOABuildException | EAAFBuilderException e) {
 			Logger.warn("Can not build authentication data from session information");
-			throw new EAAFAuthenticationException("TODO", new Object[]{}, e);
+			throw new EAAFAuthenticationException("builder.11", new Object[]{}, e);
 			
 		}
 		
@@ -186,14 +186,14 @@ public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder
 		if (oaParam.isSTORKPVPGateway())
 			oaParam = DynamicOAAuthParameterBuilder.buildFromAuthnRequest(oaParam, pendingReq);
 				
-		Boolean isMinimalFrontChannelResp = pendingReq.getGenericData(
+		Boolean isMinimalFrontChannelResp = pendingReq.getRawData(
 				MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, Boolean.class);
 		if (isMinimalFrontChannelResp != null && isMinimalFrontChannelResp) {
 			//only set minimal response attributes			
 			authdata.setQAALevel(
-					pendingReq.getGenericData(MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, String.class));
+					pendingReq.getRawData(MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, String.class));
 			authdata.setBPK(
-					pendingReq.getGenericData(MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, String.class));
+					pendingReq.getRawData(MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, String.class));
 						
 		} else {
 			//build AuthenticationData from MOASession
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index a43e6a7fb..399ecc022 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -191,7 +191,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
 		String sectorName = null;
 		
 		
-		String saml1Target = pendingReq.getGenericData(
+		String saml1Target = pendingReq.getRawData(
 				MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class);
 		if (MiscUtil.isNotEmpty(saml1Target)) {
 			target = saml1Target;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 926bfe242..cadaec2a0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -45,6 +45,7 @@ import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Map.Entry;
 
 import org.apache.commons.collections4.map.HashedMap;
 
@@ -235,13 +236,17 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi
 	 */
 	@Override
 	public X509Certificate getSignerCertificate() {
-		try {
-			return new X509Certificate(signerCertificate);
-		}
-		catch (CertificateException e) {
-			Logger.warn("Signer certificate can not be loaded from session database!", e);
-			return null;
+		if (signerCertificate != null && signerCertificate.length > 0) {
+			try {
+				return new X509Certificate(signerCertificate);
+			}
+			catch (CertificateException e) {
+				Logger.warn("Signer certificate can not be loaded from session database!", e);
+			
+			}
 		}
+		
+		return null;
 	}
 	
 	/* (non-Javadoc)
@@ -665,8 +670,9 @@ public class AuthenticationSession implements Serializable, IAuthenticationSessi
 		result.put(VALUE_SIGNER_CERT, getSignerCertificate());
 		result.put(VALUE_VERIFYSIGRESP, getXMLVerifySignatureResponse());
 		
-		result.putAll(genericSessionDataStorate);
-		
+		for (Entry<String, Object> el : genericSessionDataStorate.entrySet()) 
+			result.put(GENERIC_PREFIX + el.getKey(), el.getValue());
+				
 		return Collections.unmodifiableMap(result);
 	}	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
index b976cba9e..375b144d7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateSSOConsentsTaskImpl.java
@@ -78,13 +78,8 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
 			//defaultTaskInitialization(request, executionContext);
 			
 			//check SSO session cookie and MOASession object
-			String ssoId = ssoManager.getSSOSessionID(request);
-			boolean isValidSSOSession = ssoManager.isValidSSOSession(ssoId, pendingReq);
-
-			//load MOA SSO-session from database
-			AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier());
-			
-			if (!(isValidSSOSession && ssoMOSSession.isAuthenticated() )) {
+			String ssoId = ssoManager.getSSOSessionID(request);			
+			if (!(ssoManager.isValidSSOSession(ssoId, pendingReq))) {
 				Logger.info("Single Sign-On consents evaluator found NO valid SSO session. Stopping authentication process ...");
 				throw new AuthenticationException("auth.30", null);
 				
@@ -95,9 +90,12 @@ public class EvaluateSSOConsentsTaskImpl extends AbstractAuthServletTask {
 						
 			//user allow single sign-on authentication
 			if (ssoConsents) {
-								
+				//load MOA SSO-session from database
+				AuthenticationSession ssoMOSSession = authenticatedSessionStorage.getInternalSSOSession(pendingReq.getInternalSSOSessionIdentifier());
+
+				
 				//Populate this pending request with SSO session information
-				pendingReq.setGenericDataToSession(ssoMOSSession.getKeyValueRepresentationFromAuthSession());;
+				pendingReq.setRawDataToTransaction(ssoMOSSession.getKeyValueRepresentationFromAuthSession());;
 				
 				//authenticate pending-request
 				pendingReq.setAuthenticated(true);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
index 7d9a2c28c..acaf21682 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java
@@ -35,7 +35,7 @@ public class UserRestrictionTask extends AbstractAuthServletTask {
 			List<String> restrictedSPs = KeyValueUtils.getListOfCSVValues(authConfig.getBasicConfiguration(CONFIG_PROPS_SP_LIST));						
 			if (restrictedSPs.contains(spEntityId)) {
 				Logger.debug("SP:" + spEntityId + " has a user restrication. Check users bPK ... ");				
-				AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+				AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); 
 				
 				//check if user idl is already loaded
 				if (moasession.getIdentityLink() == null) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 0e1e1bf12..ead80b117 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -138,8 +138,8 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 				resultTargetFriendlyName = targetFriendlyNameConfig;
 					
 			//set info's into request-context. (It's required to support SAML1 requested target parameters)			
-			protocolReq.setGenericDataToSession(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, resultTarget);
-			protocolReq.setGenericDataToSession(
+			protocolReq.setRawDataToTransaction(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, resultTarget);
+			protocolReq.setRawDataToTransaction(
 					MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, resultTargetFriendlyName);
 			
 		} else {
@@ -206,7 +206,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 	    if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL()))
 		       throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
 	    
-	    protocolReq.setGenericDataToSession(
+	    protocolReq.setRawDataToTransaction(
 	    		MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE, 
 	    		templateURL);
 	    
@@ -248,7 +248,7 @@ public class StartAuthentificationParameterParser extends MOAIDAuthConstants{
 	    oaURL = pendingReq.getSPEntityId();
 	    
 	    //only needed for SAML1
-	    String target = pendingReq.getGenericData("saml1_target", String.class);
+	    String target = pendingReq.getRawData("saml1_target", String.class);
 	    	    
 	    parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, req, pendingReq);
 	    
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 6544766b2..77abe07af 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -60,12 +60,9 @@ import at.gv.egovernment.moa.util.MiscUtil;
 @Service("MOAID_AuthenticationManager")
 public class AuthenticationManager extends AbstractAuthenticationManager {
 
-	public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL";
-	public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse";
-	public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes";
-	public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "interIDPEntityID";	
 	public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_LoA";
-		
+	public static final String DATAID_REQUESTED_ATTRIBUTES = "requestedAttributes";	
+	
 	public static final String MOA_SESSION = "MoaAuthenticationSession";
 	public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
 
@@ -167,13 +164,13 @@ public class AuthenticationManager extends AbstractAuthenticationManager {
 		//set interfederation authentication flag
 		executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH, 
 				MiscUtil.isNotEmpty(
-						pendingReq.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class)));
+						pendingReq.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class)));
 		
 		//set legacy mode or BKU-selection flags
 		boolean leagacyMode = (legacyallowed && legacyparamavail);			
 		executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_ISLEGACYREQUEST, leagacyMode);
 		executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, !leagacyMode 
-				&& MiscUtil.isEmpty(pendingReq.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class)));
+				&& MiscUtil.isEmpty(pendingReq.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class)));
 				
 		//add additional http request parameter to context
 		if (leagacyMode) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 97c4f40cd..b5005d0c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -23,6 +23,8 @@
 package at.gv.egovernment.moa.id.moduls;
 
 import java.util.Date;
+import java.util.Map;
+import java.util.Map.Entry;
 
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
@@ -73,9 +75,10 @@ public class SSOManager implements ISSOManager {
 	
 	private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec
 
-	public static final String DATAID_INTERFEDERATIOIDP_URL = "INTERFEDERATIOIDP_URL";
-	public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "INTERFEDERATIOIDP_RESPONSE";
-	public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "INTERFEDERATIOIDP_ENTITYID";
+	public static final String DATAID_INTERFEDERATIOIDP_URL = "interIDPURL";
+	public static final String DATAID_INTERFEDERATIOIDP_RESPONSE = "interIDPResponse";
+	public static final String DATAID_INTERFEDERATIOIDP_ENTITYID = "interIDPEntityID";	
+	
 	
 	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStore;
 	@Autowired private AuthConfiguration authConfig;
@@ -166,8 +169,17 @@ public class SSOManager implements ISSOManager {
 				Logger.debug("Found authenticated MOASession with provided SSO-Cookie.");
 				revisionsLogger.logEvent(pendingReq, EVENT_SSO_SESSION_VALID);
 				
-				Logger.trace("Populatint pending request with SSO session information .... ");						
-				pendingReq.setGenericDataToSession(ssoMOASession.getKeyValueRepresentationFromAuthSession());
+				Logger.trace("Populatint pending request with SSO session information .... ");
+				Map<String, Object> fullSSOData = ssoMOASession.getKeyValueRepresentationFromAuthSession();
+				if (Logger.isTraceEnabled()) {
+					Logger.trace("Full SSO DataSet:  ");
+					for (Entry<String, Object> el : fullSSOData.entrySet()) {
+						Logger.trace("  Key: " + el.getKey() + " Value: " + el.getValue());
+						
+					}
+					
+				}				
+				pendingReq.setRawDataToTransaction(fullSSOData);
 				pendingReq.setAuthenticated(true);
 							
 			}
@@ -301,7 +313,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
 		String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP);
 
 		String interfederationIDP = 
-				protocolRequest.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class);
+				protocolRequest.getRawData(DATAID_INTERFEDERATIOIDP_URL, String.class);
 		if (MiscUtil.isNotEmpty(interfederationIDP)) {
 			Logger.debug("Protocolspecific preprocessing already set interfederation IDP " + interfederationIDP);
 			return;
@@ -313,14 +325,14 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
 			RequestImpl moaReq = (RequestImpl) protocolRequest;
 			if (MiscUtil.isNotEmpty(interIDP)) {
 				Logger.info("Receive SSO request for interfederation IDP " + interIDP);
-				moaReq.setGenericDataToSession(DATAID_INTERFEDERATIOIDP_URL, interIDP);
+				moaReq.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, interIDP);
 				
 			} else {
 				//check if IDP cookie is set
 				String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION);
 				if (MiscUtil.isNotEmpty(cookie)) {
 					Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie);
-					moaReq.setGenericDataToSession(DATAID_INTERFEDERATIOIDP_URL, cookie);
+					moaReq.setRawDataToTransaction(DATAID_INTERFEDERATIOIDP_URL, cookie);
 				
 					deleteCookie(httpReq, httpResp, SSOINTERFEDERATION);									
 				}				
@@ -367,7 +379,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
 				//in case of federated SSO session, jump to federated IDP for authentication
 				
 				String interfederationIDP = 
-						protocolRequest.getGenericData(DATAID_INTERFEDERATIOIDP_URL, String.class);
+						protocolRequest.getRawData(DATAID_INTERFEDERATIOIDP_URL, String.class);
 				
 				if (MiscUtil.isEmpty(interfederationIDP)) {
 					InterfederationSessionStore selectedIDP = authenticatedSessionStore.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid());
@@ -375,7 +387,7 @@ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInf
 					if (selectedIDP != null) {				
 						//no local SSO session exist -> request interfederated IDP
 						Logger.info("SSO Session refer to federated IDP: " + selectedIDP.getIdpurlprefix());
-						protocolRequest.setGenericDataToSession(
+						protocolRequest.setRawDataToTransaction(
 								DATAID_INTERFEDERATIOIDP_URL, selectedIDP.getIdpurlprefix());
 						
 					} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
index 0f75cf63b..405e44112 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBAuthenticationSessionStoreage.java
@@ -95,7 +95,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 			dbsession.setAdditionalInformationBytes(mapper.serialize(sessionExt).getBytes("UTF-8"));
 		
 			AuthenticationSession session = new AuthenticationSession(id, now, 
-					new AuthenticationSessionWrapper(target.genericFullDataStorage()));
+					(IAuthenticationSession)target.getSessionData(AuthenticationSessionWrapper.class));
 			encryptSession(session, dbsession);
 		
 			//store AssertionStore element to Database
@@ -341,6 +341,7 @@ public class DBAuthenticationSessionStoreage implements IAuthenticationSessionSt
 				  
 		dbsession.setSSOSession(true);
 		dbsession.setSSOsessionid(externalSSOSessionID);
+		dbsession.setAuthenticated(true);
 
 		//Store MOASession
 		entityManager.merge(dbsession);
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 7d6730925..66b9be341 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -114,6 +114,7 @@ builder.07=Fehlerhaftes SecurityLayer Template.
 builder.08=Authentication process could NOT completed. Reason: {0}
 builder.09=Can not build GUI component. Reason: {0}
 builder.10=Can not create or update SSO session. SSO NOT POSSIBLE
+builder.11=Fehler beim generieren der Anmeldedaten f\u00FCr die Online Applikation
 
 service.00=Fehler beim Aufruf des Web Service: {0}
 service.01=Fehler beim Aufruf des Web Service: kein Endpoint
@@ -310,8 +311,8 @@ pvp2.25=Fehler beim Validieren der PVP2 Metadaten
 
 ##add status codes!!!!
 sp.pvp2.00=Can not build PVP AuthnRequest for {0} {1}. No valid SingleSignOnService endpoint found.
-sp.pvp2.01=Can not build PVP AuthnRequest for {0} {0}. IDP is not allowed for federated authentication.
-sp.pvp2.02=Can not build PVP AuthnRequest for {0} {0}. IDP has no (valid) metadata.
+sp.pvp2.01=Can not build PVP AuthnRequest for {0}. IDP is not allowed for federated authentication.
+sp.pvp2.02=Can not build PVP AuthnRequest for {0}. IDP has no (valid) metadata.
 sp.pvp2.03=Receive PVP Response from {0} with unsupported Binding.  
 sp.pvp2.04=Receive invalid PVP Response from {0}. No PVP metadata found.  
 sp.pvp2.05=Receive invalid PVP Response from {0} {1}. StatusCode:{2} Msg:{3}.
@@ -322,6 +323,7 @@ sp.pvp2.09=Receive invalid PVP Response from {0} {1}. StatusCodes:{2} {3} Msg:{4
 sp.pvp2.10=Receive invalid PVP Response from {0}. No valid assertion included.
 sp.pvp2.11=Receive invalid PVP Response from {0}. Assertion decryption FAILED.
 sp.pvp2.12=Receive invalid PVP Response from {0}. Msg:{1}
+sp.pvp2.13=Can not build PVP AuthnRequest for {0}. Internal processing error.
 
 oauth20.01=Fehlerhafte redirect url
 oauth20.02=Fehlender oder ung\u00FCltiger Parameter "{0}"
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
index 5d7588dd5..b878eadf3 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties
@@ -92,6 +92,7 @@ builder.07=9002
 builder.08=1008
 builder.09=9103
 builder.10=1009
+builder.11=9102
 
 service.00=4300
 service.03=4300
@@ -122,6 +123,7 @@ sp.pvp2.09=4503
 sp.pvp2.10=4502
 sp.pvp2.11=4502
 sp.pvp2.12=4502
+sp.pvp2.13=4501
  
 validator.00=1102
 validator.01=1102
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
index 16cdc9c12..1ea057186 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
@@ -43,7 +43,7 @@ public class AuthenticationDataBuilderTest {
 				
 		IAuthenticationSession session = new DummyAuthSession();
 		session.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL, false))).parseIdentityLink());
-		pendingReq.setGenericDataToSession(session.getKeyValueRepresentationFromAuthSession());
+		pendingReq.setRawDataToTransaction(session.getKeyValueRepresentationFromAuthSession());
 		
 		
 		IMOAAuthData authData = (IMOAAuthData) authBuilder.buildAuthenticationData(pendingReq);
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
index 2fcec92c5..c9dcd291a 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
@@ -63,6 +63,7 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
 	
 	public static final String PARAM_OANAME = "OAName";
 	public static final String PARAM_COUNTRYLIST = "countryList";
+	public static final String PARAM_EIDAS_VISIBLE = "eIDASVisible";
 	
 	protected IRequest pendingReq = null;
 	protected String templateClasspahtDir = null;
@@ -141,10 +142,15 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
 					params.put(PARAM_BKU_URL_THIRD, oaParam.getBKUURL(IOAAuthParameters.THIRDBKU));
 				
 				//set eIDAS login information if requird
-				if (oaParam.isShowStorkLogin())
+				if (oaParam.isShowStorkLogin()) {
 					addCountrySelection(params, oaParam);
-				else
-					params.put(PARAM_COUNTRYLIST, "");
+					params.put(PARAM_EIDAS_VISIBLE, "");
+					
+				} else {
+					params.put(PARAM_COUNTRYLIST, "");					
+					params.put(PARAM_EIDAS_VISIBLE, FormBuildUtils.TEMPLATEVISIBLE);
+					
+				}
 				
 				FormBuildUtils.customiceLayoutBKUSelection(params, oaParam);
 								
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
index 53ec222dc..248bde700 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/utils/FormBuildUtils.java
@@ -50,12 +50,10 @@ public class FormBuildUtils {
 	private static String PARAM_MANDATEVISIBLE = "MANDATEVISIBLE";
 	private static String PARAM_MANDATECHECKED = "MANDATECHECKED";
 
-	private static String PARAM_STORKVISIBLE = "STORKVISIBLE";
-
-	private static final String TEMPLATEVISIBLE = " unvisible";
-	private static final String TEMPLATEDISABLED =  "disabled=\"true\"";
-	private static final String TEMPLATECHECKED = "checked=\"true\"";
-	private static final String TEMPLATE_ARIACHECKED = "aria-checked=";
+	public static final String TEMPLATEVISIBLE = " unvisible";
+	public static final String TEMPLATEDISABLED =  "disabled=\"true\"";
+	public static final String TEMPLATECHECKED = "checked=\"true\"";
+	public static final String TEMPLATE_ARIACHECKED = "aria-checked=";
 	
 	
 	static {
@@ -91,12 +89,7 @@ public class FormBuildUtils {
 			
 		} else
 			params.put(PARAM_MANDATECHECKED, TEMPLATE_ARIACHECKED + "\"false\"");
-		
-		if (oaParam.isShowStorkLogin())
-			params.put(PARAM_STORKVISIBLE, "");
-		else
-			params.put(PARAM_STORKVISIBLE, TEMPLATEVISIBLE);
-		
+				
 		//add more SP specific infos
 		setFormCustomizatenFromSP(params, oaParam);
 		
@@ -126,7 +119,6 @@ public class FormBuildUtils {
 	public static void defaultLayoutBKUSelection(Map<String, Object> params) {
 		params.put(PARAM_MANDATEVISIBLE, TEMPLATEVISIBLE);
 		params.put(PARAM_MANDATECHECKED, TEMPLATE_ARIACHECKED + "\"false\"");
-		params.put(PARAM_STORKVISIBLE, TEMPLATEVISIBLE);
 		
 		params.putAll(getDefaultMap());		
 	}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 34567131b..a77ba45a5 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -151,7 +151,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 			throw new AuthenticationException("auth.00", new Object[]{pendingReq.getSPEntityId()});
 
 		//load Template
-		String templateURL = pendingReq.getGenericData(
+		String templateURL = pendingReq.getRawData(
 				MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE, String.class);
 		String template = null;
 		if (MiscUtil.isNotEmpty(templateURL)) {
@@ -450,8 +450,8 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 		
 		SpecificTraceLogger.trace("Req. Authblock: " + createXMLSignatureRequest);
 		SpecificTraceLogger.trace("OA config: " + pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).toString());
-		SpecificTraceLogger.trace("saml1RequestedTarget: " + pendingReq.getGenericData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class));
-		SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + pendingReq.getGenericData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class));	
+		SpecificTraceLogger.trace("saml1RequestedTarget: " + pendingReq.getRawData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class));
+		SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + pendingReq.getRawData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class));	
 				
 		return createXMLSignatureRequest;
 	}
@@ -547,10 +547,10 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 		String authURL = pendingReq.getAuthURL();
 		
 		@Deprecated
-		String saml1RequestedTarget = pendingReq.getGenericData(
+		String saml1RequestedTarget = pendingReq.getRawData(
 				MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class);
 		@Deprecated
-		String saml1RequestedFriendlyName = pendingReq.getGenericData(
+		String saml1RequestedFriendlyName = pendingReq.getRawData(
 				MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class);
 
 		
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index a46c81d06..a2e03bc4e 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -162,7 +162,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
 	  result.put(AUTHBLOCK_TEXT_PATTERN_TIME, timeformat.format(datetime.getTime()));
 	  	  
 	  //set other values from pendingReq if exists
-	  Map<?,?> processSpecificElements = pendingReq.getGenericData(PENDING_REQ_AUTHBLOCK_TEXT_KEY, Map.class);
+	  Map<?,?> processSpecificElements = pendingReq.getRawData(PENDING_REQ_AUTHBLOCK_TEXT_KEY, Map.class);
 	  if (processSpecificElements != null && !processSpecificElements.isEmpty()) {
 		  Logger.debug("Find process-specific patterns for 'special AuthBlock-Text'. Start processing ...");
 		  Iterator<?> mapIterator = processSpecificElements.entrySet().iterator();
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
index f53dfae45..3eb7225a8 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
@@ -51,8 +51,8 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask {
 		Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
 					
 		try { 
-			//execute default task initialization
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			//execute default task initialization   
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); 
 			boolean useMandate = moasession.isMandateUsed();
 			boolean identityLinkAvailable = BooleanUtils.isTrue((Boolean) executionContext.get("identityLinkAvailable"));	
 			if (!identityLinkAvailable && useMandate) {
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
index af8f780ec..50add6beb 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
@@ -64,7 +64,7 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
 			throws TaskExecutionException {		
 		try { 
 			//execute default task initialization
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			
 	    	//normal MOA-ID authentication
 	    	Logger.debug("Starting normal MOA-ID authentication");		    			    	    	
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
index af4abe813..e4966a53b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
@@ -71,7 +71,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
 
 		try {
 			//execute default task initialization
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			
 			//get MIS sessionID
 			String misSessionID = moasession.getMISSessionID();
@@ -120,7 +120,6 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
 			//revisionsLogger.logMandateEventSet(pendingReq, mandate);
 									
 			//store pending request with new MOASession data information
-			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 			
 			
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
index ab53671f2..65ae9cf91 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
@@ -34,6 +34,7 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -87,7 +88,9 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
 			HttpServletRequest request, HttpServletResponse response) throws EAAFException {
 		
 		Logger.info("BKU is selected -> Start BKU communication ...");			
-		AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+		//AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+		
+		AuthenticationSessionWrapper moasession = ((RequestImpl)pendingReq).getSessionData(AuthenticationSessionWrapper.class);
 		
 		boolean isLegacyRequest = false;
 		Object isLegacyRequestObj = executionContext.get("isLegacyRequest");
@@ -122,9 +125,9 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
 				
 		    	//get Target from config or from request in case of SAML 1				
 				String target = null;
-				if (MiscUtil.isNotEmpty(pendingReq.getGenericData("saml1_target", String.class)) && 
+				if (MiscUtil.isNotEmpty(pendingReq.getRawData("saml1_target", String.class)) && 
 						pendingReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol"))
-					target = pendingReq.getGenericData("saml1_target", String.class);
+					target = pendingReq.getRawData("saml1_target", String.class);
 
 				
 		    	String bkuURL = oaParam.getBKUURL(bkuid);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
index d1d0ef086..a02032e74 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
@@ -50,14 +50,13 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask {
 		
 		try {
 			//initialize task
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			
 			//build authBlock
 			String createXMLSignatureRequest = authServer
 					.getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq);
 
 			//store pending request with new MOASession data information
-			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 			
 			//write response
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
index 7c9702b8b..dd7890b7e 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
@@ -71,7 +71,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
 		//mandate Mode
 		try {
 			//perform default task initialization
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 						
 			ConnectionParameterInterface connectionParameters = 
 					moaAuthConfig.getOnlineMandatesConnectionParameter(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class));	
@@ -131,7 +131,6 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
 	        moasession.setMISSessionID(misSessionID.getSessiondId());
 		
 	      //store pending request with new MOASession data information
-	        pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 	        			
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
index 3b70c55e9..c8b562282 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
@@ -87,7 +87,7 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
 				throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
 
 			//execute default task initialization
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
 			
@@ -95,7 +95,6 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
 			authServer.verifyAuthenticationBlock(pendingReq, moasession, createXMLSignatureResponse);
 			
 			//store pending request with new MOASession data information
-			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 							
 		}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
index 5b207d33e..9f1f23344 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
@@ -77,7 +77,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
 				
 	    try {
 	    	//execute default task initialization
-	    	AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+	    	AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
 	    		    	
@@ -98,7 +98,6 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
 	    				authServer.getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq);
 	    		
 	    		//store pending request with new MOASession data information
-	    		pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 				requestStoreage.storePendingRequest(pendingReq);
 	    		
 		    	CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
index 99eba56c1..b7c45a032 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
@@ -66,7 +66,7 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
 		
 		try {
 			//execute default task initialization
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 		
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
 
@@ -74,7 +74,6 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
 			boolean identityLinkAvailable = authServer.verifyIdentityLink(pendingReq, moasession, parameters) != null;
 			
 			//store pending request with new MOASession data information
-			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 
 			//set 'identityLink exists' flag to context
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 01ef4ee26..ab9be7163 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -144,10 +144,10 @@ public class CreateXMLSignatureResponseValidator {
     IIdentityLink identityLink = session.getIdentityLink();
     
     @Deprecated
-	String saml1RequestedTarget = pendingReq.getGenericData(
+	String saml1RequestedTarget = pendingReq.getRawData(
 			MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class);
 	@Deprecated
-	String saml1RequestedFriendlyName = pendingReq.getGenericData(
+	String saml1RequestedFriendlyName = pendingReq.getRawData(
 			MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class);
 	  
 	  try {	                
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
index c3c3331e1..c1229e3ff 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
@@ -29,7 +29,6 @@ import java.util.List;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.commons.lang3.StringUtils;
 import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -40,21 +39,20 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
 import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
 import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config.EidasCentralAuthRequestBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider;
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.logging.Logger;
@@ -92,7 +90,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			}
 						
 			// get entityID for central ms-specific eIDAS node 			
-			String msNodeEntityID = getCentraleIDASNodeEntityId(pendingReq.getServiceProviderConfiguration());
+			String msNodeEntityID = Utils.getCentraleIDASNodeEntityId(pendingReq.getServiceProviderConfiguration(), authConfig);
 			
 			
 			if (MiscUtil.isEmpty(msNodeEntityID)) {
@@ -149,48 +147,24 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
 						
 		} catch (MetadataProviderException e) {
-			throw new TaskExecutionException(pendingReq, "Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED.", e);
+			
+			throw new TaskExecutionException(pendingReq, 
+					"Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED.", 
+					new AuthnRequestBuildException("sp.pvp2.02", new Object[] {"'national central eIDASNode'"},e ));
 
 		} catch (MessageEncodingException | NoSuchAlgorithmException  | SecurityException e) {
-			Logger.error("Build PVP2.1 AuthnRequest for SSO inderfederation FAILED", e);
-			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			Logger.error("Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED", e);
+			throw new TaskExecutionException(pendingReq, 
+					e.getMessage(), 
+					new AuthnRequestBuildException("sp.pvp2.13", new Object[] {"'national central eIDASNode'"},e ));
 			
 		} catch (Exception e) {
-			Logger.error("Build PVP2.1 AuthnRequest for SSO inderfederation FAILED", e);
+			Logger.error("Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED", e);
 			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
 			
 		}
 	}
 
-	private String getCentraleIDASNodeEntityId(ISPConfiguration spConfiguration) {
-		//load from service-provider configuration
-		String msNodeEntityID = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL);
-		
-		if (StringUtils.isEmpty(msNodeEntityID)) {
-			Logger.debug("No SP-specific central eIDAS-node URL. Switch to general configuration ... ");
-			if (authConfig instanceof AuthConfiguration) {
-				AuthConfiguration moaAuthConfig = (AuthConfiguration)authConfig;					
-				List<String> configuratedEntityIDs = KeyValueUtils.getListOfCSVValues(
-						moaAuthConfig.getConfigurationWithKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL));
-				
-				if (configuratedEntityIDs.size() > 0)
-					msNodeEntityID = configuratedEntityIDs.get(0);
-				else
-					Logger.info("No central eIDAS-node URL in IDP configuration. Switch to backup configuration ... ");
-				
-			} else 
-				Logger.info("Basic configuration is NOT of type '" + AuthConfiguration.class.getName()
-						+ "' Switch to generic Type ... ");
-				
-			
-			if (StringUtils.isEmpty(msNodeEntityID))
-				msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
-			
-		}
-						
-		return msNodeEntityID;
-	}
-
 	private List<EAAFRequestedAttribute> buildRequestedAttributes() {
 		List<EAAFRequestedAttribute> attributs = new ArrayList<EAAFRequestedAttribute>();
 		
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
index c034dc95e..f3eaff11a 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
@@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.xml.transform.TransformerException;
 
+import org.apache.commons.lang3.StringUtils;
 import org.opensaml.saml2.core.Response;
 import org.opensaml.saml2.core.StatusCode;
 import org.opensaml.ws.message.decoder.MessageDecodingException;
@@ -55,10 +56,12 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
 import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
 import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
@@ -129,7 +132,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg);
 			
 			//validate entityId of response
-			String msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
+			String msNodeEntityID = Utils.getCentraleIDASNodeEntityId(pendingReq.getServiceProviderConfiguration(), authConfig);
 			String respEntityId = msg.getEntityID();
 			if (!msNodeEntityID.equals(respEntityId)) {
 				Logger.warn("Response Issuer is not a 'ms-specific eIDAS node'. Stopping eIDAS authentication ...");
@@ -155,23 +158,28 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 		} catch (MessageDecodingException | SecurityException e) {
 			String samlRequest = request.getParameter("SAMLRequest");			
 			Logger.warn("Receive INVALID PVP Response from 'ms-specific eIDAS node': " + samlRequest, e);
-			throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from federated IDP", e);
+			throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from federated IDP", 
+					new AuthnResponseValidationException("sp.pvp2.11", new Object[] {"'national central eIDASNode'"}, e));
 
 		} catch (IOException | MarshallingException | TransformerException e) {
 			Logger.warn("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
-			throw new TaskExecutionException(pendingReq, "Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "Processing PVP response from 'ms-specific eIDAS node' FAILED.", 
+					new AuthnResponseValidationException("sp.pvp2.12", new Object[] {"'national central eIDASNode'", e.getMessage()}, e));
 			
 		} catch (CredentialsNotAvailableException e) {
 			Logger.error("PVP response decrytion FAILED. No credential found.", e);
-			throw new TaskExecutionException(pendingReq, "PVP response decrytion FAILED. No credential found.", e);
+			throw new TaskExecutionException(pendingReq, "PVP response decrytion FAILED. No credential found.", 
+					new AuthnResponseValidationException("sp.pvp2.10", new Object[] {"'national central eIDASNode'"}, e));
 
 		} catch (AssertionValidationExeption | AuthnResponseValidationException e) {
 			Logger.info("PVP response validation FAILED. Msg:" + e.getMessage());			
-			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", 
+					new AuthnResponseValidationException("sp.pvp2.10", new Object[] {"'national central eIDASNode'"}, e));
 									
 		} catch (Exception e) {
 			Logger.warn("PVP response validation FAILED. Msg:" + e.getMessage(), e);			
-			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", 
+					new AuthnResponseValidationException("sp.pvp2.12", new Object[] {"'national central eIDASNode'", e.getMessage()}, e));
 			
 		}
 
@@ -182,19 +190,29 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			//check if all attributes are include
 			if (!extractor.containsAllRequiredAttributes() 
 					&& !extractor.containsAllRequiredAttributes(EidasCentralAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES)) {
-				Logger.warn("PVP Response from federated IDP contains not all requested attributes.");
+				Logger.warn("PVP Response from 'ms-specific eIDAS node' contains not all requested attributes.");
 				throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING});
 				
 			}
 			
 			//copy attributes into MOASession
+			AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); 
 			Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
 			for (String el : includedAttrNames) {
 				String value = extractor.getSingleAttributeValue(el);				 				
-				pendingReq.setGenericDataToSession(el, value);				
+				session.setGenericDataToSession(el, value);				
 				Logger.debug("Add PVP-attribute " + el + " into MOASession");
 				
 			}
+			
+			//set foreigner flag
+			session.setForeigner(true);
+			if (extractor.getFullAssertion().getIssuer() != null && 
+					StringUtils.isNotEmpty(extractor.getFullAssertion().getIssuer().getValue()))
+				session.setBkuURL(extractor.getFullAssertion().getIssuer().getValue());
+			else
+				session.setBkuURL("eIDAS_Authentication");
+			
 												
 		} catch (AssertionValidationExeption e) {
 			throw new BuildException("builder.06", null, e);
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java
new file mode 100644
index 000000000..642008726
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java
@@ -0,0 +1,45 @@
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils;
+
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class Utils {
+
+	public static String getCentraleIDASNodeEntityId(ISPConfiguration spConfiguration, IConfiguration authConfig) {
+		//load from service-provider configuration
+		String msNodeEntityID = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL);
+		
+		if (StringUtils.isEmpty(msNodeEntityID)) {
+			Logger.debug("No SP-specific central eIDAS-node URL. Switch to general configuration ... ");
+			if (authConfig instanceof AuthConfiguration) {
+				AuthConfiguration moaAuthConfig = (AuthConfiguration)authConfig;					
+				List<String> configuratedEntityIDs = KeyValueUtils.getListOfCSVValues(
+						moaAuthConfig.getConfigurationWithKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL));
+				
+				if (configuratedEntityIDs.size() > 0)
+					msNodeEntityID = configuratedEntityIDs.get(0);
+				else
+					Logger.info("No central eIDAS-node URL in IDP configuration. Switch to backup configuration ... ");
+				
+			} else 
+				Logger.info("Basic configuration is NOT of type '" + AuthConfiguration.class.getName()
+						+ "' Switch to generic Type ... ");
+				
+			
+			if (StringUtils.isEmpty(msNodeEntityID))
+				msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
+			
+		}
+						
+		return msNodeEntityID;
+	}
+}
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
index ec43adccc..0cbf009ad 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
@@ -29,7 +29,6 @@ import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.KeySpec;
-import java.util.Date;
 
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
@@ -57,14 +56,12 @@ import com.google.gson.JsonParser;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
-import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
@@ -136,9 +133,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 	 * @throws MOAIDException 
 	 * @throws IOException 
 	 */
-	private void parseDemoValuesIntoMOASession(IRequest pendingReq, String eIDBlobRawB64) throws MOAIDException, IOException {
-		IAuthenticationSession moaSession = new AuthenticationSession("1235", new Date());
-		
+	private void parseDemoValuesIntoMOASession(IRequest pendingReq, String eIDBlobRawB64) throws MOAIDException, IOException {		
 		Logger.debug("Check eID blob signature  ... ");
 		byte[] eIDBlobRaw = Base64Utils.decode(eIDBlobRawB64.trim(), false);
 		
@@ -206,16 +201,14 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 			Logger.debug("Parse eID information into MOA-Session ...");
 			byte[] rawIDL = Base64Utils.decode(idlB64, false);
 			IIdentityLink identityLink = new IdentityLinkAssertionParser(new ByteArrayInputStream(rawIDL)).parseIdentityLink();			
+			AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			moaSession.setIdentityLink(identityLink);
 			moaSession.setUseMandates(false);
 			moaSession.setForeigner(false);			
 			moaSession.setBkuURL("http://egiz.gv.at/BKA_MobileAuthTest");			
 			moaSession.setQAALevel(PVPConstants.EIDAS_QAA_SUBSTANTIAL);
 			Logger.info("Session Restore completed");
-			
-			
-			pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession());
-			
+									
 		} catch (MOAIDException e) {
 			throw e;
 			
@@ -243,10 +236,6 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 			Logger.error("Can not extract mobile-app binding-certificate from eID blob.", e);
 			throw new MOAIDException("Can not extract mobile-app binding-certificate from eID blob.", null, e);
 						
-		} catch (EAAFStorageException e) {
-			Logger.error("Can not populate pending-request with eID data.", e);
-			throw new MOAIDException("Can not populate pending-request with eID data.", null, e);
-			
 		} finally {
 						
 		}
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
index 5e79aee8e..bb5700bd7 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
@@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.tasks;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.URL;
-import java.util.Date;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -40,11 +39,10 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
@@ -87,9 +85,8 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
 	 * @throws MOAIDException 
 	 * @throws EAAFStorageException 
 	 */
-	private void parseDemoValuesIntoMOASession(IRequest pendingReq) throws MOAIDException, EAAFStorageException {
-		IAuthenticationSession moaSession = new AuthenticationSession("1233", new Date());
-		
+	private void parseDemoValuesIntoMOASession(IRequest pendingReq) throws MOAIDException, EAAFStorageException {		
+		AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 		moaSession.setUseMandates(false);
 		moaSession.setForeigner(false);
 		
@@ -108,9 +105,7 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
 			throw new MOAIDException("IdentityLink is not parseable.", null);
 			
 		}
-			
-		pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession());
-		
+					
 	}
 
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
index 103781470..3dea62ec4 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -24,7 +24,6 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
 import java.io.InputStream;
 import java.text.SimpleDateFormat;
-import java.util.Date;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -42,8 +41,8 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
@@ -73,7 +72,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 			throws TaskExecutionException { 
 		try{												
 			//get eIDAS attributes from MOA-Session
-			ImmutableAttributeMap eIDASAttributes = pendingReq.getGenericData(
+			AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
+			ImmutableAttributeMap eIDASAttributes = moaSession.getGenericDataFromSession(
 					AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, 
 					ImmutableAttributeMap.class);
 			
@@ -161,13 +161,11 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 			}
 			
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED);
-			AuthenticationSession moasession = new AuthenticationSession("1234", new Date());
-			moasession.setForeigner(true);
-			moasession.setIdentityLink(identityLink);
-			moasession.setBkuURL("Not applicable (eIDASAuthentication)");
-			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
-			
-			
+			moaSession.setForeigner(true);
+			moaSession.setIdentityLink(identityLink);
+			moaSession.setBkuURL("Not applicable (eIDASAuthentication)");
+
+						
 			//store MOA-session to database
 			requestStoreage.storePendingRequest(pendingReq);
 		
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 55416e92b..1788facf0 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -12,6 +12,7 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
@@ -89,21 +90,19 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			// **********************************************************
 			
 			//update MOA-Session data with received information			
-			Logger.debug("Store eIDAS response information into MOA-session.");
-					
-			pendingReq.setGenericDataToSession(AuthProzessDataConstants.VALUE_QAALEVEL, samlResp.getLevelOfAssurance());
-			
-			pendingReq.setGenericDataToSession(
+			Logger.debug("Store eIDAS response information into MOA-session.");					
+			AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class);			
+			session.setGenericDataToSession(AuthProzessDataConstants.VALUE_QAALEVEL, samlResp.getLevelOfAssurance());			
+			session.setGenericDataToSession(
 					AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, 
-					samlResp.getAttributes());
-						
-			pendingReq.setGenericDataToSession(
+					samlResp.getAttributes());						
+			session.setGenericDataToSession(
 					AuthenticationSessionStorageConstants.eIDAS_RESPONSE, 
 					decSamlToken);
 			
 			//set issuer nation as PVP attribute into MOASession
-			pendingReq.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry());
-						
+			session.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry());			
+			
 			//store MOA-session to database
 			requestStoreage.storePendingRequest(pendingReq);
 			
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 42ca6e507..d268dd2f6 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -350,15 +350,15 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
 			pendingReq.setRemoteRelayState(relayState);
 			
 			//store level of assurance
-			pendingReq.setGenericDataToSession(eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE, 
+			pendingReq.setRawDataToTransaction(eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE, 
 					eIDASSamlReq.getEidasLevelOfAssurance().stringValue());			
 			
 			//set flag if transiend identifier is requested
 			if (MiscUtil.isNotEmpty(eIDASSamlReq.getNameIdFormat()) 
 					&& eIDASSamlReq.getNameIdFormat().equals(SamlNameIdFormat.TRANSIENT.getNameIdFormat()))
-				pendingReq.setGenericDataToSession(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, true);
+				pendingReq.setRawDataToTransaction(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, true);
 			else
-				pendingReq.setGenericDataToSession(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, false);
+				pendingReq.setRawDataToTransaction(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, false);
 			
 			// - memorize requested attributes			
 			pendingReq.setEidasRequestedAttributes(eIDASSamlReq.getRequestedAttributes());
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
index 25f303816..b1db1564e 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
@@ -55,6 +55,7 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationExceptio
 import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
@@ -162,8 +163,11 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 			Logger.debug("Validation of PVP Response from ELGA mandate-service is complete.");
 			
 			Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
+			
+			AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class);			
 			for (String el : includedAttrNames) {
-				pendingReq.setGenericDataToSession(el, extractor.getSingleAttributeValue(el));
+				session.setGenericDataToSession(el, extractor.getSingleAttributeValue(el));
+				//pendingReq.setGenericDataToSession(el, extractor.getSingleAttributeValue(el));
 				Logger.debug("Add PVP-attribute " + el + " into MOASession");
 				
 			}
@@ -243,7 +247,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 		Response samlResp = (Response) msg.getResponse();
 
 		//validate 'inResponseTo' attribute
-		String authnReqID = pendingReq.getGenericData(
+		String authnReqID = pendingReq.getRawData(
 				MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID, String.class);
 		String inResponseTo = samlResp.getInResponseTo();
 		
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
index 658502d2c..50fb2cb4a 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
@@ -114,7 +114,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
 			EntityDescriptor entityDesc = metadataService.getEntityDescriptor(elgaMandateServiceEntityID);			
 			
 			//load MOASession from database
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			
 			
 			//setup AuthnRequestBuilder configuration
@@ -192,7 +192,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
 			
 			//set MandateReferenceValue as RequestID
 			authnReqConfig.setRequestID(moasession.getMandateReferenceValue());
-			pendingReq.setGenericDataToSession(
+			pendingReq.setRawDataToTransaction(
 					MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID,
 					authnReqConfig.getRequestID());
 			
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index 40701d91d..0350a113c 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -28,6 +28,7 @@ import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -159,7 +160,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 	}
 
 	@Override
-	protected void populateSpecialParameters(HttpServletRequest request) throws OAuth20Exception {
+	protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception {
 		this.setResponseType(this.getParam(request, OAuth20Constants.PARAM_RESPONSE_TYPE, true));
 		this.setState(this.getParam(request, OAuth20Constants.PARAM_STATE, true));
 		this.setRedirectUri(this.getParam(request, OAuth20Constants.PARAM_REDIRECT_URI, true));
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
index 2ce5234ac..118de861c 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -30,7 +30,6 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
-import org.springframework.beans.factory.annotation.Autowired;
 
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
@@ -49,9 +48,7 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 	private static final long serialVersionUID = 1L;
 	
 	protected Set<String> allowedParameters = new HashSet<String>();
-		
-	@Autowired(required=true) protected IConfiguration authConfig;
-	
+			
 	protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception {
 		String param = request.getParameter(name);
 		Logger.debug("Reading param " + name + " from HttpServletRequest with value " + param);
@@ -65,7 +62,7 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 		return param;
 	}
 	
-	protected void populateParameters(final HttpServletRequest request) throws OAuth20Exception {
+	protected void populateParameters(final HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception {
 		
 		// moa id - load oa with client id!
 		try {
@@ -91,7 +88,7 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 		}
 		
 		// oAuth
-		this.populateSpecialParameters(request);
+		this.populateSpecialParameters(request, authConfig);
 		
 		// cleanup parameters
 		this.checkAllowedParameters(request);
@@ -115,6 +112,6 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 		
 	}
 	
-	protected abstract void populateSpecialParameters(final HttpServletRequest request) throws OAuth20Exception;
+	protected abstract void populateSpecialParameters(final HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception;
 	
 }
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 30e89d15a..9f4174bf0 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -79,7 +79,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 		try {			
 			pendingReq.initialize(req, authConfig);
 			pendingReq.setModule(OAuth20Protocol.NAME);		
-			pendingReq.populateParameters(req);
+			pendingReq.populateParameters(req, authConfig);
 			
 		} catch (EAAFException e) {
 			Logger.info("OpenID-Connect request has a validation error: " + e.getMessage());
@@ -113,7 +113,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 		try {			
 			pendingReq.initialize(req, authConfig);
 			pendingReq.setModule(OAuth20Protocol.NAME);		
-			pendingReq.populateParameters(req);
+			pendingReq.populateParameters(req, authConfig);
 			
 		} catch (EAAFException e) {
 			Logger.info("OpenID-Connect request has a validation error: " + e.getMessage());
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index e14914512..89e4252b1 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -28,6 +28,7 @@ import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -124,7 +125,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
 	}
 	
 	@Override
-	protected void populateSpecialParameters(HttpServletRequest request) throws OAuth20Exception {
+	protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception {
 		this.setCode(this.getParam(request, OAuth20Constants.RESPONSE_CODE, true));
 		this.setGrantType(this.getParam(request, OAuth20Constants.PARAM_GRANT_TYPE, true));
 		this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true));
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
index fec78d88c..3408cf538 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
@@ -167,7 +167,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 							command, signedCommand);
 										
 					//store pending request
-					pendingReq.setGenericDataToSession(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, 
+					pendingReq.setRawDataToTransaction(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, 
 							qualeIDReqId);
 					requestStoreage.storePendingRequest(pendingReq);
 
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
index a3175713a..fc386b796 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -25,7 +25,6 @@ import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
 import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
 import at.gv.egiz.eaaf.core.impl.utils.StreamUtils;
 import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
@@ -93,7 +92,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				}
 			
 				//validate reqId with inResponseTo 
-				String sl20ReqId = pendingReq.getGenericData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class);
+				String sl20ReqId = pendingReq.getRawData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class);
 				String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true);
 				if (sl20ReqId == null || !sl20ReqId.equals(inRespTo)) {
 					Logger.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo);
@@ -153,16 +152,16 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 					}
 				
 					//cache qualified eID data into pending request
-					pendingReq.setGenericDataToSession(
+					pendingReq.setRawDataToTransaction(
 							Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, 
 							idlB64);
-					pendingReq.setGenericDataToSession(
+					pendingReq.setRawDataToTransaction(
 							Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, 
 							authBlockB64);
-					pendingReq.setGenericDataToSession(
+					pendingReq.setRawDataToTransaction(
 							Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, 
 							ccsURL);
-					pendingReq.setGenericDataToSession(
+					pendingReq.setRawDataToTransaction(
 							Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, 
 							LoA);
 								
@@ -176,7 +175,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				Logger.warn("SL2.0 processing error:", e);
 				if (sl20Result != null)
 					Logger.debug("Received SL2.0 result: " + sl20Result);
-				pendingReq.setGenericDataToSession(
+				pendingReq.setRawDataToTransaction(
 						Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, 
 						new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e));
 				
@@ -185,7 +184,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				Logger.warn("SL2.0 Authentication FAILED with a generic error.", e);
 				if (sl20Result != null)
 					Logger.debug("Received SL2.0 result: " + sl20Result);
-				pendingReq.setGenericDataToSession(
+				pendingReq.setRawDataToTransaction(
 						Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, 
 						new TaskExecutionException(pendingReq, e.getMessage(), e));
 				
@@ -246,7 +245,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				Map<String, String> reqParameters = new HashMap<String, String>();
 				reqParameters.put(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID, pendingReq.getPendingRequestId());
 				JsonObject callReqParams = SL20JSONBuilderUtils.createCallCommandParameters(
-						new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.ENDPOINT_FINALIZEPROTOCOL, null), 
+						new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null), 
 						SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, 
 						false, 
 						reqParameters);
@@ -260,7 +259,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 								
 				//build second redirect command for IDP
 				JsonObject redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters(
-						new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.ENDPOINT_FINALIZEPROTOCOL, null), 
+						new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null), 
 						redirectOneCommand, null, true);
 				JsonObject redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams);
 				
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
index 403423e46..6811d1016 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
@@ -40,7 +40,7 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
 		Logger.debug("Verify qualified eID data from SL20 response .... ");
 		try {
 			//check if there was an error 
-			TaskExecutionException sl20Error = pendingReq.getGenericData(
+			TaskExecutionException sl20Error = pendingReq.getRawData(
 					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR,
 					TaskExecutionException.class);			
 			if (sl20Error != null) {
@@ -50,19 +50,19 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
 			}
 			
 			//get data from pending request
-			String sl20ReqId = pendingReq.getGenericData(
+			String sl20ReqId = pendingReq.getRawData(
 					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, 
 					String.class);
-			String idlB64 =  pendingReq.getGenericData(
+			String idlB64 =  pendingReq.getRawData(
 					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL,
 					String.class);
-			String authBlockB64 = pendingReq.getGenericData(
+			String authBlockB64 = pendingReq.getRawData(
 					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, 
 					String.class);
-			String ccsURL = pendingReq.getGenericData(
+			String ccsURL = pendingReq.getRawData(
 					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, 
 					String.class);
-			String LoA = pendingReq.getGenericData(
+			String LoA = pendingReq.getRawData(
 					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, 
 					String.class);
 							
@@ -104,7 +104,7 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
 			
 			
 			//add into session
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());			
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);			
 			moasession.setIdentityLink(idl);
 			moasession.setBkuURL(ccsURL);
 			//TODO: from AuthBlock
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
index 95590b51a..921e3844b 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
@@ -91,8 +91,8 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask {
 			//store DH params and nonce to pending-request
 			SSOTransferContainer container = new SSOTransferContainer();
 			container.setDhParams(dhKeyIDP);
-			pendingReq.setGenericDataToSession(SSOTransferConstants.PENDINGREQ_DH, container);
-			pendingReq.setGenericDataToSession(SSOTransferConstants.PENDINGREQ_NONCE, nonce);
+			pendingReq.setRawDataToTransaction(SSOTransferConstants.PENDINGREQ_DH, container);
+			pendingReq.setRawDataToTransaction(SSOTransferConstants.PENDINGREQ_NONCE, nonce);
 						
 			//store pending-request
 			requestStoreage.storePendingRequest(pendingReq);
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
index c7e42c8ab..90b74ebd7 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
@@ -27,7 +27,6 @@ import java.io.IOException;
 import java.io.PrintWriter;
 import java.math.BigInteger;
 import java.security.MessageDigest;
-import java.util.Date;
 
 import javax.crypto.Cipher;
 import javax.crypto.spec.DHPublicKeySpec;
@@ -50,13 +49,11 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
@@ -102,8 +99,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 			
 		}
 		
-    	String nonce = pendingReq.getGenericData(SSOTransferConstants.PENDINGREQ_NONCE, String.class);
-    	SSOTransferContainer container = pendingReq.getGenericData(
+    	String nonce = pendingReq.getRawData(SSOTransferConstants.PENDINGREQ_NONCE, String.class);
+    	SSOTransferContainer container = pendingReq.getRawData(
     			SSOTransferConstants.PENDINGREQ_DH, SSOTransferContainer.class);
     	if (container == null) {
     		throw new TaskExecutionException(pendingReq, "NO DH-Params in pending-request", 
@@ -189,9 +186,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 				Logger.debug("MobileDevice is valid. --> Starting session reconstruction ...");
 		    					
 		    	//transfer SSO Assertion into MOA-Session
-				AuthenticationSession moaSession = new AuthenticationSession("1235", new Date());
+				AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 		    	ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moaSession, attributeExtractor);
-		    	pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession());
 		    	
 		    	// store MOASession into database
 		    	requestStoreage.storePendingRequest(pendingReq);
@@ -249,8 +245,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 				
 			} else {
 		    	//session is valid --> load MOASession object
-
-				IAuthenticationSession moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());			    
+				AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); 
+								
 				DateTime moaSessionCreated = new DateTime(moasession.getSessionCreated().getTime());
 				if (moaSessionCreated.plusMinutes(1).isBeforeNow()) {
 					Logger.warn("No SSO session-container received. Stop authentication process after time-out.");
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
index 20fd5ebc4..d0d97e9e8 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
@@ -73,7 +73,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			throws TaskExecutionException {
 		try{
 			// get IDP entityID
-			String idpEntityID = pendingReq.getGenericData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class);
+			String idpEntityID = pendingReq.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class);
 					
 			if (MiscUtil.isEmpty(idpEntityID)) {
 				Logger.info("Interfederation not possible -> not inderfederation IDP EntityID found!");
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
index f5af84405..6b6d1a196 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
@@ -47,6 +47,7 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
 import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
@@ -168,11 +169,11 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			//check if SP is also a federated IDP
 			if (spConfig.isInderfederationIDP()) {
 				//SP is a federated IDP  --> answer only with nameID and wait for attribute-Query
-				pendingReq.setGenericDataToSession(
+				pendingReq.setRawDataToTransaction(
 						MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true);				
-				pendingReq.setGenericDataToSession(
+				pendingReq.setRawDataToTransaction(
 						MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID());
-				pendingReq.setGenericDataToSession(
+				pendingReq.setRawDataToTransaction(
 						MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel());
 
 				authenticatedSessionStorage.
@@ -195,8 +196,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			}
 
 			//store valid assertion into pending-request
-			pendingReq.setGenericDataToSession(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg);
-			pendingReq.setGenericDataToSession(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID());
+			pendingReq.setRawDataToTransaction(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg);
+			pendingReq.setRawDataToTransaction(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID());
 			
 			//store pending-request
 			requestStoreage.storePendingRequest(pendingReq);
@@ -297,6 +298,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			
 			//copy attributes into MOASession
 			Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
+			AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
 			for (String el : includedAttrNames) {
 				String value = extractor.getSingleAttributeValue(el);
 				
@@ -310,13 +312,13 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 					}					
 				} 
 				
-				pendingReq.setGenericDataToSession(el, value);				
+				session.setGenericDataToSession(el, value);				
 				Logger.debug("Add PVP-attribute " + el + " into MOASession");
 				
 			}
 			
 			//set validTo from this federated IDP response
-			pendingReq.setGenericDataToSession(
+			session.setGenericDataToSession(
 					AuthenticationSessionStorageConstants.FEDERATION_RESPONSE_VALIDE_TO, 
 					extractor.getAssertionNotOnOrAfter());
 									
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 92bcce24b..21dbb573a 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -85,14 +85,14 @@ public class GetArtifactAction implements IAction {
 			
 			String samlArtifactBase64 = saml1server.BuildSAMLArtifact(oaParam, authData, sourceID);
 			
-			String oaTargetArea = req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class);
+			String oaTargetArea = req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class);
 			
 			if (authData.isSsoSession()) {
 				String url = req.getAuthURL() + RedirectServlet.SERVICE_ENDPOINT;
 				url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8"));
 				if (MiscUtil.isNotEmpty(oaTargetArea))
 					url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, 
-							URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
+							URLEncoder.encode(req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
 				url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
 				url = httpResp.encodeRedirectURL(url);
 				
@@ -104,7 +104,7 @@ public class GetArtifactAction implements IAction {
 				String redirectURL = oaURL;		
 				if (MiscUtil.isNotEmpty(oaTargetArea)) {
 					redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_TARGET,
-					URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
+					URLEncoder.encode(req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
 
 				}
 				
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 398119a7f..30d740a2a 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -193,7 +193,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
 			revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST);
 			
 			if (MiscUtil.isNotEmpty(target)) {
-				pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target);
+				pendingRequest.setRawDataToTransaction(REQ_DATA_TARGET, target);
 				pendingRequest.setTarget(MOAIDAuthConstants.PREFIX_CDID + target);
 			
 			} else {
@@ -201,7 +201,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
 				pendingRequest.setTarget(targetArea);
 				
 				if (targetArea.startsWith(MOAIDAuthConstants.PREFIX_CDID))
-					pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, 
+					pendingRequest.setRawDataToTransaction(REQ_DATA_TARGET, 
 							targetArea.substring(MOAIDAuthConstants.PREFIX_CDID.length()));
 				
 				
diff --git a/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0-tests.jar b/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0-tests.jar
index e892b3f35..9edec3e82 100644
Binary files a/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0-tests.jar and b/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0-tests.jar differ
diff --git a/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0.jar b/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0.jar
index f3f35cf39..0837eb813 100644
Binary files a/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0.jar and b/repository/at/gv/egiz/eaaf/eaaf-core/1.0.0/eaaf-core-1.0.0.jar differ
diff --git a/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_core/1.0.0/eaaf_module_pvp2_core-1.0.0.jar b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_core/1.0.0/eaaf_module_pvp2_core-1.0.0.jar
index 6473df192..612ec0b6c 100644
Binary files a/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_core/1.0.0/eaaf_module_pvp2_core-1.0.0.jar and b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_core/1.0.0/eaaf_module_pvp2_core-1.0.0.jar differ
diff --git a/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_idp/1.0.0/eaaf_module_pvp2_idp-1.0.0.jar b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_idp/1.0.0/eaaf_module_pvp2_idp-1.0.0.jar
index 6317fa4a4..e45f380a6 100644
Binary files a/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_idp/1.0.0/eaaf_module_pvp2_idp-1.0.0.jar and b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_idp/1.0.0/eaaf_module_pvp2_idp-1.0.0.jar differ
diff --git a/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_sp/1.0.0/eaaf_module_pvp2_sp-1.0.0.jar b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_sp/1.0.0/eaaf_module_pvp2_sp-1.0.0.jar
index ff42b691e..c3251bc5f 100644
Binary files a/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_sp/1.0.0/eaaf_module_pvp2_sp-1.0.0.jar and b/repository/at/gv/egiz/eaaf/eaaf_module_pvp2_sp/1.0.0/eaaf_module_pvp2_sp-1.0.0.jar differ
-- 
cgit v1.2.3


From 4ae32fabc822b3c8ed51d380969f7db682d1bfae Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 16 Jul 2018 18:26:01 +0200
Subject: some GUI and handbook updates

---
 id/readme_3.4.0.txt                                | 129 ++-
 id/server/auth-final/pom.xml                       |   7 +-
 .../htmlTemplates/loginFormFull.html               |  14 +-
 .../conf/moa-id/htmlTemplates/css_template.css     |  86 +-
 .../moa-id/htmlTemplates/javascript_tempalte.js    |  23 +-
 .../conf/moa-id/htmlTemplates/loginFormFull.html   |  14 +-
 .../conf/moa-spss/SampleMOASPSSConfiguration.xml   |   3 +-
 id/server/doc/handbook/index.html                  |   2 +-
 id/server/doc/handbook/protocol/protocol.html      |   6 +-
 id/server/doc/htmlTemplates/BKU-selection.html     |  14 +-
 id/server/idserverlib/pom.xml                      |  15 +-
 .../mainGUI/img/eIDAS_small_deactivated.png        | Bin 0 -> 34671 bytes
 .../src/main/resources/mainGUI/index.html          |  14 +-
 .../src/main/resources/templates/css_template.css  | 985 +++++++--------------
 .../resources/templates/javascript_tempalte.js     |  23 +-
 .../main/resources/templates/loginFormFull.html    |  51 +-
 16 files changed, 561 insertions(+), 825 deletions(-)
 create mode 100644 id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS_small_deactivated.png

(limited to 'id/server/moa-id-frontend-resources/src')

diff --git a/id/readme_3.4.0.txt b/id/readme_3.4.0.txt
index 81d4805a4..bc1b864b2 100644
--- a/id/readme_3.4.0.txt
+++ b/id/readme_3.4.0.txt
@@ -70,9 +70,33 @@ B.1 Durchf
    > modules.eidascentralauth.response.encryption.password= 
    > modules.eidascentralauth.node.trustprofileID=centralnode_metadata    
 
-
-7. HTML Template updates
-7.1 Update der HTML Templates für Auswahl des zentralen nationalen eIDAS Connectors
+7. Update der MOA-SPSS Konfiguration
+    a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse:
+       - CATALINA_HOME\conf\moa-spss     
+    b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\centralnode_metadata
+         in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\centralnode_metadata
+    c.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\profiles\SL20.*
+         in das Verzeichnis CATALINA_HOME\conf\moa-spss\profiles\           
+    d.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml 
+         in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell
+         verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt:
+           ...
+           <cfg:Id>centralnode_metadata</cfg:Id>
+					    <cfg:TrustAnchorsLocation>trustProfiles/centralnode_metadata</cfg:TrustAnchorsLocation>
+				   </cfg:TrustProfile>
+           ...
+           <cfg:VerifyTransformsInfoProfile>
+			       <cfg:Id>SL20Authblock_v1.0</cfg:Id>
+			       <cfg:Location>profiles/SL20_authblock_v1.0.xml</cfg:Location>      
+		       </cfg:VerifyTransformsInfoProfile>		
+		       <cfg:VerifyTransformsInfoProfile>
+			       <cfg:Id>SL20Authblock_v1.0_SIC</cfg:Id>
+			       <cfg:Location>profiles/SL20_authblock_v1.0_SIC.xml</cfg:Location>      
+		       </cfg:VerifyTransformsInfoProfile>
+           ...
+             
+8. HTML Template updates
+8.1 Update der HTML Templates für Auswahl des zentralen nationalen eIDAS Connectors
     Sollten Sie eigene     Modifikationen an den bestehenden Templates vorgenommen 
     haben müssen die Anpassungen manuell in die neuen Templates übertragen werden. 
     MOA-ID 3.4.0 kann jedoch auch mit den bestehenden Templates betrieben werden, sofern
@@ -85,10 +109,10 @@ B.1 Durchf
     d.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates
          in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates.     
 
-8. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool
+9. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool
     Diese Schitte können erst nach der Installation und dem Start der Applikation
     moa-id-configuration.war durchgeführt werden
-8.1 Anbindung an zentralen nationalen eIDAS Connector 
+9.1 Anbindung an zentralen nationalen eIDAS Connector 
     a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der verwendbaren 
         zentralen nationalen eIDAS Connectoren. 
         
@@ -96,33 +120,33 @@ B.1 Durchf
         sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde. 
         Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet
 
-9. Optionale Updates:
-9.1. Unterstützung der neuen VDA Schnittstelle via Security-Layer 2.0:
-     Hierbei handelt es sich um eine Authentifizierungsschnittstelle im Beta Status
-     da die Spezifikation der Schnittstelle noch nicht Final ist. Die Schnittstelle ist in 
-     MOA-ID funktional umgesetzt, es kann jedoch noch offene Punkte bezüglich Fehlerhändlung
-     und Logging geben. 
-     a.) Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
-         Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
-         > modules.sl20.security.keystore.path=keys/sl20.jks
-         > modules.sl20.security.keystore.password=password
-         > modules.sl20.security.sign.alias=signing
-         > modules.sl20.security.sign.password=password
-         > modules.sl20.security.encryption.alias=encryption
-         > modules.sl20.security.encryption.password=password
+10.  Optionale Updates:
+10.1 Unterstützung der neuen VDA Schnittstelle via Security-Layer 2.0:
+      Hierbei handelt es sich um eine Authentifizierungsschnittstelle im Beta Status
+      da die Spezifikation der Schnittstelle noch nicht Final ist. Die Schnittstelle ist in 
+      MOA-ID funktional umgesetzt, es kann jedoch noch offene Punkte bezüglich Fehlerhändlung
+      und Logging geben. 
+      a.) Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+          Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+          > modules.sl20.security.keystore.path=keys/sl20.jks
+          > modules.sl20.security.keystore.password=password
+          > modules.sl20.security.sign.alias=signing
+          > modules.sl20.security.sign.password=password
+          > modules.sl20.security.encryption.alias=encryption
+          > modules.sl20.security.encryption.password=password
          
-     b.) Aktivierung je Online-Applikation im Web-basierten Konfigurationstool
-         Die neue VDA-Schnittstelle muss je Online-Applikation aktiviert werden, wobei 
-         die Aktivierung im Abschnitt "Security Layer für mobile Authententifizierung" 
-         der Online-Applikationskonfiguration erfolgt. 
-
-9.2. Umstellung auf Java JDK 9
-     Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 
-     nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
-     entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in 
-     den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.   
+      b.) Aktivierung je Online-Applikation im Web-basierten Konfigurationstool
+          Die neue VDA-Schnittstelle muss je Online-Applikation aktiviert werden, wobei 
+          die Aktivierung im Abschnitt "Security Layer für mobile Authententifizierung" 
+          der Online-Applikationskonfiguration erfolgt. 
+
+10.2 Umstellung auf Java JDK 9
+      Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 
+      nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+      entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in 
+      den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.   
    
-10. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+11. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
     Logging von MOA ID beim Einlesen der Konfiguration.
 
 
@@ -176,8 +200,33 @@ B.1 Durchf
     > modules.eidascentralauth.response.encryption.password= 
     > modules.eidascentralauth.node.trustprofileID=centralnode_metadata    
 
-11. HTML Template updates
-11.1 Update der HTML Templates für Auswahl des zentralen nationalen eIDAS Connectors
+11. Update der MOA-SPSS Konfiguration
+    a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse:
+       - CATALINA_HOME\conf\moa-spss     
+    b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\centralnode_metadata
+         in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\centralnode_metadata
+    c.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\profiles\SL20.*
+         in das Verzeichnis CATALINA_HOME\conf\moa-spss\profiles\           
+    d.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml 
+         in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell
+         verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt:
+           ...
+           <cfg:Id>centralnode_metadata</cfg:Id>
+					    <cfg:TrustAnchorsLocation>trustProfiles/centralnode_metadata</cfg:TrustAnchorsLocation>
+				   </cfg:TrustProfile>
+           ...
+           <cfg:VerifyTransformsInfoProfile>
+			       <cfg:Id>SL20Authblock_v1.0</cfg:Id>
+			       <cfg:Location>profiles/SL20_authblock_v1.0.xml</cfg:Location>      
+		       </cfg:VerifyTransformsInfoProfile>		
+		       <cfg:VerifyTransformsInfoProfile>
+			       <cfg:Id>SL20Authblock_v1.0_SIC</cfg:Id>
+			       <cfg:Location>profiles/SL20_authblock_v1.0_SIC.xml</cfg:Location>      
+		       </cfg:VerifyTransformsInfoProfile>
+           ...
+
+12. HTML Template updates
+12.1 Update der HTML Templates für Auswahl des zentralen nationalen eIDAS Connectors
      Sollten Sie eigene     Modifikationen an den bestehenden Templates vorgenommen 
      haben müssen die Anpassungen manuell in die neuen Templates übertragen werden. 
      MOA-ID 3.4.0 kann jedoch auch mit den bestehenden Templates betrieben werden, sofern
@@ -190,10 +239,10 @@ B.1 Durchf
      d.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates
           in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates.     
 
-12. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool
+13. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool
      Diese Schitte können erst nach der Installation und dem Start der Applikation
      moa-id-configuration.war durchgeführt werden
-12.1 Anbindung an zentralen nationalen eIDAS Connector 
+13.1 Anbindung an zentralen nationalen eIDAS Connector 
      a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der verwendbaren 
          zentralen nationalen eIDAS Connectoren. 
         
@@ -201,8 +250,8 @@ B.1 Durchf
          sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde. 
          Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet
 
-13. Optionale Updates:
-13.1. Unterstützung der neuen VDA Schnittstelle via Security-Layer 2.0:
+14. Optionale Updates:
+14.1. Unterstützung der neuen VDA Schnittstelle via Security-Layer 2.0:
       Hierbei handelt es sich um eine Authentifizierungsschnittstelle im Beta Status
       da die Spezifikation der Schnittstelle noch nicht Final ist. Die Schnittstelle ist in 
       MOA-ID funktional umgesetzt, es kann jedoch noch offene Punkte bezüglich Fehlerhändlung
@@ -221,19 +270,19 @@ B.1 Durchf
           die Aktivierung im Abschnitt "Security Layer für mobile Authententifizierung" 
           der Online-Applikationskonfiguration erfolgt. 
 
-13.2. Umstellung auf Java JDK 9
+14.2. Umstellung auf Java JDK 9
       Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9 
       nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
       entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in 
       den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.   
 
-13.3. Das BKU Auswahltemplate von MOA-ID wurde um eine Detection der lokalen BKU
+14.3. Das BKU Auswahltemplate von MOA-ID wurde um eine Detection der lokalen BKU
       erweitert und mocca Online wurde entfernt.
       a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates
           in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates
       b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates
           in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates. 
-13.4. Die mySQL Treiber 'com.mysql.jdbc.Drive' und 'org.hibernate.dialect.MySQLDialect'
+14.4. Die mySQL Treiber 'com.mysql.jdbc.Drive' und 'org.hibernate.dialect.MySQLDialect'
       sind deprecated für aktuelle mySQL DB Versionen. Der neue Treiber 
       für mySQL Datenbanken lautet 'com.mysql.cj.jdbc.Driver' und ein aktuellerer
       Hibernate Dialect lautet 'org.hibernate.dialect.MySQL5Dialect'. 
@@ -248,7 +297,7 @@ B.1 Durchf
       b.) Konfigurationsdatei CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
           hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver
    
-14.  Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+15.  Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
      Logging von MOA ID beim Einlesen der Konfiguration.
 
 
diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml
index 09fb70a19..504adb486 100644
--- a/id/server/auth-final/pom.xml
+++ b/id/server/auth-final/pom.xml
@@ -165,10 +165,15 @@
 			<artifactId>moa-id-modul-citizencard_authentication</artifactId>
 		</dependency>
 
+		<dependency>
+			<groupId>MOA.id.server.modules</groupId>				
+		 	<artifactId>moa-id-module-sl20_authentication</artifactId>
+		 </dependency>		
+
 		<dependency>
 			<groupId>MOA.id.server.modules</groupId>
 			<artifactId>moa-id-module-AT_eIDAS_connector</artifactId>
-		</dependency>
+		</dependency> 
 
 			<!--dependency>
 				<groupId>MOA.id.server.modules</groupId>
diff --git a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html
index 62f954ada..4e548e58c 100644
--- a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html
+++ b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html
@@ -48,7 +48,7 @@
 								    <input type="hidden" name="SSO" id="useSSO" /> 
 								    <input type="hidden" name="ccc" id="ccc" /> 
 								    <input type="hidden" name="pendingid" value="$pendingReqID" /> 
-                    <input type="submit" value=" Karte " tabindex="5" role="button" onclick="setMandateSelection();" />
+                    <input type="submit" value=" Karte " tabindex="5" role="button" />
                   </form>
                 
                   <iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/feature/bkuDetection?pendingid=$pendingReqID"></iframe>
@@ -64,15 +64,14 @@
                 
             
 				        <div id="bkueulogin" class="$eIDASVisible">
-				            <img class="bkuimage" src="$contextPath/img/eIDAS_small.png" alt="EULogin" />                                                        
-                    <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent">
+				            <img id="eIDASImage" class="bkuimage" src="$contextPath/img/eIDAS_small.png" alt="EULogin" />                                                        
+                    <form method="get" id="moaideIDASform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent">
 								      <input type="hidden" name="useeIDAS" value="true" />
 								      <input type="hidden" name="useMandate" id="useMandate" />  
 								      <input type="hidden" name="pendingid" value="$pendingReqID" /> 
-                      <input name="bkuButtonEULogin" onclick="setMandateSelection();" type="submit" role="button" value="EULogin" />
+                      <input id="buttonEULogin" name="bkuButtonEULogin" type="submit" role="button" value="EULogin" />
                     </form>
 				        </div>
-                
 						<!--div id="localBKU">
 							<form method="get" id="moaidform" action="$contextPath$submitEndpoint"
 								class="verticalcenter" target="_parent">
@@ -91,7 +90,10 @@
               <!--div id="ssoSessionTransferBlock">
                 <a href="$contextPath$submitEndpoint?pendingid=$pendingReqID&restoreSSOSession=true">>Restore SSO Session from Smartphone</a>
               </div-->
-                                  
+            
+                  
+                        
+            
             <!-- 
               <div id="stork" align="center" class="$STORKVISIBLE">
                 <h2 id="tabheader" class="dunkel">Home Country Selection</h2>
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css b/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css
index fab541751..40e8eae7a 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/css_template.css
@@ -30,11 +30,25 @@
         width: 100%;
         text-align: center;
     }
+       
+    h2#tabheader{
+        font-size: 1.0em; 
+        padding-left: 2%;
+        padding-right: 2%;
+        position: relative;
+    }
+
     #bkulogin {	
         min-width: 200px;
         min-height: 155px;
         margin-bottom: 5%;
     }
+    #mandateLogin {
+        padding-bottom: 1%;
+        padding-top: 2%;
+        position: relative;
+        text-align: left;
+			}
 
    .unvisible {
        visibility: hidden;
@@ -118,11 +132,13 @@
     }
 
     .bkuimage {
-        width: 60%;
+        width: 55%;
     }
 
     input {
+        width:auto;
         cursor: pointer;
+        
     }
 
   #localBKU input {
@@ -149,12 +165,7 @@
         clear: both;
     }
       			
-    #mandateLogin {
-        padding-bottom: 2%;
-        padding-top: 2%;
-        position: relative;
-        text-align: left;
-			}
+
       
     .verticalcenter {
         vertical-align: middle;
@@ -182,7 +193,6 @@
     }
     
     #selectArea {
-        float:left;
         width:90%;
         padding-left: 4%
     }
@@ -210,12 +220,6 @@
         background-color: $HEADER_BACKGROUNDCOLOR;
         color: $HEADER_COLOR;
     }
-    h2#tabheader{
-        font-size: 2.0em; 
-        padding-left: 2%;
-        padding-right: 2%;
-        position: relative;
-    }
 
 
 @media screen and (min-width: 650px) {
@@ -236,16 +240,13 @@
 
     #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit]{
         font-size: 0.85em;
+        width:65%
     }
 
     #mandateLogin {
         font-size: 0.85em;
     }    
 
-    #bku_header h2 {
-        font-size: 0.8em;
-    } 
-
     #alert_area {
         width: 500px;
         padding-left: 80px;
@@ -255,20 +256,7 @@
          font-size: 15px;
          padding-bottom: 65px;
       }
-			
-    #bku_header {
-        height: 5%;
-        padding-bottom: 2%;
-        padding-top: 2%;
-    }
-              
-    h2#tabheader{
-        font-size: 1.1em; 
-        padding-left: 2%;
-        padding-right: 2%;
-        position: relative;
-    }
-      	
+			      	
     #stork h2 {
         font-size: 1.0em;
         margin-bottom: 2%;
@@ -281,12 +269,7 @@
         width: 100px;
         height: 30px
     }
-        
-        button {
-          height: 25px;
-          width: 75px;
-          margin-bottom: 4%;
-        }      
+             
         
     #validation {
         position: absolute;
@@ -338,7 +321,12 @@
         display: none;
         visibility: hidden;
     }
-    
+
+        
+    h2#tabheader{
+        font-size: 1.5em;
+        position: relative;
+    }
     .mandate{
         font-size: 1.0em;
     }
@@ -351,8 +339,7 @@
         margin-bottom: 2%;
     }
     .bkuimage {
-      
-        
+        width: 40%;
     }
     
     #bkukarte {
@@ -366,20 +353,7 @@
     #bkueulogin {
         box-sizing: border-box;
     }
-			  
-    #bku_header {
-        height: 10%;
-        min-height: 1.2em;
-        margin-top: 1%;
-    }
-        
-    h2#tabheader{
-        padding-left: 2%;
-        padding-right: 2%;
-        font-size: 1.5em;
-        position: relative;
-    }
-        
+		        
     .setAssertionButton_full {
         background: #efefef;
         cursor: pointer;
@@ -389,6 +363,6 @@
     }
        
     input[type=button],input[type=submit] {
-        width: 70%;
+        width:65%;
     }
 }      
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/javascript_tempalte.js b/id/server/data/deploy/conf/moa-id/htmlTemplates/javascript_tempalte.js
index 313f14b4a..15b82614c 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/javascript_tempalte.js
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/javascript_tempalte.js
@@ -84,9 +84,9 @@ function isIE() {
 /* 			setSSOSelection(); */
 			
 			var ccc = "AT";
-			var countrySelection = document.getElementById("eIDASSelection");
+			var countrySelection = document.getElementById("cccSelection");
 			if (countrySelection !=  null) {
-				ccc = document.getElementById("eIDASSelection").value;
+				ccc = document.getElementById("cccSelection").value;
 			}
 			var iFrameURL = "$contextPath$submitEndpoint" + "?";			
 			iFrameURL += "&pendingid=" + "$pendingReqID";
@@ -238,7 +238,22 @@ function isIE() {
     }
     function setUseMandateFlag(e) {
       /*document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);*/
-      e.setAttribute("aria-checked", e.checked);
+      e.target.setAttribute("aria-checked", e.target.checked);
+      if (e.target.checked) {
+        var image = document.getElementById("eIDASImage");
+        var srcatt = image.getAttribute("src");
+        var last = srcatt.substring(srcatt.lastIndexOf('/')+1);
+        srcatt = srcatt.replace(last,'eIDAS_small_deactivated.png');    
+        image.setAttribute("src",srcatt);
+        document.getElementById("buttonEULogin").disabled=true;
+      } else {
+          var image = document.getElementById("eIDASImage");
+          var srcatt = image.getAttribute("src");
+          var last = srcatt.substring(srcatt.lastIndexOf('/')+1);
+          srcatt = srcatt.replace(last,'eIDAS_small.png');    
+          image.setAttribute("src",srcatt);
+          document.getElementById("buttonEULogin").disabled=false      
+      }            
     }
     
     document.addEventListener('resize', onChangeChecks);
@@ -246,7 +261,7 @@ function isIE() {
       document.querySelector('#mandateCheckBox').addEventListener('click', setUseMandateFlag);
       document.querySelector('#moaidform>input[type=submit]').addEventListener('click', setMandateSelection);
       document.querySelector('#bkuhandy>input[type=button]').addEventListener('click', bkuHandyClicked);
-      document.querySelector('#stork button[type=button]').addEventListener('click', storkClicked);
+      document.querySelector('#moaideIDASform>input[type=submit]').addEventListener('click', setMandateSelection);
       onChangeChecks(); 
     });
     
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
index 62f954ada..4e548e58c 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
@@ -48,7 +48,7 @@
 								    <input type="hidden" name="SSO" id="useSSO" /> 
 								    <input type="hidden" name="ccc" id="ccc" /> 
 								    <input type="hidden" name="pendingid" value="$pendingReqID" /> 
-                    <input type="submit" value=" Karte " tabindex="5" role="button" onclick="setMandateSelection();" />
+                    <input type="submit" value=" Karte " tabindex="5" role="button" />
                   </form>
                 
                   <iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/feature/bkuDetection?pendingid=$pendingReqID"></iframe>
@@ -64,15 +64,14 @@
                 
             
 				        <div id="bkueulogin" class="$eIDASVisible">
-				            <img class="bkuimage" src="$contextPath/img/eIDAS_small.png" alt="EULogin" />                                                        
-                    <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent">
+				            <img id="eIDASImage" class="bkuimage" src="$contextPath/img/eIDAS_small.png" alt="EULogin" />                                                        
+                    <form method="get" id="moaideIDASform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent">
 								      <input type="hidden" name="useeIDAS" value="true" />
 								      <input type="hidden" name="useMandate" id="useMandate" />  
 								      <input type="hidden" name="pendingid" value="$pendingReqID" /> 
-                      <input name="bkuButtonEULogin" onclick="setMandateSelection();" type="submit" role="button" value="EULogin" />
+                      <input id="buttonEULogin" name="bkuButtonEULogin" type="submit" role="button" value="EULogin" />
                     </form>
 				        </div>
-                
 						<!--div id="localBKU">
 							<form method="get" id="moaidform" action="$contextPath$submitEndpoint"
 								class="verticalcenter" target="_parent">
@@ -91,7 +90,10 @@
               <!--div id="ssoSessionTransferBlock">
                 <a href="$contextPath$submitEndpoint?pendingid=$pendingReqID&restoreSSOSession=true">>Restore SSO Session from Smartphone</a>
               </div-->
-                                  
+            
+                  
+                        
+            
             <!-- 
               <div id="stork" align="center" class="$STORKVISIBLE">
                 <h2 id="tabheader" class="dunkel">Home Country Selection</h2>
diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
index 85d801245..9dede486d 100644
--- a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
@@ -64,7 +64,8 @@
 				<cfg:Id>PVP_metadata</cfg:Id>
 					<cfg:TrustAnchorsLocation>trustProfiles/PVP_metadata</cfg:TrustAnchorsLocation>
 				</cfg:TrustProfile>
-        <cfg:Id>centralnode_metadata</cfg:Id>
+        <cfg:TrustProfile>
+          <cfg:Id>centralnode_metadata</cfg:Id>
 					<cfg:TrustAnchorsLocation>trustProfiles/centralnode_metadata</cfg:TrustAnchorsLocation>
 				</cfg:TrustProfile>
 			</cfg:PathValidation>
diff --git a/id/server/doc/handbook/index.html b/id/server/doc/handbook/index.html
index e72105816..73ece89e3 100644
--- a/id/server/doc/handbook/index.html
+++ b/id/server/doc/handbook/index.html
@@ -29,7 +29,7 @@
   </div>
 
 <div class="container">
-  <h2>&Uuml;bersicht zur Dokumentation der Version 3.3.x </h2>
+  <h2>&Uuml;bersicht zur Dokumentation der Version 3.4.x </h2>
   
   <dl>
     <dt><a href="./intro/intro.html">Einf&uuml;hrung</a></dt>
diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html
index 8f6ed735c..5e38dddf5 100644
--- a/id/server/doc/handbook/protocol/protocol.html
+++ b/id/server/doc/handbook/protocol/protocol.html
@@ -1045,9 +1045,9 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/LogOut
       <td><strong>Optional:</strong> Gibt an ob eine Anmeldung im Online-Vollmachten-Modus durchgef&uuml;hrt werden soll (=true) oder nicht (=false);</td>
     </tr>
     <tr>
-      <td>CCC=&lt;ccc&gt;</td>
-      <td>BE, SI, </td>
-      <td><strong>Optional:</strong> Gibt an ob die Anmeldung mittels   STORK im angegebenen Land erfolgen soll. Die Angabe erfolgt mit dem   L&auml;ndercode (z.B.: PT, LU, ES, ...) des jeweiligen Landes.</td>
+      <td>useeIDAS=&lt;true/false&gt;</td>
+      <td>true /false</td>
+      <td>Optional: Gibt an ob eine Anmeldung mittels eIDAS erfolgen soll. Wird der Parameter (=true) &uuml;bergeben, startet der Anmeldeprozess mit einer Weiterleitung an den zentralen nationalen eIDAS Connector.</td>
     </tr>
   </tbody>
 </table>
diff --git a/id/server/doc/htmlTemplates/BKU-selection.html b/id/server/doc/htmlTemplates/BKU-selection.html
index 62f954ada..4e548e58c 100644
--- a/id/server/doc/htmlTemplates/BKU-selection.html
+++ b/id/server/doc/htmlTemplates/BKU-selection.html
@@ -48,7 +48,7 @@
 								    <input type="hidden" name="SSO" id="useSSO" /> 
 								    <input type="hidden" name="ccc" id="ccc" /> 
 								    <input type="hidden" name="pendingid" value="$pendingReqID" /> 
-                    <input type="submit" value=" Karte " tabindex="5" role="button" onclick="setMandateSelection();" />
+                    <input type="submit" value=" Karte " tabindex="5" role="button" />
                   </form>
                 
                   <iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/feature/bkuDetection?pendingid=$pendingReqID"></iframe>
@@ -64,15 +64,14 @@
                 
             
 				        <div id="bkueulogin" class="$eIDASVisible">
-				            <img class="bkuimage" src="$contextPath/img/eIDAS_small.png" alt="EULogin" />                                                        
-                    <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent">
+				            <img id="eIDASImage" class="bkuimage" src="$contextPath/img/eIDAS_small.png" alt="EULogin" />                                                        
+                    <form method="get" id="moaideIDASform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent">
 								      <input type="hidden" name="useeIDAS" value="true" />
 								      <input type="hidden" name="useMandate" id="useMandate" />  
 								      <input type="hidden" name="pendingid" value="$pendingReqID" /> 
-                      <input name="bkuButtonEULogin" onclick="setMandateSelection();" type="submit" role="button" value="EULogin" />
+                      <input id="buttonEULogin" name="bkuButtonEULogin" type="submit" role="button" value="EULogin" />
                     </form>
 				        </div>
-                
 						<!--div id="localBKU">
 							<form method="get" id="moaidform" action="$contextPath$submitEndpoint"
 								class="verticalcenter" target="_parent">
@@ -91,7 +90,10 @@
               <!--div id="ssoSessionTransferBlock">
                 <a href="$contextPath$submitEndpoint?pendingid=$pendingReqID&restoreSSOSession=true">>Restore SSO Session from Smartphone</a>
               </div-->
-                                  
+            
+                  
+                        
+            
             <!-- 
               <div id="stork" align="center" class="$STORKVISIBLE">
                 <h2 id="tabheader" class="dunkel">Home Country Selection</h2>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 0e8b996ba..67885c409 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -548,7 +548,15 @@
 						<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-javadoc-plugin</artifactId>
-				<version>2.9.1</version>
+				<version>3.0.1</version>
+				<dependencies>
+					<dependency>
+    					<groupId>javax.annotation</groupId>
+    					<artifactId>javax.annotation-api</artifactId>
+					    <version>1.3.1</version>
+					    <scope>compile</scope>
+					</dependency>
+				</dependencies>
 				<configuration>
 					<charset>UTF-8</charset>
 					<docencoding>UTF-8</docencoding>
@@ -584,8 +592,9 @@
 							<goal>jar</goal>
 						</goals>
 						<configuration>
-                <additionalparam>-Xdoclint:none</additionalparam>
-            </configuration>
+                			<additionalparam>-Xdoclint:none</additionalparam>
+                			<additionalOptions>--add-modules ALL-MODULE-PATH</additionalOptions>
+            			</configuration>	
 					</execution>
 				</executions>
 			</plugin>
diff --git a/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS_small_deactivated.png b/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS_small_deactivated.png
new file mode 100644
index 000000000..21050502f
Binary files /dev/null and b/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/img/eIDAS_small_deactivated.png differ
diff --git a/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/index.html b/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/index.html
index 7fc2b0298..13fe891b7 100644
--- a/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/index.html
+++ b/id/server/moa-id-frontend-resources/src/main/resources/mainGUI/index.html
@@ -2,7 +2,7 @@
 <html>
     <head>
         <meta http-equiv="content-type" content="text/html; charset=utf8" >
-        <title>MOA-ID 3.3.x</title>
+        <title>MOA-ID 3.4.x</title>
         <link rel="stylesheet" href="./common/main.css" type="text/css">
         <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
         <link href='https://fonts.googleapis.com/css?family=Roboto:300,400' rel='stylesheet' type='text/css'>
@@ -72,20 +72,20 @@
                 <ul>
                     <!--li><a href="_index.html">Allgemein</a></li-->
                     <!--li><a href="http://joinup.ec.europa.eu/site/moa-idspss/">Dokumentation</a></li-->
-                    <li><a href="http://joinup.ec.europa.eu/site/moa-idspss/moa-id-3.x/doc/handbook">Dokumentation</a></li>
+                    <li><a href="https://apps.egiz.gv.at/handbooks/moa-id/handbook/index.html">Dokumentation</a></li>
                     <!--Link zu den Demo-Clients-->
-                    <li><a href=#>Demo Clients</a></li>
+                    <!--li><a href=#>Demo Clients</a></li-->
                     <!--Link zum Konfigtool-->
-                    <li><a href="https://localhost:8443/moa-id-configuration">Konfiguration GUI</a></li>
-                    <li><a href="./TransferSSOSession">Transfer Single Sign-On Session to Smartphone App</a></li>
+                    <!--li><a href="https://localhost:8443/moa-id-configuration">Konfiguration GUI</a></li-->
+                    <!--li><a href="./TransferSSOSession">Transfer Single Sign-On Session to Smartphone App</a></li-->
                 	
                 </ul>
             </nav>
-        <div id="demologin" class="container">
+        <!--div id="demologin" class="container">
             <br/>
             <a href="#" id="loginButton" class="button" onClick="PVP2LoginIframe('https://menja.iaik.tugraz.at:8443/moa-id-oa/servlet/pvp2login')">Login</a>
             <p id="loginText">Über den Login-Button können Sie sich anschließend bei Ihrer Online-Applikation mit der Bürgerkarte oder der Handysignatur anmelden. Dazu müssen Sie allerdings zuvor die Applikation gemäß <a href="http://joinup.ec.europa.eu/site/moa-idspss/moa-id-3.x/doc/handbook/application/application.html#DemoApp_pvp21">Beschreibung</a> konfigurieren.</p>
-        </div>
+        </div-->
         </div>
 
     </body>
diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css b/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css
index f95106c5a..40e8eae7a 100644
--- a/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css
+++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/css_template.css
@@ -1,705 +1,368 @@
 @charset "utf-8";
-	@media screen and (min-width: 650px) {
-			
-				body {
-					margin:0;
-					padding:0;
-					color : #000;
-					background-color : #fff;
-			  	text-align: center;
-			  	background-color: #6B7B8B;
-				}
-                
-                .browserInfoButton{
-         color: rgb(128, 128, 128); 
-        }
-				
-        #localBKU p {
-          font-size: 0.7em;
-        } 
-        
-        #localBKU input{
-          font-size: 0.85em;
-          /*border-radius: 5px;*/
-        }
-        
-         #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit]{
-          font-size: 0.85em;
-          /*border-radius: 7px;*/
-          margin-bottom: 25px;
-          min-width: 80px;
-         }
-        
-        #mandateLogin {
-          font-size: 0.85em;
-        }
-        
-        #bku_header h2 {
-          font-size: 0.8em;
-        } 
-        
-        
-			  #page {
-			    display: block;
-			    border: 2px solid rgb(0,0,0);
-			    width: 650px;
-			    height: 460px;
-			    margin: 0 auto;
-			    margin-top: 5%;
-			    position: relative;
-			    border-radius: 25px;
-			    background: rgb(255,255,255);
-			  }
-			  
-			  #page1 {
-			    text-align: center;
-			  }
+    body {
+        margin:0;
+        padding:0;
+        color : #000;
+        background-color : #fff;
+        text-align: left;
+        background-color: #E6E6E6;
+    }
+
+    .browserInfoButton{
+        color: rgb(128, 128, 128); 
+    }	
+    
+    #page {
+        display: block;
+        margin: 0 auto;
+        margin-top: 5%;
+        position: relative;
+        background: rgb(255,255,255);
+    }
 			  
-			  #main {
-			    /*	clear:both; */
-				  position:relative;
-			    margin: 0 auto;
-			    /*width: 250px;*/
-			    text-align: center;
-			  }
+    #page1 {
+        padding-top: 1%;
+        text-align: center;
+    }
 			  
-			  .OA_header {
-			/*	  background-color: white;*/
-			    font-size: 20pt;
-			    margin-bottom: 25px;
-			    margin-top: 25px;
-			  }
-			 #alert_area {
-        width: 500px;
-        padding-left: 80px;
-        }
-			  #leftcontent {
-			    /*float:left; */
-				  width:250px;
-				  margin-bottom: 25px;
-			    text-align: left;
-			    border: 1px solid rgb(0,0,0);
-			  }
-			  			  
-			  #selectArea {
-				 font-size: 15px;
-				 padding-bottom: 65px;
-			  }
-			
-			  #leftcontent {
-				 width: 400px;
-				 /*margin-top: 30px;*/
-         margin: auto;
-			  }
-			
-        #bku_header {
-          height: 5%;
-          padding-bottom: 3px;
-          padding-top: 3px;
-        }
-      
-        #bkulogin {
-            overflow:hidden;	
-            min-width: 190px;
-            min-height: 180px;
-          /*height: 260px;*/	
-			  }
-      
-        h2#tabheader{
-				  font-size: 1.1em; 
-          padding-left: 2%;
-          padding-right: 2%;
-          position: relative;
-			  }
-      	
-        #stork h2 {
-          font-size: 1.0em;
-          margin-bottom: 2%;
-        }
-        		  
-			  .setAssertionButton_full {
-			  	background: #efefef;
-				  cursor: pointer;
-				  margin-top: 15px;
-			    width: 100px;
-			    height: 30px
-			  }
-			
-			  #leftbutton  {
-				 width: 30%; 
-				 float:left; 
-				 margin-left: 40px;
-			  }
-            #centerbutton {
-                width: 30%
-                float: middle; 
-            }
-			
-			
-			  #rightbutton {
-				 width: 30%; 
-				 float:right; 
-				 margin-right: 40px; 
-				 text-align: right;
-			  }
-        
-        button {
-          height: 25px;
-          width: 75px;
-          margin-bottom: 10px;
-        }
-        
-        
-        
-       #validation {
-        position: absolute;
-        bottom: 0px;
-        margin-left: 270px;
-        padding-bottom: 10px;
-      }
-			
+    #main {
+        float:left;
+        width: 100%;
+        text-align: center;
+    }
+       
+    h2#tabheader{
+        font-size: 1.0em; 
+        padding-left: 2%;
+        padding-right: 2%;
+        position: relative;
+    }
+
+    #bkulogin {	
+        min-width: 200px;
+        min-height: 155px;
+        margin-bottom: 5%;
+    }
+    #mandateLogin {
+        padding-bottom: 1%;
+        padding-top: 2%;
+        position: relative;
+        text-align: left;
 			}
 
-      @media screen and (max-width: 205px) {
-        #localBKU p {
-          font-size: 0.6em;
-        }
-       .browserInfoButton{
-         color: rgb(128, 128, 128); 
-        }
-        
-        #localBKU input {
-          font-size: 0.6em;
-          min-width: 60px;
-         /* max-width: 65px; */
-          min-height: 1.0em;
-         /* border-radius: 5px; */
-        }
-        
-        #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit]{
-          font-size: 0.7em;
-          min-width: 55px;
-          /*min-height: 1.1em;
-          border-radius: 5px;*/
-          margin-bottom: 2%
-        }
-        
-        #mandateLogin {
-          font-size: 0.65em;
-        }
-        
-        #bku_header h2 {
-          font-size: 0.8em;
-          margin-top: -0.4em;
-          padding-top: 0.4em;
-        }
-        
-        #bkulogin {
-        min-height: 150px;
-        } 
+   .unvisible {
+       visibility: hidden;
       }
 
-      @media screen and (max-width: 249px) and (min-width: 206px) {
-        #localBKU p {
-          font-size: 0.7em;
-        } 
-        .browserInfoButton{
-         color: rgb(128, 128, 128); 
-        }
-        
-        #localBKU input {
-          font-size: 0.7em;
-          min-width: 70px;
-       /*    max-width: 75px;    */
-          min-height: 0.95em;
-        /*  border-radius: 6px;    */
-        }
-        
-        #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit] {
-          font-size: 0.75em;
-          min-width: 60px;
-      /*    min-height: 0.95em;
-          border-radius: 6px;    */
-          margin-bottom: 5%
-        }
-        
-        #mandateLogin {
-          font-size: 0.75em;
-        }
-        
-        #bku_header h2 {
-          font-size: 0.9em;
-          margin-top: -0.45em;
-          padding-top: 0.45em;
-        }
-        
-        #bkulogin {
-          min-height: 180px;
-        }  
-      }
+    .OA_header {
+			/*	  background-color: white;*/
+        font-size: 2.1em;
+        margin-bottom: 1%;
+        margin-top: 1%;
+    }
 
-      @media screen and (max-width: 299px) and (min-width: 250px) {
-        #localBKU p {
-          font-size: 0.9em;
-        } 
-        .browserInfoButton{
-         color: rgb(128, 128, 128); 
-        }
-        
-        #localBKU input {
-          font-size: 0.8em;
-          min-width: 70px;
-       /*    max-width: 75px;      */
-      /*    border-radius: 6px;  */
-        }
-        
-        #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit] {
-          font-size: 0.85em;
-     /*     min-height: 1.05em;
-          border-radius: 7px;        */
-          margin-bottom: 10%;
-        }
-        
-        #mandateLogin {
-          font-size: 1em;
-        }
-        
-        #bku_header h2 {
-          font-size: 1.0em;
-          margin-top: -0.50em;
-          padding-top: 0.50em;
-        } 
+    #ssoSessionTransferBlock {
+        font-size: 0.8em;
+        margin-left: 1%;
+        margin-bottom: 1%;
       }
 
-      @media screen and (max-width: 399px) and (min-width: 400px) {
-        #localBKU p {
-          font-size: 0.9em;
-        } 
-        .browserInfoButton{
-         color: rgb(128, 128, 128); 
-        }
-        #localBKU input {
-          font-size: 0.8em;
-          min-width: 70px;
-      /*     max-width: 75px;     */
-      /*    border-radius: 6px;       */
-        }
-        
-        #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit] {
-          font-size: 0.9em;
-   /*       min-height: 1.2em;
-          border-radius: 8px;          */
-          margin-bottom: 10%;
-          max-width: 80px;
-        }
-        
-        #mandateLogin {
-          font-size: 1em;
-        }
-        
-        #bku_header h2 {
-          font-size: 1.1em;
-          margin-top: -0.55em;
-          padding-top: 0.55em;
-        } 
+    #processInfoArea {
+        margin-bottom: 4%;
+        margin-top: 4%;
+    }
+
+    #processSelectionArea {
+        width: 550px;
+        margin-left: 25px;
+        margin-top: 35px;
+    }
+
+    .processSelectionButtonArea {
+        float: none;
+        margin-bottom: 5%;
+        height: 35px;
+    }
+
+    .processSelectionButton {
+        background: #ababab;
+        cursor: pointer;
+        height: 40px;
+        width: 200px;
+        float: right;
+    }
+
+    .buttonDescription {
+        float: left;
+        margin-left: 10px;
+        padding-bottom: 0.4em;
+        text-align: left;
+        width: 60%;
+    }
+    
+    #processContent {
+        margin-top: 10%;
       }
-      
-      @media screen and (max-width: 649px) and (min-width: 400px) {
-        #localBKU p {
-          font-size: 0.9em;
-        } 
-       .browserInfoButton{
-         color: rgb(128, 128, 128); 
-        } 
-        #localBKU input {
-          font-size: 0.8em;
-          min-width: 70px;
-      /*     max-width: 80px;       */
-     /*     border-radius: 6px;          */
-        }
-        
-        #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit] {
-          font-size: 1.0em;
-     /*      min-height: 1.3em;
-         border-radius: 10px;         */
-          margin-bottom: 10%;
-          max-width: 85px;
-        }
-        
-        #mandateLogin {
-          font-size: 1.2em;
-        }
-        
-        #bku_header h2 {
-          font-size: 1.3em;
-          margin-top: -0.65em;
-          padding-top: 0.65em;
-        } 
+
+    #eIDASSelection {
+        width: 120px; 
+        margin-right: 5px;        
       }
 
+     #bkukarte {
+        float:left;
+        width:33%;
+        text-align:center;
+        margin-top: 2%;
+    }
 
-			
-			@media screen and (max-width: 649px) {
-				
-        body {
-					margin:0;
-					padding:0;
-					color : #000;
-			  	text-align: center;
-          font-size: 100%;
-			  	background-color: $MAIN_BACKGOUNDCOLOR;
-				}
-        		.browserInfoButton{
-                    color: rgb(128, 128, 128); 
-                }		
-			  #page {
-			     visibility: hidden;
-			     margin-top: 0%;
-			  }
-			  
-			  #page1 {
-			    visibility: hidden;
-			  }
-			  
-			  #main {
-			    visibility: hidden;
-			  }
-        
-        #validation {
-          visibility: hidden;
-          display: none;
-        }
-			  
-			  .OA_header {
-			    margin-bottom: 0px;
-			    margin-top: 0px;
-			    font-size: 0pt;
-			    visibility: hidden;
-			  }
-			  
-        #alert_area {
-          visibility: visible;
-          width: 250px;
-        }
-        #alert_area > p:first-child {
-          display: none;
-          visibility: hidden;
-        }
-        
-                #leftcontent {
-			     visibility: visible;
-			     margin-bottom: 0px;
-			     text-align: left;
-			     border:none;
-                vertical-align: middle;
-                min-height: 173px;
-                min-width: 204px;
-			  }
-			  
-        #bku_header {
-          height: 10%;
-          min-height: 1.2em;
-          margin-top: 1%;
-        }
-        
-        h2#tabheader{
-          padding-left: 2%;
-          padding-right: 2%;
-          position: relative;
-          top: 50%;
-			  }
-        
-        #stork h2 {
-          font-size: 0.9em;
-          margin-bottom: 2%;
-        }
-        
-       	#bkulogin {	
-          min-width: 190px;
-          min-height: 155px;	
-			 }
+    #bkuhandy {
+        float:left;
+        width:33%;
+        text-align:center;
+        margin-top: 2%;
+    }
+
+    #bkueulogin {
+        display:block;
+        float:left;
+        text-align:center;
+        width:33%;
+        margin-top: 2%;
+    }
+
+    .bkuimage {
+        width: 55%;
+    }
+
+    input {
+        width:auto;
+        cursor: pointer;
         
-			 .setAssertionButton_full {
-			     	background: #efefef;
-				    cursor: pointer;
-				    margin-top: 15px;
-			      width: 70px;
-			      height: 25px;
-			 }
-       
-        input[type=button],input[type=submit] {
-/*          height: 11%;  */
-          width: 70%;
-        }
-			}
-			      
-			* {
-				margin: 0;
-				padding: 0;
-				#if($FONTTYPE)
-        	font-family: $FONTTYPE;
-        #end
-			}
-							      			
-			#selectArea {
-				padding-top: 10px;
-				padding-bottom: 55px;
-				padding-left: 10px;
-			}
-			
-			.setAssertionButton {
-				background: #efefef;
-				cursor: pointer;
-				margin-top: 15px;
-			  width: 70px;
-			  height: 25px;
-			}
-			
-			#leftbutton  {
-				width: 30%; 
-				float:left; 
-				margin-left: 15px;
-			}
+    }
 
+  #localBKU input {
+    display: inline-block;
+
+  }
 			
-			#rightbutton {
-				width: 30%; 
-				float:right; 
-				margin-right: 25px; 
-				text-align: right;
-			}
+  #localBKU input:hover, #localBKU input:focus, #localBKU input:active {
+    /*text-decoration: underline;*/
+  }
+
+    #installJava, #BrowserNOK {
+        clear:both;
+        font-size:0.8em;
+        padding:4px;
+    }
+
 			
-      #ssoSessionTransferBlock {
+    #ssoSessionTransferBlock {
         clear: both;
-      }
-      
-			#stork {
-			    /*margin-bottom: 10px;*/
-			   /* margin-top: 5px; */
-         clear: both;
-			}
+  }
+
+    #stork {
+        clear: both;
+    }
       			
-      #mandateLogin {
-        padding-bottom: 4%;
-        padding-top: 4%;
-        height: 10%;
-        position: relative;
-        text-align: left;
-			}
+
       
-      .verticalcenter {
+    .verticalcenter {
         vertical-align: middle;
       }
 
     .mandate{
         float: left;
-        margin-left: 4%;
+        margin-left: 2%;
+        font-size: 1.3em;
     }
       
-      #mandateLogin div {
+    #mandateLogin div {
         clear: both;
         margin-top: -1%;
         position: relative;
         top: 50%;
-      }
-      
-      #bkuselectionarea {
-          position: relative;
-          display: block;
-      }
-      
-      #localBKU {
+    }
+         
+    #localBKU {
         padding-bottom: 4%;
         /*padding-top: 4%;*/
         position: relative;
         clear: both;     
         text-align: center;
-			}
-          			
-			#bkukarte {
-				float:left;
-				text-align:center;
-				width:33%;
-                min-height: 90px;
-
-                padding-top: 2%;
-			}
-			
-			#bkuhandy {
-				float:left;
-				text-align:center;
-				width:33%;
-                min-height: 90px;
-
-                padding-top: 2%;
-			}
-            #bkueulogin {
-            float:left;
-            text-align:center;
-            width:33%;
-            min-height: 90px;
-            padding-top: 2%;
-         
-        }
-			
-            .bkuimage {
-            width: 55%;
-            height: auto;
-            margin-bottom: 10%;
-            }
-      
-			#mandate{
-				text-align:left;
-				padding : 5px 5px 5px 5px;
-			}
-      
-/*		input[type=button], .sendButton {
-				background: $BUTTON_BACKGROUNDCOLOR;
-        color: $BUTTON_COLOR;
-/*				border:1px solid #000;  */
-/*				cursor: pointer;
-/*        box-shadow: 3px 3px 3px #222222;  */
-/*			}
-			
-/*      button:hover, button:focus, button:active, 
-      .sendButton:hover , .sendButton:focus, .sendButton:active,
-      #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
-				background: $BUTTON_BACKGROUNDCOLOR_FOCUS;
-        color: $BUTTON_COLOR;
-/*				border:1px solid #000;                */
-/*				cursor: pointer;
-/*        box-shadow: -1px -1px 3px #222222;  */
-/*			}
-      
-*/      
-			input {
-				/*border:1px solid #000;*/
-				cursor: pointer;
-			}
-      
-      #localBKU input {
-/*        color: $BUTTON_COLOR;  */
-        /*border: 0px;*/
-        display: inline-block;
-        
-      }
-			
-      #localBKU input:hover, #localBKU input:focus, #localBKU input:active {
-        /*text-decoration: underline;*/
-      }
-      
-			#installJava, #BrowserNOK {
-				clear:both;
-				font-size:0.8em;
-				padding:4px;
-			}
-						
-			.selectText{
-			
-			}
-			
+    }
+    
+    #selectArea {
+        width:90%;
+        padding-left: 4%
+    }
 
-			.selectTextHeader{
-			
-			}
-			
-			.sendButton {
-        width: 30%;
-        margin-bottom: 1%;	
-			}
-			
-			#leftcontent a {
-				text-decoration:none; 
-				color: #000;
-			/*	display:block;*/
-				padding:4px;	
-			}
-			
-			#leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
-				text-decoration:underline;
-				color: #000;	
-			}
-						
-			.infobutton {
-				background-color: #005a00;
-				color: white;
-				font-family: serif;
-				text-decoration: none;
-				padding-top: 2px;
-				padding-right: 4px;
-				padding-bottom: 2px;
-				padding-left: 4px;
-				font-weight: bold;
-			}
-			
-			.hell {
-				background-color : $MAIN_BACKGOUNDCOLOR;
+    .setAssertionButton {
+        background: #efefef;
+        cursor: pointer;
+        margin-top: 15px;
+        width: 70px;
+        height: 25px;
+    }
+    #leftcontent {
+        width: 70%;
+        margin-bottom: 4%;
+        text-align: left;
+        border: 1px solid rgb(0,0,0);
+        margin:auto;
+    }
+    .hell {
+        background-color : $MAIN_BACKGOUNDCOLOR;
         color: $MAIN_COLOR;	
-			}
+    }
 			
-			.dunkel {
-				background-color: $HEADER_BACKGROUNDCOLOR;
+    .dunkel {
+        background-color: $HEADER_BACKGROUNDCOLOR;
         color: $HEADER_COLOR;
-			}
-			      
-			.main_header {
-			   color: black;
-			    font-size: 32pt;
-			    position: absolute;
-			    right: 10%;
-			    top: 40px;
-				
-			}
-      
-      #ssoSessionTransferBlock {
-        font-size: 0.8em;
-        margin-left: 5px;
-        margin-bottom: 5px;
+    }
+
+
+@media screen and (min-width: 650px) {
+			        
+    #page {
+         width: 650px;
+         height: 460px;		    
+    }
+        
+    #localBKU p {
+        font-size: 0.7em;
+    } 
+        
+    #localBKU input{
+        font-size: 0.85em;
+        /*border-radius: 5px;*/
+    }
+
+    #bkuselectionarea input[type=button],#bkuselectionarea input[type=submit]{
+        font-size: 0.85em;
+        width:65%
+    }
+
+    #mandateLogin {
+        font-size: 0.85em;
+    }    
+
+    #alert_area {
+        width: 500px;
+        padding-left: 80px;
+    }
+
+      #selectArea {
+         font-size: 15px;
+         padding-bottom: 65px;
       }
-      #processInfoArea {
-        margin-bottom: 15px;
+			      	
+    #stork h2 {
+        font-size: 1.0em;
+        margin-bottom: 2%;
+    }
+        		  
+    .setAssertionButton_full {
+        background: #efefef;
+        cursor: pointer;
         margin-top: 15px;
-      }
-      #processSelectionArea {
-        width: 550px;
-        margin-left: 25px;
-        margin-top: 35px;
-      }
-      .processSelectionButtonArea {
-        float: none;
-        margin-bottom: 20px;
-        height: 35px;
-      }
-      .processSelectionButton {
-        background: #ababab;
-				cursor: pointer;
-        height: 30px;
-        width: 200px;
-        float: right;
-        border-style: solid;
-        border-bottom-width: 2px;
-        border-right-width: 2px;
-        border-left-width: 1px;
-        border-top-width: 1px;
-        border-color: #000000;
-      }
-      .buttonDescription {
-        float: left;
-        margin-left: 10px;
-        padding-top: 4px;
-        text-align: left;
-        width: 330px;
-      }
-      #processContent {
-        margin-top: 25px;
-      }
-      #eIDASButton {
-         /*color:#FFF;*/
-      }
-      #eIDASSelection {
-        width: 120px; 
-        margin-right: 5px;        
-      }
-      .unvisible {
+        width: 100px;
+        height: 30px
+    }
+             
+        
+    #validation {
+        position: absolute;
+        bottom: 0px;
+        margin-left: 270px;
+        padding-bottom: 10px;
+    }			
+}
+
+
+
+@media screen and (max-width: 649px) {
+				
+    body {
+        background-color:#fff;
+    }
+                	  
+    #page {
+        visibility: hidden;
+        margin-top: 0%;
+    }
+			  
+    #page1 {
+        visibility: hidden;
+    }
+			  
+    #main {
+        visibility: hidden;
+    }
+        
+    #validation {
+        visibility: hidden;
         display: none;
-      }
\ No newline at end of file
+    }
+			  
+    .OA_header {
+        margin-bottom: 0%;
+        margin-top: 0%;
+        font-size: 0pt;
+        visibility: hidden;
+    }
+			  
+    #alert_area {
+        visibility: visible;
+        width: 250px;
+    }
+    
+    #alert_area > p:first-child {
+        display: none;
+        visibility: hidden;
+    }
+
+        
+    h2#tabheader{
+        font-size: 1.5em;
+        position: relative;
+    }
+    .mandate{
+        font-size: 1.0em;
+    }
+        
+    #leftcontent {
+        float: left;
+        width:auto;
+        border:none;
+        visibility:visible;
+        margin-bottom: 2%;
+    }
+    .bkuimage {
+        width: 40%;
+    }
+    
+    #bkukarte {
+        box-sizing: border-box;
+    }
+
+    #bkuhandy {
+        box-sizing: border-box;
+    }
+
+    #bkueulogin {
+        box-sizing: border-box;
+    }
+		        
+    .setAssertionButton_full {
+        background: #efefef;
+        cursor: pointer;
+        margin-top: 15px;
+        width: 70px;
+        height: 25px;
+    }
+       
+    input[type=button],input[type=submit] {
+        width:65%;
+    }
+}      
\ No newline at end of file
diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/javascript_tempalte.js b/id/server/moa-id-frontend-resources/src/main/resources/templates/javascript_tempalte.js
index 313f14b4a..15b82614c 100644
--- a/id/server/moa-id-frontend-resources/src/main/resources/templates/javascript_tempalte.js
+++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/javascript_tempalte.js
@@ -84,9 +84,9 @@ function isIE() {
 /* 			setSSOSelection(); */
 			
 			var ccc = "AT";
-			var countrySelection = document.getElementById("eIDASSelection");
+			var countrySelection = document.getElementById("cccSelection");
 			if (countrySelection !=  null) {
-				ccc = document.getElementById("eIDASSelection").value;
+				ccc = document.getElementById("cccSelection").value;
 			}
 			var iFrameURL = "$contextPath$submitEndpoint" + "?";			
 			iFrameURL += "&pendingid=" + "$pendingReqID";
@@ -238,7 +238,22 @@ function isIE() {
     }
     function setUseMandateFlag(e) {
       /*document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);*/
-      e.setAttribute("aria-checked", e.checked);
+      e.target.setAttribute("aria-checked", e.target.checked);
+      if (e.target.checked) {
+        var image = document.getElementById("eIDASImage");
+        var srcatt = image.getAttribute("src");
+        var last = srcatt.substring(srcatt.lastIndexOf('/')+1);
+        srcatt = srcatt.replace(last,'eIDAS_small_deactivated.png');    
+        image.setAttribute("src",srcatt);
+        document.getElementById("buttonEULogin").disabled=true;
+      } else {
+          var image = document.getElementById("eIDASImage");
+          var srcatt = image.getAttribute("src");
+          var last = srcatt.substring(srcatt.lastIndexOf('/')+1);
+          srcatt = srcatt.replace(last,'eIDAS_small.png');    
+          image.setAttribute("src",srcatt);
+          document.getElementById("buttonEULogin").disabled=false      
+      }            
     }
     
     document.addEventListener('resize', onChangeChecks);
@@ -246,7 +261,7 @@ function isIE() {
       document.querySelector('#mandateCheckBox').addEventListener('click', setUseMandateFlag);
       document.querySelector('#moaidform>input[type=submit]').addEventListener('click', setMandateSelection);
       document.querySelector('#bkuhandy>input[type=button]').addEventListener('click', bkuHandyClicked);
-      document.querySelector('#stork button[type=button]').addEventListener('click', storkClicked);
+      document.querySelector('#moaideIDASform>input[type=submit]').addEventListener('click', setMandateSelection);
       onChangeChecks(); 
     });
     
diff --git a/id/server/moa-id-frontend-resources/src/main/resources/templates/loginFormFull.html b/id/server/moa-id-frontend-resources/src/main/resources/templates/loginFormFull.html
index 1a78ffd1a..4e548e58c 100644
--- a/id/server/moa-id-frontend-resources/src/main/resources/templates/loginFormFull.html
+++ b/id/server/moa-id-frontend-resources/src/main/resources/templates/loginFormFull.html
@@ -4,10 +4,10 @@
 <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
 
    <!-- MOA-ID 2.x BKUSelection Layout CSS -->               
-   <link rel="stylesheet" href="/css_template.css"/>
+   <link rel="stylesheet" href="$contextPath/css/buildCSS?pendingid=$pendingReqID"/>
    
    <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
-   <script src="/javascript_tempalte.js"></script>
+   <script src="$contextPath/js/buildJS?pendingid=$pendingReqID"></script>
    
 
 <title>Anmeldung mittels Bürgerkarte oder Handy-Signatur</title>
@@ -37,41 +37,40 @@
 						</div>
 						<div id="bkuselectionarea">
 							<div id="bkukarte">
-								<img id="bkuimage" class="bkuimage" src="/img/karte.png" alt="OnlineBKU"/> 
+								<img id="bkuimage" class="bkuimage" src="$contextPath/img/karte.png" alt="OnlineBKU"/> 
                 
-                <!-- Remove support for Online BKU and swith the card button to local BKU-->
-                <!--input name="bkuButtonOnline" type="button" onClick="bkuOnlineClicked();" tabindex="2" role="button" value="Karte" /-->                
+                  <!-- Remove support for Online BKU and swith the card button to local BKU-->
+                  <!--input name="bkuButtonOnline" type="button" onClick="bkuOnlineClicked();" tabindex="2" role="button" value="Karte" /-->                
                 
-                                <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent">
-								  <input type="hidden" name="bkuURI" value="$bkuLocal" />
-								  <input type="hidden" name="useMandate" id="useMandate" /> 
-								  <input type="hidden" name="SSO" id="useSSO" /> 
-								  <input type="hidden" name="ccc" id="ccc" /> 
-								  <input type="hidden" name="pendingid" value="$pendingReqID" /> 
-                                    <input type="submit" value=" Karte " tabindex="5" role="button">
-                                </form>
+                  <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent">
+								    <input type="hidden" name="bkuURI" value="$bkuLocal" />
+								    <input type="hidden" name="useMandate" id="useMandate" /> 
+								    <input type="hidden" name="SSO" id="useSSO" /> 
+								    <input type="hidden" name="ccc" id="ccc" /> 
+								    <input type="hidden" name="pendingid" value="$pendingReqID" /> 
+                    <input type="submit" value=" Karte " tabindex="5" role="button" />
+                  </form>
                 
-                            <iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/feature/bkuDetection?pendingid=$pendingReqID"></iframe>
+                  <iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/feature/bkuDetection?pendingid=$pendingReqID"></iframe>
                 
-                                <!-- BKU detection with static template-->
-                                <!--iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/iframeLBKUdetect.html"></iframe-->
-                                                            
+                  <!-- BKU detection with static template-->
+                  <!--iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/iframeLBKUdetect.html"></iframe-->                                                            
 				        </div>
                             
 				        <div id="bkuhandy">
-				            <img class="bkuimage" src="/img/handysign.png" alt="HandyBKU" />         
+				            <img class="bkuimage" src="$contextPath/img/handysign.png" alt="HandyBKU" />         
                             <input name="bkuButtonHandy" type="button" tabindex="3" role="button" value="HANDY" />
 				        </div>
                 
             
-				        <div id="bkueulogin">
-				            <img class="bkuimage" src="/img/eIDAS_small.png" alt="EULogin" />                                                        
-                              <form method="get" id="moaidform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent">
-								  <input type="hidden" name="useeIDAS" value="true" />
-								  <input type="hidden" name="useMandate" id="useMandate" />  
-								  <input type="hidden" name="pendingid" value="$pendingReqID" /> 
-                                  <input name="bkuButtonEULogin" onclick="setMandateSelection();" type="button" role="button" value="EULogin" />
-                                </form>
+				        <div id="bkueulogin" class="$eIDASVisible">
+				            <img id="eIDASImage" class="bkuimage" src="$contextPath/img/eIDAS_small.png" alt="EULogin" />                                                        
+                    <form method="get" id="moaideIDASform" action="$contextPath$submitEndpoint" class="verticalcenter" target="_parent">
+								      <input type="hidden" name="useeIDAS" value="true" />
+								      <input type="hidden" name="useMandate" id="useMandate" />  
+								      <input type="hidden" name="pendingid" value="$pendingReqID" /> 
+                      <input id="buttonEULogin" name="bkuButtonEULogin" type="submit" role="button" value="EULogin" />
+                    </form>
 				        </div>
 						<!--div id="localBKU">
 							<form method="get" id="moaidform" action="$contextPath$submitEndpoint"
-- 
cgit v1.2.3